github.BranchProtection (v5)

GitHub v5.26.0 (5.x), Mar 9 26

Viewing docs for GitHub v5.26.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-github

Viewing docs for GitHub v5.26.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-github

Import

GitHub Branch Protection can be imported using an ID made up of repository:pattern, e.g.

 $ pulumi import github:index/branchProtection:BranchProtection terraform terraform:main

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Github = Pulumi.Github;

return await Deployment.RunAsync(() => 
{
    var exampleRepository = new Github.Repository("exampleRepository");

    var exampleUser = Github.GetUser.Invoke(new()
    {
        Username = "example",
    });

    var exampleTeam = new Github.Team("exampleTeam");

    // Protect the main branch of the foo repository. Additionally, require that
    // the "ci/travis" context to be passing and only allow the engineers team merge
    // to the branch.
    var exampleBranchProtection = new Github.BranchProtection("exampleBranchProtection", new()
    {
        RepositoryId = exampleRepository.NodeId,
        Pattern = "main",
        EnforceAdmins = true,
        AllowsDeletions = true,
        RequiredStatusChecks = new[]
        {
            new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
            {
                Strict = false,
                Contexts = new[]
                {
                    "ci/travis",
                },
            },
        },
        RequiredPullRequestReviews = new[]
        {
            new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
            {
                DismissStaleReviews = true,
                RestrictDismissals = true,
                DismissalRestrictions = new[]
                {
                    exampleUser.Apply(getUserResult => getUserResult.NodeId),
                    exampleTeam.NodeId,
                    "/exampleuser",
                    "exampleorganization/exampleteam",
                },
            },
        },
        PushRestrictions = new[]
        {
            exampleUser.Apply(getUserResult => getUserResult.NodeId),
            "/exampleuser",
            "exampleorganization/exampleteam",
        },
        ForcePushBypassers = new[]
        {
            exampleUser.Apply(getUserResult => getUserResult.NodeId),
            "/exampleuser",
            "exampleorganization/exampleteam",
        },
    });

    var exampleTeamRepository = new Github.TeamRepository("exampleTeamRepository", new()
    {
        TeamId = exampleTeam.Id,
        Repository = exampleRepository.Name,
        Permission = "pull",
    });

});

package main

import (
	"github.com/pulumi/pulumi-github/sdk/v5/go/github"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleRepository, err := github.NewRepository(ctx, "exampleRepository", nil)
		if err != nil {
			return err
		}
		exampleUser, err := github.GetUser(ctx, &github.GetUserArgs{
			Username: "example",
		}, nil)
		if err != nil {
			return err
		}
		exampleTeam, err := github.NewTeam(ctx, "exampleTeam", nil)
		if err != nil {
			return err
		}
		_, err = github.NewBranchProtection(ctx, "exampleBranchProtection", &github.BranchProtectionArgs{
			RepositoryId:    exampleRepository.NodeId,
			Pattern:         pulumi.String("main"),
			EnforceAdmins:   pulumi.Bool(true),
			AllowsDeletions: pulumi.Bool(true),
			RequiredStatusChecks: github.BranchProtectionRequiredStatusCheckArray{
				&github.BranchProtectionRequiredStatusCheckArgs{
					Strict: pulumi.Bool(false),
					Contexts: pulumi.StringArray{
						pulumi.String("ci/travis"),
					},
				},
			},
			RequiredPullRequestReviews: github.BranchProtectionRequiredPullRequestReviewArray{
				&github.BranchProtectionRequiredPullRequestReviewArgs{
					DismissStaleReviews: pulumi.Bool(true),
					RestrictDismissals:  pulumi.Bool(true),
					DismissalRestrictions: pulumi.StringArray{
						*pulumi.String(exampleUser.NodeId),
						exampleTeam.NodeId,
						pulumi.String("/exampleuser"),
						pulumi.String("exampleorganization/exampleteam"),
					},
				},
			},
			PushRestrictions: pulumi.StringArray{
				*pulumi.String(exampleUser.NodeId),
				pulumi.String("/exampleuser"),
				pulumi.String("exampleorganization/exampleteam"),
			},
			ForcePushBypassers: pulumi.StringArray{
				*pulumi.String(exampleUser.NodeId),
				pulumi.String("/exampleuser"),
				pulumi.String("exampleorganization/exampleteam"),
			},
		})
		if err != nil {
			return err
		}
		_, err = github.NewTeamRepository(ctx, "exampleTeamRepository", &github.TeamRepositoryArgs{
			TeamId:     exampleTeam.ID(),
			Repository: exampleRepository.Name,
			Permission: pulumi.String("pull"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.Repository;
import com.pulumi.github.GithubFunctions;
import com.pulumi.github.inputs.GetUserArgs;
import com.pulumi.github.Team;
import com.pulumi.github.BranchProtection;
import com.pulumi.github.BranchProtectionArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredStatusCheckArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredPullRequestReviewArgs;
import com.pulumi.github.TeamRepository;
import com.pulumi.github.TeamRepositoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleRepository = new Repository("exampleRepository");

