GitHub

Pulumi Official
Package maintained by Pulumi
v4.15.1 published on Wednesday, Aug 10, 2022 by Pulumi

BranchProtection

Protects a GitHub branch.

This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Github = Pulumi.Github;

return await Deployment.RunAsync(() => 
{
    var exampleRepository = new Github.Repository("exampleRepository");

    var exampleUser = Github.GetUser.Invoke(new()
    {
        Username = "example",
    });

    var exampleTeam = new Github.Team("exampleTeam");

    // Protect the main branch of the foo repository. Additionally, require that
    // the "ci/travis" context to be passing and only allow the engineers team merge
    // to the branch.
    var exampleBranchProtection = new Github.BranchProtection("exampleBranchProtection", new()
    {
        RepositoryId = exampleRepository.NodeId,
        Pattern = "main",
        EnforceAdmins = true,
        AllowsDeletions = true,
        RequiredStatusChecks = new[]
        {
            new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
            {
                Strict = false,
                Contexts = new[]
                {
                    "ci/travis",
                },
            },
        },
        RequiredPullRequestReviews = new[]
        {
            new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
            {
                DismissStaleReviews = true,
                RestrictDismissals = true,
                DismissalRestrictions = new[]
                {
                    exampleUser.Apply(getUserResult => getUserResult.NodeId),
                    exampleTeam.NodeId,
                },
            },
        },
        PushRestrictions = new[]
        {
            exampleUser.Apply(getUserResult => getUserResult.NodeId),
        },
    });

    var exampleTeamRepository = new Github.TeamRepository("exampleTeamRepository", new()
    {
        TeamId = exampleTeam.Id,
        Repository = exampleRepository.Name,
        Permission = "pull",
    });

});
package main

import (
	"github.com/pulumi/pulumi-github/sdk/v4/go/github"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleRepository, err := github.NewRepository(ctx, "exampleRepository", nil)
		if err != nil {
			return err
		}
		exampleUser, err := github.GetUser(ctx, &GetUserArgs{
			Username: "example",
		}, nil)
		if err != nil {
			return err
		}
		exampleTeam, err := github.NewTeam(ctx, "exampleTeam", nil)
		if err != nil {
			return err
		}
		_, err = github.NewBranchProtection(ctx, "exampleBranchProtection", &github.BranchProtectionArgs{
			RepositoryId:    exampleRepository.NodeId,
			Pattern:         pulumi.String("main"),
			EnforceAdmins:   pulumi.Bool(true),
			AllowsDeletions: pulumi.Bool(true),
			RequiredStatusChecks: BranchProtectionRequiredStatusCheckArray{
				&BranchProtectionRequiredStatusCheckArgs{
					Strict: pulumi.Bool(false),
					Contexts: pulumi.StringArray{
						pulumi.String("ci/travis"),
					},
				},
			},
			RequiredPullRequestReviews: BranchProtectionRequiredPullRequestReviewArray{
				&BranchProtectionRequiredPullRequestReviewArgs{
					DismissStaleReviews: pulumi.Bool(true),
					RestrictDismissals:  pulumi.Bool(true),
					DismissalRestrictions: pulumi.StringArray{
						pulumi.String(exampleUser.NodeId),
						exampleTeam.NodeId,
					},
				},
			},
			PushRestrictions: pulumi.StringArray{
				pulumi.String(exampleUser.NodeId),
			},
		})
		if err != nil {
			return err
		}
		_, err = github.NewTeamRepository(ctx, "exampleTeamRepository", &github.TeamRepositoryArgs{
			TeamId:     exampleTeam.ID(),
			Repository: exampleRepository.Name,
			Permission: pulumi.String("pull"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.Repository;
import com.pulumi.github.GithubFunctions;
import com.pulumi.github.inputs.GetUserArgs;
import com.pulumi.github.Team;
import com.pulumi.github.BranchProtection;
import com.pulumi.github.BranchProtectionArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredStatusCheckArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredPullRequestReviewArgs;
import com.pulumi.github.TeamRepository;
import com.pulumi.github.TeamRepositoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleRepository = new Repository("exampleRepository");

        final var exampleUser = GithubFunctions.getUser(GetUserArgs.builder()
            .username("example")
            .build());

        var exampleTeam = new Team("exampleTeam");

