We automate our deployment to our production environment using GitHub Actions, assuming a PR gets approved then the changes in that PR automatically get deployed to production.
We recently encountered a problem whereby a workflow pipeline that was supposed to deploy to prod failed (caused by an intermittent problem) and then a few hours later someone came and hit the “Re-run jobs” button which ran all the jobs again and this time it succeeded in deploying the changes to production.
Unfortunately inbetween the pipeline failing and it being rerun another PR got approved and got successfully deployed to production. When the failed pipeline got re-ran it overwrote the changes that had already been deployed. This caused some fairly catastrophic problems for our customers so we’re keen to stop it happening again.
The simplest way to prevent it would be to not enable people to hit the “Re-run jobs” button. Is there a way to disable that button?