github.BranchProtection
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
const exampleRepository = new github.Repository("example", {name: "test"});
const example = github.getUser({
username: "example",
});
const exampleTeam = new github.Team("example", {name: "Example Name"});
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
const exampleBranchProtection = new github.BranchProtection("example", {
repositoryId: exampleRepository.nodeId,
pattern: "main",
enforceAdmins: true,
allowsDeletions: true,
requiredStatusChecks: [{
strict: false,
contexts: ["ci/travis"],
}],
requiredPullRequestReviews: [{
dismissStaleReviews: true,
restrictDismissals: true,
dismissalRestrictions: [
example.then(example => example.nodeId),
exampleTeam.nodeId,
"/exampleuser",
"exampleorganization/exampleteam",
],
}],
restrictPushes: [{
pushAllowances: [
example.then(example => example.nodeId),
"/exampleuser",
"exampleorganization/exampleteam",
],
}],
forcePushBypassers: [
example.then(example => example.nodeId),
"/exampleuser",
"exampleorganization/exampleteam",
],
});
const exampleTeamRepository = new github.TeamRepository("example", {
teamId: exampleTeam.id,
repository: exampleRepository.name,
permission: "pull",
});
import pulumi
import pulumi_github as github
example_repository = github.Repository("example", name="test")
example = github.get_user(username="example")
example_team = github.Team("example", name="Example Name")
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/travis" context to be passing and only allow the engineers team merge
# to the branch.
example_branch_protection = github.BranchProtection("example",
repository_id=example_repository.node_id,
pattern="main",
enforce_admins=True,
allows_deletions=True,
required_status_checks=[{
"strict": False,
"contexts": ["ci/travis"],
}],
required_pull_request_reviews=[{
"dismiss_stale_reviews": True,
"restrict_dismissals": True,
"dismissal_restrictions": [
example.node_id,
example_team.node_id,
"/exampleuser",
"exampleorganization/exampleteam",
],
}],
restrict_pushes=[{
"push_allowances": [
example.node_id,
"/exampleuser",
"exampleorganization/exampleteam",
],
}],
force_push_bypassers=[
example.node_id,
"/exampleuser",
"exampleorganization/exampleteam",
])
example_team_repository = github.TeamRepository("example",
team_id=example_team.id,
repository=example_repository.name,
permission="pull")
package main
import (
"github.com/pulumi/pulumi-github/sdk/v6/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleRepository, err := github.NewRepository(ctx, "example", &github.RepositoryArgs{
Name: pulumi.String("test"),
})
if err != nil {
return err
}
example, err := github.GetUser(ctx, &github.GetUserArgs{
Username: "example",
}, nil)
if err != nil {
return err
}
exampleTeam, err := github.NewTeam(ctx, "example", &github.TeamArgs{
Name: pulumi.String("Example Name"),
})
if err != nil {
return err
}
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
_, err = github.NewBranchProtection(ctx, "example", &github.BranchProtectionArgs{
RepositoryId: exampleRepository.NodeId,
Pattern: pulumi.String("main"),
EnforceAdmins: pulumi.Bool(true),
AllowsDeletions: pulumi.Bool(true),
RequiredStatusChecks: github.BranchProtectionRequiredStatusCheckArray{
&github.BranchProtectionRequiredStatusCheckArgs{
Strict: pulumi.Bool(false),
Contexts: pulumi.StringArray{
pulumi.String("ci/travis"),
},
},
},
RequiredPullRequestReviews: github.BranchProtectionRequiredPullRequestReviewArray{
&github.BranchProtectionRequiredPullRequestReviewArgs{
DismissStaleReviews: pulumi.Bool(true),
RestrictDismissals: pulumi.Bool(true),
DismissalRestrictions: pulumi.StringArray{
pulumi.String(example.NodeId),
exampleTeam.NodeId,
pulumi.String("/exampleuser"),
pulumi.String("exampleorganization/exampleteam"),
},
},
},
RestrictPushes: github.BranchProtectionRestrictPushArray{
&github.BranchProtectionRestrictPushArgs{
PushAllowances: pulumi.StringArray{
pulumi.String(example.NodeId),
pulumi.String("/exampleuser"),
pulumi.String("exampleorganization/exampleteam"),
},
},
},
ForcePushBypassers: pulumi.StringArray{
pulumi.String(example.NodeId),
pulumi.String("/exampleuser"),
