Approval System in Jenkins For Build
Use Cases:
- Only Specific users must be able to approve the build
- Speific users should be able to run the build without Approval
- Approval Can be turn off and On On-Demand
Jenkins Variables Needs to Created under ( Manage Jenkins > Configure System > Environment variables )
- ApprovalAdmins (Value: jenkins emails comma separated)
- skipApprovalUsers (Value: jenkins emails comma separated)
- BuildApproval (Value: True, False)
import jenkins.model.Jenkins
def getBuildUser() {
return currentBuild.getBuildCauses('hudson.model.Cause$UserIdCause')['userId']
}
pipeline {
agent { label 'ec2-fleet-common' }
stages {
stage('Approval Process') {
when {
expression {
env.BuildApproval == 'True' || env.BuildApproval == 'true'
}
}
steps {
script {
env.buildUserEmail = getBuildUser()[0]
env.skipApprovalUsersList = env.skipApprovalUsers.split(',').collect{ it.trim() } // this will be picked from jenkins environment variables
if ( !env.skipApprovalUsersList.contains(env.buildUserEmail) ) { // matching if approval process needs to skip for specific users
env.approverEmail = input message: 'Deploy Now ?',ok : 'Deploy',id :'tag_id', submitterParameter: 'approverId'
env.approvalAdminList = env.ApprovalAdmins.split(',').collect{ it.trim() } // this will be picked from jenkins environment variables
if ( !env.approvalAdminList.contains(env.approverEmail) ) { // matching if user is in Approvers list
error('Stopping build due to: "You are not in the list of Approvers" ')
}
if ( env.buildUserEmail.equals(env.approverEmail) ) { // matching if approval user is same as user who started the build
error('Stopping build due to: "Approval user can not be same as build user" ')
} else {
sh 'echo "Continuing with build...."'
}
}
}
}
}
}
}
Comments
Post a Comment