GitHub
BranchProtection
Protects a GitHub branch.
This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Github = Pulumi.Github;
return await Deployment.RunAsync(() =>
{
var exampleRepository = new Github.Repository("exampleRepository");
var exampleUser = Github.GetUser.Invoke(new()
{
Username = "example",
});
var exampleTeam = new Github.Team("exampleTeam");
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
var exampleBranchProtection = new Github.BranchProtection("exampleBranchProtection", new()
{
RepositoryId = exampleRepository.NodeId,
Pattern = "main",
EnforceAdmins = true,
AllowsDeletions = true,
RequiredStatusChecks = new[]
{
new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
{
Strict = false,
Contexts = new[]
{
"ci/travis",
},
},
},
RequiredPullRequestReviews = new[]
{
new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
{
DismissStaleReviews = true,
RestrictDismissals = true,
DismissalRestrictions = new[]
{
exampleUser.Apply(getUserResult => getUserResult.NodeId),
exampleTeam.NodeId,
},
},
},
PushRestrictions = new[]
{
exampleUser.Apply(getUserResult => getUserResult.NodeId),
},
});
var exampleTeamRepository = new Github.TeamRepository("exampleTeamRepository", new()
{
TeamId = exampleTeam.Id,
Repository = exampleRepository.Name,
Permission = "pull",
});
});
package main
import (
"github.com/pulumi/pulumi-github/sdk/v4/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleRepository, err := github.NewRepository(ctx, "exampleRepository", nil)
if err != nil {
return err
}
exampleUser, err := github.GetUser(ctx, &GetUserArgs{
Username: "example",
}, nil)
if err != nil {
return err
}
exampleTeam, err := github.NewTeam(ctx, "exampleTeam", nil)
if err != nil {
return err
}
_, err = github.NewBranchProtection(ctx, "exampleBranchProtection", &github.BranchProtectionArgs{
RepositoryId: exampleRepository.NodeId,
Pattern: pulumi.String("main"),
EnforceAdmins: pulumi.Bool(true),
AllowsDeletions: pulumi.Bool(true),
RequiredStatusChecks: BranchProtectionRequiredStatusCheckArray{
&BranchProtectionRequiredStatusCheckArgs{
Strict: pulumi.Bool(false),
Contexts: pulumi.StringArray{
pulumi.String("ci/travis"),
},
},
},
RequiredPullRequestReviews: BranchProtectionRequiredPullRequestReviewArray{
&BranchProtectionRequiredPullRequestReviewArgs{
DismissStaleReviews: pulumi.Bool(true),
RestrictDismissals: pulumi.Bool(true),
DismissalRestrictions: pulumi.StringArray{
pulumi.String(exampleUser.NodeId),
exampleTeam.NodeId,
},
},
},
PushRestrictions: pulumi.StringArray{
pulumi.String(exampleUser.NodeId),
},
})
if err != nil {
return err
}
_, err = github.NewTeamRepository(ctx, "exampleTeamRepository", &github.TeamRepositoryArgs{
TeamId: exampleTeam.ID(),
Repository: exampleRepository.Name,
Permission: pulumi.String("pull"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.Repository;
import com.pulumi.github.GithubFunctions;
import com.pulumi.github.inputs.GetUserArgs;
import com.pulumi.github.Team;
import com.pulumi.github.BranchProtection;
import com.pulumi.github.BranchProtectionArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredStatusCheckArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredPullRequestReviewArgs;
import com.pulumi.github.TeamRepository;
import com.pulumi.github.TeamRepositoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleRepository = new Repository("exampleRepository");
final var exampleUser = GithubFunctions.getUser(GetUserArgs.builder()
.username("example")
.build());
var exampleTeam = new Team("exampleTeam");
var exampleBranchProtection = new BranchProtection("exampleBranchProtection", BranchProtectionArgs.builder()
.repositoryId(exampleRepository.nodeId())
.pattern("main")
.enforceAdmins(true)
.allowsDeletions(true)
.requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
.strict(false)
.contexts("ci/travis")
.build())
.requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
.dismissStaleReviews(true)
.restrictDismissals(true)
.dismissalRestrictions(
exampleUser.applyValue(getUserResult -> getUserResult.nodeId()),
exampleTeam.nodeId())
.build())
.pushRestrictions(exampleUser.applyValue(getUserResult -> getUserResult.nodeId()))
.build());
var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()
.teamId(exampleTeam.id())
.repository(exampleRepository.name())
.permission("pull")
.build());
}
}
import pulumi
import pulumi_github as github
example_repository = github.Repository("exampleRepository")
example_user = github.get_user(username="example")
example_team = github.Team("exampleTeam")
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/travis" context to be passing and only allow the engineers team merge
