I want to use GitLab CI for production deployment. I have no problem to do it with the environment variables and a job only on a branch.
But if a developer removes the “only master” and made a push on a test branch that is deployed in production.
Is it possible to use the new use permission on CI variables ? Or assign variable to specific branch ?
I spent couple hours trying to sort permissions in Gitlab CI.
And it seems, that Gitlab has no good permissions/security system - if you give developer access to the project, which has a way of deploying to Produciton, that developer will have a way to access Production one way or another.
What to do about that?
Currently, I’m contemplating this solution:
keep the code in the current project. No CI in it. Or CI with staging only.
create new fork, which will have Production CI. So the only purpose of that fork (project) would be deploy and access to PROD environment(s). I may add developers to that project as reporters, with limited permissions.
In such setup, to deploy to PROD, I’ll create and merge MR to that fork.