# Approval Process for Production Environments

To provide System Administrators and DevOps teams with an additional layer of protection against human error and unauthorized access, an approval process should be configured for production environments.

The list of individuals eligible to approve GitHub workflows is defined by the repository-level variable `GH_APPROVERS`. Each approver must be a valid GitHub account holder and added as a collaborator to the infrastructure repository.

Approval can be enabled for specific environments by setting the `APPROVAL_REQUIRED` variable to `true`. It is strongly recommended to enforce this requirement in production environments to mitigate the risk of accidental deployments or environment resets, which may lead to the deletion of citizen data.

The infrastructure repository should have issues enabled to facilitate the approval process.

**Workflow execution**

As demonstrated in the screenshot below, when approval is enabled for an environment, workflow execution will be paused. An issue will be automatically created within the infrastructure repository, and a link to this issue will appear in the workflow log.

<figure><img src="/files/ot2br75Z4NM3z87pBeVX" alt=""><figcaption></figcaption></figure>

The GitHub issue will contain a detailed description outlining exactly what needs approval.

Once the necessary approvals have been received, the workflow execution will resume.

<figure><img src="/files/BZYFlzTa3Ussof9JNwbd" alt=""><figcaption></figcaption></figure>

{% hint style="danger" %}
For workflows that involve cleaning up environments and potentially wiping all citizen data, at least three approvals are required. This ensures that a minimum of three team members review and approve such critical actions.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://documentation.opencrvs.org/v2.0/technical/guides/installation/deploy-set-up-a-server-hosted-environment/create-a-github-environment/approval-process-for-production-environments.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.