Our team has been using github action for CI/CD for a while. It’s very convenient and easy to use. We use it to build docker images, push to docker registry and deploy to kubernetes cluster. But there is one thing that we are trying to improve, that is we want to have a manual approval step before deploying to production. We tried many methods but none of them works well until we found this manual-workflow-approval action.

How it works

The action works simple. You add a step in your workflow file and it will create an issue pending for ppl in the list to approve. Once approved, the workflow will continue.

the instruction on the page is very clear. You just need to add a step like this:

steps:
  - uses: trstringer/manual-approval@v1
    with:
      secret: ${{ github.TOKEN }}
      approvers: user1,user2,org-team1
      minimum-approvals: 1
      issue-title: "Deploying v1.3.5 to prod from staging"
      issue-body: "Please approve or deny the deployment of version v1.3.5."
      exclude-workflow-initiator-as-approver: false
      additional-approved-words: ''
      additional-denied-words: ''

Approval who received the issue can approve it by adding a comment with the word approve or deny. The action will check the comment and approve or deny the issue.

But we run into problem that the workflow can’t create issues and we thought the github_token not correct. After But it turns out that we need to add this permission.

permissions:
  issues: write

With slack

We also found this approval action works perfectly with slack github app. It allows the pending approval issue to be posted to slack channel and ppl can approve it promptly to avoid blocking the workflow for too long.

Other solution

Besides this free approval action, there are other solutions like this which is a built-in feature of github action when you set up a multi-environment workflow. But it’s not free and you need to at least upgrade to team plan.