pulumi.String("exampleorganization/exampleteam"),
},
})
if err != nil {
return err
}
_, err = github.NewTeamRepository(ctx, "example", &github.TeamRepositoryArgs{
TeamId: exampleTeam.ID(),
Repository: exampleRepository.Name,
Permission: pulumi.String("pull"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Github = Pulumi.Github;
return await Deployment.RunAsync(() =>
{
var exampleRepository = new Github.Repository("example", new()
{
Name = "test",
});
var example = Github.GetUser.Invoke(new()
{
Username = "example",
});
var exampleTeam = new Github.Team("example", new()
{
Name = "Example Name",
});
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
var exampleBranchProtection = new Github.BranchProtection("example", new()
{
RepositoryId = exampleRepository.NodeId,
Pattern = "main",
EnforceAdmins = true,
AllowsDeletions = true,
RequiredStatusChecks = new[]
{
new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
{
Strict = false,
Contexts = new[]
{
"ci/travis",
},
},
},
RequiredPullRequestReviews = new[]
{
new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
{
DismissStaleReviews = true,
RestrictDismissals = true,
DismissalRestrictions = new[]
{
example.Apply(getUserResult => getUserResult.NodeId),
exampleTeam.NodeId,
"/exampleuser",
"exampleorganization/exampleteam",
},
},
},
RestrictPushes = new[]
{
new Github.Inputs.BranchProtectionRestrictPushArgs
{
PushAllowances = new[]
{
example.Apply(getUserResult => getUserResult.NodeId),
"/exampleuser",
"exampleorganization/exampleteam",
},
},
},
ForcePushBypassers = new[]
{
example.Apply(getUserResult => getUserResult.NodeId),
"/exampleuser",
"exampleorganization/exampleteam",
},
});
var exampleTeamRepository = new Github.TeamRepository("example", new()
{
TeamId = exampleTeam.Id,
Repository = exampleRepository.Name,
Permission = "pull",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.Repository;
import com.pulumi.github.RepositoryArgs;
import com.pulumi.github.GithubFunctions;
import com.pulumi.github.inputs.GetUserArgs;
import com.pulumi.github.Team;
import com.pulumi.github.TeamArgs;
import com.pulumi.github.BranchProtection;
import com.pulumi.github.BranchProtectionArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredStatusCheckArgs;
import com.pulumi.github.inputs.BranchProtectionRequiredPullRequestReviewArgs;
import com.pulumi.github.inputs.BranchProtectionRestrictPushArgs;
import com.pulumi.github.TeamRepository;
import com.pulumi.github.TeamRepositoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleRepository = new Repository("exampleRepository", RepositoryArgs.builder()
.name("test")
.build());
final var example = GithubFunctions.getUser(GetUserArgs.builder()
.username("example")
.build());
var exampleTeam = new Team("exampleTeam", TeamArgs.builder()
.name("Example Name")
.build());
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/travis" context to be passing and only allow the engineers team merge
// to the branch.
var exampleBranchProtection = new BranchProtection("exampleBranchProtection", BranchProtectionArgs.builder()
.repositoryId(exampleRepository.nodeId())
.pattern("main")
.enforceAdmins(true)
.allowsDeletions(true)
.requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
.strict(false)
.contexts("ci/travis")
.build())
.requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
.dismissStaleReviews(true)
.restrictDismissals(true)
.dismissalRestrictions(
example.applyValue(getUserResult -> getUserResult.nodeId()),
exampleTeam.nodeId(),
"/exampleuser",
"exampleorganization/exampleteam")
.build())
.restrictPushes(BranchProtectionRestrictPushArgs.builder()
.pushAllowances(
example.applyValue(getUserResult -> getUserResult.nodeId()),
"/exampleuser",
"exampleorganization/exampleteam")
.build())
.forcePushBypassers(
example.applyValue(getUserResult -> getUserResult.nodeId()),
"/exampleuser",
"exampleorganization/exampleteam")
.build());
var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()
.teamId(exampleTeam.id())
.repository(exampleRepository.name())
.permission("pull")
.build());
}
}
resources:
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/travis" context to be passing and only allow the engineers team merge
# to the branch.
exampleBranchProtection:
type: github:BranchProtection
name: example
properties:
repositoryId: ${exampleRepository.nodeId}
pattern: main
enforceAdmins: true
allowsDeletions: true
requiredStatusChecks:
- strict: false
contexts:
- ci/travis
requiredPullRequestReviews:
- dismissStaleReviews: true
restrictDismissals: true
dismissalRestrictions:
- ${example.nodeId}
- ${exampleTeam.nodeId}
- /exampleuser
- exampleorganization/exampleteam
restrictPushes:
- pushAllowances:
- ${example.nodeId}
- /exampleuser
- exampleorganization/exampleteam
forcePushBypassers:
- ${example.nodeId}
- /exampleuser
- exampleorganization/exampleteam
exampleRepository:
type: github:Repository
name: example
properties:
name: test
exampleTeam:
type: github:Team
name: example
properties:
name: Example Name
exampleTeamRepository:
type: github:TeamRepository
name: example
properties:
teamId: ${exampleTeam.id}
repository: ${exampleRepository.name}
permission: pull
variables:
example:
fn::invoke:
Function: github:getUser
Arguments:
username: example
Create BranchProtection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new BranchProtection(name: string, args: BranchProtectionArgs, opts?: CustomResourceOptions);
@overload
def BranchProtection(resource_name: str,
args: BranchProtectionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def BranchProtection(resource_name: str,
opts: Optional[ResourceOptions] = None,
pattern: Optional[str] = None,
repository_id: Optional[str] = None,
force_push_bypassers: Optional[Sequence[str]] = None,
allows_deletions: Optional[bool] = None,
lock_branch: Optional[bool] = None,
enforce_admins: Optional[bool] = None,
allows_force_pushes: Optional[bool] = None,
require_conversation_resolution: Optional[bool] = None,
require_signed_commits: Optional[bool] = None,
required_linear_history: Optional[bool] = None,
required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None,
restrict_pushes: Optional[Sequence[BranchProtectionRestrictPushArgs]] = None)
func NewBranchProtection(ctx *Context, name string, args BranchProtectionArgs, opts ...ResourceOption) (*BranchProtection, error)
public BranchProtection(string name, BranchProtectionArgs args, CustomResourceOptions? opts = null)
public BranchProtection(String name, BranchProtectionArgs args)
public BranchProtection(String name, BranchProtectionArgs args, CustomResourceOptions options)
type: github:BranchProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BranchProtectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var branchProtectionResource = new Github.BranchProtection("branchProtectionResource", new()
{
Pattern = "string",
RepositoryId = "string",
ForcePushBypassers = new[]
{
"string",
},
AllowsDeletions = false,
LockBranch = false,
EnforceAdmins = false,
AllowsForcePushes = false,
RequireConversationResolution = false,
RequireSignedCommits = false,
RequiredLinearHistory = false,
RequiredPullRequestReviews = new[]
{
new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
{
DismissStaleReviews = false,
DismissalRestrictions = new[]
{
"string",
},
PullRequestBypassers = new[]
{
"string",
},
RequireCodeOwnerReviews = false,
RequireLastPushApproval = false,
RequiredApprovingReviewCount = 0,
RestrictDismissals = false,
},
},
RequiredStatusChecks = new[]
{
new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
{
Contexts = new[]
{
"string",
},
Strict = false,
},
},
RestrictPushes = new[]
{
new Github.Inputs.BranchProtectionRestrictPushArgs
{
BlocksCreations = false,
PushAllowances = new[]
{
"string",
},
},
},
});
example, err := github.NewBranchProtection(ctx, "branchProtectionResource", &github.BranchProtectionArgs{
Pattern: pulumi.String("string"),
RepositoryId: pulumi.String("string"),
ForcePushBypassers: pulumi.StringArray{
pulumi.String("string"),
},
AllowsDeletions: pulumi.Bool(false),
LockBranch: pulumi.Bool(false),
EnforceAdmins: pulumi.Bool(false),
AllowsForcePushes: pulumi.Bool(false),
RequireConversationResolution: pulumi.Bool(false),
RequireSignedCommits: pulumi.Bool(false),
RequiredLinearHistory: pulumi.Bool(false),
RequiredPullRequestReviews: github.BranchProtectionRequiredPullRequestReviewArray{
&github.BranchProtectionRequiredPullRequestReviewArgs{
DismissStaleReviews: pulumi.Bool(false),
