Restricting access to deploy to production via Gitlab CD


Currently we have a Gitlab CI / CD pipeline setup, however I have some concerns relating to the fact that currently anyone that has access to the Gitlab project is able to trigger the CD pipeline on our production nodes (Docker swarm cluster).

Current the CD component in the gitlab-ci.yml file is defined as per the below structure:

stage: deploy
DOCKER_HOST: tcp://deploytoprod:2375
- /root/to/script/
name: prod
when: manual

  • master

The executes the docker stack command, which in turn executes a Docker stack compose yaml file that contains the container specs, volumes, etc.

My question is related to how one would be able to restrict access to execute this part of the gitlab-ci.yml file to only a selected number of users?

Many Thanks!