        final var exampleUser = GithubFunctions.getUser(GetUserArgs.builder()
            .username("example")
            .build());

        var exampleTeam = new Team("exampleTeam");

        var exampleBranchProtection = new BranchProtection("exampleBranchProtection", BranchProtectionArgs.builder()        
            .repositoryId(exampleRepository.nodeId())
            .pattern("main")
            .enforceAdmins(true)
            .allowsDeletions(true)
            .requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
                .strict(false)
                .contexts("ci/travis")
                .build())
            .requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
                .dismissStaleReviews(true)
                .restrictDismissals(true)
                .dismissalRestrictions(                
                    exampleUser.applyValue(getUserResult -> getUserResult.nodeId()),
                    exampleTeam.nodeId(),
                    "/exampleuser",
                    "exampleorganization/exampleteam")
                .build())
            .pushRestrictions(            
                exampleUser.applyValue(getUserResult -> getUserResult.nodeId()),
                "/exampleuser",
                "exampleorganization/exampleteam")
            .forcePushBypassers(            
                exampleUser.applyValue(getUserResult -> getUserResult.nodeId()),
                "/exampleuser",
                "exampleorganization/exampleteam")
            .build());

        var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()        
            .teamId(exampleTeam.id())
            .repository(exampleRepository.name())
            .permission("pull")
            .build());

    }
}

import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";

const exampleRepository = new github.Repository("exampleRepository", {});
const exampleUser = github.getUser({
    username: "example",
});
const exampleTeam = new github.Team("exampleTeam", {});
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
const exampleBranchProtection = new github.BranchProtection("exampleBranchProtection", {
    repositoryId: exampleRepository.nodeId,
    pattern: "main",
    enforceAdmins: true,
    allowsDeletions: true,
    requiredStatusChecks: [{
        strict: false,
        contexts: ["ci/travis"],
    }],
    requiredPullRequestReviews: [{
        dismissStaleReviews: true,
        restrictDismissals: true,
        dismissalRestrictions: [
            exampleUser.then(exampleUser => exampleUser.nodeId),
            exampleTeam.nodeId,
            "/exampleuser",
            "exampleorganization/exampleteam",
        ],
    }],
    pushRestrictions: [
        exampleUser.then(exampleUser => exampleUser.nodeId),
        "/exampleuser",
        "exampleorganization/exampleteam",
    ],
    forcePushBypassers: [
        exampleUser.then(exampleUser => exampleUser.nodeId),
        "/exampleuser",
        "exampleorganization/exampleteam",
    ],
});
const exampleTeamRepository = new github.TeamRepository("exampleTeamRepository", {
    teamId: exampleTeam.id,
    repository: exampleRepository.name,
    permission: "pull",
});

