Approval Gates

JFrog Pipelines Documentation

ft:sourceType
Paligo

Approval Gates enable you to insert a manual approval process for a step in your pipeline. When enabled, the step (and the pipeline run) goes into Pending Approval status when upstream steps finish and the run execution reaches that step. The following can be defined as part of this approval process:

  • List of approvers: List of users who can approve or reject the step.

  • List of notifications: Notifications that are sent when the step goes into Pending Approval status.

  • Timeout: The maximum time the step can stay in Pending Approval status.

Configuring Approval Gates Step

To enable Approval Gates, add a new section to your step configuration named requiresApproval.

Note

By default, Approval Gates is disabled. To enable it, add the requiresApproval section to your step configuration.

Using the Defaults

To enable Approval Gates and use the default values for a step, add the requiresApproval flag to your step configuration and set it as true.

In this case, the following defaults are applied to the Pending Approval step:

  • approvers: Any user with execute permissions can approve or reject a Pending Approval step.

  • notifications: No notifications are sent.

  • timeoutSeconds: Defaults to 86400 seconds (24 hours), after which the step is canceled automatically.

Example

Approval Gates Configuration with Default Values

pipelines:
  - name: MyApprovalGatesPipeline
    steps:
      - name: approvalGatesStep
        type: Bash
        configuration:
          requiresApproval: true
        execution:
          onExecute:
            - echo "executing step..."
Customizing Your Configuration

Alternatively, you can define your own requiresApproval configuration section and define the following:

  • approvers: A list of Artifactory user names that can approve or reject the step.

  • notifications: A list of SMTP and Slack integrations. Based on the configuration, SMTP and Slack notifications are sent when the step goes into Pending Approval status.

  • timeoutSeconds: A window of time, in seconds, in which the approvers can approve or reject the step. If no response is recorded during this timeout period, the step is canceled automatically.

Note

You do not have to include all 3 sections when customizing a step's requiresApproval configuration section. If you do not include one of the sections, this section defaults to the behavior defined above. For example, if you do not provide a configuration for requiresApproval.timeoutSeconds , it defaults to 86400 seconds (24 hours).

Note

  • The first user that responds from the approvers' list determines if the step is approved or rejected.

  • Pipelines Admins can approve or reject the step without being listed on the approvers' list.

  • Artifactory transient users are currently not supported as approvers.

Example

Approval Gates Configuration with Custom Values

pipelines:
  - name: MyApprovalGatesPipeline
    steps:
      - name: approvalGatesStep
        type: Bash
        configuration:
          requiresApproval:
            timeoutSeconds: 43200 # if not approved in this timeframe, the step will be cancelled
            approvers:
              - user1 # must be a valid Artifactory user
              - user2 # must be a valid Artifactory user
            notifications:
              - integrationName: SMTP_Integration # requires SMTP integration
                recipients:
                  - email@example.com
              - integrationName: Slack_Integration # required Slack integration
        execution:
          onExecute:
            - echo "executing step..."

Environment Variables

When approving a step in approval gate, the approver's username, comment and timestamp can be found in the following environment variables:

  • step_approved_by

  • step_approved_comment

  • step_approved_at

Approving/Rejecting Steps

After a step moves to Pending Approval state, the approvers can approve or reject the step using the user interface.

To approve or reject a step:

  1. Go to Applications | My Pipelines and run the relevant pipeline.

    This displays Pipeline Run page.

  2. Click the Approval step (called approvalGatesStep in the example yaml above). This step will be in Pending status.

  3. Click the Approve/Reject button to reveal the following options:

    • Approve/Reject button: Click to approve or reject the step.

    • Comments field: This optional field enables you to add a meaningful comment for approving or rejecting the step. This has a 100 characters limit.

    • Approvers list: This lists the first letter of Artifactory usernames for users who were listed as approvers in the pipelines yaml. Hovering over a letter shows the full Artifactory username.