how can a user run a protected manual job?

H

2

5

there are several jobs in the protected branch. the last job is manual, but regular users cannot run it. how can an ordinary user run a manual job in a protected branch?

in the picture, an ordinary user does not have a play button

Healall answered 15/2, 2022 at 13:4 Comment(0)

L

4

There is a workaround.

To allow Developer user to run the manual job you can allow Developer to merge to the particular branch
And to restrict Developers to merge to this branch add an additional rule with the mask matching the same branch.
As a result they will not be able to merge/push but will be allowed to run manual jobs.

Lascar answered 23/10, 2022 at 13:7 Comment(3)

Unfortunately or fortunately, the developers do not have access to the protected branch. so I'm looking for a workaround. – Healall 24/10, 2022 at 10:9

yes, and my point is to give to Developers this access explicitly but also reject it by mask. so they will not be able to merge or push, but will have the ability to execute pipelines. – Lascar 27/10, 2022 at 8:32

I don't fully understand your implementation. can you elaborate? for example, through editing your response. your answer will help other participants. thanks for your help. – Healall 27/10, 2022 at 10:40

M

10

Only users who can push or merge to a protected branch are allowed to run manual jobs for a pipeline on a protected branch.

See footnote 5: https://docs.gitlab.com/ee/user/permissions.html

[Run CI/CD pipeline for a protected branch] If the user is allowed to merge or push to the protected branch.

Thus, the only way to allow a user to run this job on a protected branch would be to give them permission to either push or merge to the protected branch.

Maurili answered 15/2, 2022 at 20:10 Comment(1)

thanks for the reply. I read the documentation, but I thought there was a workaround – Healall 16/2, 2022 at 6:41

L

4

There is a workaround.

To allow Developer user to run the manual job you can allow Developer to merge to the particular branch
And to restrict Developers to merge to this branch add an additional rule with the mask matching the same branch.
As a result they will not be able to merge/push but will be allowed to run manual jobs.

Lascar answered 23/10, 2022 at 13:7 Comment(3)

Unfortunately or fortunately, the developers do not have access to the protected branch. so I'm looking for a workaround. – Healall 24/10, 2022 at 10:9

yes, and my point is to give to Developers this access explicitly but also reject it by mask. so they will not be able to merge or push, but will have the ability to execute pipelines. – Lascar 27/10, 2022 at 8:32

I don't fully understand your implementation. can you elaborate? for example, through editing your response. your answer will help other participants. thanks for your help. – Healall 27/10, 2022 at 10:40

Recommended topics

Hot tags