Branch
Protects a GitHub branch. The github.BranchProtection resource has moved to the GraphQL API, while this resource will continue to leverage the REST API. This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
const example = new github.BranchProtectionV3("example", {
repository: exampleGithubRepository.name,
branch: "main",
restrictions: {
users: ["foo-user"],
},
});Content copied to clipboard
import pulumi
import pulumi_github as github
# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
example = github.BranchProtectionV3("example",
repository=example_github_repository["name"],
branch="main",
restrictions={
"users": ["foo-user"],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Github = Pulumi.Github;
return await Deployment.RunAsync(() =>
{
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
var example = new Github.BranchProtectionV3("example", new()
{
Repository = exampleGithubRepository.Name,
Branch = "main",
Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
{
Users = new[]
{
"foo-user",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-github/sdk/v6/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
_, err := github.NewBranchProtectionV3(ctx, "example", &github.BranchProtectionV3Args{
Repository: pulumi.Any(exampleGithubRepository.Name),
Branch: pulumi.String("main"),
Restrictions: &github.BranchProtectionV3RestrictionsArgs{
Users: pulumi.StringArray{
pulumi.String("foo-user"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.BranchProtectionV3;
import com.pulumi.github.BranchProtectionV3Args;
import com.pulumi.github.inputs.BranchProtectionV3RestrictionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
var example = new BranchProtectionV3("example", BranchProtectionV3Args.builder()
.repository(exampleGithubRepository.name())
.branch("main")
.restrictions(BranchProtectionV3RestrictionsArgs.builder()
.users("foo-user")
.build())
.build());
}
}Content copied to clipboard
resources:
# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
example:
type: github:BranchProtectionV3
properties:
repository: ${exampleGithubRepository.name}
branch: main
restrictions:
users:
- foo-userContent copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.Repository;
import com.pulumi.github.RepositoryArgs;
import com.pulumi.github.Team;
import com.pulumi.github.TeamArgs;
import com.pulumi.github.BranchProtectionV3;
import com.pulumi.github.BranchProtectionV3Args;
import com.pulumi.github.inputs.BranchProtectionV3RequiredStatusChecksArgs;
import com.pulumi.github.inputs.BranchProtectionV3RequiredPullRequestReviewsArgs;
import com.pulumi.github.inputs.BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs;
import com.pulumi.github.inputs.BranchProtectionV3RestrictionsArgs;
import com.pulumi.github.TeamRepository;
import com.pulumi.github.TeamRepositoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleRepository = new Repository("exampleRepository", RepositoryArgs.builder()
.name("example")
.build());
var exampleTeam = new Team("exampleTeam", TeamArgs.builder()
.name("Example Name")
.build());
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/check" check ran by the Github Actions app is passing and only allow
// the engineers team merge to the branch.
var example = new BranchProtectionV3("example", BranchProtectionV3Args.builder()
.repository(exampleRepository.name())
.branch("main")
.enforceAdmins(true)
.requiredStatusChecks(BranchProtectionV3RequiredStatusChecksArgs.builder()
.strict(false)
.checks("ci/check:824642007264")
.build())
.requiredPullRequestReviews(BranchProtectionV3RequiredPullRequestReviewsArgs.builder()
.dismissStaleReviews(true)
.dismissalUsers("foo-user")
.dismissalTeams(exampleTeam.slug())
.dismissalApp("foo-app")
.bypassPullRequestAllowances(BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs.builder()
.users("foo-user")
.teams(exampleTeam.slug())
.apps("foo-app")
.build())
.build())
.restrictions(BranchProtectionV3RestrictionsArgs.builder()
.users("foo-user")
.teams(exampleTeam.slug())
.apps("foo-app")
.build())
.build());
var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()
.teamId(exampleTeam.id())
.repository(exampleRepository.name())
.permission("pull")
.build());
}
}Content copied to clipboard
resources:
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/check" check ran by the Github Actions app is passing and only allow
# the engineers team merge to the branch.
example:
type: github:BranchProtectionV3
properties:
repository: ${exampleRepository.name}
branch: main
enforceAdmins: true
requiredStatusChecks:
strict: false
checks:
- ci/check:824642007264
requiredPullRequestReviews:
dismissStaleReviews: true
dismissalUsers:
- foo-user
dismissalTeams:
- ${exampleTeam.slug}
dismissalApp:
- foo-app
bypassPullRequestAllowances:
users:
- foo-user
teams:
- ${exampleTeam.slug}
apps:
- foo-app
restrictions:
users:
- foo-user
teams:
- ${exampleTeam.slug}
apps:
- foo-app
exampleRepository:
type: github:Repository
name: example
properties:
name: example
exampleTeam:
type: github:Team
name: example
properties:
name: Example Name
exampleTeamRepository:
type: github:TeamRepository
name: example
properties:
teamId: ${exampleTeam.id}
repository: ${exampleRepository.name}
permission: pullContent copied to clipboard
Import
GitHub Branch Protection can be imported using an ID made up of repository:branch, e.g.
$ pulumi import github:index/branchProtectionV3:BranchProtectionV3 terraform terraform:mainContent copied to clipboard
Properties
Link copied to clipboard
Boolean, setting this to true enforces status checks for repository administrators.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The GitHub repository name.
Link copied to clipboard
Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
Link copied to clipboard
Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
Link copied to clipboard
Enforce restrictions for required status checks. See Required Status Checks below for details.
Link copied to clipboard
Boolean, setting this to true requires all commits to be signed with GPG.
Link copied to clipboard
Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.