# to the branch.
example_branch_protection = github.BranchProtection("exampleBranchProtection",
repository_id=example_repository.node_id,
pattern="main",
enforce_admins=True,
allows_deletions=True,
required_status_checks=[github.BranchProtectionRequiredStatusCheckArgs(
strict=False,
contexts=["ci/travis"],
)],
required_pull_request_reviews=[github.BranchProtectionRequiredPullRequestReviewArgs(
dismiss_stale_reviews=True,
restrict_dismissals=True,
dismissal_restrictions=[
example_user.node_id,
example_team.node_id,
],
)],
push_restrictions=[example_user.node_id])
example_team_repository = github.TeamRepository("exampleTeamRepository",
team_id=example_team.id,
repository=example_repository.name,
permission="pull")
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
const exampleRepository = new github.Repository("exampleRepository", {});
const exampleUser = github.getUser({
username: "example",
});
const exampleTeam = new github.Team("exampleTeam", {});
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
const exampleBranchProtection = new github.BranchProtection("exampleBranchProtection", {
repositoryId: exampleRepository.nodeId,
pattern: "main",
enforceAdmins: true,
allowsDeletions: true,
requiredStatusChecks: [{
strict: false,
contexts: ["ci/travis"],
}],
requiredPullRequestReviews: [{
dismissStaleReviews: true,
restrictDismissals: true,
dismissalRestrictions: [
exampleUser.then(exampleUser => exampleUser.nodeId),
exampleTeam.nodeId,
],
}],
pushRestrictions: [exampleUser.then(exampleUser => exampleUser.nodeId)],
});
const exampleTeamRepository = new github.TeamRepository("exampleTeamRepository", {
teamId: exampleTeam.id,
repository: exampleRepository.name,
permission: "pull",
});
resources:
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/travis" context to be passing and only allow the engineers team merge
# to the branch.
exampleBranchProtection:
type: github:BranchProtection
properties:
repositoryId: ${exampleRepository.nodeId} # also accepts repository name
# # repository_id = github_repository.example.name
pattern: main
enforceAdmins: true
allowsDeletions: true
requiredStatusChecks:
- strict: false
contexts:
- ci/travis
requiredPullRequestReviews:
- dismissStaleReviews: true
restrictDismissals: true
dismissalRestrictions:
- ${exampleUser.nodeId}
- ${exampleTeam.nodeId}
pushRestrictions:
- ${exampleUser.nodeId}
exampleRepository:
type: github:Repository
exampleTeam:
type: github:Team
exampleTeamRepository:
type: github:TeamRepository
properties:
teamId: ${exampleTeam.id}
repository: ${exampleRepository.name}
permission: pull
variables:
exampleUser:
Fn::Invoke:
Function: github:getUser
Arguments:
username: example
Create a BranchProtection Resource
new BranchProtection(name: string, args: BranchProtectionArgs, opts?: CustomResourceOptions);
@overload
def BranchProtection(resource_name: str,
opts: Optional[ResourceOptions] = None,
allows_deletions: Optional[bool] = None,
allows_force_pushes: Optional[bool] = None,
blocks_creations: Optional[bool] = None,
enforce_admins: Optional[bool] = None,
pattern: Optional[str] = None,
push_restrictions: Optional[Sequence[str]] = None,
repository_id: Optional[str] = None,
require_conversation_resolution: Optional[bool] = None,
require_signed_commits: Optional[bool] = None,
required_linear_history: Optional[bool] = None,
required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None)
@overload
def BranchProtection(resource_name: str,
args: BranchProtectionArgs,
opts: Optional[ResourceOptions] = None)
func NewBranchProtection(ctx *Context, name string, args BranchProtectionArgs, opts ...ResourceOption) (*BranchProtection, error)
public BranchProtection(string name, BranchProtectionArgs args, CustomResourceOptions? opts = null)
public BranchProtection(String name, BranchProtectionArgs args)
public BranchProtection(String name, BranchProtectionArgs args, CustomResourceOptions options)
type: github:BranchProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
BranchProtection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The BranchProtection resource accepts the following input properties:
- Pattern string
Identifies the protection rule pattern.
