1. Packages
  2. GitHub
  3. API Docs
  4. BranchProtectionV3
GitHub v6.2.1 published on Thursday, May 23, 2024 by Pulumi

github.BranchProtectionV3

Explore with Pulumi AI

github logo
GitHub v6.2.1 published on Thursday, May 23, 2024 by Pulumi

    Protects a GitHub branch.

    The github.BranchProtection resource has moved to the GraphQL API, while this resource will continue to leverage the REST API.

    This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as github from "@pulumi/github";
    
    // Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
    const example = new github.BranchProtectionV3("example", {
        repository: exampleGithubRepository.name,
        branch: "main",
        restrictions: {
            users: ["foo-user"],
        },
    });
    
    import pulumi
    import pulumi_github as github
    
    # Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
    example = github.BranchProtectionV3("example",
        repository=example_github_repository["name"],
        branch="main",
        restrictions=github.BranchProtectionV3RestrictionsArgs(
            users=["foo-user"],
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-github/sdk/v6/go/github"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
    		_, err := github.NewBranchProtectionV3(ctx, "example", &github.BranchProtectionV3Args{
    			Repository: pulumi.Any(exampleGithubRepository.Name),
    			Branch:     pulumi.String("main"),
    			Restrictions: &github.BranchProtectionV3RestrictionsArgs{
    				Users: pulumi.StringArray{
    					pulumi.String("foo-user"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Github = Pulumi.Github;
    
    return await Deployment.RunAsync(() => 
    {
        // Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
        var example = new Github.BranchProtectionV3("example", new()
        {
            Repository = exampleGithubRepository.Name,
            Branch = "main",
            Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
            {
                Users = new[]
                {
                    "foo-user",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.github.BranchProtectionV3;
    import com.pulumi.github.BranchProtectionV3Args;
    import com.pulumi.github.inputs.BranchProtectionV3RestrictionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
            var example = new BranchProtectionV3("example", BranchProtectionV3Args.builder()
                .repository(exampleGithubRepository.name())
                .branch("main")
                .restrictions(BranchProtectionV3RestrictionsArgs.builder()
                    .users("foo-user")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
      example:
        type: github:BranchProtectionV3
        properties:
          repository: ${exampleGithubRepository.name}
          branch: main
          restrictions:
            users:
              - foo-user
    

    Create BranchProtectionV3 Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new BranchProtectionV3(name: string, args: BranchProtectionV3Args, opts?: CustomResourceOptions);
    @overload
    def BranchProtectionV3(resource_name: str,
                           args: BranchProtectionV3Args,
                           opts: Optional[ResourceOptions] = None)
    
    @overload
    def BranchProtectionV3(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           branch: Optional[str] = None,
                           repository: Optional[str] = None,
                           enforce_admins: Optional[bool] = None,
                           require_conversation_resolution: Optional[bool] = None,
                           require_signed_commits: Optional[bool] = None,
                           required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
                           required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
                           restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None)
    func NewBranchProtectionV3(ctx *Context, name string, args BranchProtectionV3Args, opts ...ResourceOption) (*BranchProtectionV3, error)
    public BranchProtectionV3(string name, BranchProtectionV3Args args, CustomResourceOptions? opts = null)
    public BranchProtectionV3(String name, BranchProtectionV3Args args)
    public BranchProtectionV3(String name, BranchProtectionV3Args args, CustomResourceOptions options)
    
    type: github:BranchProtectionV3
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args BranchProtectionV3Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args BranchProtectionV3Args
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args BranchProtectionV3Args
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args BranchProtectionV3Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args BranchProtectionV3Args
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var branchProtectionV3Resource = new Github.BranchProtectionV3("branchProtectionV3Resource", new()
    {
        Branch = "string",
        Repository = "string",
        EnforceAdmins = false,
        RequireConversationResolution = false,
        RequireSignedCommits = false,
        RequiredPullRequestReviews = new Github.Inputs.BranchProtectionV3RequiredPullRequestReviewsArgs
        {
            BypassPullRequestAllowances = new Github.Inputs.BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs
            {
                Apps = new[]
                {
                    "string",
                },
                Teams = new[]
                {
                    "string",
                },
                Users = new[]
                {
                    "string",
                },
            },
            DismissStaleReviews = false,
            DismissalApps = new[]
            {
                "string",
            },
            DismissalTeams = new[]
            {
                "string",
            },
            DismissalUsers = new[]
            {
                "string",
            },
            RequireCodeOwnerReviews = false,
            RequireLastPushApproval = false,
            RequiredApprovingReviewCount = 0,
        },
        RequiredStatusChecks = new Github.Inputs.BranchProtectionV3RequiredStatusChecksArgs
        {
            Checks = new[]
            {
                "string",
            },
            Strict = false,
        },
        Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
        {
            Apps = new[]
            {
                "string",
            },
            Teams = new[]
            {
                "string",
            },
            Users = new[]
            {
                "string",
            },
        },
    });
    
