github.BranchProtectionV3
Explore with Pulumi AI
Protects a GitHub branch.
The github.BranchProtection
resource has moved to the GraphQL API, while this resource will continue to leverage the REST API.
This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
const example = new github.BranchProtectionV3("example", {
repository: exampleGithubRepository.name,
branch: "main",
restrictions: {
users: ["foo-user"],
},
});
import pulumi
import pulumi_github as github
# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
example = github.BranchProtectionV3("example",
repository=example_github_repository["name"],
branch="main",
restrictions={
"users": ["foo-user"],
})
package main
import (
"github.com/pulumi/pulumi-github/sdk/v6/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
_, err := github.NewBranchProtectionV3(ctx, "example", &github.BranchProtectionV3Args{
Repository: pulumi.Any(exampleGithubRepository.Name),
Branch: pulumi.String("main"),
Restrictions: &github.BranchProtectionV3RestrictionsArgs{
Users: pulumi.StringArray{
pulumi.String("foo-user"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Github = Pulumi.Github;
return await Deployment.RunAsync(() =>
{
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
var example = new Github.BranchProtectionV3("example", new()
{
Repository = exampleGithubRepository.Name,
Branch = "main",
Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
{
Users = new[]
{
"foo-user",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.BranchProtectionV3;
import com.pulumi.github.BranchProtectionV3Args;
import com.pulumi.github.inputs.BranchProtectionV3RestrictionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
var example = new BranchProtectionV3("example", BranchProtectionV3Args.builder()
.repository(exampleGithubRepository.name())
.branch("main")
.restrictions(BranchProtectionV3RestrictionsArgs.builder()
.users("foo-user")
.build())
.build());
}
}
resources:
# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
example:
type: github:BranchProtectionV3
properties:
repository: ${exampleGithubRepository.name}
branch: main
restrictions:
users:
- foo-user
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.Repository;
import com.pulumi.github.RepositoryArgs;
import com.pulumi.github.Team;
import com.pulumi.github.TeamArgs;
import com.pulumi.github.BranchProtectionV3;
import com.pulumi.github.BranchProtectionV3Args;
import com.pulumi.github.inputs.BranchProtectionV3RequiredStatusChecksArgs;
import com.pulumi.github.inputs.BranchProtectionV3RequiredPullRequestReviewsArgs;
import com.pulumi.github.inputs.BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs;
import com.pulumi.github.inputs.BranchProtectionV3RestrictionsArgs;
import com.pulumi.github.TeamRepository;
import com.pulumi.github.TeamRepositoryArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleRepository = new Repository("exampleRepository", RepositoryArgs.builder()
.name("example")
.build());
var exampleTeam = new Team("exampleTeam", TeamArgs.builder()
.name("Example Name")
.build());
// Protect the main branch of the foo repository. Additionally, require that
// the "ci/check" check ran by the Github Actions app is passing and only allow
// the engineers team merge to the branch.
var example = new BranchProtectionV3("example", BranchProtectionV3Args.builder()
.repository(exampleRepository.name())
.branch("main")
.enforceAdmins(true)
.requiredStatusChecks(BranchProtectionV3RequiredStatusChecksArgs.builder()
.strict(false)
.checks("ci/check:824642007264")
.build())
.requiredPullRequestReviews(BranchProtectionV3RequiredPullRequestReviewsArgs.builder()
.dismissStaleReviews(true)
.dismissalUsers("foo-user")
.dismissalTeams(exampleTeam.slug())
.dismissalApp("foo-app")
.bypassPullRequestAllowances(BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs.builder()
.users("foo-user")
.teams(exampleTeam.slug())
.apps("foo-app")
.build())
.build())
.restrictions(BranchProtectionV3RestrictionsArgs.builder()
.users("foo-user")
.teams(exampleTeam.slug())
.apps("foo-app")
.build())
.build());
var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()
.teamId(exampleTeam.id())
.repository(exampleRepository.name())
.permission("pull")
.build());
}
}
resources:
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/check" check ran by the Github Actions app is passing and only allow
