受保护环境 API

引入于极狐GitLab 12.8。

有效访问级别

ProtectedEnvironment::DeployAccessLevel::ALLOWED_ACCESS_LEVELS 方法中定义了访问级别。当前级别为:

30 => Developer access
40 => Maintainer access
60 => Admin access

群组继承类型

群组继承允许部署访问级别和访问规则以考虑继承的群组成员身份。群组继承类型由 ProtectedEnvironments::Authorizable::GROUP_INHERITANCE_TYPE 定义。 可识别以下类型:

0 => Direct group membership only (default)
1 => All inherited groups

列出受保护环境

从项目中获取受保护环境的列表:

GET /projects/:id/protected_environments
参数 类型 是否必需 描述
id integer/string yes 授权用户拥有的 ID 或 URL 编码的项目路径
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_environments/"

响应示例:

[
   {
      "name":"production",
      "deploy_access_levels":[
         {
            "access_level":40,
            "access_level_description":"Maintainers",
            "user_id":null,
            "group_id":null,
            "group_inheritance_type": 0
         }
      ],
     "required_approval_count": 0
   }
]

获取单个受保护环境

获取单个受保护环境:

GET /projects/:id/protected_environments/:name
参数 类型 是否必需 描述
id integer/string yes 授权用户拥有的 ID 或 URL 编码的项目路径
name string yes 受保护环境的名称
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_environments/production"

响应示例:

{
   "name":"production",
   "deploy_access_levels":[
      {
         "access_level": 40,
         "access_level_description": "Maintainers",
         "user_id": null,
         "group_id": null,
         "group_inheritance_type": 0
      }
   ],
  "required_approval_count": 0
}

保护仓库环境

保护单个环境:

POST /projects/:id/protected_environments
curl --header 'Content-Type: application/json' --request POST \
     --data '{"name": "production", "deploy_access_levels": [{"group_id": 9899826}], "approval_rules": [{"group_id": 134}, {"group_id": 135, "required_approvals": 2}]}' \
     --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/22034114/protected_environments"
参数 类型 是否必需 描述
id integer/string yes 授权用户拥有的 ID 或 URL 编码的项目路径
name string yes 环境名称
deploy_access_levels array yes 允许部署的访问级别阵列,每个由哈希进行描述
required_approval_count integer no 要求部署到此环境的批准数量。是部署批准的一部分,暂不可用
approval_rules array no 允许批准的访问级别阵列,每个由哈希进行描述。详情请参见多个批准规则

deploy_access_levelsapproval_rules 阵列中的元素应该是 user_idgroup_idaccess_level,且格式为 {user_id: integer}{group_id: integer}{access_level: integer}。(可选)您可以在每个上面将 group_inheritance_type 指定为有效群组继承类型

用户需要有项目的访问权限且每个群组必须分享此群组

响应示例:

{
   "name": "production",
   "deploy_access_levels": [
      {
         "access_level": 40,
         "access_level_description": "protected-access-group",
         "user_id": null,
         "group_id": 9899826,
         "group_inheritance_type": 0
      }
   ],
  "required_approval_count": 0,
  "approval_rules": [
    {
      "user_id": null,
      "group_id": 134,
      "access_level": null,
      "access_level_description": "qa-group",
      "required_approvals": 1,
      "group_inheritance_type": 0
    },
    {
      "user_id": null,
      "group_id": 135,
      "access_level": null,
      "access_level_description": "security-group",
      "required_approvals": 2,
      "group_inheritance_type": 0
    }
  ]
}

取消保护环境

取消保护特定的受保护的环境:

DELETE /projects/:id/protected_environments/:name
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_environments/staging"
参数 类型 是否必需 描述
id integer/string yes 授权用户拥有的 ID 或 URL 编码的项目路径
name string yes 受保护环境的名称