← All packages

GitHub

Pulumi Official

Package maintained by Pulumi

v4.11.0 published on Wednesday, Apr 6, 2022 by Pulumi

Source code

BranchProtectionV3

Protects a GitHub branch.

The github.BranchProtection resource has moved to the GraphQL API, while this resource will continue to leverage the REST API.

This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.

Example Usage

using Pulumi;
using Github = Pulumi.Github;

class MyStack : Stack
{
    public MyStack()
    {
        // Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
        var example = new Github.BranchProtectionV3("example", new Github.BranchProtectionV3Args
        {
            Repository = github_repository.Example.Name,
            Branch = "main",
            Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
            {
                Users = 
                {
                    "foo-user",
                },
            },
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-github/sdk/v4/go/github"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := github.NewBranchProtectionV3(ctx, "example", &github.BranchProtectionV3Args{
			Repository: pulumi.Any(github_repository.Example.Name),
			Branch:     pulumi.String("main"),
			Restrictions: &BranchProtectionV3RestrictionsArgs{
				Users: pulumi.StringArray{
					pulumi.String("foo-user"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_github as github

# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
example = github.BranchProtectionV3("example",
    repository=github_repository["example"]["name"],
    branch="main",
    restrictions=github.BranchProtectionV3RestrictionsArgs(
        users=["foo-user"],
    ))

import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";

// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
const example = new github.BranchProtectionV3("example", {
    repository: github_repository.example.name,
    branch: "main",
    restrictions: {
        users: ["foo-user"],
    },
});

Coming soon!

Create a BranchProtectionV3 Resource

new BranchProtectionV3(name: string, args: BranchProtectionV3Args, opts?: CustomResourceOptions);

@overload
def BranchProtectionV3(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       branch: Optional[str] = None,
                       enforce_admins: Optional[bool] = None,
                       repository: Optional[str] = None,
                       require_conversation_resolution: Optional[bool] = None,
                       require_signed_commits: Optional[bool] = None,
                       required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
                       required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
                       restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None)
@overload
def BranchProtectionV3(resource_name: str,
                       args: BranchProtectionV3Args,
                       opts: Optional[ResourceOptions] = None)

func NewBranchProtectionV3(ctx *Context, name string, args BranchProtectionV3Args, opts ...ResourceOption) (*BranchProtectionV3, error)

public BranchProtectionV3(string name, BranchProtectionV3Args args, CustomResourceOptions? opts = null)

public BranchProtectionV3(String name, BranchProtectionV3Args args)
public BranchProtectionV3(String name, BranchProtectionV3Args args, CustomResourceOptions options)

type: github:BranchProtectionV3
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args BranchProtectionV3Args: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args BranchProtectionV3Args: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args BranchProtectionV3Args: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args BranchProtectionV3Args: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args BranchProtectionV3Args: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

BranchProtectionV3 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The BranchProtectionV3 resource accepts the following input properties:

Branch string: The Git branch to protect.
Repository string: The GitHub repository name.
EnforceAdmins bool: Boolean, setting this to true enforces status checks for repository administrators.
RequireConversationResolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
RequireSignedCommits bool: Boolean, setting this to true requires all commits to be signed with GPG.
RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
Restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

Branch string: The Git branch to protect.
Repository string: The GitHub repository name.
EnforceAdmins bool: Boolean, setting this to true enforces status checks for repository administrators.
RequireConversationResolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
RequireSignedCommits bool: Boolean, setting this to true requires all commits to be signed with GPG.
RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
Restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch String: The Git branch to protect.
repository String: The GitHub repository name.
enforceAdmins Boolean: Boolean, setting this to true enforces status checks for repository administrators.
requireConversationResolution Boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits Boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch string: The Git branch to protect.
repository string: The GitHub repository name.
enforceAdmins boolean: Boolean, setting this to true enforces status checks for repository administrators.
requireConversationResolution boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch str: The Git branch to protect.
repository str: The GitHub repository name.
enforce_admins bool: Boolean, setting this to true enforces status checks for repository administrators.
require_conversation_resolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
require_signed_commits bool: Boolean, setting this to true requires all commits to be signed with GPG.
required_pull_request_reviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
required_status_checks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch String: The Git branch to protect.
repository String: The GitHub repository name.
enforceAdmins Boolean: Boolean, setting this to true enforces status checks for repository administrators.
requireConversationResolution Boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits Boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredPullRequestReviews Property Map: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks Property Map: Enforce restrictions for required status checks. See Required Status Checks below for details.
restrictions Property Map: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

Outputs

All input properties are implicitly available as output properties. Additionally, the BranchProtectionV3 resource produces the following output properties:

Etag string
Id string: The provider-assigned unique ID for this managed resource.

Etag string
Id string: The provider-assigned unique ID for this managed resource.

etag String
id String: The provider-assigned unique ID for this managed resource.

etag string
id string: The provider-assigned unique ID for this managed resource.

etag str
id str: The provider-assigned unique ID for this managed resource.

etag String
id String: The provider-assigned unique ID for this managed resource.

