We deploy WAR file to on-prem JBoss servers identified by opaque hostnames like:
In my example, abc004 is actually production. We map the hostname to tags to best identify them, since only certain WAR packages are deployed to certain hosts. How do we prevent a situation where there is a change in the gitlab ci like:
Whereby accidentally someone has selected the production runner and mistakenly kicked off a job there which disrupted our production services.
Ideally we need an approval workflow for certain runners. How do we accomplish that?
Sidenote: gitlab-runner-linux-amd64 register appears to have a Set access_level of the runner to not_protected or ref_protected; defaults to not_protected [$REGISTER_ACCESS_LEVEL] option which I think allows you automate this when deploying the runner to production.
They still I think the problem remains, since the protected branch is main and we use that though out our environments.