Branch
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
const exampleRepository = new github.Repository("example", {name: "test"});
const example = github.getUser({
username: "example",
});
const exampleTeam = new github.Team("example", {name: "Example Name"});
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
const exampleBranchProtection = new github.BranchProtection("example", {
repositoryId: exampleRepository.nodeId,
pattern: "main",
enforceAdmins: true,
allowsDeletions: true,
requiredStatusChecks: [{
strict: false,
contexts: ["ci/travis"],
}],
requiredPullRequestReviews: [{
dismissStaleReviews: true,
restrictDismissals: true,
dismissalRestrictions: [
example.then(example => example.nodeId),
exampleTeam.nodeId,
"/exampleuser",
"exampleorganization/exampleteam",
],
}],
restrictPushes: [{
pushAllowances: [
example.then(example => example.nodeId),
"/exampleuser",
"exampleorganization/exampleteam",
],
}],
forcePushBypassers: [
example.then(example => example.nodeId),
"/exampleuser",
"exampleorganization/exampleteam",
],
});
const exampleTeamRepository = new github.TeamRepository("example", {
teamId: exampleTeam.id,
repository: exampleRepository.name,
permission: "pull",
});Content copied to clipboard
import pulumi
import pulumi_github as github
example_repository = github.Repository("example", name="test")
example = github.get_user(username="example")
example_team = github.Team("example", name="Example Name")
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/travis" context to be passing and only allow the engineers team merge
# to the branch.
example_branch_protection = github.BranchProtection("example",
repository_id=example_repository.node_id,
pattern="main",
enforce_admins=True,
allows_deletions=True,
required_status_checks=[{
"strict": False,
"contexts": ["ci/travis"],
}],
required_pull_request_reviews=[{
"dismiss_stale_reviews": True,
"restrict_dismissals": True,
"dismissal_restrictions": [
example.node_id,
example_team.node_id,
"/exampleuser",
"exampleorganization/exampleteam",
],
}],
restrict_pushes=[{
"push_allowances": [
example.node_id,
"/exampleuser",
"exampleorganization/exampleteam",
],
}],
force_push_bypassers=[
example.node_id,
"/exampleuser",
"exampleorganization/exampleteam",
])
example_team_repository = github.TeamRepository("example",
team_id=example_team.id,
repository=example_repository.name,
permission="pull")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Github = Pulumi.Github;
return await Deployment.RunAsync(() =>
{
var exampleRepository = new Github.Repository("example", new()
{
Name = "test",
});
var example = Github.GetUser.Invoke(new()
{
Username = "example",
});
var exampleTeam = new Github.Team("example", new()
{
Name = "Example Name",
});
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
var exampleBranchProtection = new Github.BranchProtection("example", new()
{
RepositoryId = exampleRepository.NodeId,
Pattern = "main",
EnforceAdmins = true,
AllowsDeletions = true,
RequiredStatusChecks = new[]
{
new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
{
Strict = false,
Contexts = new[]
{
"ci/travis",
},
},
},
RequiredPullRequestReviews = new[]
{
new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
{
DismissStaleReviews = true,
RestrictDismissals = true,
DismissalRestrictions = new[]
{
example.Apply(getUserResult => getUserResult.NodeId),
exampleTeam.NodeId,
"/exampleuser",
"exampleorganization/exampleteam",
},
},
},
RestrictPushes = new[]
{
new Github.Inputs.BranchProtectionRestrictPushArgs
{
PushAllowances = new[]
{
example.Apply(getUserResult => getUserResult.NodeId),
"/exampleuser",
"exampleorganization/exampleteam",
},
},
},
ForcePushBypassers = new[]
{
example.Apply(getUserResult => getUserResult.NodeId),
"/exampleuser",
"exampleorganization/exampleteam",
},
});
var exampleTeamRepository = new Github.TeamRepository("example", new()
{
TeamId = exampleTeam.Id,
Repository = exampleRepository.Name,
Permission = "pull",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-github/sdk/v6/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleRepository, err := github.NewRepository(ctx, "example", &github.RepositoryArgs{
Name: pulumi.String("test"),
})
if err != nil {
return err
}
example, err := github.GetUser(ctx, &github.GetUserArgs{
Username: "example",
}, nil)
if err != nil {
return err
}
exampleTeam, err := github.NewTeam(ctx, "example", &github.TeamArgs{
Name: pulumi.String("Example Name"),
})
if err != nil {
return err
}
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
_, err = github.NewBranchProtection(ctx, "example", &github.BranchProtectionArgs{
RepositoryId: exampleRepository.NodeId,
Pattern: pulumi.String("main"),
EnforceAdmins: pulumi.Bool(true),
AllowsDeletions: pulumi.Bool(true),
RequiredStatusChecks: github.BranchProtectionRequiredStatusCheckArray{
&github.BranchProtectionRequiredStatusCheckArgs{
Strict: pulumi.Bool(false),
Contexts: pulumi.StringArray{
pulumi.String("ci/travis"),
},
},
},
RequiredPullRequestReviews: github.BranchProtectionRequiredPullRequestReviewArray{
&github.BranchProtectionRequiredPullRequestReviewArgs{
DismissStaleReviews: pulumi.Bool(true),
RestrictDismissals: pulumi.Bool(true),
DismissalRestrictions: pulumi.StringArray{
pulumi.String(example.NodeId),