Look up an Existing BranchProtectionV3 Resource

Get an existing BranchProtectionV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BranchProtectionV3State, opts?: CustomResourceOptions): BranchProtectionV3

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        branch: Optional[str] = None,
        enforce_admins: Optional[bool] = None,
        etag: Optional[str] = None,
        repository: Optional[str] = None,
        require_conversation_resolution: Optional[bool] = None,
        require_signed_commits: Optional[bool] = None,
        required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
        required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
        restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None) -> BranchProtectionV3

func GetBranchProtectionV3(ctx *Context, name string, id IDInput, state *BranchProtectionV3State, opts ...ResourceOption) (*BranchProtectionV3, error)

public static BranchProtectionV3 Get(string name, Input<string> id, BranchProtectionV3State? state, CustomResourceOptions? opts = null)

public static BranchProtectionV3 get(String name, Output<String> id, BranchProtectionV3State state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Branch string: The Git branch to protect.
EnforceAdmins bool: Boolean, setting this to true enforces status checks for repository administrators.
Etag string
Repository string: The GitHub repository name.
RequireConversationResolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
RequireSignedCommits bool: Boolean, setting this to true requires all commits to be signed with GPG.
RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
Restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

Branch string: The Git branch to protect.
EnforceAdmins bool: Boolean, setting this to true enforces status checks for repository administrators.
Etag string
Repository string: The GitHub repository name.
RequireConversationResolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
RequireSignedCommits bool: Boolean, setting this to true requires all commits to be signed with GPG.
RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
Restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch String: The Git branch to protect.
enforceAdmins Boolean: Boolean, setting this to true enforces status checks for repository administrators.
etag String
repository String: The GitHub repository name.
requireConversationResolution Boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits Boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch string: The Git branch to protect.
enforceAdmins boolean: Boolean, setting this to true enforces status checks for repository administrators.
etag string
repository string: The GitHub repository name.
requireConversationResolution boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch str: The Git branch to protect.
enforce_admins bool: Boolean, setting this to true enforces status checks for repository administrators.
etag str
repository str: The GitHub repository name.
require_conversation_resolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
require_signed_commits bool: Boolean, setting this to true requires all commits to be signed with GPG.
required_pull_request_reviews BranchProtectionV3RequiredPullRequestReviewsArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
required_status_checks BranchProtectionV3RequiredStatusChecksArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.
restrictions BranchProtectionV3RestrictionsArgs: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch String: The Git branch to protect.
enforceAdmins Boolean: Boolean, setting this to true enforces status checks for repository administrators.
etag String
repository String: The GitHub repository name.
requireConversationResolution Boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits Boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredPullRequestReviews Property Map: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks Property Map: Enforce restrictions for required status checks. See Required Status Checks below for details.
restrictions Property Map: Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

Supporting Types

BranchProtectionV3RequiredPullRequestReviews

DismissStaleReviews bool

DismissalTeams List<string>

DismissalUsers List<string>

IncludeAdmins bool

Deprecated:

Use enforce_admins instead

RequireCodeOwnerReviews bool

RequiredApprovingReviewCount int

DismissStaleReviews bool

DismissalTeams []string

DismissalUsers []string

IncludeAdmins bool

Deprecated:

Use enforce_admins instead

RequireCodeOwnerReviews bool

RequiredApprovingReviewCount int

dismissStaleReviews Boolean

dismissalTeams List

dismissalUsers List

includeAdmins Boolean

Deprecated:

Use enforce_admins instead

requireCodeOwnerReviews Boolean

requiredApprovingReviewCount Integer

dismissStaleReviews boolean

dismissalTeams string[]

dismissalUsers string[]

includeAdmins boolean

Deprecated:

Use enforce_admins instead

requireCodeOwnerReviews boolean

requiredApprovingReviewCount number

dismiss_stale_reviews bool

dismissal_teams Sequence[str]

dismissal_users Sequence[str]

include_admins bool

Deprecated:

Use enforce_admins instead

require_code_owner_reviews bool

required_approving_review_count int

dismissStaleReviews Boolean

dismissalTeams List

dismissalUsers List

includeAdmins Boolean

Deprecated:

Use enforce_admins instead

requireCodeOwnerReviews Boolean

requiredApprovingReviewCount Number

BranchProtectionV3RequiredStatusChecks

Contexts List<string>

IncludeAdmins bool

Deprecated:

Use enforce_admins instead

Strict bool

Contexts []string

IncludeAdmins bool

Deprecated:

Use enforce_admins instead

Strict bool

contexts List

includeAdmins Boolean

Deprecated:

Use enforce_admins instead

strict Boolean

contexts string[]

includeAdmins boolean

Deprecated:

Use enforce_admins instead

strict boolean

contexts Sequence[str]

include_admins bool

Deprecated:

Use enforce_admins instead

strict bool

contexts List

includeAdmins Boolean

Deprecated:

Use enforce_admins instead

strict Boolean

BranchProtectionV3Restrictions

Apps List<string>
Teams List<string>
Users List<string>

Apps []string
Teams []string
Users []string

apps List
teams List
users List

apps string[]
teams string[]
users string[]

apps Sequence[str]
teams Sequence[str]
users Sequence[str]

apps List
teams List
users List

Import

GitHub Branch Protection can be imported using an ID made up of repository:branch, e.g.

 $ pulumi import github:index/branchProtectionV3:BranchProtectionV3 terraform terraform:main

Package Details

Repository: https://github.com/pulumi/pulumi-github
License: Apache-2.0
Notes: This Pulumi package is based on the github Terraform Provider.

GitHub

BranchProtectionV3

Example Usage

Create a BranchProtectionV3 Resource

BranchProtectionV3 Resource Properties

Inputs

Outputs

Look up an Existing BranchProtectionV3 Resource

Supporting Types

BranchProtectionV3RequiredPullRequestReviews

BranchProtectionV3RequiredStatusChecks

BranchProtectionV3Restrictions

Import

Package Details

Contents