githubcontinuous-integrationgithub-actionscontinuous-deploymentcontinuous-delivery

How to check if the job was rejected in GitHub actions workflow?

Is there any way to determine in a workflow if the job that waited for approval was manually rejected? I know that manually rejected jobs now have the failure status, but it's not an error in job execution, it's an expected behavior if I manually reject it (for example I reject a job for deployment to the production environment). And if I need to send the Slack notification as a last job in case of any failure in the job using if: ${{ failure() }} condition, it also sends a notification when one of the previous jobs was manually rejected.

Solution

  • A solution-workaround has been found for this problem. It's possible to differentiate a really failed job from the rejected one via setting an output parameter for the job that require manual approval/rejection and use it afterwards in the downstream job where we want to check if there's a real failure in workflow or a job rejection performed manually.

    jobs:
  job1:
    runs-on: ubuntu-latest
    environment: staging
    outputs:
      approved: ${{ steps.set-outputs.approved }}
    steps:
      - name: Set outputs
        id: set-outputs
        run: |
          echo "approved=true" >> $GITHUB_OUTPUT

  job2:
    runs-on: ubuntu-latest
    environment: prod
    outputs:
      approved: ${{ steps.set-outputs.approved }}
    steps:
      - name: Set outputs
        id: set-outputs
        run: |
          echo "approved=true" >> $GITHUB_OUTPUT

  notify-on-error:
    runs-on: ubuntu-latest
    if: ${{ failure() && github.event_name == 'push'
      && (needs.job1.result != 'failure' || (needs.job1.result == 'failure' && needs.job1.outputs.approved == 'true'))
      && (needs.job2.result != 'failure' || (needs.job2.result == 'failure' && needs.job2.outputs.approved == 'true')) }}
    steps:
      - name: Slack Notification
        ...

    This configuration works well, but it will not cover the following case: if the job that requires manual approval was approved and then failed during the execution, if we re-run it and reject it, it will be treated as failed job. It’s only relevant for re-running particularly this job via clicking the circle with arrows or via “Re-run failed jobs” option. For “Re-run all jobs” option everything works well in this case.