doc: manual image approval (#3649)

* image manual approval doc

* Proofread cd-pipeline.md

* Proofread triggering-cd.md

* Proofread user-access.md

* doc-images moved to s3 + fixes

---------

Co-authored-by: Shubham9t9 <shubhamkumar47022@gmai.com>
Co-authored-by: ashokdevtron <141001279+ashokdevtron@users.noreply.github.com>

docs/user-guide/creating-application/workflow/cd-pipeline.md

@@ -1,21 +1,21 @@
 # CD Pipeline
-Once you are done creating your CI pipeline, you can move start building your CD pipeline. Devtron enables you to design your CD pipeline in a way that fully automates your deployments.
+Once you are done creating your CI pipeline, you can start building your CD pipeline. Devtron enables you to design your CD pipeline in a way that fully automates your deployments.
 
 ## Creating CD Pipeline
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/workflow-cd-pipeline/workflow-cd.jpg)
 
 Click on **“+”** sign on CI Pipeline to attach a CD Pipeline to it. A basic `Create deployment modal` will pop up.
 
-![](../../../.gitbook/assets/ca-workflow-basic.png)
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/workflow-cd-pipeline/ca-workflow-basic.png)
 
 This section expects two inputs:
 
 * **Select Environment**
 * **Deployment Strategy**
 
 ### 1. Select Environment
-This section further including two inputs:
+This section further includes two inputs:
 
 **\(a\) Deploy to Environment**
 
@@ -33,9 +33,9 @@ If you already have one CD pipeline and want to add more, you can add them by cl
 Your CD pipeline can be configured for the pre-deployment stage, the deployment stage, and the post-deployment stage. You can also select the deployment strategy of your choice. You can add your configurations as explained below:
 
 
-To configure the advance CD option click on `Advance Options` at the bottom.
+To configure the advanced CD option click **Advanced Options** at the bottom.
 
-![](../../../.gitbook/assets/ca-workflow-cd-advanced.png)
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/workflow-cd-pipeline/ca-workflow-cd-advanced.png)
 
 | Key | Description |
 | :--- | :--- |
@@ -82,9 +82,22 @@ If you want to run it inside your application, then you have to check the `Execu
 
 Make sure your cluster has `devtron-agent` installed if you check the `Execute in the application Environment` option.
 
-![](../../../.gitbook/assets/cd_pre_build%20%282%29.jpg)
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/workflow-cd-pipeline/cd_pre_build_2.jpg)
 
-### 4. Deployment stage
+### 4. Manual approval for deployment
+
+When `Manual approval for deployment` is enabled, only approved images are available for deployment through the respective deployment pipeline.
+Users can specify the number of approvals required for each deployment, where the permissible limit ranges from one approval (minimum) to six approval (maximum).
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/workflow-cd-pipeline/deployment-approval.jpg)
+
+To enable manual approval for deployment, follow these steps:
+
+1. Click the deployment pipeline for which you want to enable manual approval.
+2. Turn on the ‘Manual approval for deployment’ toggle button.
+3. Select the number of approvals required for each deployment.
+
+### 5. Deployment stage
 
 **\(a\) Deploy to Environment**
 
@@ -106,21 +119,21 @@ Devtron's tool has 4 types of deployment strategies. Click on `Add Deployment st
 
 \(d\) Rolling
 
-### 5. Post-deployment Stage
+### 6. Post-deployment Stage
 
-If you want to Configure actions like Jira ticket close, that you want to run after the deployment, you can configure such actions in the post-deployment stages.
+If you want to run actions like closure of Jira ticket after the deployment, you can configure such actions in the post-deployment stages.
 
 Post-deployment stages are similar to pre-deployment stages. The difference is, pre-deployment executes before the CD pipeline execution and post-deployment executes after the CD pipeline execution. The configuration of post-deployment stages is similar to the pre-deployment stages.
 
 You can use Config Map and Secrets in post deployments as well, as defined in the Pre-Deployment stages.
 