import pulumi
import pulumi_github as github

example_repository = github.Repository("exampleRepository")
example_user = github.get_user(username="example")
example_team = github.Team("exampleTeam")
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/travis" context to be passing and only allow the engineers team merge
# to the branch.
example_branch_protection = github.BranchProtection("exampleBranchProtection",
    repository_id=example_repository.node_id,
    pattern="main",
    enforce_admins=True,
    allows_deletions=True,
    required_status_checks=[github.BranchProtectionRequiredStatusCheckArgs(
        strict=False,
        contexts=["ci/travis"],
    )],
    required_pull_request_reviews=[github.BranchProtectionRequiredPullRequestReviewArgs(
        dismiss_stale_reviews=True,
        restrict_dismissals=True,
        dismissal_restrictions=[
            example_user.node_id,
            example_team.node_id,
            "/exampleuser",
            "exampleorganization/exampleteam",
        ],
    )],
    push_restrictions=[
        example_user.node_id,
        "/exampleuser",
        "exampleorganization/exampleteam",
    ],
    force_push_bypassers=[
        example_user.node_id,
        "/exampleuser",
        "exampleorganization/exampleteam",
    ])
example_team_repository = github.TeamRepository("exampleTeamRepository",
    team_id=example_team.id,
    repository=example_repository.name,
    permission="pull")

resources:
  # Protect the main branch of the foo repository. Additionally, require that
  # the "ci/travis" context to be passing and only allow the engineers team merge
  # to the branch.
  exampleBranchProtection:
    type: github:BranchProtection
    properties:
      repositoryId: ${exampleRepository.nodeId} # also accepts repository name
      #   # repository_id  = github_repository.example.name
      pattern: main
      enforceAdmins: true
      allowsDeletions: true
      requiredStatusChecks:
        - strict: false
          contexts:
            - ci/travis
      requiredPullRequestReviews:
        - dismissStaleReviews: true
          restrictDismissals: true
          dismissalRestrictions:
            - ${exampleUser.nodeId}
            - ${exampleTeam.nodeId}
            - /exampleuser
            - exampleorganization/exampleteam
      pushRestrictions:
        - ${exampleUser.nodeId}
        - /exampleuser
        - exampleorganization/exampleteam
      forcePushBypassers:
        - ${exampleUser.nodeId}
        - /exampleuser
        - exampleorganization/exampleteam
  exampleRepository:
    type: github:Repository
  exampleTeam:
    type: github:Team
  exampleTeamRepository:
    type: github:TeamRepository
    properties:
      teamId: ${exampleTeam.id}
      repository: ${exampleRepository.name}
      permission: pull
variables:
  exampleUser:
    fn::invoke:
      Function: github:getUser
      Arguments:
        username: example

Create BranchProtection Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new BranchProtection(name: string, args: BranchProtectionArgs, opts?: CustomResourceOptions);

@overload
def BranchProtection(resource_name: str,
                     args: BranchProtectionArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def BranchProtection(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     pattern: Optional[str] = None,
                     repository_id: Optional[str] = None,
                     enforce_admins: Optional[bool] = None,
                     allows_deletions: Optional[bool] = None,
                     force_push_bypassers: Optional[Sequence[str]] = None,
                     lock_branch: Optional[bool] = None,
                     blocks_creations: Optional[bool] = None,
                     push_restrictions: Optional[Sequence[str]] = None,
                     allows_force_pushes: Optional[bool] = None,
                     require_conversation_resolution: Optional[bool] = None,
                     require_signed_commits: Optional[bool] = None,
                     required_linear_history: Optional[bool] = None,
                     required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
                     required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None)

func NewBranchProtection(ctx *Context, name string, args BranchProtectionArgs, opts ...ResourceOption) (*BranchProtection, error)

public BranchProtection(string name, BranchProtectionArgs args, CustomResourceOptions? opts = null)

public BranchProtection(String name, BranchProtectionArgs args)
public BranchProtection(String name, BranchProtectionArgs args, CustomResourceOptions options)

type: github:BranchProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var branchProtectionResource = new Github.BranchProtection("branchProtectionResource", new()
{
    Pattern = "string",
    RepositoryId = "string",
    EnforceAdmins = false,
    AllowsDeletions = false,
    ForcePushBypassers = new[]
    {
        "string",
    },
    LockBranch = false,
    BlocksCreations = false,
    PushRestrictions = new[]
    {
        "string",
    },
    AllowsForcePushes = false,
    RequireConversationResolution = false,
    RequireSignedCommits = false,
    RequiredLinearHistory = false,
    RequiredPullRequestReviews = new[]
    {
        new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
        {
            DismissStaleReviews = false,
            DismissalRestrictions = new[]
            {
                "string",
            },
            PullRequestBypassers = new[]
            {
                "string",
            },
            RequireCodeOwnerReviews = false,
            RequireLastPushApproval = false,
            RequiredApprovingReviewCount = 0,
            RestrictDismissals = false,
        },
    },
    RequiredStatusChecks = new[]
    {
        new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
        {
            Contexts = new[]
            {
                "string",
            },
            Strict = false,
        },
    },
});

example, err := github.NewBranchProtection(ctx, "branchProtectionResource", &github.BranchProtectionArgs{
	Pattern:         pulumi.String("string"),
	RepositoryId:    pulumi.String("string"),
	EnforceAdmins:   pulumi.Bool(false),
	AllowsDeletions: pulumi.Bool(false),
	ForcePushBypassers: pulumi.StringArray{
		pulumi.String("string"),
	},
	LockBranch:      pulumi.Bool(false),
	BlocksCreations: pulumi.Bool(false),
	PushRestrictions: pulumi.StringArray{
		pulumi.String("string"),
	},
	AllowsForcePushes:             pulumi.Bool(false),
	RequireConversationResolution: pulumi.Bool(false),
	RequireSignedCommits:          pulumi.Bool(false),
	RequiredLinearHistory:         pulumi.Bool(false),
	RequiredPullRequestReviews: github.BranchProtectionRequiredPullRequestReviewArray{
		&github.BranchProtectionRequiredPullRequestReviewArgs{
			DismissStaleReviews: pulumi.Bool(false),
			DismissalRestrictions: pulumi.StringArray{
				pulumi.String("string"),
			},
			PullRequestBypassers: pulumi.StringArray{
				pulumi.String("string"),
			},
			RequireCodeOwnerReviews:      pulumi.Bool(false),
			RequireLastPushApproval:      pulumi.Bool(false),
			RequiredApprovingReviewCount: pulumi.Int(0),
			RestrictDismissals:           pulumi.Bool(false),
		},
	},
	RequiredStatusChecks: github.BranchProtectionRequiredStatusCheckArray{
		&github.BranchProtectionRequiredStatusCheckArgs{
			Contexts: pulumi.StringArray{
				pulumi.String("string"),
			},
			Strict: pulumi.Bool(false),
		},
	},
})

var branchProtectionResource = new BranchProtection("branchProtectionResource", BranchProtectionArgs.builder()
    .pattern("string")
    .repositoryId("string")
    .enforceAdmins(false)
    .allowsDeletions(false)
    .forcePushBypassers("string")
    .lockBranch(false)
    .blocksCreations(false)
    .pushRestrictions("string")
    .allowsForcePushes(false)
    .requireConversationResolution(false)
    .requireSignedCommits(false)
    .requiredLinearHistory(false)
    .requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
        .dismissStaleReviews(false)
        .dismissalRestrictions("string")
        .pullRequestBypassers("string")
        .requireCodeOwnerReviews(false)
        .requireLastPushApproval(false)
        .requiredApprovingReviewCount(0)
        .restrictDismissals(false)
        .build())
    .requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
        .contexts("string")
        .strict(false)
        .build())
    .build());

branch_protection_resource = github.BranchProtection("branchProtectionResource",
    pattern="string",
    repository_id="string",
    enforce_admins=False,
    allows_deletions=False,
    force_push_bypassers=["string"],
    lock_branch=False,
    blocks_creations=False,
    push_restrictions=["string"],
    allows_force_pushes=False,
    require_conversation_resolution=False,
    require_signed_commits=False,
    required_linear_history=False,
    required_pull_request_reviews=[{
        "dismiss_stale_reviews": False,
        "dismissal_restrictions": ["string"],
        "pull_request_bypassers": ["string"],
        "require_code_owner_reviews": False,
        "require_last_push_approval": False,
        "required_approving_review_count": 0,
        "restrict_dismissals": False,
    }],
    required_status_checks=[{
        "contexts": ["string"],
        "strict": False,
    }])

const branchProtectionResource = new github.BranchProtection("branchProtectionResource", {
    pattern: "string",
    repositoryId: "string",
    enforceAdmins: false,
    allowsDeletions: false,
    forcePushBypassers: ["string"],
    lockBranch: false,
    blocksCreations: false,
    pushRestrictions: ["string"],
    allowsForcePushes: false,
    requireConversationResolution: false,
    requireSignedCommits: false,
    requiredLinearHistory: false,
    requiredPullRequestReviews: [{
        dismissStaleReviews: false,
        dismissalRestrictions: ["string"],
        pullRequestBypassers: ["string"],
        requireCodeOwnerReviews: false,
        requireLastPushApproval: false,
        requiredApprovingReviewCount: 0,
        restrictDismissals: false,
    }],
    requiredStatusChecks: [{
        contexts: ["string"],
        strict: false,
    }],
});

type: github:BranchProtection
properties:
    allowsDeletions: false
    allowsForcePushes: false
    blocksCreations: false
    enforceAdmins: false
    forcePushBypassers:
        - string
    lockBranch: false
    pattern: string
    pushRestrictions:
        - string
    repositoryId: string
    requireConversationResolution: false
    requireSignedCommits: false
    requiredLinearHistory: false
    requiredPullRequestReviews:
        - dismissStaleReviews: false
          dismissalRestrictions:
            - string
          pullRequestBypassers:
            - string
          requireCodeOwnerReviews: false
          requireLastPushApproval: false
          requiredApprovingReviewCount: 0
          restrictDismissals: false
    requiredStatusChecks:
        - contexts:
            - string
          strict: false

BranchProtection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The BranchProtection resource accepts the following input properties:

Pattern string: Identifies the protection rule pattern.
RepositoryId string: The name or node ID of the repository associated with this branch protection rule.
AllowsDeletions bool: Boolean, setting this to true to allow the branch to be deleted.
AllowsForcePushes bool: Boolean, setting this to true to allow force pushes on the branch.
BlocksCreations bool: Boolean, setting this to true to block creating the branch.
EnforceAdmins bool: Boolean, setting this to true enforces status checks for repository administrators.
ForcePushBypassers List<string>: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
LockBranch bool: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
PushRestrictions List<string>: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
RequireConversationResolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
RequireSignedCommits bool: Boolean, setting this to true requires all commits to be signed with GPG.
RequiredLinearHistory bool: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
RequiredPullRequestReviews List<BranchProtectionRequiredPullRequestReview>: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
RequiredStatusChecks List<BranchProtectionRequiredStatusCheck>: Enforce restrictions for required status checks. See Required Status Checks below for details.

Pattern string: Identifies the protection rule pattern.
RepositoryId string: The name or node ID of the repository associated with this branch protection rule.
AllowsDeletions bool: Boolean, setting this to true to allow the branch to be deleted.
AllowsForcePushes bool: Boolean, setting this to true to allow force pushes on the branch.
BlocksCreations bool: Boolean, setting this to true to block creating the branch.
EnforceAdmins bool: Boolean, setting this to true enforces status checks for repository administrators.
ForcePushBypassers []string: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
LockBranch bool: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
PushRestrictions []string: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
RequireConversationResolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
RequireSignedCommits bool: Boolean, setting this to true requires all commits to be signed with GPG.
RequiredLinearHistory bool: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
RequiredPullRequestReviews []BranchProtectionRequiredPullRequestReviewArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
RequiredStatusChecks []BranchProtectionRequiredStatusCheckArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.

pattern String: Identifies the protection rule pattern.
repositoryId String: The name or node ID of the repository associated with this branch protection rule.
allowsDeletions Boolean: Boolean, setting this to true to allow the branch to be deleted.
allowsForcePushes Boolean: Boolean, setting this to true to allow force pushes on the branch.
blocksCreations Boolean: Boolean, setting this to true to block creating the branch.
enforceAdmins Boolean: Boolean, setting this to true enforces status checks for repository administrators.
forcePushBypassers List<String>: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
lockBranch Boolean: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
pushRestrictions List<String>: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
requireConversationResolution Boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits Boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredLinearHistory Boolean: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
requiredPullRequestReviews List<BranchProtectionRequiredPullRequestReview>: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks List<BranchProtectionRequiredStatusCheck>: Enforce restrictions for required status checks. See Required Status Checks below for details.

pattern string: Identifies the protection rule pattern.
repositoryId string: The name or node ID of the repository associated with this branch protection rule.
allowsDeletions boolean: Boolean, setting this to true to allow the branch to be deleted.
allowsForcePushes boolean: Boolean, setting this to true to allow force pushes on the branch.
blocksCreations boolean: Boolean, setting this to true to block creating the branch.
enforceAdmins boolean: Boolean, setting this to true enforces status checks for repository administrators.
forcePushBypassers string[]: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
lockBranch boolean: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
pushRestrictions string[]: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
requireConversationResolution boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredLinearHistory boolean: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
requiredPullRequestReviews BranchProtectionRequiredPullRequestReview[]: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks BranchProtectionRequiredStatusCheck[]: Enforce restrictions for required status checks. See Required Status Checks below for details.

pattern str: Identifies the protection rule pattern.
repository_id str: The name or node ID of the repository associated with this branch protection rule.
allows_deletions bool: Boolean, setting this to true to allow the branch to be deleted.
allows_force_pushes bool: Boolean, setting this to true to allow force pushes on the branch.
blocks_creations bool: Boolean, setting this to true to block creating the branch.
enforce_admins bool: Boolean, setting this to true enforces status checks for repository administrators.
force_push_bypassers Sequence[str]: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
lock_branch bool: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
push_restrictions Sequence[str]: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
require_conversation_resolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
require_signed_commits bool: Boolean, setting this to true requires all commits to be signed with GPG.
required_linear_history bool: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
required_pull_request_reviews Sequence[BranchProtectionRequiredPullRequestReviewArgs]: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
required_status_checks Sequence[BranchProtectionRequiredStatusCheckArgs]: Enforce restrictions for required status checks. See Required Status Checks below for details.

pattern String: Identifies the protection rule pattern.
repositoryId String: The name or node ID of the repository associated with this branch protection rule.
allowsDeletions Boolean: Boolean, setting this to true to allow the branch to be deleted.
allowsForcePushes Boolean: Boolean, setting this to true to allow force pushes on the branch.
blocksCreations Boolean: Boolean, setting this to true to block creating the branch.
enforceAdmins Boolean: Boolean, setting this to true enforces status checks for repository administrators.
forcePushBypassers List<String>: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
lockBranch Boolean: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
pushRestrictions List<String>: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
requireConversationResolution Boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits Boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredLinearHistory Boolean: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
requiredPullRequestReviews List<Property Map>: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks List<Property Map>: Enforce restrictions for required status checks. See Required Status Checks below for details.

Outputs

All input properties are implicitly available as output properties. Additionally, the BranchProtection resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing BranchProtection Resource

Get an existing BranchProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BranchProtectionState, opts?: CustomResourceOptions): BranchProtection

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allows_deletions: Optional[bool] = None,
        allows_force_pushes: Optional[bool] = None,
        blocks_creations: Optional[bool] = None,
        enforce_admins: Optional[bool] = None,
        force_push_bypassers: Optional[Sequence[str]] = None,
        lock_branch: Optional[bool] = None,
        pattern: Optional[str] = None,
        push_restrictions: Optional[Sequence[str]] = None,
        repository_id: Optional[str] = None,
        require_conversation_resolution: Optional[bool] = None,
        require_signed_commits: Optional[bool] = None,
        required_linear_history: Optional[bool] = None,
        required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
        required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None) -> BranchProtection

func GetBranchProtection(ctx *Context, name string, id IDInput, state *BranchProtectionState, opts ...ResourceOption) (*BranchProtection, error)

public static BranchProtection Get(string name, Input<string> id, BranchProtectionState? state, CustomResourceOptions? opts = null)

public static BranchProtection get(String name, Output<String> id, BranchProtectionState state, CustomResourceOptions options)

resources:  _:    type: github:BranchProtection    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowsDeletions bool: Boolean, setting this to true to allow the branch to be deleted.
AllowsForcePushes bool: Boolean, setting this to true to allow force pushes on the branch.
BlocksCreations bool: Boolean, setting this to true to block creating the branch.
EnforceAdmins bool: Boolean, setting this to true enforces status checks for repository administrators.
ForcePushBypassers List<string>: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
LockBranch bool: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
Pattern string: Identifies the protection rule pattern.
PushRestrictions List<string>: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
RepositoryId string: The name or node ID of the repository associated with this branch protection rule.
RequireConversationResolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
RequireSignedCommits bool: Boolean, setting this to true requires all commits to be signed with GPG.
RequiredLinearHistory bool: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
RequiredPullRequestReviews List<BranchProtectionRequiredPullRequestReview>: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
RequiredStatusChecks List<BranchProtectionRequiredStatusCheck>: Enforce restrictions for required status checks. See Required Status Checks below for details.

