1. Packages
  2. GitHub
  3. API Docs
  4. BranchProtection
GitHub v6.2.2 published on Tuesday, Jun 18, 2024 by Pulumi

github.BranchProtection

Explore with Pulumi AI

github logo
GitHub v6.2.2 published on Tuesday, Jun 18, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as github from "@pulumi/github";
    
    const exampleRepository = new github.Repository("example", {name: "test"});
    const example = github.getUser({
        username: "example",
    });
    const exampleTeam = new github.Team("example", {name: "Example Name"});
    // Protect the main branch of the foo repository. Additionally, require that
    // the "ci/travis" context to be passing and only allow the engineers team merge
    // to the branch.
    const exampleBranchProtection = new github.BranchProtection("example", {
        repositoryId: exampleRepository.nodeId,
        pattern: "main",
        enforceAdmins: true,
        allowsDeletions: true,
        requiredStatusChecks: [{
            strict: false,
            contexts: ["ci/travis"],
        }],
        requiredPullRequestReviews: [{
            dismissStaleReviews: true,
            restrictDismissals: true,
            dismissalRestrictions: [
                example.then(example => example.nodeId),
                exampleTeam.nodeId,
                "/exampleuser",
                "exampleorganization/exampleteam",
            ],
        }],
        restrictPushes: [{
            pushAllowances: [
                example.then(example => example.nodeId),
                "/exampleuser",
                "exampleorganization/exampleteam",
            ],
        }],
        forcePushBypassers: [
            example.then(example => example.nodeId),
            "/exampleuser",
            "exampleorganization/exampleteam",
        ],
    });
    const exampleTeamRepository = new github.TeamRepository("example", {
        teamId: exampleTeam.id,
        repository: exampleRepository.name,
        permission: "pull",
    });
    
    import pulumi
    import pulumi_github as github
    
    example_repository = github.Repository("example", name="test")
    example = github.get_user(username="example")
    example_team = github.Team("example", name="Example Name")
    # Protect the main branch of the foo repository. Additionally, require that
    # the "ci/travis" context to be passing and only allow the engineers team merge
    # to the branch.
    example_branch_protection = github.BranchProtection("example",
        repository_id=example_repository.node_id,
        pattern="main",
        enforce_admins=True,
        allows_deletions=True,
        required_status_checks=[github.BranchProtectionRequiredStatusCheckArgs(
            strict=False,
            contexts=["ci/travis"],
        )],
        required_pull_request_reviews=[github.BranchProtectionRequiredPullRequestReviewArgs(
            dismiss_stale_reviews=True,
            restrict_dismissals=True,
            dismissal_restrictions=[
                example.node_id,
                example_team.node_id,
                "/exampleuser",
                "exampleorganization/exampleteam",
            ],
        )],
        restrict_pushes=[github.BranchProtectionRestrictPushArgs(
            push_allowances=[
                example.node_id,
                "/exampleuser",
                "exampleorganization/exampleteam",
            ],
        )],
        force_push_bypassers=[
            example.node_id,
            "/exampleuser",
            "exampleorganization/exampleteam",
        ])
    example_team_repository = github.TeamRepository("example",
        team_id=example_team.id,
        repository=example_repository.name,
        permission="pull")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-github/sdk/v6/go/github"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		exampleRepository, err := github.NewRepository(ctx, "example", &github.RepositoryArgs{
    			Name: pulumi.String("test"),
    		})
    		if err != nil {
    			return err
    		}
    		example, err := github.GetUser(ctx, &github.GetUserArgs{
    			Username: "example",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		exampleTeam, err := github.NewTeam(ctx, "example", &github.TeamArgs{
    			Name: pulumi.String("Example Name"),
    		})
    		if err != nil {
    			return err
    		}
    		// Protect the main branch of the foo repository. Additionally, require that
    		// the "ci/travis" context to be passing and only allow the engineers team merge
    		// to the branch.
    		_, err = github.NewBranchProtection(ctx, "example", &github.BranchProtectionArgs{
    			RepositoryId:    exampleRepository.NodeId,
    			Pattern:         pulumi.String("main"),
    			EnforceAdmins:   pulumi.Bool(true),
    			AllowsDeletions: pulumi.Bool(true),
    			RequiredStatusChecks: github.BranchProtectionRequiredStatusCheckArray{
    				&github.BranchProtectionRequiredStatusCheckArgs{
    					Strict: pulumi.Bool(false),
    					Contexts: pulumi.StringArray{
    						pulumi.String("ci/travis"),
    					},
    				},
    			},
    			RequiredPullRequestReviews: github.BranchProtectionRequiredPullRequestReviewArray{
    				&github.BranchProtectionRequiredPullRequestReviewArgs{
    					DismissStaleReviews: pulumi.Bool(true),
    					RestrictDismissals:  pulumi.Bool(true),
    					DismissalRestrictions: pulumi.StringArray{
    						pulumi.String(example.NodeId),
    						exampleTeam.NodeId,
    						pulumi.String("/exampleuser"),
    						pulumi.String("exampleorganization/exampleteam"),
    					},
    				},
    			},
    			RestrictPushes: github.BranchProtectionRestrictPushArray{
    				&github.BranchProtectionRestrictPushArgs{
    					PushAllowances: pulumi.StringArray{
    						pulumi.String(example.NodeId),
    						pulumi.String("/exampleuser"),
    						pulumi.String("exampleorganization/exampleteam"),
    					},
    				},
    			},
    			ForcePushBypassers: pulumi.StringArray{
    				pulumi.String(example.NodeId),
    				pulumi.String("/exampleuser"),
    				pulumi.String("exampleorganization/exampleteam"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = github.NewTeamRepository(ctx, "example", &github.TeamRepositoryArgs{
    			TeamId:     exampleTeam.ID(),
    			Repository: exampleRepository.Name,
    			Permission: pulumi.String("pull"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Github = Pulumi.Github;
    