        var exampleBranchProtection = new BranchProtection("exampleBranchProtection", BranchProtectionArgs.builder()        
            .repositoryId(exampleRepository.nodeId())
            .pattern("main")
            .enforceAdmins(true)
            .allowsDeletions(true)
            .requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
                .strict(false)
                .contexts("ci/travis")
                .build())
            .requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
                .dismissStaleReviews(true)
                .restrictDismissals(true)
                .dismissalRestrictions(                
                    exampleUser.applyValue(getUserResult -> getUserResult.nodeId()),
                    exampleTeam.nodeId())
                .build())
            .pushRestrictions(exampleUser.applyValue(getUserResult -> getUserResult.nodeId()))
            .build());

        var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()        
            .teamId(exampleTeam.id())
            .repository(exampleRepository.name())
            .permission("pull")
            .build());

    }
}
import pulumi
import pulumi_github as github

example_repository = github.Repository("exampleRepository")
example_user = github.get_user(username="example")
example_team = github.Team("exampleTeam")
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/travis" context to be passing and only allow the engineers team merge
# to the branch.
example_branch_protection = github.BranchProtection("exampleBranchProtection",
    repository_id=example_repository.node_id,
    pattern="main",
    enforce_admins=True,
    allows_deletions=True,
    required_status_checks=[github.BranchProtectionRequiredStatusCheckArgs(
        strict=False,
        contexts=["ci/travis"],
    )],
    required_pull_request_reviews=[github.BranchProtectionRequiredPullRequestReviewArgs(
        dismiss_stale_reviews=True,
        restrict_dismissals=True,
        dismissal_restrictions=[
            example_user.node_id,
            example_team.node_id,
        ],
    )],
    push_restrictions=[example_user.node_id])
example_team_repository = github.TeamRepository("exampleTeamRepository",
    team_id=example_team.id,
    repository=example_repository.name,
    permission="pull")
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";

const exampleRepository = new github.Repository("exampleRepository", {});
const exampleUser = github.getUser({
    username: "example",
});
const exampleTeam = new github.Team("exampleTeam", {});
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
const exampleBranchProtection = new github.BranchProtection("exampleBranchProtection", {
    repositoryId: exampleRepository.nodeId,
    pattern: "main",
    enforceAdmins: true,
    allowsDeletions: true,
    requiredStatusChecks: [{
        strict: false,
        contexts: ["ci/travis"],
    }],
    requiredPullRequestReviews: [{
        dismissStaleReviews: true,
        restrictDismissals: true,
        dismissalRestrictions: [
            exampleUser.then(exampleUser => exampleUser.nodeId),
            exampleTeam.nodeId,
        ],
    }],
    pushRestrictions: [exampleUser.then(exampleUser => exampleUser.nodeId)],
});
const exampleTeamRepository = new github.TeamRepository("exampleTeamRepository", {
    teamId: exampleTeam.id,
    repository: exampleRepository.name,
    permission: "pull",
});
resources:
  # Protect the main branch of the foo repository. Additionally, require that
  # the "ci/travis" context to be passing and only allow the engineers team merge
  # to the branch.
  exampleBranchProtection:
    type: github:BranchProtection
    properties:
      repositoryId: ${exampleRepository.nodeId} # also accepts repository name
      #   # repository_id  = github_repository.example.name
      pattern: main
      enforceAdmins: true
      allowsDeletions: true
      requiredStatusChecks:
        - strict: false
          contexts:
            - ci/travis
      requiredPullRequestReviews:
        - dismissStaleReviews: true
          restrictDismissals: true
          dismissalRestrictions:
            - ${exampleUser.nodeId}
            - ${exampleTeam.nodeId}
      pushRestrictions:
        - ${exampleUser.nodeId}
  exampleRepository:
    type: github:Repository
  exampleTeam:
    type: github:Team
  exampleTeamRepository:
    type: github:TeamRepository
    properties:
      teamId: ${exampleTeam.id}
      repository: ${exampleRepository.name}
      permission: pull
variables:
  exampleUser:
    Fn::Invoke:
      Function: github:getUser
      Arguments:
        username: example

