Permissions on retry

ianbrex · April 16, 2021, 11:43pm

Hi,

Currently any user in our organization can retry failed jobs on Deployment pipeline.
This can lead to an older job to run with older deployment artifacts, while the newer build was already deployed.
Would it be possible to add limitation keyword on retry, so than we can limit retry to the Admin group only? (we actually might need retries on Deployment pipelines jobs if we’re in incident and re-running whole CICD would be time consuming)

Thanks,
Ian

juanitofatas · April 19, 2021, 1:48am

Hello Ian,

Yes, it is possible to limit on who can retry by using Agent hooks (Agent hooks is our recommendation to enforce any security rules.):

You can check BUILDKITE_REBUILT_FROM_BUILD_ID (empty string when not a rebuild) and BUILDKITE_CREATOR_TEAMS to see if it is a rebuild and if the user is in Admin teams.

Hope this helps!

Cheers,
Juanito

ianbrex · April 19, 2021, 4:56pm

That is something that might work for us. Thanks a lot!

Topic		Replies	Views
Reschedule builds on other agents rather than Fail builds when agents time out or are killed (machine shut down or put to sleep) Features Requests	5	1626	December 19, 2020
Restart step in a different agent Features Requests	7	1342	March 14, 2024
Automatically retry failed steps on AGENT_STOP Features Requests	1	638	February 5, 2021
Buildkite-agent lock: what happens on failure General	4	213	November 20, 2023
Waiting for a buildkite agent to become available General	1	451	March 22, 2023

Permissions on retry

Related Topics