- Repository
Id string The name or node ID of the repository associated with this branch protection rule.
- Allows
Deletions bool Boolean, setting this to
true
to allow the branch to be deleted.- Allows
Force boolPushes Boolean, setting this to
true
to allow force pushes on the branch.- Blocks
Creations bool Boolean, setting this to
true
to block creating the branch.- Enforce
Admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- Push
Restrictions List<string> The list of actor IDs that may push to the branch.
- Require
Conversation boolResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- Require
Signed boolCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- Required
Linear boolHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- Required
Pull List<BranchRequest Reviews Protection Required Pull Request Review Args> Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status List<BranchChecks Protection Required Status Check Args> Enforce restrictions for required status checks. See Required Status Checks below for details.
- Pattern string
Identifies the protection rule pattern.
- Repository
Id string The name or node ID of the repository associated with this branch protection rule.
- Allows
Deletions bool Boolean, setting this to
true
to allow the branch to be deleted.- Allows
Force boolPushes Boolean, setting this to
true
to allow force pushes on the branch.- Blocks
Creations bool Boolean, setting this to
true
to block creating the branch.- Enforce
Admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- Push
Restrictions []string The list of actor IDs that may push to the branch.
- Require
Conversation boolResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- Require
Signed boolCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- Required
Linear boolHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- Required
Pull []BranchRequest Reviews Protection Required Pull Request Review Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status []BranchChecks Protection Required Status Check Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- pattern String
Identifies the protection rule pattern.
- repository
Id String The name or node ID of the repository associated with this branch protection rule.
- allows
Deletions Boolean Boolean, setting this to
true
to allow the branch to be deleted.- allows
Force BooleanPushes Boolean, setting this to
true
to allow force pushes on the branch.- blocks
Creations Boolean Boolean, setting this to
true
to block creating the branch.- enforce
Admins Boolean Boolean, setting this to
true
enforces status checks for repository administrators.- push
Restrictions List<String> The list of actor IDs that may push to the branch.
- require
Conversation BooleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed BooleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Linear BooleanHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- required
Pull List<BranchRequest Reviews Protection Required Pull Request Review Args> Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status List<BranchChecks Protection Required Status Check Args> Enforce restrictions for required status checks. See Required Status Checks below for details.
- pattern string
Identifies the protection rule pattern.
- repository
Id string The name or node ID of the repository associated with this branch protection rule.
- allows
Deletions boolean Boolean, setting this to
true
to allow the branch to be deleted.- allows
Force booleanPushes Boolean, setting this to
true
to allow force pushes on the branch.- blocks
Creations boolean Boolean, setting this to
true
to block creating the branch.- enforce
Admins boolean Boolean, setting this to
true
enforces status checks for repository administrators.- push
Restrictions string[] The list of actor IDs that may push to the branch.
- require
Conversation booleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed booleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Linear booleanHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- required
Pull BranchRequest Reviews Protection Required Pull Request Review Args[] Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection Required Status Check Args[] Enforce restrictions for required status checks. See Required Status Checks below for details.
- pattern str
Identifies the protection rule pattern.
- repository_
id str The name or node ID of the repository associated with this branch protection rule.
- allows_
deletions bool Boolean, setting this to
true
to allow the branch to be deleted.- allows_
force_ boolpushes Boolean, setting this to
true
to allow force pushes on the branch.- blocks_
creations bool Boolean, setting this to
true
to block creating the branch.- enforce_
admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- push_
restrictions Sequence[str] The list of actor IDs that may push to the branch.
- require_
conversation_ boolresolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require_
signed_ boolcommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required_
linear_ boolhistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- required_
pull_ Sequence[Branchrequest_ reviews Protection Required Pull Request Review Args] Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required_
status_ Sequence[Branchchecks Protection Required Status Check Args] Enforce restrictions for required status checks. See Required Status Checks below for details.