exampleTeam.NodeId,
pulumi.String("/exampleuser"),
pulumi.String("exampleorganization/exampleteam"),
},
},
},
RestrictPushes: github.BranchProtectionRestrictPushArray{
&github.BranchProtectionRestrictPushArgs{
PushAllowances: pulumi.StringArray{
pulumi.String(example.NodeId),
pulumi.String("/exampleuser"),
pulumi.String("exampleorganization/exampleteam"),
},
},
},
ForcePushBypassers: pulumi.StringArray{
pulumi.String(example.NodeId),
pulumi.String("/exampleuser"),
pulumi.String("exampleorganization/exampleteam"),
},
})
if err != nil {
return err
}
_, err = github.NewTeamRepository(ctx, "example", &github.TeamRepositoryArgs{
TeamId: exampleTeam.ID(),
Repository: exampleRepository.Name,
Permission: pulumi.String("pull"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.Repository;
import com.pulumi.github.RepositoryArgs;
import com.pulumi.github.GithubFunctions;
import com.pulumi.github.inputs.GetUserArgs;
import com.pulumi.github.Team;
import com.pulumi.github.TeamArgs;
import com.pulumi.github.BranchProtection;
import com.pulumi.github.BranchProtectionArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredStatusCheckArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredPullRequestReviewArgs;
import com.pulumi.github.inputs.BranchProtectionRestrictPushArgs;
import com.pulumi.github.TeamRepository;
import com.pulumi.github.TeamRepositoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleRepository = new Repository("exampleRepository", RepositoryArgs.builder()
.name("test")
.build());
final var example = GithubFunctions.getUser(GetUserArgs.builder()
.username("example")
.build());
var exampleTeam = new Team("exampleTeam", TeamArgs.builder()
.name("Example Name")
.build());
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
var exampleBranchProtection = new BranchProtection("exampleBranchProtection", BranchProtectionArgs.builder()
.repositoryId(exampleRepository.nodeId())
.pattern("main")
.enforceAdmins(true)
.allowsDeletions(true)
.requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
.strict(false)
.contexts("ci/travis")
.build())
.requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
.dismissStaleReviews(true)
.restrictDismissals(true)
.dismissalRestrictions(
example.nodeId(),
exampleTeam.nodeId(),
"/exampleuser",
"exampleorganization/exampleteam")
.build())
.restrictPushes(BranchProtectionRestrictPushArgs.builder()
.pushAllowances(
example.nodeId(),
"/exampleuser",
"exampleorganization/exampleteam")
.build())
.forcePushBypassers(
example.nodeId(),
"/exampleuser",
"exampleorganization/exampleteam")
.build());
var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()
.teamId(exampleTeam.id())
.repository(exampleRepository.name())
.permission("pull")
.build());
}
}Content copied to clipboard
resources:
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/travis" context to be passing and only allow the engineers team merge
# to the branch.
exampleBranchProtection:
type: github:BranchProtection
name: example
properties:
repositoryId: ${exampleRepository.nodeId}
pattern: main
enforceAdmins: true
allowsDeletions: true
requiredStatusChecks:
- strict: false
contexts:
- ci/travis
requiredPullRequestReviews:
- dismissStaleReviews: true
restrictDismissals: true
dismissalRestrictions:
- ${example.nodeId}
- ${exampleTeam.nodeId}
- /exampleuser
- exampleorganization/exampleteam
restrictPushes:
- pushAllowances:
- ${example.nodeId}
- /exampleuser
- exampleorganization/exampleteam
forcePushBypassers:
- ${example.nodeId}
- /exampleuser
- exampleorganization/exampleteam
exampleRepository:
type: github:Repository
name: example
properties:
name: test
exampleTeam:
type: github:Team
name: example
properties:
name: Example Name
exampleTeamRepository:
type: github:TeamRepository
name: example
properties:
teamId: ${exampleTeam.id}
repository: ${exampleRepository.name}
permission: pull
variables:
example:
fn::invoke:
function: github:getUser
arguments:
username: exampleContent copied to clipboard
Import
GitHub Branch Protection can be imported using an ID made up of repository:pattern, e.g.
$ pulumi import github:index/branchProtection:BranchProtection terraform terraform:mainContent copied to clipboard
Properties
Link copied to clipboard
Boolean, setting this to true to allow the branch to be deleted.
Link copied to clipboard
Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
Link copied to clipboard
Boolean, setting this to true enforces status checks for repository administrators.
Link copied to clipboard
The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
Link copied to clipboard
Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The name or node ID of the repository associated with this branch protection rule.
Link copied to clipboard
Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
Link copied to clipboard
Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
Link copied to clipboard
Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
Link copied to clipboard
Enforce restrictions for required status checks. See Required Status Checks below for details.
Link copied to clipboard
Boolean, setting this to true requires all commits to be signed with GPG.
Link copied to clipboard
Restrict pushes to matching branches. See Restrict Pushes below for details.