github logo
GitHub v5.3.0, Jan 24 23

github.BranchProtectionV3

Protects a GitHub branch.

The github.BranchProtection resource has moved to the GraphQL API, while this resource will continue to leverage the REST API.

This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Github = Pulumi.Github;

return await Deployment.RunAsync(() => 
{
    // Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
    var example = new Github.BranchProtectionV3("example", new()
    {
        Repository = github_repository.Example.Name,
        Branch = "main",
        Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
        {
            Users = new[]
            {
                "foo-user",
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-github/sdk/v5/go/github"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := github.NewBranchProtectionV3(ctx, "example", &github.BranchProtectionV3Args{
			Repository: pulumi.Any(github_repository.Example.Name),
			Branch:     pulumi.String("main"),
			Restrictions: &github.BranchProtectionV3RestrictionsArgs{
				Users: pulumi.StringArray{
					pulumi.String("foo-user"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.BranchProtectionV3;
import com.pulumi.github.BranchProtectionV3Args;
import com.pulumi.github.inputs.BranchProtectionV3RestrictionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new BranchProtectionV3("example", BranchProtectionV3Args.builder()        
            .repository(github_repository.example().name())
            .branch("main")
            .restrictions(BranchProtectionV3RestrictionsArgs.builder()
                .users("foo-user")
                .build())
            .build());

    }
}
import pulumi
import pulumi_github as github

# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
example = github.BranchProtectionV3("example",
    repository=github_repository["example"]["name"],
    branch="main",
    restrictions=github.BranchProtectionV3RestrictionsArgs(
        users=["foo-user"],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";

// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
const example = new github.BranchProtectionV3("example", {
    repository: github_repository.example.name,
    branch: "main",
    restrictions: {
        users: ["foo-user"],
    },
});
resources:
  # Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
  example:
    type: github:BranchProtectionV3
    properties:
      repository: ${github_repository.example.name}
      branch: main
      restrictions:
        users:
          - foo-user
using System.Collections.Generic;
using Pulumi;
using Github = Pulumi.Github;

return await Deployment.RunAsync(() => 
{
    var exampleRepository = new Github.Repository("exampleRepository");

    var exampleTeam = new Github.Team("exampleTeam");

    // Protect the main branch of the foo repository. Additionally, require that
    // the "ci/check" check ran by the Github Actions app is passing and only allow 
    // the engineers team merge to the branch.
    var exampleBranchProtectionV3 = new Github.BranchProtectionV3("exampleBranchProtectionV3", new()
    {
        Repository = exampleRepository.Name,
        Branch = "main",
        EnforceAdmins = true,
        RequiredStatusChecks = new Github.Inputs.BranchProtectionV3RequiredStatusChecksArgs
        {
            Strict = false,
            Checks = new[]
            {
                "ci/check:824642007264",
            },
        },
        RequiredPullRequestReviews = new Github.Inputs.BranchProtectionV3RequiredPullRequestReviewsArgs
        {
            DismissStaleReviews = true,
            DismissalUsers = new[]
            {
                "foo-user",
            },
            DismissalTeams = new[]
            {
                exampleTeam.Slug,
            },
        },
        Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
        {
            Users = new[]
            {
                "foo-user",
            },
            Teams = new[]
            {
                exampleTeam.Slug,
            },
            Apps = new[]
            {
                "foo-app",
            },
        },
    });

    var exampleTeamRepository = new Github.TeamRepository("exampleTeamRepository", new()
    {
        TeamId = exampleTeam.Id,
        Repository = exampleRepository.Name,
        Permission = "pull",
    });

});
package main

import (
	"github.com/pulumi/pulumi-github/sdk/v5/go/github"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleRepository, err := github.NewRepository(ctx, "exampleRepository", nil)
		if err != nil {
			return err
		}
		exampleTeam, err := github.NewTeam(ctx, "exampleTeam", nil)
		if err != nil {
			return err
		}
		_, err = github.NewBranchProtectionV3(ctx, "exampleBranchProtectionV3", &github.BranchProtectionV3Args{
			Repository:    exampleRepository.Name,
			Branch:        pulumi.String("main"),
			EnforceAdmins: pulumi.Bool(true),
			RequiredStatusChecks: &github.BranchProtectionV3RequiredStatusChecksArgs{
				Strict: pulumi.Bool(false),
				Checks: pulumi.StringArray{
					pulumi.String("ci/check:824642007264"),
				},
			},
			RequiredPullRequestReviews: &github.BranchProtectionV3RequiredPullRequestReviewsArgs{
				DismissStaleReviews: pulumi.Bool(true),
				DismissalUsers: pulumi.StringArray{
					pulumi.String("foo-user"),
				},
				DismissalTeams: pulumi.StringArray{
					exampleTeam.Slug,
				},
			},
			Restrictions: &github.BranchProtectionV3RestrictionsArgs{
				Users: pulumi.StringArray{
					pulumi.String("foo-user"),
				},
				Teams: pulumi.StringArray{
					exampleTeam.Slug,
				},
				Apps: pulumi.StringArray{
					pulumi.String("foo-app"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = github.NewTeamRepository(ctx, "exampleTeamRepository", &github.TeamRepositoryArgs{
			TeamId:     exampleTeam.ID(),
			Repository: exampleRepository.Name,
			Permission: pulumi.String("pull"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.Repository;
import com.pulumi.github.Team;
import com.pulumi.github.BranchProtectionV3;
import com.pulumi.github.BranchProtectionV3Args;
import com.pulumi.github.inputs.BranchProtectionV3RequiredStatusChecksArgs;
import com.pulumi.github.inputs.BranchProtectionV3RequiredPullRequestReviewsArgs;
import com.pulumi.github.inputs.BranchProtectionV3RestrictionsArgs;
import com.pulumi.github.TeamRepository;
import com.pulumi.github.TeamRepositoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleRepository = new Repository("exampleRepository");

        var exampleTeam = new Team("exampleTeam");

        var exampleBranchProtectionV3 = new BranchProtectionV3("exampleBranchProtectionV3", BranchProtectionV3Args.builder()        
            .repository(exampleRepository.name())
            .branch("main")
            .enforceAdmins(true)
            .requiredStatusChecks(BranchProtectionV3RequiredStatusChecksArgs.builder()
                .strict(false)
                .checks("ci/check:824642007264")
                .build())
            .requiredPullRequestReviews(BranchProtectionV3RequiredPullRequestReviewsArgs.builder()
                .dismissStaleReviews(true)
                .dismissalUsers("foo-user")
                .dismissalTeams(exampleTeam.slug())
                .build())
            .restrictions(BranchProtectionV3RestrictionsArgs.builder()
                .users("foo-user")
                .teams(exampleTeam.slug())
                .apps("foo-app")
                .build())
            .build());

        var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()        
            .teamId(exampleTeam.id())
            .repository(exampleRepository.name())
            .permission("pull")
            .build());

    }
}
import pulumi
import pulumi_github as github

example_repository = github.Repository("exampleRepository")
example_team = github.Team("exampleTeam")
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/check" check ran by the Github Actions app is passing and only allow 
# the engineers team merge to the branch.
example_branch_protection_v3 = github.BranchProtectionV3("exampleBranchProtectionV3",
    repository=example_repository.name,
    branch="main",
    enforce_admins=True,
    required_status_checks=github.BranchProtectionV3RequiredStatusChecksArgs(
        strict=False,
        checks=["ci/check:824642007264"],
    ),
    required_pull_request_reviews=github.BranchProtectionV3RequiredPullRequestReviewsArgs(
        dismiss_stale_reviews=True,
        dismissal_users=["foo-user"],
        dismissal_teams=[example_team.slug],
    ),
    restrictions=github.BranchProtectionV3RestrictionsArgs(
        users=["foo-user"],
        teams=[example_team.slug],
        apps=["foo-app"],
    ))
example_team_repository = github.TeamRepository("exampleTeamRepository",
    team_id=example_team.id,
    repository=example_repository.name,
    permission="pull")
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";

const exampleRepository = new github.Repository("exampleRepository", {});
const exampleTeam = new github.Team("exampleTeam", {});
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/check" check ran by the Github Actions app is passing and only allow 
// the engineers team merge to the branch.
const exampleBranchProtectionV3 = new github.BranchProtectionV3("exampleBranchProtectionV3", {
    repository: exampleRepository.name,
    branch: "main",
    enforceAdmins: true,
    requiredStatusChecks: {
        strict: false,
        checks: ["ci/check:824642007264"],
    },
    requiredPullRequestReviews: {
        dismissStaleReviews: true,
        dismissalUsers: ["foo-user"],
        dismissalTeams: [exampleTeam.slug],
    },
    restrictions: {
        users: ["foo-user"],
        teams: [exampleTeam.slug],
        apps: ["foo-app"],
    },
});
const exampleTeamRepository = new github.TeamRepository("exampleTeamRepository", {
    teamId: exampleTeam.id,
    repository: exampleRepository.name,
    permission: "pull",
});
resources:
  # Protect the main branch of the foo repository. Additionally, require that
  # the "ci/check" check ran by the Github Actions app is passing and only allow 
  # the engineers team merge to the branch.
  exampleBranchProtectionV3:
    type: github:BranchProtectionV3
    properties:
      repository: ${exampleRepository.name}
      branch: main
      enforceAdmins: true
      requiredStatusChecks:
        strict: false
        checks:
          - ci/check:824642007264
      requiredPullRequestReviews:
        dismissStaleReviews: true
        dismissalUsers:
          - foo-user
        dismissalTeams:
          - ${exampleTeam.slug}
      restrictions:
        users:
          - foo-user
        teams:
          - ${exampleTeam.slug}
        apps:
          - foo-app
  exampleRepository:
    type: github:Repository
  exampleTeam:
    type: github:Team
  exampleTeamRepository:
    type: github:TeamRepository
    properties:
      teamId: ${exampleTeam.id}
      repository: ${exampleRepository.name}
      permission: pull

Create BranchProtectionV3 Resource

new BranchProtectionV3(name: string, args: BranchProtectionV3Args, opts?: CustomResourceOptions);
@overload
def BranchProtectionV3(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       branch: Optional[str] = None,
                       enforce_admins: Optional[bool] = None,
                       repository: Optional[str] = None,
                       require_conversation_resolution: Optional[bool] = None,
                       require_signed_commits: Optional[bool] = None,
                       required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
                       required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
                       restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None)
@overload
def BranchProtectionV3(resource_name: str,
                       args: BranchProtectionV3Args,
                       opts: Optional[ResourceOptions] = None)
func NewBranchProtectionV3(ctx *Context, name string, args BranchProtectionV3Args, opts ...ResourceOption) (*BranchProtectionV3, error)
public BranchProtectionV3(string name, BranchProtectionV3Args args, CustomResourceOptions? opts = null)
public BranchProtectionV3(String name, BranchProtectionV3Args args)
public BranchProtectionV3(String name, BranchProtectionV3Args args, CustomResourceOptions options)
type: github:BranchProtectionV3
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args BranchProtectionV3Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args BranchProtectionV3Args
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args BranchProtectionV3Args
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args BranchProtectionV3Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args BranchProtectionV3Args
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

BranchProtectionV3 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The BranchProtectionV3 resource accepts the following input properties:

Branch string

The Git branch to protect.

Repository string

The GitHub repository name.

EnforceAdmins bool

Boolean, setting this to true enforces status checks for repository administrators.

RequireConversationResolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

RequireSignedCommits bool

Boolean, setting this to true requires all commits to be signed with GPG.

RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

Restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

Branch string

The Git branch to protect.

Repository string

The GitHub repository name.

EnforceAdmins bool

Boolean, setting this to true enforces status checks for repository administrators.

RequireConversationResolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

RequireSignedCommits bool

Boolean, setting this to true requires all commits to be signed with GPG.

RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

Restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch String

The Git branch to protect.

repository String

The GitHub repository name.

enforceAdmins Boolean

Boolean, setting this to true enforces status checks for repository administrators.

requireConversationResolution Boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits Boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch string

The Git branch to protect.

repository string

The GitHub repository name.

enforceAdmins boolean

Boolean, setting this to true enforces status checks for repository administrators.

requireConversationResolution boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch str

The Git branch to protect.

repository str

The GitHub repository name.

enforce_admins bool

Boolean, setting this to true enforces status checks for repository administrators.

require_conversation_resolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

require_signed_commits bool

Boolean, setting this to true requires all commits to be signed with GPG.

required_pull_request_reviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

required_status_checks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch String

The Git branch to protect.

repository String

The GitHub repository name.

enforceAdmins Boolean

Boolean, setting this to true enforces status checks for repository administrators.

requireConversationResolution Boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits Boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredPullRequestReviews Property Map

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks Property Map

Enforce restrictions for required status checks. See Required Status Checks below for details.

restrictions Property Map

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

Outputs

All input properties are implicitly available as output properties. Additionally, the BranchProtectionV3 resource produces the following output properties:

Etag string
Id string

The provider-assigned unique ID for this managed resource.

Etag string
Id string

The provider-assigned unique ID for this managed resource.

etag String
id String

The provider-assigned unique ID for this managed resource.

etag string
id string

The provider-assigned unique ID for this managed resource.

etag str
id str

The provider-assigned unique ID for this managed resource.

etag String
id String

The provider-assigned unique ID for this managed resource.

Look up Existing BranchProtectionV3 Resource

Get an existing BranchProtectionV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BranchProtectionV3State, opts?: CustomResourceOptions): BranchProtectionV3
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        branch: Optional[str] = None,
        enforce_admins: Optional[bool] = None,
        etag: Optional[str] = None,
        repository: Optional[str] = None,
        require_conversation_resolution: Optional[bool] = None,
        require_signed_commits: Optional[bool] = None,
        required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
        required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
        restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None) -> BranchProtectionV3
func GetBranchProtectionV3(ctx *Context, name string, id IDInput, state *BranchProtectionV3State, opts ...ResourceOption) (*BranchProtectionV3, error)
public static BranchProtectionV3 Get(string name, Input<string> id, BranchProtectionV3State? state, CustomResourceOptions? opts = null)
public static BranchProtectionV3 get(String name, Output<String> id, BranchProtectionV3State state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Branch string

The Git branch to protect.

EnforceAdmins bool

Boolean, setting this to true enforces status checks for repository administrators.

Etag string
Repository string

The GitHub repository name.

RequireConversationResolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

RequireSignedCommits bool

Boolean, setting this to true requires all commits to be signed with GPG.

RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

Restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

Branch string

The Git branch to protect.

EnforceAdmins bool

Boolean, setting this to true enforces status checks for repository administrators.

Etag string
Repository string

The GitHub repository name.

RequireConversationResolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

RequireSignedCommits bool

Boolean, setting this to true requires all commits to be signed with GPG.

RequiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

RequiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

Restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch String

The Git branch to protect.

enforceAdmins Boolean

Boolean, setting this to true enforces status checks for repository administrators.

etag String
repository String

The GitHub repository name.

requireConversationResolution Boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits Boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch string

The Git branch to protect.

enforceAdmins boolean

Boolean, setting this to true enforces status checks for repository administrators.

etag string
repository string

The GitHub repository name.

requireConversationResolution boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredPullRequestReviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch str

The Git branch to protect.

enforce_admins bool

Boolean, setting this to true enforces status checks for repository administrators.

etag str
repository str

The GitHub repository name.

require_conversation_resolution bool

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

require_signed_commits bool

Boolean, setting this to true requires all commits to be signed with GPG.

required_pull_request_reviews BranchProtectionV3RequiredPullRequestReviewsArgs

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

required_status_checks BranchProtectionV3RequiredStatusChecksArgs

Enforce restrictions for required status checks. See Required Status Checks below for details.

restrictions BranchProtectionV3RestrictionsArgs

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

branch String

The Git branch to protect.

enforceAdmins Boolean

Boolean, setting this to true enforces status checks for repository administrators.

etag String
repository String

The GitHub repository name.

requireConversationResolution Boolean

Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.

requireSignedCommits Boolean

Boolean, setting this to true requires all commits to be signed with GPG.

requiredPullRequestReviews Property Map

Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.

requiredStatusChecks Property Map

Enforce restrictions for required status checks. See Required Status Checks below for details.

restrictions Property Map

Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.

Supporting Types

BranchProtectionV3RequiredPullRequestReviews

DismissStaleReviews bool

Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.

DismissalTeams List<string>

The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.

DismissalUsers List<string>

The list of user logins with dismissal access

IncludeAdmins bool

Deprecated:

Use enforce_admins instead

RequireCodeOwnerReviews bool

Require an approved review in pull requests including files with a designated code owner. Defaults to false.

RequiredApprovingReviewCount int

Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.

DismissStaleReviews bool

Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.

DismissalTeams []string

The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.

DismissalUsers []string

The list of user logins with dismissal access

IncludeAdmins bool

Deprecated:

Use enforce_admins instead

RequireCodeOwnerReviews bool

Require an approved review in pull requests including files with a designated code owner. Defaults to false.

RequiredApprovingReviewCount int

Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.

dismissStaleReviews Boolean

Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.

dismissalTeams List<String>

The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.

dismissalUsers List<String>

The list of user logins with dismissal access

includeAdmins Boolean

Deprecated:

Use enforce_admins instead

requireCodeOwnerReviews Boolean

Require an approved review in pull requests including files with a designated code owner. Defaults to false.

requiredApprovingReviewCount Integer

Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.

dismissStaleReviews boolean

Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.

dismissalTeams string[]

The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.

dismissalUsers string[]

The list of user logins with dismissal access

includeAdmins boolean

Deprecated:

Use enforce_admins instead

requireCodeOwnerReviews boolean

Require an approved review in pull requests including files with a designated code owner. Defaults to false.

requiredApprovingReviewCount number

Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.

dismiss_stale_reviews bool

Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.

dismissal_teams Sequence[str]

The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.

dismissal_users Sequence[str]

The list of user logins with dismissal access

include_admins bool

Deprecated:

Use enforce_admins instead

require_code_owner_reviews bool

Require an approved review in pull requests including files with a designated code owner. Defaults to false.

required_approving_review_count int

Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.

dismissStaleReviews Boolean

Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.

dismissalTeams List<String>

The list of team slugs with dismissal access. Always use slug of the team, not its name. Each team already has to have access to the repository.

dismissalUsers List<String>

The list of user logins with dismissal access

includeAdmins Boolean

Deprecated:

Use enforce_admins instead

requireCodeOwnerReviews Boolean

Require an approved review in pull requests including files with a designated code owner. Defaults to false.

requiredApprovingReviewCount Number

Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.

BranchProtectionV3RequiredStatusChecks

Checks List<string>

The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".

Contexts List<string>

[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

Deprecated:

GitHub is deprecating the use of contexts. Use a checks array instead.

IncludeAdmins bool

Deprecated:

Use enforce_admins instead

Strict bool

Require branches to be up to date before merging. Defaults to false.

Checks []string

The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".

Contexts []string

[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

Deprecated:

GitHub is deprecating the use of contexts. Use a checks array instead.

IncludeAdmins bool

Deprecated:

Use enforce_admins instead

Strict bool

Require branches to be up to date before merging. Defaults to false.

checks List<String>

The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".

contexts List<String>

[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

Deprecated:

GitHub is deprecating the use of contexts. Use a checks array instead.

includeAdmins Boolean

Deprecated:

Use enforce_admins instead

strict Boolean

Require branches to be up to date before merging. Defaults to false.

checks string[]

The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".

contexts string[]

[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

Deprecated:

GitHub is deprecating the use of contexts. Use a checks array instead.

includeAdmins boolean

Deprecated:

Use enforce_admins instead

strict boolean

Require branches to be up to date before merging. Defaults to false.

checks Sequence[str]

The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".

contexts Sequence[str]

[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

Deprecated:

GitHub is deprecating the use of contexts. Use a checks array instead.

include_admins bool

Deprecated:

Use enforce_admins instead

strict bool

Require branches to be up to date before merging. Defaults to false.

checks List<String>

The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".

contexts List<String>

[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.

Deprecated:

GitHub is deprecating the use of contexts. Use a checks array instead.

includeAdmins Boolean

Deprecated:

Use enforce_admins instead

strict Boolean

Require branches to be up to date before merging. Defaults to false.

BranchProtectionV3Restrictions

Apps List<string>

The list of app slugs with push access.

Teams List<string>

The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.

Users List<string>

The list of user logins with push access.

Apps []string

The list of app slugs with push access.

Teams []string

The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.

Users []string

The list of user logins with push access.

apps List<String>

The list of app slugs with push access.

teams List<String>

The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.

users List<String>

The list of user logins with push access.

apps string[]

The list of app slugs with push access.

teams string[]

The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.

users string[]

The list of user logins with push access.

apps Sequence[str]

The list of app slugs with push access.

teams Sequence[str]

The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.

users Sequence[str]

The list of user logins with push access.

apps List<String>

The list of app slugs with push access.

teams List<String>

The list of team slugs with push access. Always use slug of the team, not its name. Each team already has to have access to the repository.

users List<String>

The list of user logins with push access.

Import

GitHub Branch Protection can be imported using an ID made up of repository:branch, e.g.

 $ pulumi import github:index/branchProtectionV3:BranchProtectionV3 terraform terraform:main

Package Details

Repository
GitHub pulumi/pulumi-github
License
Apache-2.0
Notes

This Pulumi package is based on the github Terraform Provider.