Artefact Automation Pipelines

Promote between environments after approval

While automated Continuous Delivery of deployments to a production Environment may be a goal, you may come across scenarios in which a manual approval must be given by a user or external system before promoting a sensitive component or change into an Environment.

In the following example, Humanitec Pipelines will be used to request a manual approval before cloning a Workload artefact to a production Environment.

The Pipeline consists of three jobs, deploy-to-dev, wait-for-approval, and deploy-to-production. The dependencies between the jobs are indicated by the needs property. deploy-to-dev and deploy-to-production have the same logic, but target different Environments, while the wait-for-approval job will block the Pipeline until a user with the deployer role on the production Environment approves or denies the approval request which can be retrieved through the user interface or API.

Note that this Pipeline uses artefact automation and is triggered by uploading a new version of the myProject/myWorkloadArtefact Score artefact.

The Pipeline also makes use of a concurrency group ensuring that subsequent runs are queued and deployment sequences from development to production do not overlap.

pipeline.yaml (view on GitHub) :

name: Approval before Promotion

on:
  artefact:
    type: workload
    include:
    - myProject/myWorkloadArtefact
    match-ref: refs/heads/main

concurrency:
  group: myGroup

permissions:
  application: developer
  env-types:
    development: deployer
    production: deployer

jobs:
  deploy-to-dev:
    steps:
    - uses: actions/humanitec/create-delta@v1
      id: create
      with:
        env_id: development
        workload_artefacts: ${{ inputs.workload_artefacts }}
    - uses: actions/humanitec/apply@v1
      id: apply
      with:
        env_id: development
        delta_id: ${{ steps.create.outputs.delta_id }}
    - uses: actions/humanitec/deploy@v1
      with:
        env_id: development
        set_id: ${{ steps.apply.outputs.set_id }}
        comment: Deploying ${{ inputs.workload_artefacts[0] }}

  wait-for-approval:
    # increase the timeout to 24 hours for this job
    timeout-minutes: 1440
    needs:
    - deploy-to-dev
    steps:
    - uses: actions/humanitec/approve@v1
      with:
        env_id: production
        message: Promotion of ${{ inputs.workload_artefacts[0] }} to production

  deploy-to-production:
    needs:
    - wait-for-approval
    steps:
    - uses: actions/humanitec/create-delta@v1
      id: create
      with:
        env_id: production
        workload_artefacts: ${{ inputs.workload_artefacts }}
    - uses: actions/humanitec/apply@v1
      id: apply
      with:
        env_id: production
        delta_id: ${{ steps.create.outputs.delta_id }}
    - uses: actions/humanitec/deploy@v1
      with:
        env_id: production
        set_id: ${{ steps.apply.outputs.set_id }}
        comment: Deploying ${{ inputs.workload_artefacts[0] }}

Deployment Pipelines

API-triggered Pipelines