AllowsDeletions bool: Boolean, setting this to true to allow the branch to be deleted.
AllowsForcePushes bool: Boolean, setting this to true to allow force pushes on the branch.
BlocksCreations bool: Boolean, setting this to true to block creating the branch.
EnforceAdmins bool: Boolean, setting this to true enforces status checks for repository administrators.
ForcePushBypassers []string: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
LockBranch bool: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
Pattern string: Identifies the protection rule pattern.
PushRestrictions []string: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
RepositoryId string: The name or node ID of the repository associated with this branch protection rule.
RequireConversationResolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
RequireSignedCommits bool: Boolean, setting this to true requires all commits to be signed with GPG.
RequiredLinearHistory bool: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
RequiredPullRequestReviews []BranchProtectionRequiredPullRequestReviewArgs: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
RequiredStatusChecks []BranchProtectionRequiredStatusCheckArgs: Enforce restrictions for required status checks. See Required Status Checks below for details.

allowsDeletions Boolean: Boolean, setting this to true to allow the branch to be deleted.
allowsForcePushes Boolean: Boolean, setting this to true to allow force pushes on the branch.
blocksCreations Boolean: Boolean, setting this to true to block creating the branch.
enforceAdmins Boolean: Boolean, setting this to true enforces status checks for repository administrators.
forcePushBypassers List<String>: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
lockBranch Boolean: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
pattern String: Identifies the protection rule pattern.
pushRestrictions List<String>: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
repositoryId String: The name or node ID of the repository associated with this branch protection rule.
requireConversationResolution Boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits Boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredLinearHistory Boolean: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
requiredPullRequestReviews List<BranchProtectionRequiredPullRequestReview>: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks List<BranchProtectionRequiredStatusCheck>: Enforce restrictions for required status checks. See Required Status Checks below for details.

allowsDeletions boolean: Boolean, setting this to true to allow the branch to be deleted.
allowsForcePushes boolean: Boolean, setting this to true to allow force pushes on the branch.
blocksCreations boolean: Boolean, setting this to true to block creating the branch.
enforceAdmins boolean: Boolean, setting this to true enforces status checks for repository administrators.
forcePushBypassers string[]: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
lockBranch boolean: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
pattern string: Identifies the protection rule pattern.
pushRestrictions string[]: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
repositoryId string: The name or node ID of the repository associated with this branch protection rule.
requireConversationResolution boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredLinearHistory boolean: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
requiredPullRequestReviews BranchProtectionRequiredPullRequestReview[]: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks BranchProtectionRequiredStatusCheck[]: Enforce restrictions for required status checks. See Required Status Checks below for details.

allows_deletions bool: Boolean, setting this to true to allow the branch to be deleted.
allows_force_pushes bool: Boolean, setting this to true to allow force pushes on the branch.
blocks_creations bool: Boolean, setting this to true to block creating the branch.
enforce_admins bool: Boolean, setting this to true enforces status checks for repository administrators.
force_push_bypassers Sequence[str]: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
lock_branch bool: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
pattern str: Identifies the protection rule pattern.
push_restrictions Sequence[str]: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
repository_id str: The name or node ID of the repository associated with this branch protection rule.
require_conversation_resolution bool: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
require_signed_commits bool: Boolean, setting this to true requires all commits to be signed with GPG.
required_linear_history bool: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
required_pull_request_reviews Sequence[BranchProtectionRequiredPullRequestReviewArgs]: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
required_status_checks Sequence[BranchProtectionRequiredStatusCheckArgs]: Enforce restrictions for required status checks. See Required Status Checks below for details.