- pattern String
Identifies the protection rule pattern.
- repository
Id String The name or node ID of the repository associated with this branch protection rule.
- allows
Deletions Boolean Boolean, setting this to
true
to allow the branch to be deleted.- allows
Force BooleanPushes Boolean, setting this to
true
to allow force pushes on the branch.- blocks
Creations Boolean Boolean, setting this to
true
to block creating the branch.- enforce
Admins Boolean Boolean, setting this to
true
enforces status checks for repository administrators.- push
Restrictions List<String> The list of actor IDs that may push to the branch.
- require
Conversation BooleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed BooleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Linear BooleanHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- required
Pull List<Property Map>Request Reviews Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status List<Property Map>Checks Enforce restrictions for required status checks. See Required Status Checks below for details.
Outputs
All input properties are implicitly available as output properties. Additionally, the BranchProtection resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up an Existing BranchProtection Resource
Get an existing BranchProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BranchProtectionState, opts?: CustomResourceOptions): BranchProtection
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allows_deletions: Optional[bool] = None,
allows_force_pushes: Optional[bool] = None,
blocks_creations: Optional[bool] = None,
enforce_admins: Optional[bool] = None,
pattern: Optional[str] = None,
push_restrictions: Optional[Sequence[str]] = None,
repository_id: Optional[str] = None,
require_conversation_resolution: Optional[bool] = None,
require_signed_commits: Optional[bool] = None,
required_linear_history: Optional[bool] = None,
required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None) -> BranchProtection
func GetBranchProtection(ctx *Context, name string, id IDInput, state *BranchProtectionState, opts ...ResourceOption) (*BranchProtection, error)
public static BranchProtection Get(string name, Input<string> id, BranchProtectionState? state, CustomResourceOptions? opts = null)
public static BranchProtection get(String name, Output<String> id, BranchProtectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allows
Deletions bool Boolean, setting this to
true
to allow the branch to be deleted.- Allows
Force boolPushes Boolean, setting this to
true
to allow force pushes on the branch.- Blocks
Creations bool Boolean, setting this to
true
to block creating the branch.- Enforce
Admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- Pattern string
Identifies the protection rule pattern.
- Push
Restrictions List<string> The list of actor IDs that may push to the branch.
- Repository
Id string The name or node ID of the repository associated with this branch protection rule.
- Require
Conversation boolResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- Require
Signed boolCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- Required
Linear boolHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- Required
Pull List<BranchRequest Reviews Protection Required Pull Request Review Args> Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status List<BranchChecks Protection Required Status Check Args> Enforce restrictions for required status checks. See Required Status Checks below for details.
- Allows
Deletions bool Boolean, setting this to
true
to allow the branch to be deleted.- Allows
Force boolPushes Boolean, setting this to
true
to allow force pushes on the branch.- Blocks
Creations bool Boolean, setting this to
true
to block creating the branch.- Enforce
Admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- Pattern string
Identifies the protection rule pattern.
- Push
Restrictions []string The list of actor IDs that may push to the branch.
- Repository
Id string The name or node ID of the repository associated with this branch protection rule.
- Require
Conversation boolResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- Require
Signed boolCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- Required
Linear boolHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- Required
Pull []BranchRequest Reviews Protection Required Pull Request Review Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status []BranchChecks Protection Required Status Check Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- allows
Deletions Boolean Boolean, setting this to
true
to allow the branch to be deleted.- allows
Force BooleanPushes Boolean, setting this to
true
to allow force pushes on the branch.- blocks
Creations Boolean Boolean, setting this to
true
to block creating the branch.- enforce
Admins Boolean Boolean, setting this to
true
enforces status checks for repository administrators.- pattern String
Identifies the protection rule pattern.
- push
Restrictions List<String> The list of actor IDs that may push to the branch.
- repository
Id String The name or node ID of the repository associated with this branch protection rule.
- require
Conversation BooleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed BooleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Linear BooleanHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- required
Pull List<BranchRequest Reviews Protection Required Pull Request Review Args> Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status List<BranchChecks Protection Required Status Check Args> Enforce restrictions for required status checks. See Required Status Checks below for details.
