Skip to content
Latchkey

How to Gate a Deploy on a Protected Environment Approval in GitLab CI/CD

A protected environment with a required approval count holds the deploy job until an authorized reviewer approves it.

Protect the environment under Settings > CI/CD > Protected environments, set required approvals, and point the deploy job at that environment; the job waits for sign-off.

Steps

  • Protect the environment and set allowed deployers.
  • Set the required approval count above zero.
  • Point the deploy job at that environment.name.
  • The deployment pauses until an approver acts.

.gitlab-ci.yml

.gitlab-ci.yml
deploy_production:
  stage: deploy
  script: ./deploy.sh production
  environment:
    name: production
    url: https://app.example.com
  rules:
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

Gotchas

  • Approval rules live on the protected environment in project settings, not in the YAML.
  • A user cannot approve their own deployment when self-approval is disabled.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →