GitHub
BranchProtectionV3
Protects a GitHub branch.
The github.BranchProtection
resource has moved to the GraphQL API, while this resource will continue to leverage the REST API.
This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.
Example Usage
using Pulumi;
using Github = Pulumi.Github;
class MyStack : Stack
{
public MyStack()
{
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
var example = new Github.BranchProtectionV3("example", new Github.BranchProtectionV3Args
{
Repository = github_repository.Example.Name,
Branch = "main",
Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
{
Users =
{
"foo-user",
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-github/sdk/v4/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := github.NewBranchProtectionV3(ctx, "example", &github.BranchProtectionV3Args{
Repository: pulumi.Any(github_repository.Example.Name),
Branch: pulumi.String("main"),
Restrictions: &BranchProtectionV3RestrictionsArgs{
Users: pulumi.StringArray{
pulumi.String("foo-user"),
},
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_github as github
# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
example = github.BranchProtectionV3("example",
repository=github_repository["example"]["name"],
branch="main",
restrictions=github.BranchProtectionV3RestrictionsArgs(
users=["foo-user"],
))
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
const example = new github.BranchProtectionV3("example", {
repository: github_repository.example.name,
branch: "main",
restrictions: {
users: ["foo-user"],
},
});
Coming soon!
Create a BranchProtectionV3 Resource
new BranchProtectionV3(name: string, args: BranchProtectionV3Args, opts?: CustomResourceOptions);
@overload
def BranchProtectionV3(resource_name: str,
opts: Optional[ResourceOptions] = None,
branch: Optional[str] = None,
enforce_admins: Optional[bool] = None,
repository: Optional[str] = None,
require_conversation_resolution: Optional[bool] = None,
require_signed_commits: Optional[bool] = None,
required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None)
@overload
def BranchProtectionV3(resource_name: str,
args: BranchProtectionV3Args,
opts: Optional[ResourceOptions] = None)
func NewBranchProtectionV3(ctx *Context, name string, args BranchProtectionV3Args, opts ...ResourceOption) (*BranchProtectionV3, error)
public BranchProtectionV3(string name, BranchProtectionV3Args args, CustomResourceOptions? opts = null)
public BranchProtectionV3(String name, BranchProtectionV3Args args)
public BranchProtectionV3(String name, BranchProtectionV3Args args, CustomResourceOptions options)
type: github:BranchProtectionV3
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
BranchProtectionV3 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The BranchProtectionV3 resource accepts the following input properties:
- Branch string
The Git branch to protect.
- Repository string
The GitHub repository name.
- Enforce
Admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- Require
Conversation boolResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- Require
Signed boolCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- Required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status BranchChecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- Branch string
The Git branch to protect.
- Repository string
The GitHub repository name.
- Enforce
Admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- Require
Conversation boolResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- Require
Signed boolCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- Required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status BranchChecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch String
The Git branch to protect.
- repository String
The GitHub repository name.
- enforce
Admins Boolean Boolean, setting this to
true
enforces status checks for repository administrators.- require
Conversation BooleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed BooleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch string
The Git branch to protect.
- repository string
The GitHub repository name.
- enforce
Admins boolean Boolean, setting this to
true
enforces status checks for repository administrators.- require
Conversation booleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed booleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch str
The Git branch to protect.
- repository str
The GitHub repository name.
- enforce_
admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- require_
conversation_ boolresolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require_
signed_ boolcommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required_
pull_ Branchrequest_ reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required_
status_ Branchchecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch String
The Git branch to protect.
- repository String
The GitHub repository name.
- enforce
Admins Boolean Boolean, setting this to
true
enforces status checks for repository administrators.- require
Conversation BooleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed BooleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Pull Property MapRequest Reviews Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status Property MapChecks Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions Property Map
Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
Outputs
All input properties are implicitly available as output properties. Additionally, the BranchProtectionV3 resource produces the following output properties:
Look up an Existing BranchProtectionV3 Resource
Get an existing BranchProtectionV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BranchProtectionV3State, opts?: CustomResourceOptions): BranchProtectionV3
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
branch: Optional[str] = None,
enforce_admins: Optional[bool] = None,
etag: Optional[str] = None,
repository: Optional[str] = None,
require_conversation_resolution: Optional[bool] = None,
require_signed_commits: Optional[bool] = None,
required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None) -> BranchProtectionV3
func GetBranchProtectionV3(ctx *Context, name string, id IDInput, state *BranchProtectionV3State, opts ...ResourceOption) (*BranchProtectionV3, error)
public static BranchProtectionV3 Get(string name, Input<string> id, BranchProtectionV3State? state, CustomResourceOptions? opts = null)
public static BranchProtectionV3 get(String name, Output<String> id, BranchProtectionV3State state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Branch string
The Git branch to protect.