-![](../../../.gitbook/assets/cd_post_build.jpg)
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/workflow-cd-pipeline/cd_post_build.jpg)
 
 
 Once you have configured the CD pipeline, click on `Create Pipeline` to save it. You can see your newly created CD Pipeline on the Workflow tab attached to the corresponding CI Pipeline.
 
 
-### 6. Execute in Application Environment
+### 7. Execute in Application Environment
 
 When deploying an application, we often need to perform additional tasks before or after the deployments. These tasks require extra permissions for the node where Devtron is installed. However, if the node already has the necessary permissions for deploying applications, there is no need to assign them again. Instead, you can enable the "Execute in application environment" option for the pre-CD and post-CD steps. By default, this option is disabled, and some configurations are required to enable it.
 
@@ -175,7 +188,7 @@ You can update the deployment stages and the deployment strategy of the CD Pipel
 
 To Update a CD Pipeline, go to the `App Configurations` section, Click on `Workflow editor` and then click on the CD Pipeline you want to Update.
 
-![](../../../.gitbook/assets/ca-workflow-update.gif)
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/creating-application/workflow-cd-pipeline/ca-workflow-update.gif)
 
 
 Make changes as needed and click on `Update Pipeline` to update this CD Pipeline.
@@ -268,7 +281,7 @@ It terminates the old version and releases the new one.
 
 Devtron now supports attaching multiple deployment pipelines to a single build pipeline, in its workflow editor. This feature lets you deploy an image first to stage, run tests and then deploy the same image to production.
 
-Please follow the steps mentioned below to create sequential pipelines :
+Please follow the steps mentioned below to create sequential pipelines:
 
 1. After creating CI/build pipeline, create a CD pipeline by clicking on the `+` sign on CI pipeline and configure the CD pipeline as per your requirements.
 2. To add another CD Pipeline sequentially after previous one, again click on + sign on the last CD pipeline.

docs/user-guide/deploying-application/triggering-cd.md

@@ -1,18 +1,66 @@
-# Triggering CD
+# Triggering CD Pipelines
 
-## Triggering CD Pipelines
-
-After CI pipeline is complete, CD pipeline can be triggered by clicking on `Select Image`.
+After CI pipeline is complete, CD pipeline can be triggered by clicking `Select Image`.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/select-image.jpg)
 
-Select an image to deploy and then click on `Deploy` to trigger the CD pipeline.
+Select an image to deploy and then click `Deploy` to trigger the CD pipeline.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/deploy.jpg)
 
-The current deployed images are tagged as `Deployed on <Environment name>`.
+The currently deployed images are tagged as `Active on <Environment name>`.
+
+## Manual Approval for Deployment
+
+When manual approval is enabled for the deployment pipeline, you are required to request image approval before each deployment. Alternatively, you can only deploy images that have already been approved once.
+
+When no approved image is available or if the image is already deployed, you will not see any image available for deployment upon clicking the `Select Image` button.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/no-approved-image.jpg)
+
+### Request For Image Approval
+
+To request for image approval, please follow these steps:
+
+1. Navigate to `Build & Deploy` page, and click on the `Approval for deployment` button.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/deployment-approval-button.jpg)
+
+2. Click on `Request Approval` button present on the image for which you want to request approval and the click on `Submit Request`.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/request-approval.jpg)
+
+**NOTE**: You have the option to cancel the approval request from the `Approval Pending` section.
+
+### Approve Image Approval Request
+
+To approve an image approval request, please follow these steps:
+
+1. Go to the `Build & Deploy` page and click the **Approval for deployment** button.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/deployment-approval-button.jpg)
+
+2. Switch to the `Approval Pending` tab. Here, you will find all the images that are awaiting approval.
+
+3. Click the **Approve** button, and then **Approve Request** to grant approval to the request.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/approve-request.png)
+
+### Approvers for Deployment
+
+By default, super admin users are considered as the default approvers. However, any user can be granted approver permission from the user-access section.
+
+All users with `Approver` permission for the specific application and environment are authorized to approve deployments.
+
+Please note that the user who built the image and/or requested approval cannot self-approve, even if they have super-admin privileges.
+
+`Approver` role can be provided to users via [`User Permissions`](../global-configurations/authorization/user-access.md#role-based-access-levels)
+
+After the images have been approved, navigate to the `Build and Deploy` tab and click on `Select Image`. You will find all the approved images listed under the `Approved Images` section. From this section, you can select the desired approved image and deploy it to the environment.
+
+![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/approved-images.jpg)
 
