I use Github Actions + environments in my project.
However, there is a requirement that the reviewers to deploy in each environment must approve it in an external tool.
I can make all REST integrations easily...
My question is: Can I have a generic service_account in Github perform this approval?
for example:
You would need two jobs in parallel for the approval from the github workflow performing the deploy:
Then, from the external tool, to call the workflow back with the approval / denied message (from Joe), you could use this Github API endpoint for review pending deployments (you would need a PAT for that, could be user service account from you GitHub Organization / Team).
From the API Documentation:
Approve or reject pending deployments that are waiting on approval by a required reviewer. Required reviewers with read access to the repository contents and deployments can use this endpoint. Required reviewers must authenticate using an access token with the repo scope to use this endpoint.
Request curl:
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/OWNER/REPO/actions/runs/RUN_ID/pending_deployments \
-d '{"environment_ids":[161171787],"state":"approved","comment":"Ship it!"}'
Note
It's a bit different from what you asked, as the GitHub Action workflow wouldn't stop waiting approval, but that would be a way for the external tool to have the control regarding what is approved or not.