Feature request: Require a `noop` deployment before a real one
jumoel opened this issue ยท 2 comments
Hi ๐
As far as I can tell, it's not possible to require noop deployments before real ones.
I think it would be a great feature to add (if it's possible ๐
).
For instance: Require terraform plan (the noop) to run before terraform apply.
I have often thought about this feature myself but haven't looked into it. I'm sure there is a way to accomplish this, but need to make sure it is the correct way. I'll look into this as an experimental feature when time permits. Thank you for the suggestion!
Also, it should be noted that my team does kinda implement this in a way through reviews. If a user opens a PR for repo x my team is requested as a codeower for review. That user can run .deploy noop but not .deploy until they have an approval on their PR. We will not give an approval until the user has run .deploy noop and we have validated the changes of the noop look correct. This in a way enforces .deploy noop to happen before .deploy but that process is done by humans and is subject to mistakes. I like your suggestion much better and I'll do some research to see how this can be accomplished.
Thanks!
@jumoel I'm going to go ahead and close this issue out. If you would like to revisit this, please feel free to re-open and give me a ping!
The TL;DR of what we do at GitHub today is "gating" a full deploy (non-noop) through reviews. Engineers cannot do a full deploy until they have approvals on their PRs. However, an engineer can always do a .deploy noop before they get reviews to preview changes (assuming that CI is passing of course)