Approval of deployments outside of the actual deployment process

(Clayton Armstrong) #1


Is there a way to require deployments to a given environment (e.g. production) to be subject to approval, while allowing the allowing the approval to occur in advance of the deployment itself?
We have some applications that need to be deployed outside of business hours. We want the approval to occur during business hours, but the deployment to occur later. My understanding of the standard approach to supporting an approval step is that it occurs inside the deployment process… so once approved the rest of the deployment happens immediately (correct me if I’ve misunderstood)


(Michael Richardson) #3

Hey Clayton,

You haven’t misunderstood. And we’re aware that in this scenario it would make sense for the approval to be modelled outside the deployment process.

There are a few options however:

Option 1: One approach is to put the approval step at the end of the deployment process, and scope it to the environment before production. For example, your second-to-last environment may be Staging, where some final testing is performed. Once that testing is passed, the release is approved, allowing it to be scheduled for deployment to Production.

Option 2: An alternative approach is to have two manual intervention steps at the beginning of the deployment, scoped to the Production environment. The first is the approval, allowing the appropriate team to approve/reject the release. The second effectively acts as “deploy now”, and can be actioned when the deployment is to actually run.

Option 3: A third option is to model the approval as an environment. So you could have a Production - Approval environment. This may even have only one step configured to run, which is the manual approval step. The deployment to the Production environment can then be scheduled for whenever you wish.

Would any of those approaches fit?

(Clayton Armstrong) #4

Thanks for your response Michael.

We’d not thought of any of those approaches. That helps a lot, we’ll consider if any those will make sense. I think option 2 will be the best fit. (Option 1 doesn’t provide enough control… just because a release has been deployed to an environment doesn’t mean it’s been signed off for release.)
Although with option 2… we’d probably be nervous about triggering the release during business hours and trusting it to not do anything yet!

Thanks for your prompt response!