# the engineers team merge to the branch.
example:
type: github:BranchProtectionV3
properties:
repository: ${exampleRepository.name}
branch: main
enforceAdmins: true
requiredStatusChecks:
strict: false
checks:
- ci/check:824642007264
requiredPullRequestReviews:
dismissStaleReviews: true
dismissalUsers:
- foo-user
dismissalTeams:
- ${exampleTeam.slug}
dismissalApp:
- foo-app
bypassPullRequestAllowances:
users:
- foo-user
teams:
- ${exampleTeam.slug}
apps:
- foo-app
restrictions:
users:
- foo-user
teams:
- ${exampleTeam.slug}
apps:
- foo-app
exampleRepository:
type: github:Repository
name: example
properties:
name: example
exampleTeam:
type: github:Team
name: example
properties:
name: Example Name
exampleTeamRepository:
type: github:TeamRepository
name: example
properties:
teamId: ${exampleTeam.id}
repository: ${exampleRepository.name}
permission: pull
Create BranchProtectionV3 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new BranchProtectionV3(name: string, args: BranchProtectionV3Args, opts?: CustomResourceOptions);
@overload
def BranchProtectionV3(resource_name: str,
args: BranchProtectionV3Args,
opts: Optional[ResourceOptions] = None)
@overload
def BranchProtectionV3(resource_name: str,
opts: Optional[ResourceOptions] = None,
branch: Optional[str] = None,
repository: Optional[str] = None,
enforce_admins: Optional[bool] = None,
require_conversation_resolution: Optional[bool] = None,
require_signed_commits: Optional[bool] = None,
required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None)
func NewBranchProtectionV3(ctx *Context, name string, args BranchProtectionV3Args, opts ...ResourceOption) (*BranchProtectionV3, error)
public BranchProtectionV3(string name, BranchProtectionV3Args args, CustomResourceOptions? opts = null)
public BranchProtectionV3(String name, BranchProtectionV3Args args)
public BranchProtectionV3(String name, BranchProtectionV3Args args, CustomResourceOptions options)
type: github:BranchProtectionV3
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args BranchProtectionV3Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var branchProtectionV3Resource = new Github.BranchProtectionV3("branchProtectionV3Resource", new()
{
Branch = "string",
Repository = "string",
EnforceAdmins = false,
RequireConversationResolution = false,
RequireSignedCommits = false,
RequiredPullRequestReviews = new Github.Inputs.BranchProtectionV3RequiredPullRequestReviewsArgs
{
BypassPullRequestAllowances = new Github.Inputs.BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs
{
Apps = new[]
{
"string",
},
Teams = new[]
{
"string",
},
Users = new[]
{
"string",
},
},
DismissStaleReviews = false,
DismissalApps = new[]
{
"string",
},
DismissalTeams = new[]
{
"string",
},
DismissalUsers = new[]
{
"string",
},
RequireCodeOwnerReviews = false,
RequireLastPushApproval = false,
RequiredApprovingReviewCount = 0,
},
RequiredStatusChecks = new Github.Inputs.BranchProtectionV3RequiredStatusChecksArgs
{
Checks = new[]
{
"string",
},
Strict = false,
},
Restrictions = new Github.Inputs.BranchProtectionV3RestrictionsArgs
{
Apps = new[]
{
"string",
},
Teams = new[]
{
"string",
},
Users = new[]
{
"string",
},
},
});
example, err := github.NewBranchProtectionV3(ctx, "branchProtectionV3Resource", &github.BranchProtectionV3Args{
Branch: pulumi.String("string"),
Repository: pulumi.String("string"),
EnforceAdmins: pulumi.Bool(false),
RequireConversationResolution: pulumi.Bool(false),
RequireSignedCommits: pulumi.Bool(false),
RequiredPullRequestReviews: &github.BranchProtectionV3RequiredPullRequestReviewsArgs{
BypassPullRequestAllowances: &github.BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs{
Apps: pulumi.StringArray{
pulumi.String("string"),
},
Teams: pulumi.StringArray{
pulumi.String("string"),
},
Users: pulumi.StringArray{
pulumi.String("string"),
},
},
DismissStaleReviews: pulumi.Bool(false),