    example, err := github.NewBranchProtectionV3(ctx, "branchProtectionV3Resource", &github.BranchProtectionV3Args{
    	Branch:                        pulumi.String("string"),
    	Repository:                    pulumi.String("string"),
    	EnforceAdmins:                 pulumi.Bool(false),
    	RequireConversationResolution: pulumi.Bool(false),
    	RequireSignedCommits:          pulumi.Bool(false),
    	RequiredPullRequestReviews: &github.BranchProtectionV3RequiredPullRequestReviewsArgs{
    		BypassPullRequestAllowances: &github.BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs{
    			Apps: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Teams: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Users: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    		DismissStaleReviews: pulumi.Bool(false),
    		DismissalApps: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		DismissalTeams: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		DismissalUsers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		RequireCodeOwnerReviews:      pulumi.Bool(false),
    		RequireLastPushApproval:      pulumi.Bool(false),
    		RequiredApprovingReviewCount: pulumi.Int(0),
    	},
    	RequiredStatusChecks: &github.BranchProtectionV3RequiredStatusChecksArgs{
    		Checks: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Strict: pulumi.Bool(false),
    	},
    	Restrictions: &github.BranchProtectionV3RestrictionsArgs{
    		Apps: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Teams: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Users: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    })
    
    var branchProtectionV3Resource = new BranchProtectionV3("branchProtectionV3Resource", BranchProtectionV3Args.builder()
        .branch("string")
        .repository("string")
        .enforceAdmins(false)
        .requireConversationResolution(false)
        .requireSignedCommits(false)
        .requiredPullRequestReviews(BranchProtectionV3RequiredPullRequestReviewsArgs.builder()
            .bypassPullRequestAllowances(BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs.builder()
                .apps("string")
                .teams("string")
                .users("string")
                .build())
            .dismissStaleReviews(false)
            .dismissalApps("string")
            .dismissalTeams("string")
            .dismissalUsers("string")
            .requireCodeOwnerReviews(false)
            .requireLastPushApproval(false)
            .requiredApprovingReviewCount(0)
            .build())
        .requiredStatusChecks(BranchProtectionV3RequiredStatusChecksArgs.builder()
            .checks("string")
            .strict(false)
            .build())
        .restrictions(BranchProtectionV3RestrictionsArgs.builder()
            .apps("string")
            .teams("string")
            .users("string")
            .build())
        .build());
    
    branch_protection_v3_resource = github.BranchProtectionV3("branchProtectionV3Resource",
        branch="string",
        repository="string",
        enforce_admins=False,
        require_conversation_resolution=False,
        require_signed_commits=False,
        required_pull_request_reviews=github.BranchProtectionV3RequiredPullRequestReviewsArgs(
            bypass_pull_request_allowances=github.BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs(
                apps=["string"],
                teams=["string"],
                users=["string"],
            ),
            dismiss_stale_reviews=False,
            dismissal_apps=["string"],
            dismissal_teams=["string"],
            dismissal_users=["string"],
            require_code_owner_reviews=False,
            require_last_push_approval=False,
            required_approving_review_count=0,
        ),
        required_status_checks=github.BranchProtectionV3RequiredStatusChecksArgs(
            checks=["string"],
            strict=False,
        ),
        restrictions=github.BranchProtectionV3RestrictionsArgs(
            apps=["string"],
            teams=["string"],
            users=["string"],
        ))
    
    const branchProtectionV3Resource = new github.BranchProtectionV3("branchProtectionV3Resource", {
        branch: "string",
        repository: "string",
        enforceAdmins: false,
        requireConversationResolution: false,
        requireSignedCommits: false,
        requiredPullRequestReviews: {
            bypassPullRequestAllowances: {
                apps: ["string"],
                teams: ["string"],
                users: ["string"],
            },
            dismissStaleReviews: false,
            dismissalApps: ["string"],
            dismissalTeams: ["string"],
            dismissalUsers: ["string"],
            requireCodeOwnerReviews: false,
            requireLastPushApproval: false,
            requiredApprovingReviewCount: 0,
        },
        requiredStatusChecks: {
            checks: ["string"],
            strict: false,
        },
        restrictions: {
            apps: ["string"],
            teams: ["string"],
            users: ["string"],
        },
    });
    