allowsDeletions Boolean: Boolean, setting this to true to allow the branch to be deleted.
allowsForcePushes Boolean: Boolean, setting this to true to allow force pushes on the branch.
blocksCreations Boolean: Boolean, setting this to true to block creating the branch.
enforceAdmins Boolean: Boolean, setting this to true enforces status checks for repository administrators.
forcePushBypassers List<String>: The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
lockBranch Boolean: Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
pattern String: Identifies the protection rule pattern.
pushRestrictions List<String>: The list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
repositoryId String: The name or node ID of the repository associated with this branch protection rule.
requireConversationResolution Boolean: Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
requireSignedCommits Boolean: Boolean, setting this to true requires all commits to be signed with GPG.
requiredLinearHistory Boolean: Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
requiredPullRequestReviews List<Property Map>: Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
requiredStatusChecks List<Property Map>: Enforce restrictions for required status checks. See Required Status Checks below for details.

Supporting Types

BranchProtectionRequiredPullRequestReview, BranchProtectionRequiredPullRequestReviewArgs

DismissStaleReviews bool: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
DismissalRestrictions List<string>: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
PullRequestBypassers List<string>: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
RequireCodeOwnerReviews bool: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
RequireLastPushApproval bool: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
RequiredApprovingReviewCount int: Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
RestrictDismissals bool: Restrict pull request review dismissals.

DismissStaleReviews bool: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
DismissalRestrictions []string: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
PullRequestBypassers []string: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
RequireCodeOwnerReviews bool: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
RequireLastPushApproval bool: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
RequiredApprovingReviewCount int: Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
RestrictDismissals bool: Restrict pull request review dismissals.

dismissStaleReviews Boolean: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
dismissalRestrictions List<String>: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
pullRequestBypassers List<String>: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
requireCodeOwnerReviews Boolean: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
requireLastPushApproval Boolean: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
requiredApprovingReviewCount Integer: Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
restrictDismissals Boolean: Restrict pull request review dismissals.

dismissStaleReviews boolean: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
dismissalRestrictions string[]: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
pullRequestBypassers string[]: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
requireCodeOwnerReviews boolean: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
requireLastPushApproval boolean: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
requiredApprovingReviewCount number: Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
restrictDismissals boolean: Restrict pull request review dismissals.

dismiss_stale_reviews bool: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
dismissal_restrictions Sequence[str]: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
pull_request_bypassers Sequence[str]: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
require_code_owner_reviews bool: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
require_last_push_approval bool: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
required_approving_review_count int: Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
restrict_dismissals bool: Restrict pull request review dismissals.

dismissStaleReviews Boolean: Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
dismissalRestrictions List<String>: The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
pullRequestBypassers List<String>: The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
requireCodeOwnerReviews Boolean: Require an approved review in pull requests including files with a designated code owner. Defaults to false.
requireLastPushApproval Boolean: Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
requiredApprovingReviewCount Number: Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
restrictDismissals Boolean: Restrict pull request review dismissals.

BranchProtectionRequiredStatusCheck, BranchProtectionRequiredStatusCheckArgs

Contexts List<string>: The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.
Strict bool: Require branches to be up to date before merging. Defaults to false.

Contexts []string: The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.
Strict bool: Require branches to be up to date before merging. Defaults to false.

contexts List<String>: The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.
strict Boolean: Require branches to be up to date before merging. Defaults to false.

contexts string[]: The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.
strict boolean: Require branches to be up to date before merging. Defaults to false.

contexts Sequence[str]: The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.
strict bool: Require branches to be up to date before merging. Defaults to false.

contexts List<String>: The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.
strict Boolean: Require branches to be up to date before merging. Defaults to false.

Package Details

Repository: GitHub pulumi/pulumi-github
License: Apache-2.0
Notes: This Pulumi package is based on the github Terraform Provider.

Viewing docs for GitHub v5.26.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-github

github.BranchProtection

On this page

On this page

Import

Example Usage

Create BranchProtection Resource

Constructor syntax

Parameters

Constructor example

BranchProtection Resource Properties

Inputs

Outputs

Look up Existing BranchProtection Resource

Supporting Types

BranchProtectionRequiredPullRequestReview, BranchProtectionRequiredPullRequestReviewArgs

BranchProtectionRequiredStatusCheck, BranchProtectionRequiredStatusCheckArgs

Package Details

On this page

On this page