- allows
Deletions boolean Boolean, setting this to
true
to allow the branch to be deleted.- allows
Force booleanPushes Boolean, setting this to
true
to allow force pushes on the branch.- blocks
Creations boolean Boolean, setting this to
true
to block creating the branch.- enforce
Admins boolean Boolean, setting this to
true
enforces status checks for repository administrators.- pattern string
Identifies the protection rule pattern.
- push
Restrictions string[] The list of actor IDs that may push to the branch.
- repository
Id string The name or node ID of the repository associated with this branch protection rule.
- require
Conversation booleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed booleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Linear booleanHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- required
Pull BranchRequest Reviews Protection Required Pull Request Review Args[] Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection Required Status Check Args[] Enforce restrictions for required status checks. See Required Status Checks below for details.
- allows_
deletions bool Boolean, setting this to
true
to allow the branch to be deleted.- allows_
force_ boolpushes Boolean, setting this to
true
to allow force pushes on the branch.- blocks_
creations bool Boolean, setting this to
true
to block creating the branch.- enforce_
admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- pattern str
Identifies the protection rule pattern.
- push_
restrictions Sequence[str] The list of actor IDs that may push to the branch.
- repository_
id str The name or node ID of the repository associated with this branch protection rule.
- require_
conversation_ boolresolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require_
signed_ boolcommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required_
linear_ boolhistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- required_
pull_ Sequence[Branchrequest_ reviews Protection Required Pull Request Review Args] Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required_
status_ Sequence[Branchchecks Protection Required Status Check Args] Enforce restrictions for required status checks. See Required Status Checks below for details.
- allows
Deletions Boolean Boolean, setting this to
true
to allow the branch to be deleted.- allows
Force BooleanPushes Boolean, setting this to
true
to allow force pushes on the branch.- blocks
Creations Boolean Boolean, setting this to
true
to block creating the branch.- enforce
Admins Boolean Boolean, setting this to
true
enforces status checks for repository administrators.- pattern String
Identifies the protection rule pattern.
- push
Restrictions List<String> The list of actor IDs that may push to the branch.
- repository
Id String The name or node ID of the repository associated with this branch protection rule.
- require
Conversation BooleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed BooleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Linear BooleanHistory Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch- required
Pull List<Property Map>Request Reviews Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status List<Property Map>Checks Enforce restrictions for required status checks. See Required Status Checks below for details.
Supporting Types
BranchProtectionRequiredPullRequestReview
- Dismiss
Stale boolReviews - Dismissal
Restrictions List<string> - Pull
Request List<string>Bypassers - Require
Code boolOwner Reviews - Required
Approving intReview Count - Restrict
Dismissals bool
- Dismiss
Stale boolReviews - Dismissal
Restrictions []string - Pull
Request []stringBypassers - Require
Code boolOwner Reviews - Required
Approving intReview Count - Restrict
Dismissals bool
- dismiss
Stale BooleanReviews - dismissal
Restrictions List<String> - pull
Request List<String>Bypassers - require
Code BooleanOwner Reviews - required
Approving IntegerReview Count - restrict
Dismissals Boolean
- dismiss
Stale booleanReviews - dismissal
Restrictions string[] - pull
Request string[]Bypassers - require
Code booleanOwner Reviews - required
Approving numberReview Count - restrict
Dismissals boolean
- dismiss_
stale_ boolreviews - dismissal_
restrictions Sequence[str] - pull_
request_ Sequence[str]bypassers - require_
code_ boolowner_ reviews - required_
approving_ intreview_ count - restrict_
dismissals bool
- dismiss
Stale BooleanReviews - dismissal
Restrictions List<String> - pull
Request List<String>Bypassers - require
Code BooleanOwner Reviews - required
Approving NumberReview Count - restrict
Dismissals Boolean
BranchProtectionRequiredStatusCheck
Import
GitHub Branch Protection can be imported using an ID made up of repository:pattern
, e.g.
$ pulumi import github:index/branchProtection:BranchProtection terraform terraform:main
Package Details
- Repository
- https://github.com/pulumi/pulumi-github
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
github
Terraform Provider.