Permissions on retry


Currently any user in our organization can retry failed jobs on Deployment pipeline.
This can lead to an older job to run with older deployment artifacts, while the newer build was already deployed.
Would it be possible to add limitation keyword on retry, so than we can limit retry to the Admin group only? (we actually might need retries on Deployment pipelines jobs if we’re in incident and re-running whole CICD would be time consuming)


Hello Ian,

Yes, it is possible to limit on who can retry by using Agent hooks (Agent hooks is our recommendation to enforce any security rules.):

You can check BUILDKITE_REBUILT_FROM_BUILD_ID (empty string when not a rebuild) and BUILDKITE_CREATOR_TEAMS to see if it is a rebuild and if the user is in Admin teams.

Hope this helps!


That is something that might work for us. Thanks a lot!