    type: github:BranchProtectionV3
    properties:
        branch: string
        enforceAdmins: false
        repository: string
        requireConversationResolution: false
        requireSignedCommits: false
        requiredPullRequestReviews:
            bypassPullRequestAllowances:
                apps:
                    - string
                teams:
                    - string
                users:
                    - string
            dismissStaleReviews: false
            dismissalApps:
                - string
            dismissalTeams:
                - string
            dismissalUsers:
                - string
            requireCodeOwnerReviews: false
            requireLastPushApproval: false
            requiredApprovingReviewCount: 0
        requiredStatusChecks:
            checks:
                - string
            strict: false
        restrictions:
            apps:
                - string
            teams:
                - string
            users:
                - string
    

    BranchProtectionV3 Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The BranchProtectionV3 resource accepts the following input properties:

    Branch string
    The Git branch to protect.
    Repository string
    The GitHub repository name.
    EnforceAdmins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    RequireConversationResolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    RequireSignedCommits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviews
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    RequiredStatusChecks BranchProtectionV3RequiredStatusChecks
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    Restrictions BranchProtectionV3Restrictions
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    Branch string
    The Git branch to protect.
    Repository string
    The GitHub repository name.
    EnforceAdmins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    RequireConversationResolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    RequireSignedCommits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    Restrictions BranchProtectionV3RestrictionsArgs
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    branch String
    The Git branch to protect.
    repository String
    The GitHub repository name.
    enforceAdmins Boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    requireConversationResolution Boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits Boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviews
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks BranchProtectionV3RequiredStatusChecks
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictions BranchProtectionV3Restrictions
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    branch string
    The Git branch to protect.
    repository string
    The GitHub repository name.
    enforceAdmins boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    requireConversationResolution boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviews
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks BranchProtectionV3RequiredStatusChecks
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictions BranchProtectionV3Restrictions
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    branch str
    The Git branch to protect.
    repository str
    The GitHub repository name.
    enforce_admins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    require_conversation_resolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    require_signed_commits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    required_pull_request_reviews BranchProtectionV3RequiredPullRequestReviewsArgs
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    required_status_checks BranchProtectionV3RequiredStatusChecksArgs
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictions BranchProtectionV3RestrictionsArgs
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    branch String
    The Git branch to protect.
    repository String
    The GitHub repository name.
    enforceAdmins Boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    requireConversationResolution Boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits Boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredPullRequestReviews Property Map
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks Property Map
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictions Property Map
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the BranchProtectionV3 resource produces the following output properties:

    Etag string
    Id string
    The provider-assigned unique ID for this managed resource.
    Etag string
    Id string
    The provider-assigned unique ID for this managed resource.
    etag String
    id String
    The provider-assigned unique ID for this managed resource.
    etag string
    id string
    The provider-assigned unique ID for this managed resource.
    etag str
    id str
    The provider-assigned unique ID for this managed resource.
    etag String
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing BranchProtectionV3 Resource

    Get an existing BranchProtectionV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: BranchProtectionV3State, opts?: CustomResourceOptions): BranchProtectionV3
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            branch: Optional[str] = None,
            enforce_admins: Optional[bool] = None,
            etag: Optional[str] = None,
            repository: Optional[str] = None,
            require_conversation_resolution: Optional[bool] = None,
            require_signed_commits: Optional[bool] = None,
            required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
            required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
            restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None) -> BranchProtectionV3
    func GetBranchProtectionV3(ctx *Context, name string, id IDInput, state *BranchProtectionV3State, opts ...ResourceOption) (*BranchProtectionV3, error)
    public static BranchProtectionV3 Get(string name, Input<string> id, BranchProtectionV3State? state, CustomResourceOptions? opts = null)
    public static BranchProtectionV3 get(String name, Output<String> id, BranchProtectionV3State state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Branch string
    The Git branch to protect.
    EnforceAdmins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    Etag string
    Repository string
    The GitHub repository name.
    RequireConversationResolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    RequireSignedCommits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviews
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    RequiredStatusChecks BranchProtectionV3RequiredStatusChecks
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    Restrictions BranchProtectionV3Restrictions
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    Branch string
    The Git branch to protect.
    EnforceAdmins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    Etag string
    Repository string
    The GitHub repository name.
    RequireConversationResolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    RequireSignedCommits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    Restrictions BranchProtectionV3RestrictionsArgs
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    branch String
    The Git branch to protect.
    enforceAdmins Boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    etag String
    repository String
    The GitHub repository name.
    requireConversationResolution Boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits Boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviews
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks BranchProtectionV3RequiredStatusChecks
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictions BranchProtectionV3Restrictions
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    branch string
    The Git branch to protect.
    enforceAdmins boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    etag string
    repository string
    The GitHub repository name.
    requireConversationResolution boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviews
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks BranchProtectionV3RequiredStatusChecks
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictions BranchProtectionV3Restrictions
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    branch str
    The Git branch to protect.
    enforce_admins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    etag str
    repository str
    The GitHub repository name.
    require_conversation_resolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    require_signed_commits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    required_pull_request_reviews BranchProtectionV3RequiredPullRequestReviewsArgs
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    required_status_checks BranchProtectionV3RequiredStatusChecksArgs
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictions BranchProtectionV3RestrictionsArgs
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
    branch String
    The Git branch to protect.
    enforceAdmins Boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    etag String
    repository String
    The GitHub repository name.
    requireConversationResolution Boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits Boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredPullRequestReviews Property Map
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks Property Map
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictions Property Map
    Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

