Im using gitlab-ci file to run a packer build and then any terraform changes that need to happen. Currently we have the developer submit his MR and the pipeline runs packer build->validate->plan Then once the plan is checked out and approved the code is merged to master and the pipeline runs again automatically but stops after the plan portion is done. Then the dev manually kicks off the apply job. The problem here is that if the apply breaks then we have broken code in master branch. For what we do this is not earth shattering so its not a huge deal but… So to remedy this there is a tool called Atlantis from Hashicorp. It works and all but its another tool to manage.
My question is, Is there a way that I could put my apply job in the MR pipeline and only have it run manually AND after approval? I already use the when: manual but is there a way to add an approval step here? Other than using the approval button in the MR?
I doubt any of our users would review changes more carefully here than they do for MR’s. If your users are the same, I doubt you would achieve anything but to annoy them by this. Educate them to know that approval of a MR means the apply job will run.