Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Working with manual approvals for multiple builds in AWS CodePipeline

We have a CodePipeline set up to do a build, deploy to a QA ECS environment, then a manual approval step to deploy to Prod.

What gets confusing though, is when there are several builds running one after another. Several builds get deployed to QA in sequence, but then the Approval button seems to approve them one at a time, and it's not clear which build you're approving when you click on it.

What I would like to be able to do is to approve the latest build, in case the earlier builds had issues that were fixed by the later builds. What would be the best way to accomplish that?

like image 204
kos Avatar asked Dec 17 '17 19:12

kos


People also ask

Can a pipeline have multiple revisions flowing through at the same time?

A revision is a change made to the source location defined for your pipeline. It can include source code, build output, configuration, or data. A pipeline can have multiple revisions flowing through it at the same time.

How do I manually trigger AWS CodePipeline?

Start a pipeline manually (console)Sign in to the AWS Management Console and open the CodePipeline console at http://console.aws.amazon.com/codesuite/codepipeline/home . In Name, choose the name of the pipeline you want to start. On the pipeline details page, choose Release change.

What is a manual review stage?

What Is Manual Review? Manual review means applying human intuition and analysis to orders that have been flagged as potentially fraudulent to determine whether or not the merchant should accept them.

Can you skip build action while creating pipeline using AWS CodePipeline?

This step is optional if you have already created a build stage. On the Step 4: Add deploy stage page, do one of the following, and then choose Next: Choose Skip deploy stage if you created a build stage in the previous step. This option does not appear if you have already skipped the build stage.


4 Answers

I had the same problem. Manual approvals are confusing since several pipeline executions can get queued and it's easy to lose track of things. I think we can blame this on CodePipeline's bad UX.

The workaround I settled with is to have two identical pipelines for the same project. They have the same source stage (same repo/branch) but different deploy stages (one deploys to QA, one deploys to prod). No more manual approval stages. The QA pipeline is set to auto-execute when changes in the source (repo/branch) are detected while the Prod pipeline needs to be manually released.

Basically, we replaced the Manual Approval with Manual Release. Manual release always releases the latest from source unlike manual approvals.

like image 87
Noel Llevares Avatar answered Sep 18 '22 08:09

Noel Llevares


You should place the deploy and approval action in the same stage. This lets you approve exactly what you tested. Why? Because exactly one pipeline execution can be in a pipeline stage at any given time.

...approve the latest build, in case the earlier builds had issues that were fixed by the later builds.

If you want to let later builds catch up, reject the earlier build that is waiting for approval.

like image 45
Aaron Avatar answered Sep 20 '22 08:09

Aaron


In the CodePipeline UI, you can see the history of Manual approvals in your pipelines' History. Click on History to see what's in progress (Manual Approvals that haven't timed out will always be in progress) and the source (git) short-sha that triggered it (if you need to narrow down to the relevant commit).

To know which Manual approval you're approving, in Pipeline view, click on View current revisions next to the Manual step (to get the Execution ID), then find the matching Execution ID in History (should be the oldest one).

Only way I found to get to the latest Approval is to hit reject n-1 times in the pipeline (where n is how many manual approvals are still in progress) until I only have 1 approval left (or until I find matching Execution ID).

like image 40
HungT Avatar answered Sep 17 '22 08:09

HungT


One option if you don't want to have multiple pipelines is to by default disable stage transitions into your environments that required controlled releases.

When you are ready to deploy into an environment, you enable the stage transition to allow the most recent release from the previous stage to be processed and then disable the transitions again.

It's still a bit clunky, but reasonably effective once you get used to it. Having to reject each change that comes through becomes very slow and cumbersome to manage, so by disabling transitions you choose when to promote a release.

IMO, CodePipeline should have an option to automatically supersede executions if they are paused at the manual approval stage.

like image 43
mixja Avatar answered Sep 20 '22 08:09

mixja