How to Gate a Deploy on a Protected Environment Approval in GitLab CI/CD
A protected environment with a required approval count holds the deploy job until an authorized reviewer approves it.
Protect the environment under Settings > CI/CD > Protected environments, set required approvals, and point the deploy job at that environment; the job waits for sign-off.
Steps
- Protect the environment and set allowed deployers.
- Set the required approval count above zero.
- Point the deploy job at that
environment.name. - The deployment pauses until an approver acts.
.gitlab-ci.yml
.gitlab-ci.yml
deploy_production:
stage: deploy
script: ./deploy.sh production
environment:
name: production
url: https://app.example.com
rules:
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'Gotchas
- Approval rules live on the protected environment in project settings, not in the YAML.
- A user cannot approve their own deployment when self-approval is disabled.
Related guides
How to Gate a Production Deploy With a Manual Job in GitLab CI/CDRequire a human click before a production deploy in GitLab CI/CD with when: manual, optionally making the job…
How to Deploy to Multiple Environments With GitLab CI/CDDeploy to staging then production in GitLab CI/CD with one reusable job template extended per environment, ke…