Create a BranchProtection Resource

new BranchProtection(name: string, args: BranchProtectionArgs, opts?: CustomResourceOptions);
@overload
def BranchProtection(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     allows_deletions: Optional[bool] = None,
                     allows_force_pushes: Optional[bool] = None,
                     blocks_creations: Optional[bool] = None,
                     enforce_admins: Optional[bool] = None,
                     pattern: Optional[str] = None,
                     push_restrictions: Optional[Sequence[str]] = None,
                     repository_id: Optional[str] = None,
                     require_conversation_resolution: Optional[bool] = None,
                     require_signed_commits: Optional[bool] = None,
                     required_linear_history: Optional[bool] = None,
                     required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
                     required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None)
@overload
def BranchProtection(resource_name: str,
                     args: BranchProtectionArgs,
                     opts: Optional[ResourceOptions] = None)
func NewBranchProtection(ctx *Context, name string, args BranchProtectionArgs, opts ...ResourceOption) (*BranchProtection, error)
public BranchProtection(string name, BranchProtectionArgs args, CustomResourceOptions? opts = null)
public BranchProtection(String name, BranchProtectionArgs args)
public BranchProtection(String name, BranchProtectionArgs args, CustomResourceOptions options)
type: github:BranchProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args BranchProtectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args BranchProtectionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args BranchProtectionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args BranchProtectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args BranchProtectionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

BranchProtection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The BranchProtection resource accepts the following input properties:

Pattern string

Identifies the protection rule pattern.

RepositoryId string

The name or node ID of the repository associated with this branch protection rule.

AllowsDeletions bool

Boolean, setting this to true to allow the branch to be deleted.

AllowsForcePushes bool

Boolean, setting this to true to allow force pushes on the branch.

BlocksCreations bool

Boolean, setting this to true to block creating the branch.

EnforceAdmins bool

Boolean, setting this to true enforces status checks for repository administrators.

PushRestrictions List<string>

The list of actor IDs that may push to the branch.

RequireConversationResolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

RequireSignedCommits bool

Boolean, setting this to true requires all commits to be signed with GPG.

RequiredLinearHistory bool

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

RequiredPullRequestReviews List<BranchProtectionRequiredPullRequestReviewArgs>

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

RequiredStatusChecks List<BranchProtectionRequiredStatusCheckArgs>

Enforce restrictions for required status checks. See Required Status Checks below for details.

Pattern string

Identifies the protection rule pattern.

RepositoryId string

The name or node ID of the repository associated with this branch protection rule.

AllowsDeletions bool

Boolean, setting this to true to allow the branch to be deleted.

AllowsForcePushes bool

Boolean, setting this to true to allow force pushes on the branch.

BlocksCreations bool

Boolean, setting this to true to block creating the branch.

EnforceAdmins bool

Boolean, setting this to true enforces status checks for repository administrators.

PushRestrictions []string

The list of actor IDs that may push to the branch.

RequireConversationResolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

RequireSignedCommits bool

Boolean, setting this to true requires all commits to be signed with GPG.

RequiredLinearHistory bool

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

RequiredPullRequestReviews []BranchProtectionRequiredPullRequestReviewArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

RequiredStatusChecks []BranchProtectionRequiredStatusCheckArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

pattern String

Identifies the protection rule pattern.

repositoryId String

The name or node ID of the repository associated with this branch protection rule.

allowsDeletions Boolean

Boolean, setting this to true to allow the branch to be deleted.

allowsForcePushes Boolean

Boolean, setting this to true to allow force pushes on the branch.

blocksCreations Boolean

Boolean, setting this to true to block creating the branch.

enforceAdmins Boolean

Boolean, setting this to true enforces status checks for repository administrators.

pushRestrictions List<String>

The list of actor IDs that may push to the branch.

requireConversationResolution Boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits Boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredLinearHistory Boolean

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

requiredPullRequestReviews List<BranchProtectionRequiredPullRequestReviewArgs>

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks List<BranchProtectionRequiredStatusCheckArgs>

Enforce restrictions for required status checks. See Required Status Checks below for details.

pattern string

Identifies the protection rule pattern.

repositoryId string

The name or node ID of the repository associated with this branch protection rule.

allowsDeletions boolean

Boolean, setting this to true to allow the branch to be deleted.

allowsForcePushes boolean

Boolean, setting this to true to allow force pushes on the branch.

blocksCreations boolean

Boolean, setting this to true to block creating the branch.

enforceAdmins boolean

Boolean, setting this to true enforces status checks for repository administrators.

pushRestrictions string[]

The list of actor IDs that may push to the branch.

requireConversationResolution boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredLinearHistory boolean

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

requiredPullRequestReviews BranchProtectionRequiredPullRequestReviewArgs[]