DismissalApps: pulumi.StringArray{
pulumi.String("string"),
},
DismissalTeams: pulumi.StringArray{
pulumi.String("string"),
},
DismissalUsers: pulumi.StringArray{
pulumi.String("string"),
},
RequireCodeOwnerReviews: pulumi.Bool(false),
RequireLastPushApproval: pulumi.Bool(false),
RequiredApprovingReviewCount: pulumi.Int(0),
},
RequiredStatusChecks: &github.BranchProtectionV3RequiredStatusChecksArgs{
Checks: pulumi.StringArray{
pulumi.String("string"),
},
Strict: pulumi.Bool(false),
},
Restrictions: &github.BranchProtectionV3RestrictionsArgs{
Apps: pulumi.StringArray{
pulumi.String("string"),
},
Teams: pulumi.StringArray{
pulumi.String("string"),
},
Users: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var branchProtectionV3Resource = new BranchProtectionV3("branchProtectionV3Resource", BranchProtectionV3Args.builder()
.branch("string")
.repository("string")
.enforceAdmins(false)
.requireConversationResolution(false)
.requireSignedCommits(false)
.requiredPullRequestReviews(BranchProtectionV3RequiredPullRequestReviewsArgs.builder()
.bypassPullRequestAllowances(BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs.builder()
.apps("string")
.teams("string")
.users("string")
.build())
.dismissStaleReviews(false)
.dismissalApps("string")
.dismissalTeams("string")
.dismissalUsers("string")
.requireCodeOwnerReviews(false)
.requireLastPushApproval(false)
.requiredApprovingReviewCount(0)
.build())
.requiredStatusChecks(BranchProtectionV3RequiredStatusChecksArgs.builder()
.checks("string")
.strict(false)
.build())
.restrictions(BranchProtectionV3RestrictionsArgs.builder()
.apps("string")
.teams("string")
.users("string")
.build())
.build());
branch_protection_v3_resource = github.BranchProtectionV3("branchProtectionV3Resource",
branch="string",
repository="string",
enforce_admins=False,
require_conversation_resolution=False,
require_signed_commits=False,
required_pull_request_reviews={
"bypass_pull_request_allowances": {
"apps": ["string"],
"teams": ["string"],
"users": ["string"],
},
"dismiss_stale_reviews": False,
"dismissal_apps": ["string"],
"dismissal_teams": ["string"],
"dismissal_users": ["string"],
"require_code_owner_reviews": False,
"require_last_push_approval": False,
"required_approving_review_count": 0,
},
required_status_checks={
"checks": ["string"],
"strict": False,
},
restrictions={
"apps": ["string"],
"teams": ["string"],
"users": ["string"],
})
const branchProtectionV3Resource = new github.BranchProtectionV3("branchProtectionV3Resource", {
branch: "string",
repository: "string",
enforceAdmins: false,
requireConversationResolution: false,
requireSignedCommits: false,
requiredPullRequestReviews: {
bypassPullRequestAllowances: {
apps: ["string"],
teams: ["string"],
users: ["string"],
},
dismissStaleReviews: false,
dismissalApps: ["string"],
dismissalTeams: ["string"],
dismissalUsers: ["string"],
requireCodeOwnerReviews: false,
requireLastPushApproval: false,
requiredApprovingReviewCount: 0,
},
requiredStatusChecks: {
checks: ["string"],
strict: false,
},
restrictions: {
apps: ["string"],
teams: ["string"],
users: ["string"],
},
});
type: github:BranchProtectionV3
properties:
branch: string
enforceAdmins: false
repository: string
requireConversationResolution: false
requireSignedCommits: false
requiredPullRequestReviews:
bypassPullRequestAllowances:
apps:
- string
teams:
- string
users:
- string
dismissStaleReviews: false
dismissalApps:
- string
dismissalTeams:
- string
dismissalUsers:
- string
requireCodeOwnerReviews: false
requireLastPushApproval: false
requiredApprovingReviewCount: 0
requiredStatusChecks:
checks:
- string
strict: false
restrictions:
apps:
- string
teams:
- string
users:
- string
BranchProtectionV3 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The BranchProtectionV3 resource accepts the following input properties:
- Branch string
- The Git branch to protect.
- Repository string
- The GitHub repository name.
- Enforce
Admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - Require
Conversation boolResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - Require
Signed boolCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - Required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status BranchChecks Protection V3Required Status Checks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrictions
Branch
Protection V3Restrictions - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- Branch string
- The Git branch to protect.
- Repository string
- The GitHub repository name.
- Enforce
Admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - Require
Conversation boolResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - Require
Signed boolCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - Required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status BranchChecks Protection V3Required Status Checks Args - Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrictions
Branch
Protection V3Restrictions Args - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch String
- The Git branch to protect.
- repository String
- The GitHub repository name.
- enforce
Admins Boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - require
Conversation BooleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed BooleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection V3Required Status Checks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch string
- The Git branch to protect.
- repository string
- The GitHub repository name.
- enforce
Admins boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - require
Conversation booleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed booleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection V3Required Status Checks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch str
- The Git branch to protect.
- repository str
- The GitHub repository name.
- enforce_
admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - require_
conversation_ boolresolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require_
signed_ boolcommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required_
pull_ Branchrequest_ reviews Protection V3Required Pull Request Reviews Args - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required_
status_ Branchchecks Protection V3Required Status Checks Args - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions Args - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch String
- The Git branch to protect.
- repository String
- The GitHub repository name.
- enforce
Admins Boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - require
Conversation BooleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed BooleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Pull Property MapRequest Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status Property MapChecks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions Property Map
- Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
Outputs
All input properties are implicitly available as output properties. Additionally, the BranchProtectionV3 resource produces the following output properties:
Look up Existing BranchProtectionV3 Resource
Get an existing BranchProtectionV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: BranchProtectionV3State, opts?: CustomResourceOptions): BranchProtectionV3
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
branch: Optional[str] = None,
enforce_admins: Optional[bool] = None,
etag: Optional[str] = None,
repository: Optional[str] = None,
require_conversation_resolution: Optional[bool] = None,
require_signed_commits: Optional[bool] = None,
required_pull_request_reviews: Optional[BranchProtectionV3RequiredPullRequestReviewsArgs] = None,
required_status_checks: Optional[BranchProtectionV3RequiredStatusChecksArgs] = None,
restrictions: Optional[BranchProtectionV3RestrictionsArgs] = None) -> BranchProtectionV3
func GetBranchProtectionV3(ctx *Context, name string, id IDInput, state *BranchProtectionV3State, opts ...ResourceOption) (*BranchProtectionV3, error)
public static BranchProtectionV3 Get(string name, Input<string> id, BranchProtectionV3State? state, CustomResourceOptions? opts = null)
public static BranchProtectionV3 get(String name, Output<String> id, BranchProtectionV3State state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Branch string
- The Git branch to protect.
- Enforce
Admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - Etag string
- Repository string
- The GitHub repository name.
- Require
Conversation boolResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - Require
Signed boolCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - Required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status BranchChecks Protection V3Required Status Checks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrictions
Branch
Protection V3Restrictions - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- Branch string
- The Git branch to protect.
- Enforce
Admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - Etag string
- Repository string
- The GitHub repository name.
- Require
Conversation boolResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - Require
Signed boolCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - Required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews Args - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- Required
Status BranchChecks Protection V3Required Status Checks Args - Enforce restrictions for required status checks. See Required Status Checks below for details.
- Restrictions
Branch
Protection V3Restrictions Args - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch String
- The Git branch to protect.
- enforce
Admins Boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - etag String
- repository String
- The GitHub repository name.
- require
Conversation BooleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed BooleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection V3Required Status Checks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch string
- The Git branch to protect.
- enforce
Admins boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - etag string
- repository string
- The GitHub repository name.