DismissalRestrictions: pulumi.StringArray{
pulumi.String("string"),
},
PullRequestBypassers: pulumi.StringArray{
pulumi.String("string"),
},
RequireCodeOwnerReviews: pulumi.Bool(false),
RequireLastPushApproval: pulumi.Bool(false),
RequiredApprovingReviewCount: pulumi.Int(0),
RestrictDismissals: pulumi.Bool(false),
},
},
RequiredStatusChecks: github.BranchProtectionRequiredStatusCheckArray{
&github.BranchProtectionRequiredStatusCheckArgs{
Contexts: pulumi.StringArray{
pulumi.String("string"),
},
Strict: pulumi.Bool(false),
},
},
RestrictPushes: github.BranchProtectionRestrictPushArray{
&github.BranchProtectionRestrictPushArgs{
BlocksCreations: pulumi.Bool(false),
PushAllowances: pulumi.StringArray{
pulumi.String("string"),
},
},
},
})
var branchProtectionResource = new BranchProtection("branchProtectionResource", BranchProtectionArgs.builder()
.pattern("string")
.repositoryId("string")
.forcePushBypassers("string")
.allowsDeletions(false)
.lockBranch(false)
.enforceAdmins(false)
.allowsForcePushes(false)
.requireConversationResolution(false)
.requireSignedCommits(false)
.requiredLinearHistory(false)
.requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
.dismissStaleReviews(false)
.dismissalRestrictions("string")
.pullRequestBypassers("string")
.requireCodeOwnerReviews(false)
.requireLastPushApproval(false)
.requiredApprovingReviewCount(0)
.restrictDismissals(false)
.build())
.requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
.contexts("string")
.strict(false)
.build())
.restrictPushes(BranchProtectionRestrictPushArgs.builder()
.blocksCreations(false)
.pushAllowances("string")
.build())
.build());
branch_protection_resource = github.BranchProtection("branchProtectionResource",
pattern="string",
repository_id="string",
force_push_bypassers=["string"],
allows_deletions=False,
lock_branch=False,
enforce_admins=False,
allows_force_pushes=False,
require_conversation_resolution=False,
require_signed_commits=False,
required_linear_history=False,
required_pull_request_reviews=[{
"dismiss_stale_reviews": False,
"dismissal_restrictions": ["string"],
"pull_request_bypassers": ["string"],
"require_code_owner_reviews": False,
"require_last_push_approval": False,
"required_approving_review_count": 0,
"restrict_dismissals": False,
}],
required_status_checks=[{
"contexts": ["string"],
"strict": False,
}],
restrict_pushes=[{
"blocks_creations": False,
"push_allowances": ["string"],
}])
const branchProtectionResource = new github.BranchProtection("branchProtectionResource", {
pattern: "string",
repositoryId: "string",
forcePushBypassers: ["string"],
allowsDeletions: false,
lockBranch: false,
enforceAdmins: false,
allowsForcePushes: false,
requireConversationResolution: false,
requireSignedCommits: false,
requiredLinearHistory: false,
requiredPullRequestReviews: [{
dismissStaleReviews: false,
dismissalRestrictions: ["string"],
pullRequestBypassers: ["string"],
requireCodeOwnerReviews: false,
requireLastPushApproval: false,
requiredApprovingReviewCount: 0,
restrictDismissals: false,
}],
requiredStatusChecks: [{
contexts: ["string"],
strict: false,
}],
restrictPushes: [{
blocksCreations: false,
pushAllowances: ["string"],
}],
});
type: github:BranchProtection
properties:
allowsDeletions: false
allowsForcePushes: false
enforceAdmins: false
forcePushBypassers:
- string
lockBranch: false
pattern: string
repositoryId: string
requireConversationResolution: false
requireSignedCommits: false
requiredLinearHistory: false
requiredPullRequestReviews:
- dismissStaleReviews: false
dismissalRestrictions:
- string
pullRequestBypassers:
- string
requireCodeOwnerReviews: false
requireLastPushApproval: false
requiredApprovingReviewCount: 0
restrictDismissals: false
requiredStatusChecks:
- contexts:
- string
strict: false
restrictPushes:
- blocksCreations: false
pushAllowances:
- string
BranchProtection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The BranchProtection resource accepts the following input properties:
- Pattern string
- Identifies the protection rule pattern.
- Repository
Id string - The name or node ID of the repository associated with this branch protection rule.
- Allows
Deletions bool - Boolean, setting this to
true
to allow the branch to be deleted. - Allows
Force boolPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - Enforce
Admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - Force
Push List<string>Bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - Lock
Branch bool - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- Require
Conversation boolResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - Require
Signed boolCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - Required
Linear boolHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - Required
Pull List<BranchRequest Reviews Protection Required Pull Request Review> - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status List<BranchChecks Protection Required Status Check> - Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrict
Pushes List<BranchProtection Restrict Push> - Restrict pushes to matching branches. See Restrict Pushes below for details.
- Pattern string
- Identifies the protection rule pattern.
- Repository
Id string - The name or node ID of the repository associated with this branch protection rule.
- Allows
Deletions bool - Boolean, setting this to
true
to allow the branch to be deleted. - Allows
Force boolPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - Enforce
Admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - Force
Push []stringBypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - Lock
Branch bool - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- Require
Conversation boolResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - Require
Signed boolCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - Required
Linear boolHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - Required
Pull []BranchRequest Reviews Protection Required Pull Request Review Args - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status []BranchChecks Protection Required Status Check Args - Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrict
Pushes []BranchProtection Restrict Push Args - Restrict pushes to matching branches. See Restrict Pushes below for details.
- pattern String
- Identifies the protection rule pattern.
- repository
Id String - The name or node ID of the repository associated with this branch protection rule.
- allows
Deletions Boolean - Boolean, setting this to
true
to allow the branch to be deleted. - allows
Force BooleanPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - enforce
Admins Boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - force
Push List<String>Bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - lock
Branch Boolean - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- require
Conversation BooleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed BooleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Linear BooleanHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - required
Pull List<BranchRequest Reviews Protection Required Pull Request Review> - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status List<BranchChecks Protection Required Status Check> - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrict
Pushes List<BranchProtection Restrict Push> - Restrict pushes to matching branches. See Restrict Pushes below for details.
- pattern string
- Identifies the protection rule pattern.
- repository
Id string - The name or node ID of the repository associated with this branch protection rule.
- allows
Deletions boolean - Boolean, setting this to
true
to allow the branch to be deleted. - allows
Force booleanPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - enforce
Admins boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - force
Push string[]Bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - lock
Branch boolean - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- require
Conversation booleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed booleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Linear booleanHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - required
Pull BranchRequest Reviews Protection Required Pull Request Review[] - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection Required Status Check[] - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrict
Pushes BranchProtection Restrict Push[] - Restrict pushes to matching branches. See Restrict Pushes below for details.
- pattern str
- Identifies the protection rule pattern.
- repository_
id str - The name or node ID of the repository associated with this branch protection rule.
- allows_
deletions bool - Boolean, setting this to
true
to allow the branch to be deleted. - allows_
force_ boolpushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - enforce_
admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - force_
push_ Sequence[str]bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - lock_
branch bool - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- require_
conversation_ boolresolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require_
signed_ boolcommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required_
linear_ boolhistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - required_
pull_ Sequence[Branchrequest_ reviews Protection Required Pull Request Review Args] - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required_
status_ Sequence[Branchchecks Protection Required Status Check Args] - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrict_
pushes Sequence[BranchProtection Restrict Push Args] - Restrict pushes to matching branches. See Restrict Pushes below for details.
- pattern String
- Identifies the protection rule pattern.
- repository
Id String - The name or node ID of the repository associated with this branch protection rule.
- allows
Deletions Boolean - Boolean, setting this to
true
to allow the branch to be deleted. - allows
Force BooleanPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - enforce
Admins Boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - force
Push List<String>Bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - lock
Branch Boolean - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- require
Conversation BooleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed BooleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Linear BooleanHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - required
Pull List<Property Map>Request Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status List<Property Map>Checks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrict
Pushes List<Property Map> - Restrict pushes to matching branches. See Restrict Pushes below for details.
Outputs
All input properties are implicitly available as output properties. Additionally, the BranchProtection resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing BranchProtection Resource
Get an existing BranchProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BranchProtectionState, opts?: CustomResourceOptions): BranchProtection
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allows_deletions: Optional[bool] = None,
allows_force_pushes: Optional[bool] = None,
enforce_admins: Optional[bool] = None,
force_push_bypassers: Optional[Sequence[str]] = None,
lock_branch: Optional[bool] = None,
pattern: Optional[str] = None,
repository_id: Optional[str] = None,
require_conversation_resolution: Optional[bool] = None,
require_signed_commits: Optional[bool] = None,
required_linear_history: Optional[bool] = None,
required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None,
restrict_pushes: Optional[Sequence[BranchProtectionRestrictPushArgs]] = None) -> BranchProtection
func GetBranchProtection(ctx *Context, name string, id IDInput, state *BranchProtectionState, opts ...ResourceOption) (*BranchProtection, error)
public static BranchProtection Get(string name, Input<string> id, BranchProtectionState? state, CustomResourceOptions? opts = null)
public static BranchProtection get(String name, Output<String> id, BranchProtectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Allows
Deletions bool - Boolean, setting this to
true
to allow the branch to be deleted. - Allows
Force boolPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - Enforce
Admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - Force
Push List<string>Bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - Lock
Branch bool - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- Pattern string
- Identifies the protection rule pattern.
- Repository
Id string - The name or node ID of the repository associated with this branch protection rule.
- Require
Conversation boolResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - Require
Signed boolCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - Required
Linear boolHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - Required
Pull List<BranchRequest Reviews Protection Required Pull Request Review> - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status List<BranchChecks Protection Required Status Check> - Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrict
Pushes List<BranchProtection Restrict Push> - Restrict pushes to matching branches. See Restrict Pushes below for details.
- Allows
Deletions bool - Boolean, setting this to
true
to allow the branch to be deleted. - Allows
Force boolPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - Enforce
Admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - Force
Push []stringBypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - Lock
Branch bool - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- Pattern string
- Identifies the protection rule pattern.
- Repository
Id string - The name or node ID of the repository associated with this branch protection rule.
- Require
Conversation boolResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - Require
Signed boolCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - Required
Linear boolHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - Required
Pull []BranchRequest Reviews Protection Required Pull Request Review Args - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status []BranchChecks Protection Required Status Check Args - Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrict
Pushes []BranchProtection Restrict Push Args - Restrict pushes to matching branches. See Restrict Pushes below for details.
- allows
Deletions Boolean - Boolean, setting this to
true
to allow the branch to be deleted. - allows
Force BooleanPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - enforce
Admins Boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - force
Push List<String>Bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - lock
Branch Boolean - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- pattern String
- Identifies the protection rule pattern.
- repository
Id String - The name or node ID of the repository associated with this branch protection rule.
- require
Conversation BooleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed BooleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Linear BooleanHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - required
Pull List<BranchRequest Reviews Protection Required Pull Request Review> - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status List<BranchChecks Protection Required Status Check> - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrict
Pushes List<BranchProtection Restrict Push> - Restrict pushes to matching branches. See Restrict Pushes below for details.
- allows
Deletions boolean - Boolean, setting this to
true
to allow the branch to be deleted. - allows
Force booleanPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - enforce
Admins boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - force
Push string[]Bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - lock
Branch boolean - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- pattern string
- Identifies the protection rule pattern.
- repository
Id string - The name or node ID of the repository associated with this branch protection rule.
- require
Conversation booleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed booleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Linear booleanHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - required
Pull BranchRequest Reviews Protection Required Pull Request Review[] - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection Required Status Check[] - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrict
Pushes BranchProtection Restrict Push[] - Restrict pushes to matching branches. See Restrict Pushes below for details.
- allows_
deletions bool - Boolean, setting this to
true
to allow the branch to be deleted. - allows_
force_ boolpushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - enforce_
admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - force_
push_ Sequence[str]bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - lock_
branch bool - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- pattern str
- Identifies the protection rule pattern.
- repository_
id str - The name or node ID of the repository associated with this branch protection rule.
- require_
conversation_ boolresolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require_
signed_ boolcommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required_
linear_ boolhistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - required_
pull_ Sequence[Branchrequest_ reviews Protection Required Pull Request Review Args] - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required_
status_ Sequence[Branchchecks Protection Required Status Check Args] - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrict_
pushes Sequence[BranchProtection Restrict Push Args] - Restrict pushes to matching branches. See Restrict Pushes below for details.
- allows
Deletions Boolean - Boolean, setting this to
true
to allow the branch to be deleted. - allows
Force BooleanPushes - Boolean, setting this to
true
to allow force pushes on the branch to everyone. Set it tofalse
if you specifyforce_push_bypassers
. - enforce
Admins Boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - force
Push List<String>Bypassers - The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty,
allows_force_pushes
should be set tofalse
. - lock
Branch Boolean - Boolean, Setting this to
true
will make the branch read-only and preventing any pushes to it. Defaults tofalse
- pattern String
- Identifies the protection rule pattern.
- repository
Id String - The name or node ID of the repository associated with this branch protection rule.
- require
Conversation BooleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed BooleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Linear BooleanHistory - Boolean, setting this to
true
enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch - required
Pull List<Property Map>Request Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status List<Property Map>Checks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrict
Pushes List<Property Map> - Restrict pushes to matching branches. See Restrict Pushes below for details.
Supporting Types
BranchProtectionRequiredPullRequestReview, BranchProtectionRequiredPullRequestReviewArgs
- Dismiss
Stale boolReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - Dismissal
Restrictions List<string> - The list of actor Names/IDs with dismissal access. If not empty,
restrict_dismissals
is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. - Pull
Request List<string>Bypassers - The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
- Require
Code boolOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - Require
Last boolPush Approval - Require that The most recent push must be approved by someone other than the last pusher. Defaults to
false
- Required
Approving intReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
- Restrict
Dismissals bool - Restrict pull request review dismissals.
- Dismiss
Stale boolReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - Dismissal
Restrictions []string - The list of actor Names/IDs with dismissal access. If not empty,
restrict_dismissals
is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. - Pull
Request []stringBypassers - The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
- Require
Code boolOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - Require
Last boolPush Approval - Require that The most recent push must be approved by someone other than the last pusher. Defaults to
false
- Required
Approving intReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
- Restrict
Dismissals bool - Restrict pull request review dismissals.
