Manual approval between plan and apply

[brettcurtis]

Has anyone found a decent way to have some sort of manual approval process between plan and apply? Between "steps" is really what I'm after. But I suppose it could even be between jobs. A job to run plan and approve followed by a job to run apply.

[bansawbanchee]

look into the workflow_dispatch event. https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ I personally use this for a few manually triggered jobs.

[brettcurtis]

We are attempting to using the new "requested reviewers" process for this now in Actions. Still have some things to figure out regarding the flow of it all. If it's useful I can share an actions file when we are done.

[TrongTheAlpaca]

@brettcurtis I was wondering if you arrived to any interesting conclusion about the idea using "requested reviewers" for this?

[brettcurtis]

Yeah, we ended up going all in on GitHub here. We use environments and required reviewers like I mention above. We also use called workflows in an effort to be as DRY as possible. I can share our called workflows if that would be helpful. We have a called workflow for each of the major cloud providers, GCP, AWS & Azure.

[TrongTheAlpaca]

Ah interesting! I would greatly appreciate if you shared it! Only AWS-related pipelines should suffice for me, but you can share it all if it suits you 😎

[brettcurtis]

@TrongTheAlpaca here you go, very specific to how I use Terraform but hopefully it can give you some ideas: https://github.com/lzysh/github-terraform-called-workflows/blob/main/.github/workflows/aws-plan-and-apply-called.yml

Gives us something like this (this is a pic of Google workflow but AWS is similar) allows us to have human approval between each plan and apply job: