Open
Conversation
Introduces three new event types to model the lifecycle of an approval request in a CI/CD pipeline or workflow. Many CI/CD systems require a formal decision point before execution can continue, like a deployment to production, a release cut, or a regulated change proceeding through a pipeline. The decision may come from a human approver, an automated policy engine, an external compliance system, or any other entity capable of authorizing progression. There is currently no canonical CDEvents representation for this pattern, leaving teams to model approvals through customData or out of band mechanisms with no shared traversal or governance model. **approval.created**: emitted when an approval request is initiated. Captures the requestor and references to the approval details and the resource being gated. **approval.updated**: emitted when a non-terminal decision is recorded or when the resource target of the approval changes. Supports flows where multiple decisions may be recorded before a terminal state is reached, whether from humans, automated systems, or a combination. **approval.closed**: emitted when the approval reaches a terminal state. Captures the final decision, the responder, and the terminal status: Approved, Rejected, Cancelled, or Expired. All three events share a common core: - `approvalDetailsUrl`: reference URL to the approval request page - `resourceTargetUrl`: reference URL to the resource being gated approval.created adds: - `requestor`: the entity that initiated the approval request approval.updated and approval.closed add: - `responder`: the entity that recorded a decision (URN format) - `decision`: the decision selected by the responder approval.closed additionally adds: - `status`: example terminal state: approved, rejected, cancelled, expired - Deployment gates requiring sign-off before production rollout - Automated policy checks that must authorize pipeline progression - Regulated change management pipelines requiring auditable approval records - Multistage release workflows where approvals gate progression between environments - Compliance workflows requiring documented authorization before sensitive operations - External system integrations where a thirdparty tool must approve before execution continues
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduces three new event types to model the lifecycle of an approval request in a CI/CD pipeline or workflow.
Many CI/CD systems require a formal decision point before execution can continue, like a deployment to production, a release cut, or a regulated change proceeding through a pipeline. The decision may come from a human approver, an automated policy engine, an external compliance system, or any other entity capable of authorizing progression. There is currently no canonical CDEvents representation for this pattern, leaving teams to model approvals through customData or out of band mechanisms with no shared traversal or governance model.
approval.created: emitted when an approval request is initiated. Captures the requestor and references to the approval details and the resource being gated.
approval.updated: emitted when a non-terminal decision is recorded or when the resource target of the approval changes. Supports flows where multiple decisions may be recorded before a terminal state is reached, whether from humans, automated systems, or a combination.
approval.closed: emitted when the approval reaches a terminal state. Captures the final decision, the responder, and the terminal status: Approved, Rejected, Cancelled, or Expired.
All three events share a common core:
approvalDetailsUrl: reference URL to the approval request pageresourceTargetUrl: reference URL to the resource being gatedapproval.created adds:
requestor: the entity that initiated the approval requestapproval.updated and approval.closed add:
responder: the entity that recorded a decision (URN format)decision: the decision selected by the responderapproval.closed additionally adds:
status: example terminal state: approved, rejected, cancelled, expiredDeployment gates requiring sign-off before production rollout
Automated policy checks that must authorize pipeline progression
Regulated change management pipelines requiring auditable approval records
Multistage release workflows where approvals gate progression between environments
Compliance workflows requiring documented authorization before sensitive operations
External system integrations where a thirdparty tool must approve before execution continues