- dismiss
Stale BooleanReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - dismissal
Restrictions List<String> - The list of actor Names/IDs with dismissal access. If not empty,
restrict_dismissals
is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. - pull
Request List<String>Bypassers - The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
- require
Code BooleanOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - require
Last BooleanPush Approval - Require that The most recent push must be approved by someone other than the last pusher. Defaults to
false
- required
Approving IntegerReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
- restrict
Dismissals Boolean - Restrict pull request review dismissals.
- dismiss
Stale booleanReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - dismissal
Restrictions string[] - The list of actor Names/IDs with dismissal access. If not empty,
restrict_dismissals
is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. - pull
Request string[]Bypassers - The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
- require
Code booleanOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - require
Last booleanPush Approval - Require that The most recent push must be approved by someone other than the last pusher. Defaults to
false
- required
Approving numberReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
- restrict
Dismissals boolean - Restrict pull request review dismissals.
- dismiss_
stale_ boolreviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - dismissal_
restrictions Sequence[str] - The list of actor Names/IDs with dismissal access. If not empty,
restrict_dismissals
is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. - pull_
request_ Sequence[str]bypassers - The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
- require_
code_ boolowner_ reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - require_
last_ boolpush_ approval - Require that The most recent push must be approved by someone other than the last pusher. Defaults to
false
- required_
approving_ intreview_ count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
- restrict_
dismissals bool - Restrict pull request review dismissals.
- dismiss
Stale BooleanReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - dismissal
Restrictions List<String> - The list of actor Names/IDs with dismissal access. If not empty,
restrict_dismissals
is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. - pull
Request List<String>Bypassers - The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
- require
Code BooleanOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - require
Last BooleanPush Approval - Require that The most recent push must be approved by someone other than the last pusher. Defaults to
false
- required
Approving NumberReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
- restrict
Dismissals Boolean - Restrict pull request review dismissals.
BranchProtectionRequiredStatusCheck, BranchProtectionRequiredStatusCheckArgs
- Contexts List<string>
The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- Strict bool
- Require branches to be up to date before merging. Defaults to
false
.
- Contexts []string
The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- Strict bool
- Require branches to be up to date before merging. Defaults to
false
.
- contexts List<String>
The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- strict Boolean
- Require branches to be up to date before merging. Defaults to
false
.
- contexts string[]
The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- strict boolean
- Require branches to be up to date before merging. Defaults to
false
.
- contexts Sequence[str]
The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- strict bool
- Require branches to be up to date before merging. Defaults to
false
.
- contexts List<String>
The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- strict Boolean
- Require branches to be up to date before merging. Defaults to
false
.
BranchProtectionRestrictPush, BranchProtectionRestrictPushArgs
- Blocks
Creations bool - Boolean, setting this to
false
allows people, teams, or apps to create new branches matching this rule. Defaults totrue
. - Push
Allowances List<string> - A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
- Blocks
Creations bool - Boolean, setting this to
false
allows people, teams, or apps to create new branches matching this rule. Defaults totrue
. - Push
Allowances []string - A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
- blocks
Creations Boolean - Boolean, setting this to
false
allows people, teams, or apps to create new branches matching this rule. Defaults totrue
. - push
Allowances List<String> - A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
- blocks
Creations boolean - Boolean, setting this to
false
allows people, teams, or apps to create new branches matching this rule. Defaults totrue
. - push
Allowances string[] - A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
- blocks_
creations bool - Boolean, setting this to
false
allows people, teams, or apps to create new branches matching this rule. Defaults totrue
. - push_
allowances Sequence[str] - A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
- blocks
Creations Boolean - Boolean, setting this to
false
allows people, teams, or apps to create new branches matching this rule. Defaults totrue
. - push
Allowances List<String> - A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
Import
GitHub Branch Protection can be imported using an ID made up of repository:pattern
, e.g.
$ pulumi import github:index/branchProtection:BranchProtection terraform terraform:main
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- GitHub pulumi/pulumi-github
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
github
Terraform Provider.