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks BranchProtectionRequiredStatusCheckArgs[]

Enforce restrictions for required status checks. See Required Status Checks below for details.

pattern str

Identifies the protection rule pattern.

repository_id str

The name or node ID of the repository associated with this branch protection rule.

allows_deletions bool

Boolean, setting this to true to allow the branch to be deleted.

allows_force_pushes bool

Boolean, setting this to true to allow force pushes on the branch.

blocks_creations bool

Boolean, setting this to true to block creating the branch.

enforce_admins bool

Boolean, setting this to true enforces status checks for repository administrators.

push_restrictions Sequence[str]

The list of actor IDs that may push to the branch.

require_conversation_resolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

require_signed_commits bool

Boolean, setting this to true requires all commits to be signed with GPG.

required_linear_history bool

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

required_pull_request_reviews Sequence[BranchProtectionRequiredPullRequestReviewArgs]

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

required_status_checks Sequence[BranchProtectionRequiredStatusCheckArgs]

Enforce restrictions for required status checks. See Required Status Checks below for details.

pattern String

Identifies the protection rule pattern.

repositoryId String

The name or node ID of the repository associated with this branch protection rule.

allowsDeletions Boolean

Boolean, setting this to true to allow the branch to be deleted.

allowsForcePushes Boolean

Boolean, setting this to true to allow force pushes on the branch.

blocksCreations Boolean

Boolean, setting this to true to block creating the branch.

enforceAdmins Boolean

Boolean, setting this to true enforces status checks for repository administrators.

pushRestrictions List<String>

The list of actor IDs that may push to the branch.

requireConversationResolution Boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits Boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredLinearHistory Boolean

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

requiredPullRequestReviews List<Property Map>

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks List<Property Map>

Enforce restrictions for required status checks. See Required Status Checks below for details.

Outputs

All input properties are implicitly available as output properties. Additionally, the BranchProtection resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing BranchProtection Resource

Get an existing BranchProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BranchProtectionState, opts?: CustomResourceOptions): BranchProtection
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allows_deletions: Optional[bool] = None,
        allows_force_pushes: Optional[bool] = None,
        blocks_creations: Optional[bool] = None,
        enforce_admins: Optional[bool] = None,
        pattern: Optional[str] = None,
        push_restrictions: Optional[Sequence[str]] = None,
        repository_id: Optional[str] = None,
        require_conversation_resolution: Optional[bool] = None,
        require_signed_commits: Optional[bool] = None,
        required_linear_history: Optional[bool] = None,
        required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
        required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None) -> BranchProtection
func GetBranchProtection(ctx *Context, name string, id IDInput, state *BranchProtectionState, opts ...ResourceOption) (*BranchProtection, error)
public static BranchProtection Get(string name, Input<string> id, BranchProtectionState? state, CustomResourceOptions? opts = null)
public static BranchProtection get(String name, Output<String> id, BranchProtectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AllowsDeletions bool

Boolean, setting this to true to allow the branch to be deleted.

AllowsForcePushes bool

Boolean, setting this to true to allow force pushes on the branch.

BlocksCreations bool

Boolean, setting this to true to block creating the branch.

EnforceAdmins bool

Boolean, setting this to true enforces status checks for repository administrators.

Pattern string

Identifies the protection rule pattern.

PushRestrictions List<string>

The list of actor IDs that may push to the branch.

RepositoryId string

The name or node ID of the repository associated with this branch protection rule.

RequireConversationResolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

RequireSignedCommits bool

Boolean, setting this to true requires all commits to be signed with GPG.

RequiredLinearHistory bool

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

RequiredPullRequestReviews List<BranchProtectionRequiredPullRequestReviewArgs>

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

RequiredStatusChecks List<BranchProtectionRequiredStatusCheckArgs>

Enforce restrictions for required status checks. See Required Status Checks below for details.

AllowsDeletions bool

Boolean, setting this to true to allow the branch to be deleted.

AllowsForcePushes bool

Boolean, setting this to true to allow force pushes on the branch.

BlocksCreations bool

Boolean, setting this to true to block creating the branch.

EnforceAdmins bool

Boolean, setting this to true enforces status checks for repository administrators.

Pattern string

Identifies the protection rule pattern.

PushRestrictions []string

The list of actor IDs that may push to the branch.

