Artefact Automation Pipelines

Promote between environments after approval

While automated Continuous Delivery of deployments to a production Environment may be a goal, you may come across scenarios in which a manual approval must be given by a user or external system before promoting a sensitive component or change into an Environment.

In the following example, Humanitec Pipelines will be used to request a manual approval before cloning a Workload artefact to a production Environment.

The Pipeline consists of three jobs, deploy-to-dev, wait-for-approval, and deploy-to-production. The dependencies between the jobs are indicated by the needs property. deploy-to-dev and deploy-to-production have the same logic, but target different Environments, while the wait-for-approval job will block the Pipeline until a user with the deployer role on the production Environment approves or denies the approval request which can be retrieved through the user interface or API .

Note that this Pipeline uses artefact automation and is triggered by uploading a new version of the myProject/myWorkloadArtefact Score artefact.

The Pipeline also makes use of a concurrency group ensuring that subsequent runs are queued and deployment sequences from development to production do not overlap.

pipeline.yaml ( view on GitHub ) :

name: Approval before Promotion

on:
  artefact:
    type: workload
    include:
    - myProject/myWorkloadArtefact
    match-ref: refs/heads/main

concurrency:
  group: myGroup

permissions:
  application: developer
  env-types:
    development: deployer
    production: deployer

jobs:
  deploy-to-dev:
    steps:
    - uses: actions/humanitec/create-delta@v1
      id: create
      with:
        env_id: development
        workload_artefacts: ${{ inputs.workload_artefacts }}
    - uses: actions/humanitec/apply@v1
      id: apply
      with:
        env_id: development
        delta_id: ${{ steps.create.outputs.delta_id }}
    - uses: actions/humanitec/deploy@v1
      with:
        env_id: development
        set_id: ${{ steps.apply.outputs.set_id }}
        comment: Deploying ${{ inputs.workload_artefacts[0] }}

  wait-for-approval:
    # increase the timeout to 24 hours for this job
    timeout-minutes: 1440
    needs:
    - deploy-to-dev
    steps:
    - uses: actions/humanitec/approve@v1
      with:
        env_id: production
        message: Promotion of ${{ inputs.workload_artefacts[0] }} to production

  deploy-to-production:
    needs:
    - wait-for-approval
    steps:
    - uses: actions/humanitec/create-delta@v1
      id: create
      with:
        env_id: production
        workload_artefacts: ${{ inputs.workload_artefacts }}
    - uses: actions/humanitec/apply@v1
      id: apply
      with:
        env_id: production
        delta_id: ${{ steps.create.outputs.delta_id }}
    - uses: actions/humanitec/deploy@v1
      with:
        env_id: production
        set_id: ${{ steps.apply.outputs.set_id }}
        comment: Deploying ${{ inputs.workload_artefacts[0] }}

Deployment Pipelines

API-triggered Pipelines