Implementing pipeline gates
Gates ensure that orchestrations cannot be started in an environment until the gate rule is satisfied.
A gate is a condition that determines whether an applications can run in the environment. A pipeline can have some environments with gates and some without gates. A gate condition is called a rule. You can define a rule type based on the following criteria:
- Manual requires one or more responders to approve an
application version before it can run in an environment. Approving a gate
rule is considered passing the gate.Note: Anyone with access to the pipeline can create gates and be assigned as a responder. Scenarios detailing approval and rejection of application versions by responders are detailed below.
- If a gate has multiple responders, one approval is sufficient for the application version to pass the gate.
- If one responder rejects the application version, the application is rejected.
- If responders both approve and reject the application version, the application is rejected.
- When you add gates to an environment, all application versions in the affected environment must be approved before a deployment can be started. You can override a failed gate, that is, a rejected application version and you may want to do this when you run applications in a test environment.
- Automated leverages a metric-based system allowing
you to automatically stop or advance application versions from being
deployed into environments based on set conditions for the rule.Note: Using the automated rule type will provide you with visibility on the movement status of application versions and automated governance across your pipeline.
To add a gate to an environment, complete the following steps:
For the environment where you want to add a gate, click and select Add gate, and then complete the following steps.
Note: For the environment where you want to modify a gate, click and select Edit gate, and then complete the following steps.
In the Add gate window, click New
To use an existing rule, click Existing Rules.
In the Rule Type field, select
Manual or Automated.
Based on the Rule Type selected, use the
following tables to add manual or automatic gates to environments.
Table 1. Manual "Manual" Add gate option Value / action Name your new rule Enter a name for the rule. Add Approver(s) In the list, select responders. Add Rule Click to add gate to the environment, which is indicated by the Gate icon on the environment label. To view gate rules, click the Gate icon. A Gate status icon is added to the applications in the environment. Note: Initially, the Gate status is indicated by a vertical gray bar located to the left of the application version. If all application versions are approved, the gate is passed and the Gate status is a green bar. If application versions are rejected, the Gate status is a red bar. Gate status icon For the application version with the gate, click to respond to a gate rule. Approve In the Version Rules window, click to approve. Note: If you are an approver for multiple rules, you can approve all or some of them and reject others. If you are not a designated responder, you can neither approve or reject the gate rule. Automated rules and Manual rules statuses Under Edit environment Gate Rules on right side of Add gate window, you can view the statuses of the Automated rules and Manual rules. Under Manual rules, select the Send email alert to any user that requires manual approval checkbox to receive email notification for approving the manual gates. The email notification is sent to all manual gate approvers. The manual gates approval email notification contains the Stage Name, Manual Gate Name, Application Name, and Version Name of the application for which the approval is requested. Save Click to populate the rule on the gate. Table 2. Automated "Automated" Add gate option Value / action Name your new rule Enter a name for the rule. Description Enter a description for the rule. Metric Type Select the required metric in the list from the following: Coverage by Branch, Coverage by Function, Coverage by Line, Functional Tests, Static Code Analysis, Unit Tests, Container Vulnerabilities, or Application Vulnerabilities. Descriptions for each Metric Type can be found here. Data Set Select the required metric data set. Field Select the required field from the list. Note: The field is based on the Metric Type used for the automated rule and will be dynamically populated with selections associated with the metric. For example, if Application Vulnerabilities is selected, then Blocker will be the criteria measure for the gate. Operator Select the required operator from the list. Note: The operator is based on the Field that was selected and will be dynamically populated with selections suitable to the field. For example, if Blocker is the field, then the following list will be the available operators: =, !=, >, or <. Value Select the required value from the list. Note: The required value is entered based on the field and operator. For example, a value of zero indicating Blocker = 0 as the rule to pass the gate. Occurrence period Select the required occurrence period for the rule from the following list: None, Minutes, Hours, Days, Weeks, or Months. Duration Enter the duration for occurrence period of the rule. Add Rule Click to add gate to the environment, which is indicated by the Gate icon on the environment label. To view gate rules, click the Gate icon. A Gate status icon is added to the applications in the environment. Note: Initially, the Gate status is indicated by a vertical gray bar located to the left of the application version. If all application versions are approved, the gate is passed and the Gate status is a green bar. If application versions are rejected, the Gate status is a red bar. Automated Rules and Manual Rules statuses Under Edit environment Gate Rules on right side of Add gate window, you can view the statuses of the Automated Rules and Manual Rules. Save Click to populate the rule on the gate. Note: For the above example of Blocker = 0, you may notice all the versions have red bar indicating each had a blocker because of a failure with security scan.