-The status of the current deployment can be viewed by Clicking on **App Details** that will show the `Progressing`state for 1-2 minutes and then gradually shows `Healthy` state or `Hibernating` state, based on the deployment strategy.
+The status of the current deployment can be viewed by clicking **App Details** that will show the `Progressing`state for 1-2 minutes and then gradually shows `Healthy` state, based on the deployment strategy.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/deploying-application/triggering-cd/app-status.jpg)
 

docs/user-guide/global-configurations/user-access.md

@@ -13,11 +13,12 @@ Access can be added to the User either directly or via Groups.
 
 Devtron supports 5 levels of access:
 
-1. **View**: User with `view` only access has the least privilege. This user can only view combination of environments, applications and helm charts on which access has been granted to the user. This user cannot view sensitive data like secrets used in applications or charts.
-2. **Build and Deploy**: In addition to `view` privilege mentioned in above, user with `build and deploy` permission can build and deploy the image of permitted applications and helm charts to permitted environments.
-3. **Admin**: User with `admin` access can create, edit, delete and view permitted applications in permitted projects.
-4. **Manager**: User with `manager` access can do everything that an `admin` type user can do, in addition they can also give and revoke access of users for the applications and environments of which they are `manager`.
-5. **Super Admin**: User with `super admin` privilege has unrestricted access to all Devtron resources. Super admin can create, modify, delete and view any Devtron resource without any restriction; its like Superman without the weakness of Kryptonite. Super Admin can also add and delete user access across any Devtron resource, add delete git repository credentials, container registry credentials, cluster and environment.
+1. **View**: Users with `view` access have the least privileges. Such users can only view combination of environments, applications and helm charts on which access has been granted to the user. They cannot view sensitive data like secrets used in applications or charts.
+2. **Build and Deploy**: In addition to `view` privilege mentioned above, users with `build and deploy` permission can build and deploy the image of permitted applications and helm charts to permitted environments.
+3. **Admin**: Users with `admin` privileges can create, edit, delete, and view permitted applications in permitted projects.
+4. **Manager**: Users with `manager` privileges can do everything that an `admin` user can do. Additionally, they can also give and revoke access of users for the applications and environments of which they are the manager.
+5. **Super Admin**: Users with `super admin` privileges have unrestricted access to all the Devtron resources. Super Admins can create, modify, delete and view any Devtron resource without any restriction; it's like Superman without the weakness of Kryptonite. Moreover, they can add and delete user access across any Devtron resource, add delete git repository credentials, container registry credentials, cluster, and environment.
+6. **Approver**: Users with `approver` privileges have the authority to approve requests for image deployment. However, the user who built the image and/or requested approval cannot self-approve, even if they have approver or super-admin privileges.
 
 ## User Roles And Permissions
 
@@ -56,19 +57,19 @@ Devtron supports 5 levels of access:
 
 To control the access of User and Group-
 
-Go to the left main panel -> `Select Global Configurations` -> Select `User Access`
+Go to the left main panel → Global Configurations` → `User Access`
 
 ## Users
 
 ### 1. Add new user
 
-Click on `Add User`, to add one or multiple users.
+Click **Add User**, to add one or multiple users.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/user-access/gc-user-access-add-user.jpg)
 
 ### 2. Create User Permissions
 
-When you click on Add User, you will see 6 options to set permission for users which are as follow:
+When you click `Add User`, you will see 6 options to set permission for users which are as follow:
 
 - Email addresses
 - Assign super admin permissions
@@ -97,7 +98,7 @@ If you check the option `Assign super admin permissions`, the user will get full
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/user-access/add-user-2.jpg)
 
-Click on `Save` and your user will be saved with super admin permissions.
+Click **Save** and your user will be saved with super admin permissions.
 
