We have had a situation recently that went something like this.
We deployed to production, this involves a slightly more convoluted process but in essence is QA Approval, Security Approval, IT approval. Deploy Hurdle (basically an approval step which when triggered goes of and does the deployment. This allows us to get approval for everything, then at 5am, do the actual deployment)
However, during the deployment, something went wrong (Just a drop in connection from Octopus - Azure) which meant we had to re-deploy. We realized that we could not bypass any approval steps and had to quickly assign a user every role to approve it.
How do people handle this situation, we could leave the user with the permission to approve each step, but this seems like a security risk as they could , well, approve anything.
On a side note, Is there a plan for a delayed approval? IE I approve something at 5pm however the next step does not trigger until 5am?
Thanks for getting in touch! We are aware that at the moment the manual intervention steps can be exploited and worked around, and that this can cause security issues when customers have to create workarounds that are not secure.
We are looking at ideas for how we can better handle auditing down the track in Octopus, currently our thoughts are to add a way to approve deployments of a certain release into an environment, instead of using a manual intervention step. This idea is still young and we are working on ideas that could better suit these situations.
Any thoughts wouldn’t hurt.
As for deplayed aproval, we currently have a UserVoice suggestion that covers this: https://octopusdeploy.uservoice.com/forums/170787-general/suggestions/6298548-allow-approval-step-for-scheduled-deployment-happe
Feel free to comment and vote, more input can never hurt.
Let me know what you think.
Thanks for the reply, both would solve our issues. Thanks!