- require
Conversation booleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed booleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Pull BranchRequest Reviews Protection V3Required Pull Request Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status BranchChecks Protection V3Required Status Checks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch str
- The Git branch to protect.
- enforce_
admins bool - Boolean, setting this to
true
enforces status checks for repository administrators. - etag str
- repository str
- The GitHub repository name.
- require_
conversation_ boolresolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require_
signed_ boolcommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required_
pull_ Branchrequest_ reviews Protection V3Required Pull Request Reviews Args - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required_
status_ Branchchecks Protection V3Required Status Checks Args - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions
Branch
Protection V3Restrictions Args - Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
- branch String
- The Git branch to protect.
- enforce
Admins Boolean - Boolean, setting this to
true
enforces status checks for repository administrators. - etag String
- repository String
- The GitHub repository name.
- require
Conversation BooleanResolution - Boolean, setting this to
true
requires all conversations on code must be resolved before a pull request can be merged. - require
Signed BooleanCommits - Boolean, setting this to
true
requires all commits to be signed with GPG. - required
Pull Property MapRequest Reviews - Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
- required
Status Property MapChecks - Enforce restrictions for required status checks. See Required Status Checks below for details.
- restrictions Property Map
- Enforce restrictions for the users and teams that may push to the branch. See Restrictions below for details.
Supporting Types
BranchProtectionV3RequiredPullRequestReviews, BranchProtectionV3RequiredPullRequestReviewsArgs
- Bypass
Pull BranchRequest Allowances Protection V3Required Pull Request Reviews Bypass Pull Request Allowances - Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
- Dismiss
Stale boolReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - Dismissal
Apps List<string> - The list of app slugs with dismissal access.
- Dismissal
Teams List<string> - The list of team slugs with dismissal access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - Dismissal
Users List<string> - The list of user logins with dismissal access
- Include
Admins bool - Require
Code boolOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - Require
Last boolPush Approval - Require that the most recent push must be approved by someone other than the last pusher. Defaults to
false
- Required
Approving intReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
- Bypass
Pull BranchRequest Allowances Protection V3Required Pull Request Reviews Bypass Pull Request Allowances - Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
- Dismiss
Stale boolReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - Dismissal
Apps []string - The list of app slugs with dismissal access.
- Dismissal
Teams []string - The list of team slugs with dismissal access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - Dismissal
Users []string - The list of user logins with dismissal access
- Include
Admins bool - Require
Code boolOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - Require
Last boolPush Approval - Require that the most recent push must be approved by someone other than the last pusher. Defaults to
false
- Required
Approving intReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
- bypass
Pull BranchRequest Allowances Protection V3Required Pull Request Reviews Bypass Pull Request Allowances - Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
- dismiss
Stale BooleanReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - dismissal
Apps List<String> - The list of app slugs with dismissal access.
- dismissal
Teams List<String> - The list of team slugs with dismissal access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - dismissal
Users List<String> - The list of user logins with dismissal access
- include
Admins Boolean - require
Code BooleanOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - require
Last BooleanPush Approval - Require that the most recent push must be approved by someone other than the last pusher. Defaults to
false
- required
Approving IntegerReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
- bypass
Pull BranchRequest Allowances Protection V3Required Pull Request Reviews Bypass Pull Request Allowances - Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
- dismiss
Stale booleanReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - dismissal
Apps string[] - The list of app slugs with dismissal access.
- dismissal
Teams string[] - The list of team slugs with dismissal access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - dismissal
Users string[] - The list of user logins with dismissal access
- include
Admins boolean - require
Code booleanOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - require
Last booleanPush Approval - Require that the most recent push must be approved by someone other than the last pusher. Defaults to
false
- required
Approving numberReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
- bypass_
pull_ Branchrequest_ allowances Protection V3Required Pull Request Reviews Bypass Pull Request Allowances - Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
- dismiss_
stale_ boolreviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - dismissal_
apps Sequence[str] - The list of app slugs with dismissal access.