 We suggest that super admin privileges should be given to only select few.
 
@@ -115,7 +116,7 @@ Access to devtron applications can be given to user by attaching permission dire
 
 - **Project**
 
-Select a project from the drop-down to which you want to give permission to the users. You can select only one project at a time if you want to select more than one project then click `Add row`.
+Select a project from the drop-down to which you want to give permission to the users. You can select only one project at a time if you want to select more than one project then click **Add row**.
 
 - **Environment**
 
@@ -139,15 +140,15 @@ There are four different view access levels/Role available for both User and Gro
 
 You can add multiple rows, for Devtron app permission.
 
-Once you have finished assigning the appropriate permissions for the listed users, Click on `Save`.
+Once you have finished assigning the appropriate permissions for the listed users, click **Save**.
 
 ### Helm Apps Permissions
 
 Access to devtron applications can be given to user by attaching permission directly to his/her email id through the `Devtron Apps` section. This section has 4 options to manage the permissions of your users.
 
 - **Project**
 
-Select a project from the drop-down to which you want to give permission to the users. You can select only one project at a time if you want to select more than one project then click `Add row`.
+Select a project from the drop-down to which you want to give permission to the users. You can select only one project at a time if you want to select more than one project then click **Add row**.
 
 - **Environment or cluster/namespace**
 
@@ -201,17 +202,17 @@ Click on `Save`, once you have configured all the required permissions for the u
 
 ### 3. Edit User Permissions
 
-You can edit the user permissions, by clicking on the `downward arrow`.
+You can edit the user permissions, by clicking the `downward arrow`.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/user-access/edit+user+permission_dropdown_1.JPG)
 
 Then you can edit the user permissions here.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/user-access/edit+user+permission_devtron+app_2.JPG)
 
-After you have done editing the user permissions, click on `Save`.
+After you have done editing the user permissions, click **Save**.
 
-If you want to delete the user/users with particular permissions, click on `Delete`.
+If you want to delete the user/users with particular permissions, click **Delete**.
 
 ## Groups
 
@@ -221,7 +222,7 @@ You can select the group which you are creating in the `Group permissions` secti
 
 ### 1. Add new Group
 
-Go to  `Groups` and click on `Add Group`, to create a new group.
+Go to `Groups` and click **Add Group**, to create a new group.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/user-access/Add+group+permission_dashboard_1.JPG)
 
@@ -239,21 +240,21 @@ Then, control the access permissions of groups in the Devtron Apps, Helm Apps or
 
 You can add multiple rows, for the Devtron Apps and Helm Apps Permissions section.
 
-Once you have finished assigning the appropriate permissions for the listed users, Click on `Save`.
+Once you have finished assigning the appropriate permissions for the listed users, Click **Save**.
 
 ### 3. Edit Group Permissions
 
-You can edit the group permissions, by clicking on the `downward arrow.`
+You can edit the group permissions, by clicking the `downward arrow.`
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/user-access/group+permission_dropdown_4.JPG)
 
 Then you can edit the user permissions here.
 
 ![](https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/global-configurations/user-access/edit+group+permission_devtron+app_5.JPG)
 
-Once you are done editing the group permissions. Click on `Save`.
+Once you are done editing the group permissions. Click **Save**.
 
-If you want to delete the groups with particular permissions. Click on `Delete`.
+If you want to delete the groups with particular permissions. Click **Delete**.
 
 ### 4. Manage Chart Group Permissions