Permissions on retry

ianbrex · April 16, 2021, 11:43pm

Hi,

Currently any user in our organization can retry failed jobs on Deployment pipeline.
This can lead to an older job to run with older deployment artifacts, while the newer build was already deployed.
Would it be possible to add limitation keyword on retry, so than we can limit retry to the Admin group only? (we actually might need retries on Deployment pipelines jobs if we’re in incident and re-running whole CICD would be time consuming)

Thanks,
Ian

juanitofatas · April 19, 2021, 1:48am

Hello Ian,

Yes, it is possible to limit on who can retry by using Agent hooks (Agent hooks is our recommendation to enforce any security rules.):

You can check BUILDKITE_REBUILT_FROM_BUILD_ID (empty string when not a rebuild) and BUILDKITE_CREATOR_TEAMS to see if it is a rebuild and if the user is in Admin teams.

Hope this helps!

Cheers,
Juanito

ianbrex · April 19, 2021, 4:56pm

That is something that might work for us. Thanks a lot!

Topic		Replies	Views
Reschedule builds on other agents rather than Fail builds when agents time out or are killed (machine shut down or put to sleep) Features Requests	5	1740	December 19, 2020
Manual retry limit Features Requests	3	407	August 31, 2021
Is there a way to trigger a retry on specific job from the api Pipelines	5	98	August 4, 2024
Allow manual Retry only on latest pipeline for a branch? Pipelines	3	184	April 2, 2024
Restart step in a different agent Features Requests	7	1565	March 14, 2024

Permissions on retry

Related topics