Skip approval for specific jobs

[lestermarch]

Select Topic Area

Question

Body

Currently, when a job is associated with an environment for which there are required reviewers the job will always need to be approved before running.

In some cases, the environment context is required for the job to retrieve environment-specific variables and/or secrets even if approval is not required.

For example, when using Terraform to deploy infrastructure via GitHub Actions it is reasonable to split the plan and apply steps into separate jobs. Paired with required reviewers this allows a reviewer to check the plan output from the plan job before approving the second apply job. However, if both jobs are associated with the same environment (e.g. to retrieve environment-specific credentials) then a reviewer will need to approve the plan job.

One alternative is to have seperate environments e.g. prod-plan, prod-apply with protection rules only associated with prod-apply. However this would then require duplication of environment-specific variables and/or secrets.

It would be useful if an attribute was added to the jobs.<job_id>.environment object to signify that approval is not required for that specific job, irrespective of the environment context it runs in. For example:

jobs:
  plan:
    name: 'Plan'
    runs-on: ubuntu-latest
    env:
      CREDS: ${{ secrets.CREDS }}
    environment:
      name: 'Prod'
      skip-approval: true # Suggestion

  apply:
    name: 'Apply'
    runs-on: ubuntu-latest
    env:
      CREDS: ${{ secrets.CREDS }}
    environment:
      name: 'Prod' 

Is there some other way of accomplishing this that I may be missing?

[shrutichaudhary17]

I am looking for an answer to similar situation.Can someone help ?

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️�� Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

[srinadhbh]

Much needed feature

[greg-court]

GitHub Actions is incomplete without this feature. Azure DevOps has stage approvals (deployment gates per stage), allowing more granular control over approvals. We need a similar feature in GitHub Actions, especially for workflows using Terraform where plan should auto-run, but apply should require approval. Can this issue be re-opened for consideration as a feature request?

[AnakinPt]

I have the exact same problem as reported above. At this moment, I can create a dummy check-prod to create a gate, but it's so stupid.

[ravishjoshi]

So do we have a solution for this issue yet or still blocked with the same limitation ?