    Supporting Types

    BranchProtectionV3RequiredPullRequestReviews, BranchProtectionV3RequiredPullRequestReviewsArgs

    BypassPullRequestAllowances BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowances
    Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
    DismissStaleReviews bool
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    DismissalApps List<string>
    The list of app slugs with dismissal access.
    DismissalTeams List<string>
    The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    DismissalUsers List<string>
    The list of user logins with dismissal access
    IncludeAdmins bool

    Deprecated: Use enforce_admins instead

    RequireCodeOwnerReviews bool
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    RequireLastPushApproval bool
    Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
    RequiredApprovingReviewCount int
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
    BypassPullRequestAllowances BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowances
    Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
    DismissStaleReviews bool
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    DismissalApps []string
    The list of app slugs with dismissal access.
    DismissalTeams []string
    The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    DismissalUsers []string
    The list of user logins with dismissal access
    IncludeAdmins bool

    Deprecated: Use enforce_admins instead

    RequireCodeOwnerReviews bool
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    RequireLastPushApproval bool
    Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
    RequiredApprovingReviewCount int
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
    bypassPullRequestAllowances BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowances
    Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
    dismissStaleReviews Boolean
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    dismissalApps List<String>
    The list of app slugs with dismissal access.
    dismissalTeams List<String>
    The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    dismissalUsers List<String>
    The list of user logins with dismissal access
    includeAdmins Boolean

    Deprecated: Use enforce_admins instead

    requireCodeOwnerReviews Boolean
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    requireLastPushApproval Boolean
    Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
    requiredApprovingReviewCount Integer
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
    bypassPullRequestAllowances BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowances
    Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
    dismissStaleReviews boolean
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    dismissalApps string[]
    The list of app slugs with dismissal access.
    dismissalTeams string[]
    The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    dismissalUsers string[]
    The list of user logins with dismissal access
    includeAdmins boolean

    Deprecated: Use enforce_admins instead

    requireCodeOwnerReviews boolean
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    requireLastPushApproval boolean
    Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
    requiredApprovingReviewCount number
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
    bypass_pull_request_allowances BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowances
    Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
    dismiss_stale_reviews bool
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    dismissal_apps Sequence[str]
    The list of app slugs with dismissal access.
    dismissal_teams Sequence[str]
    The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    dismissal_users Sequence[str]
    The list of user logins with dismissal access
    include_admins bool

    Deprecated: Use enforce_admins instead

    require_code_owner_reviews bool
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    require_last_push_approval bool
    Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
    required_approving_review_count int
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
    bypassPullRequestAllowances Property Map
    Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
    dismissStaleReviews Boolean
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    dismissalApps List<String>
    The list of app slugs with dismissal access.
    dismissalTeams List<String>
    The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    dismissalUsers List<String>
    The list of user logins with dismissal access
    includeAdmins Boolean

    Deprecated: Use enforce_admins instead

    requireCodeOwnerReviews Boolean
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    requireLastPushApproval Boolean
    Require that the most recent push must be approved by someone other than the last pusher. Defaults to false
    requiredApprovingReviewCount Number
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.

    BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowances, BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs

    Apps List<string>
    The list of app slugs allowed to bypass pull request requirements.
    Teams List<string>
    The list of team slugs allowed to bypass pull request requirements.
    Users List<string>
    The list of user logins allowed to bypass pull request requirements.
    Apps []string
    The list of app slugs allowed to bypass pull request requirements.
    Teams []string
    The list of team slugs allowed to bypass pull request requirements.
    Users []string
    The list of user logins allowed to bypass pull request requirements.
    apps List<String>
    The list of app slugs allowed to bypass pull request requirements.
    teams List<String>
    The list of team slugs allowed to bypass pull request requirements.
    users List<String>
    The list of user logins allowed to bypass pull request requirements.
    apps string[]
    The list of app slugs allowed to bypass pull request requirements.
    teams string[]
    The list of team slugs allowed to bypass pull request requirements.
    users string[]
    The list of user logins allowed to bypass pull request requirements.
    apps Sequence[str]
    The list of app slugs allowed to bypass pull request requirements.
    teams Sequence[str]
    The list of team slugs allowed to bypass pull request requirements.
    users Sequence[str]
    The list of user logins allowed to bypass pull request requirements.
    apps List<String>
    The list of app slugs allowed to bypass pull request requirements.
    teams List<String>
    The list of team slugs allowed to bypass pull request requirements.
    users List<String>
    The list of user logins allowed to bypass pull request requirements.

    BranchProtectionV3RequiredStatusChecks, BranchProtectionV3RequiredStatusChecksArgs

    Checks List<string>
    The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
    Contexts List<string>

    [DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    Deprecated: GitHub is deprecating the use of contexts. Use a checks array instead.

    IncludeAdmins bool

    Deprecated: Use enforce_admins instead

    Strict bool
    Require branches to be up to date before merging. Defaults to false.
    Checks []string
    The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
    Contexts []string

    [DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    Deprecated: GitHub is deprecating the use of contexts. Use a checks array instead.

    IncludeAdmins bool

    Deprecated: Use enforce_admins instead

    Strict bool
    Require branches to be up to date before merging. Defaults to false.
    checks List<String>
    The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
    contexts List<String>

    [DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    Deprecated: GitHub is deprecating the use of contexts. Use a checks array instead.

    includeAdmins Boolean

    Deprecated: Use enforce_admins instead

    strict Boolean
    Require branches to be up to date before merging. Defaults to false.
    checks string[]
    The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
    contexts string[]

    [DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    Deprecated: GitHub is deprecating the use of contexts. Use a checks array instead.

    includeAdmins boolean

    Deprecated: Use enforce_admins instead

    strict boolean
    Require branches to be up to date before merging. Defaults to false.
    checks Sequence[str]
    The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
    contexts Sequence[str]

    [DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    Deprecated: GitHub is deprecating the use of contexts. Use a checks array instead.

    include_admins bool

    Deprecated: Use enforce_admins instead

    strict bool
    Require branches to be up to date before merging. Defaults to false.
    checks List<String>
    The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
    contexts List<String>

    [DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    Deprecated: GitHub is deprecating the use of contexts. Use a checks array instead.

    includeAdmins Boolean

    Deprecated: Use enforce_admins instead

    strict Boolean
    Require branches to be up to date before merging. Defaults to false.

    BranchProtectionV3Restrictions, BranchProtectionV3RestrictionsArgs

    Apps List<string>

    The list of app slugs with push access.

    restrictions is only available for organization-owned repositories.

    Teams List<string>
    The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    Users List<string>
    The list of user logins with push access.
    Apps []string

    The list of app slugs with push access.

    restrictions is only available for organization-owned repositories.

    Teams []string
    The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    Users []string
    The list of user logins with push access.
    apps List<String>

    The list of app slugs with push access.

    restrictions is only available for organization-owned repositories.

    teams List<String>
    The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    users List<String>
    The list of user logins with push access.
    apps string[]

    The list of app slugs with push access.

    restrictions is only available for organization-owned repositories.

    teams string[]
    The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    users string[]
    The list of user logins with push access.
    apps Sequence[str]

    The list of app slugs with push access.

    restrictions is only available for organization-owned repositories.

    teams Sequence[str]
    The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    users Sequence[str]
    The list of user logins with push access.
    apps List<String>

    The list of app slugs with push access.

    restrictions is only available for organization-owned repositories.

    teams List<String>
    The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.
    users List<String>
    The list of user logins with push access.

    Import

    GitHub Branch Protection can be imported using an ID made up of repository:branch, e.g.

    $ pulumi import github:index/branchProtectionV3:BranchProtectionV3 terraform terraform:main
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    GitHub pulumi/pulumi-github
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the github Terraform Provider.
    github logo
    GitHub v6.2.1 published on Thursday, May 23, 2024 by Pulumi