RepositoryId string

The name or node ID of the repository associated with this branch protection rule.

RequireConversationResolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

RequireSignedCommits bool

Boolean, setting this to true requires all commits to be signed with GPG.

RequiredLinearHistory bool

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

RequiredPullRequestReviews []BranchProtectionRequiredPullRequestReviewArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

RequiredStatusChecks []BranchProtectionRequiredStatusCheckArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

allowsDeletions Boolean

Boolean, setting this to true to allow the branch to be deleted.

allowsForcePushes Boolean

Boolean, setting this to true to allow force pushes on the branch.

blocksCreations Boolean

Boolean, setting this to true to block creating the branch.

enforceAdmins Boolean

Boolean, setting this to true enforces status checks for repository administrators.

pattern String

Identifies the protection rule pattern.

pushRestrictions List<String>

The list of actor IDs that may push to the branch.

repositoryId String

The name or node ID of the repository associated with this branch protection rule.

requireConversationResolution Boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits Boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredLinearHistory Boolean

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

requiredPullRequestReviews List<BranchProtectionRequiredPullRequestReviewArgs>

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks List<BranchProtectionRequiredStatusCheckArgs>

Enforce restrictions for required status checks. See Required Status Checks below for details.

allowsDeletions boolean

Boolean, setting this to true to allow the branch to be deleted.

allowsForcePushes boolean

Boolean, setting this to true to allow force pushes on the branch.

blocksCreations boolean

Boolean, setting this to true to block creating the branch.

enforceAdmins boolean

Boolean, setting this to true enforces status checks for repository administrators.

pattern string

Identifies the protection rule pattern.

pushRestrictions string[]

The list of actor IDs that may push to the branch.

repositoryId string

The name or node ID of the repository associated with this branch protection rule.

requireConversationResolution boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredLinearHistory boolean

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

requiredPullRequestReviews BranchProtectionRequiredPullRequestReviewArgs[]

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks BranchProtectionRequiredStatusCheckArgs[]

Enforce restrictions for required status checks. See Required Status Checks below for details.

allows_deletions bool

Boolean, setting this to true to allow the branch to be deleted.

allows_force_pushes bool

Boolean, setting this to true to allow force pushes on the branch.

blocks_creations bool

Boolean, setting this to true to block creating the branch.

enforce_admins bool

Boolean, setting this to true enforces status checks for repository administrators.

pattern str

Identifies the protection rule pattern.

push_restrictions Sequence[str]

The list of actor IDs that may push to the branch.

repository_id str

The name or node ID of the repository associated with this branch protection rule.

require_conversation_resolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

require_signed_commits bool

Boolean, setting this to true requires all commits to be signed with GPG.

required_linear_history bool

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

required_pull_request_reviews Sequence[BranchProtectionRequiredPullRequestReviewArgs]

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

required_status_checks Sequence[BranchProtectionRequiredStatusCheckArgs]

Enforce restrictions for required status checks. See Required Status Checks below for details.

allowsDeletions Boolean

Boolean, setting this to true to allow the branch to be deleted.

allowsForcePushes Boolean

Boolean, setting this to true to allow force pushes on the branch.

blocksCreations Boolean

Boolean, setting this to true to block creating the branch.

enforceAdmins Boolean

Boolean, setting this to true enforces status checks for repository administrators.

pattern String

Identifies the protection rule pattern.

pushRestrictions List<String>

The list of actor IDs that may push to the branch.

repositoryId String

The name or node ID of the repository associated with this branch protection rule.

requireConversationResolution Boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits Boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredLinearHistory Boolean

Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch

requiredPullRequestReviews List<Property Map>

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks List<Property Map>

Enforce restrictions for required status checks. See Required Status Checks below for details.

Supporting Types

BranchProtectionRequiredPullRequestReview

BranchProtectionRequiredStatusCheck

Contexts List<string>
Strict bool
Contexts []string
Strict bool
contexts List<String>
strict Boolean
contexts string[]
strict boolean
contexts Sequence[str]
strict bool
contexts List<String>
strict Boolean

Import

GitHub Branch Protection can be imported using an ID made up of repository:pattern, e.g.

 $ pulumi import github:index/branchProtection:BranchProtection terraform terraform:main

Package Details

Repository
https://github.com/pulumi/pulumi-github
License
Apache-2.0
Notes

This Pulumi package is based on the github Terraform Provider.