Implementing pipeline gates

Gates ensure that orchestrations cannot be started in an environment until the gate rule is satisfied.

About this task

A gate is a condition that determines whether an applications can run in the environment. A pipeline can have some environments with gates and some without gates. A gate condition is called a rule. You can define a rule type based on the following criteria:

Manual requires one or more responders to approve an application version before it can run in an environment. Approving a gate rule is considered passing the gate.
Note: Anyone with access to the pipeline can create gates and be assigned as a responder. Scenarios detailing approval and rejection of application versions by responders are detailed below.
- If a gate has multiple responders, one approval is sufficient for the application version to pass the gate.
- If one responder rejects the application version, the application is rejected.
- If responders both approve and reject the application version, the application is rejected.
- When you add gates to an environment, all application versions in the affected environment must be approved before a deployment can be started. You can override a failed gate, that is, a rejected application version and you may want to do this when you run applications in a test environment.

Automated leverages a metric-based system allowing you to automatically stop or advance application versions from being deployed into environments based on set conditions for the rule.
Note: Using the automated rule type will provide you with visibility on the movement status of application versions and automated governance across your pipeline.

To add a gate to an environment, complete the following steps:

Procedure

For the environment where you want to add a gate, click stage context menu

and select Add gate, and then complete the following steps.

Note: For the environment where you want to modify a gate, click stage context menu

and select Edit gate, and then complete the following steps.

In the Add gate window, click New Rule.
To use an existing rule, click Existing Rules.

In the Rule Type field, select Manual or Automated. Based on the Rule Type selected, use the following tables to add manual or automatic gates to environments.

Table 1. Manual
"Manual" Add gate option	Value / action
Name your new rule	Enter a name for the rule.
Add Approver(s)	In the list, select responders.
Add Rule	Click to add gate to the environment, which is indicated by the Gate icon on the environment label. To view gate rules, click the Gate icon. A Gate status icon is added to the applications in the environment. Note: Initially, the Gate status is indicated by a vertical gray bar located to the left of the application version. If all application versions are approved, the gate is passed and the Gate status is a green bar. If application versions are rejected, the Gate status is a red bar.
Gate status icon	For the application version with the gate, click to respond to a gate rule.
Approve	In the Version Rules window, click to approve. Note: If you are an approver for multiple rules, you can approve all or some of them and reject others. If you are not a designated responder, you can neither approve or reject the gate rule.
Automated rules and Manual rules statuses	Under Edit environment Gate Rules on right side of Add gate window, you can view the statuses of the Automated rules and Manual rules. Under Manual rules, select the Send email alert to any user that requires manual approval checkbox to receive email notification for approving the manual gates. The email notification is sent to all manual gate approvers.
Save	Click to populate the rule on the gate.

Table 2. Automated
"Automated" Add gate option	Value / action
Name your new rule	Enter a name for the rule.
Description	Enter a description for the rule.
Metric Type	Select the required metric in the list from the following: Coverage by Branch, Coverage by Function, Coverage by Line, Functional Tests, Static Code Analysis, Unit Tests, Container Vulnerabilities, or Application Vulnerabilities. Descriptions for each Metric Type can be found here.
Data Set	Select the required metric data set.
Field	Select the required field from the list. Note: The field is based on the Metric Type used for the automated rule and will be dynamically populated with selections associated with the metric. For example, if Application Vulnerabilities is selected, then Blocker will be the criteria measure for the gate.
Operator	Select the required operator from the list. Note: The operator is based on the Field that was selected and will be dynamically populated with selections suitable to the field. For example, if Blocker is the field, then the following list will be the available operators: =, !=, >, or <.
Value	Select the required value from the list. Note: The required value is entered based on the field and operator. For example, a value of zero indicating Blocker = 0 as the rule to pass the gate.
Occurrence period	Select the required occurrence period for the rule from the following list: None, Minutes, Hours, Days, Weeks, or Months.
Duration	Enter the duration for occurrence period of the rule.
Add Rule	Click to add gate to the environment, which is indicated by the Gate icon on the environment label. To view gate rules, click the Gate icon. A Gate status icon is added to the applications in the environment. Note: Initially, the Gate status is indicated by a vertical gray bar located to the left of the application version. If all application versions are approved, the gate is passed and the Gate status is a green bar. If application versions are rejected, the Gate status is a red bar.
Automated Rules and Manual Rules statuses	Under Edit environment Gate Rules on right side of Add gate window, you can view the statuses of the Automated Rules and Manual Rules.
Save	Click to populate the rule on the gate. Note: For the above example of Blocker = 0, you may notice all the versions have red bar indicating each had a blocker because of a failure with security scan.

What to do next

Run a deployment for a pipeline stage.