- Enforce
Admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- Etag string
- Repository string
The GitHub repository name.
- Require
Conversation boolResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- Require
Signed boolCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- Required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status BranchChecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- Branch string
The Git branch to protect.
- Enforce
Admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- Etag string
- Repository string
The GitHub repository name.
- Require
Conversation boolResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- Require
Signed boolCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- Required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status BranchChecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch String
The Git branch to protect.
- enforce
Admins Boolean Boolean, setting this to
true
enforces status checks for repository administrators.- etag String
- repository String
The GitHub repository name.
- require
Conversation BooleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed BooleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch string
The Git branch to protect.
- enforce
Admins boolean Boolean, setting this to
true
enforces status checks for repository administrators.- etag string
- repository string
The GitHub repository name.
- require
Conversation booleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed booleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch str
The Git branch to protect.
- enforce_
admins bool Boolean, setting this to
true
enforces status checks for repository administrators.- etag str
- repository str
The GitHub repository name.
- require_
conversation_ boolresolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require_
signed_ boolcommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required_
pull_ Branchrequest_ reviews Protection V3Required Pull Request Reviews Args Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required_
status_ Branchchecks Protection V3Required Status Checks Args Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions Args Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch String
The Git branch to protect.
- enforce
Admins Boolean Boolean, setting this to
true
enforces status checks for repository administrators.- etag String
- repository String
The GitHub repository name.
- require
Conversation BooleanResolution Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged.- require
Signed BooleanCommits Boolean, setting this to
true
requires all commits to be signed with GPG.- required
Pull Property MapRequest Reviews Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status Property MapChecks Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions Property Map
Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
Supporting Types
BranchProtectionV3RequiredPullRequestReviews
- Dismiss
Stale boolReviews - Dismissal
Teams List<string> - Dismissal
Users List<string> - Include
Admins bool Use enforce_admins instead
- Require
Code boolOwner Reviews - Required
Approving intReview Count
- Dismiss
Stale boolReviews - Dismissal
Teams []string - Dismissal
Users []string - Include
Admins bool Use enforce_admins instead
- Require
Code boolOwner Reviews - Required
Approving intReview Count
- dismiss
Stale BooleanReviews - dismissal
Teams List - dismissal
Users List - include
Admins Boolean Use enforce_admins instead
- require
Code BooleanOwner Reviews - required
Approving IntegerReview Count
- dismiss
Stale booleanReviews - dismissal
Teams string[] - dismissal
Users string[] - include
Admins boolean Use enforce_admins instead
- require
Code booleanOwner Reviews - required
Approving numberReview Count
- dismiss_
stale_ boolreviews - dismissal_
teams Sequence[str] - dismissal_
users Sequence[str] - include_
admins bool Use enforce_admins instead
- require_
code_ boolowner_ reviews - required_
approving_ intreview_ count
- dismiss
Stale BooleanReviews - dismissal
Teams List - dismissal
Users List - include
Admins Boolean Use enforce_admins instead
- require
Code BooleanOwner Reviews - required
Approving NumberReview Count
BranchProtectionV3RequiredStatusChecks
- Contexts List<string>
- Include
Admins bool Use enforce_admins instead
- Strict bool
- Contexts []string
- Include
Admins bool Use enforce_admins instead
- Strict bool
- contexts
List
- include
Admins Boolean Use enforce_admins instead
- strict Boolean
- contexts string[]
- include
Admins boolean Use enforce_admins instead
- strict boolean
- contexts Sequence[str]
- include_
admins bool Use enforce_admins instead
- strict bool
- contexts
List
- include
Admins Boolean Use enforce_admins instead
- strict Boolean
BranchProtectionV3Restrictions
Import
GitHub Branch Protection can be imported using an ID made up of repository:branch
, e.g.
$ pulumi import github:index/branchProtectionV3:BranchProtectionV3 terraform terraform:main
Package Details
- Repository
- https://github.com/pulumi/pulumi-github
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
github
Terraform Provider.