livebook-dev/livebook
1
1
Fork 0
mirror of https://github.com/livebook-dev/livebook.git synced 2025-09-05 04:24:21 +08:00
Code Issues Projects Releases Packages Wiki Activity

Docs for deploy permissions (#3050)

Browse source
This commit is contained in:
Hugo Baraúna 2025-08-27 11:48:01 -04:00 committed by GitHub
parent 7c348d9c20
commit 62f85951b8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 62 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
docs/teams/deploy_permissions.md Normal file
View file

@ -0,0 +1,51 @@
# Deploy permissions
Deploy permissions allow you to control who can deploy apps to your deployment groups.
## Configuration
### Enable deployment restrictions
To enable deploy permissions for a deployment group:
1. Log in to Livebook Teams
2. Navigate to the **Deployments** panel
3. Click **Edit** of the deployment group where you want to configure deploy permissions
4. Click **Deploy permissions** in the sidebar
5. Toggle **Restrict deployment access** to enable the feature
Once enabled, only explicitly authorized users and organization tokens will be able to deploy apps to this deployment group.
### Add user permissions
To authorize individual users for deployment:
1. In the **Users** section, click **Add user**
2. Select the user from your organization members
3. Click **Authorize users** to grant them deployment permissions
### Add organization token permissions
Organization tokens are commonly used for [CI/CD pipelines and automated deployments](deploy_via_cli.md). To authorize an organization token:
1. In the **Org tokens** section, click **Add org token**
2. Select the organization token you want to authorize
3. Click **Authorize org tokens** to grant them deployment permissions
## Use cases
### Allow deployment only via CI/CD pipeline
Set up automated deployments while restricting manual deployments:
1. Create an organization token for your CI/CD system
2. Enable **Restrict deployment access** for a deployment group
3. Add only the CI/CD organization token to **Org tokens**
4. Remove or limit user-level deployment permissions
### Deployment permissions per environment
Use different deployment permission policies across environments:
- **Staging deployment group**: Allow developers to directly deploy apps from their Livebooks for rapid iteration
- **Production deployment group**: Restrict deployments only to a CI/CD org token

13
docs/teams/intro_to_teams.md
View file

@ -1,17 +1,24 @@
# Intro to Livebook Teams
[Livebook Teams](https://livebook.dev/teams/?ref=docs) enables you to deploy Livebook apps to your own infrastructure.
[Livebook Teams](https://livebook.dev/teams/?ref=docs) enables you to deploy notebooks as internal apps or turn Livebook into a controlled environment for runbooks and production operations.
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/lwLx5beXxsg?si=husANqYhTc3rXAZS" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
Besides deployment automation, it also offers the following features:
Livebook Teams integrates with Livebook, offering the following feautures on top of it:
- Authentication via multiple identity providers:
- Deploy notebooks as internal apps to your infrastructure
- [Deploy Livebook apps from Livebook](deploy_app.md)
- [Deploy Livebook apps from the CLI](deploy_via_cli.md)
- Deployment authorization
- [Authorize who can deploy Livebook apps to your servers](deploy_permissions.md)
- Authenticate who can can access your Livebook app servers and Livebook apps via multiple identity providers:
- Livebook Teams
- [Email-domain (Google, Microsoft, etc)](email_domain.md)
- [OIDC (Okta, Microsoft Entra, etc)](oidc_sso.md)
- Authorization
- [based on groups from an OIDC identity provider (Okta, Microsoft Entra, etc)](oidc_groups.md)
- Audit logs
- Log to `STDOUT` the identity of the authenticaded person, what piece of code they executed in a notebook inside your Livebook app server, and when
- [Shared Livebook secrets](shared_secrets.md)
- [Shared Livebook file storages](shared_file_storages.md)

1
mix.exs
View file

@ -259,6 +259,7 @@ defmodule Livebook.MixProject do
"docs/teams/intro_to_teams.md",
{"docs/teams/deploy_app.md", title: "Deploy Livebook apps"},
{"docs/teams/deploy_via_cli.md", title: "Deploy Livebook apps via CLI"},
"docs/teams/deploy_permissions.md",
{"docs/teams/email_domain.md", title: "Email domain auth"},
{"docs/teams/oidc_sso.md", title: "OIDC SSO"},
"docs/teams/oidc_groups.md",