Protected environments change job to manual

BenDonnelly · March 18, 2024, 4:35pm

Problem to solve

When mixing OpenTufu template with protected environments the pipeline on MRs become manual. Which then allows MRs to be merged before the plan stage has run.

I would expect the ‘apply’ stage to be manual (which it is from the template), and to need approval (again it does). The ‘plan’ stage should behave as before adding protected environments, and run based on the pipeline rules.

Steps to reproduce

Setup a project using: Infrastructure as Code with Terraform and GitLab | GitLab
protect the environment, with approvals using: Protected environments | GitLab
Now the plan stage will be manual on MRs and main

Versions

Please select whether options apply, and add the version information.

Self-managed
GitLab.com SaaS
Self-hosted Runners

GreenZombie76 · March 25, 2024, 1:24pm

This is a general problem, and in our pipelines where there are lots of jobs that need to access the environment prior to the jobs that prepare and deploy the environment.
Never mind that the “Play” and “Approve” functions seem to be weirdly entangled now on the deploy job.