- dismissal_
teams Sequence[str] - The list of team slugs with dismissal access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - dismissal_
users Sequence[str] - The list of user logins with dismissal access
- include_
admins bool - require_
code_ boolowner_ reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - require_
last_ boolpush_ approval - Require that the most recent push must be approved by someone other than the last pusher. Defaults to
false
- required_
approving_ intreview_ count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
- bypass
Pull Property MapRequest Allowances - Allow specific users, teams, or apps to bypass pull request requirements. See Bypass Pull Request Allowances below for details.
- dismiss
Stale BooleanReviews - Dismiss approved reviews automatically when a new commit is pushed. Defaults to
false
. - dismissal
Apps List<String> - The list of app slugs with dismissal access.
- dismissal
Teams List<String> - The list of team slugs with dismissal access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - dismissal
Users List<String> - The list of user logins with dismissal access
- include
Admins Boolean - require
Code BooleanOwner Reviews - Require an approved review in pull requests including files with a designated code owner. Defaults to
false
. - require
Last BooleanPush Approval - Require that the most recent push must be approved by someone other than the last pusher. Defaults to
false
- required
Approving NumberReview Count - Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information.
BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowances, BranchProtectionV3RequiredPullRequestReviewsBypassPullRequestAllowancesArgs
BranchProtectionV3RequiredStatusChecks, BranchProtectionV3RequiredStatusChecksArgs
- Checks List<string>
- The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
- Contexts List<string>
[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- Include
Admins bool - Strict bool
- Require branches to be up to date before merging. Defaults to
false
.
- Checks []string
- The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
- Contexts []string
[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- Include
Admins bool - Strict bool
- Require branches to be up to date before merging. Defaults to
false
.
- checks List<String>
- The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
- contexts List<String>
[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- include
Admins Boolean - strict Boolean
- Require branches to be up to date before merging. Defaults to
false
.
- checks string[]
- The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
- contexts string[]
[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- include
Admins boolean - strict boolean
- Require branches to be up to date before merging. Defaults to
false
.
- checks Sequence[str]
- The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
- contexts Sequence[str]
[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- include_
admins bool - strict bool
- Require branches to be up to date before merging. Defaults to
false
.
- checks List<String>
- The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id".
- contexts List<String>
[DEPRECATED] (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default.
Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern
(<matrix_value>[, <matrix_value>])
. Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is<initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>
. This can extend multiple levels.- include
Admins Boolean - strict Boolean
- Require branches to be up to date before merging. Defaults to
false
.
BranchProtectionV3Restrictions, BranchProtectionV3RestrictionsArgs
- Apps List<string>
The list of app slugs with push access.
restrictions
is only available for organization-owned repositories.- Teams List<string>
- The list of team slugs with push access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - Users List<string>
- The list of user logins with push access.
- Apps []string
The list of app slugs with push access.
restrictions
is only available for organization-owned repositories.- Teams []string
- The list of team slugs with push access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - Users []string
- The list of user logins with push access.
- apps List<String>
The list of app slugs with push access.
restrictions
is only available for organization-owned repositories.- teams List<String>
- The list of team slugs with push access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - users List<String>
- The list of user logins with push access.
- apps string[]
The list of app slugs with push access.
restrictions
is only available for organization-owned repositories.- teams string[]
- The list of team slugs with push access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - users string[]
- The list of user logins with push access.
- apps Sequence[str]
The list of app slugs with push access.
restrictions
is only available for organization-owned repositories.- teams Sequence[str]
- The list of team slugs with push access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - users Sequence[str]
- The list of user logins with push access.
- apps List<String>
The list of app slugs with push access.
restrictions
is only available for organization-owned repositories.- teams List<String>
- The list of team slugs with push access.
Always use
slug
of the team, not its name. Each team already has to have access to the repository. - users List<String>
- The list of user logins with push access.
Import
GitHub Branch Protection can be imported using an ID made up of repository:branch
, e.g.
$ pulumi import github:index/branchProtectionV3:BranchProtectionV3 terraform terraform:main
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- GitHub pulumi/pulumi-github
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
github
Terraform Provider.