    return await Deployment.RunAsync(() => 
    {
        var exampleRepository = new Github.Repository("example", new()
        {
            Name = "test",
        });
    
        var example = Github.GetUser.Invoke(new()
        {
            Username = "example",
        });
    
        var exampleTeam = new Github.Team("example", new()
        {
            Name = "Example Name",
        });
    
        // Protect the main branch of the foo repository. Additionally, require that
        // the "ci/travis" context to be passing and only allow the engineers team merge
        // to the branch.
        var exampleBranchProtection = new Github.BranchProtection("example", new()
        {
            RepositoryId = exampleRepository.NodeId,
            Pattern = "main",
            EnforceAdmins = true,
            AllowsDeletions = true,
            RequiredStatusChecks = new[]
            {
                new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
                {
                    Strict = false,
                    Contexts = new[]
                    {
                        "ci/travis",
                    },
                },
            },
            RequiredPullRequestReviews = new[]
            {
                new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
                {
                    DismissStaleReviews = true,
                    RestrictDismissals = true,
                    DismissalRestrictions = new[]
                    {
                        example.Apply(getUserResult => getUserResult.NodeId),
                        exampleTeam.NodeId,
                        "/exampleuser",
                        "exampleorganization/exampleteam",
                    },
                },
            },
            RestrictPushes = new[]
            {
                new Github.Inputs.BranchProtectionRestrictPushArgs
                {
                    PushAllowances = new[]
                    {
                        example.Apply(getUserResult => getUserResult.NodeId),
                        "/exampleuser",
                        "exampleorganization/exampleteam",
                    },
                },
            },
            ForcePushBypassers = new[]
            {
                example.Apply(getUserResult => getUserResult.NodeId),
                "/exampleuser",
                "exampleorganization/exampleteam",
            },
        });
    
        var exampleTeamRepository = new Github.TeamRepository("example", new()
        {
            TeamId = exampleTeam.Id,
            Repository = exampleRepository.Name,
            Permission = "pull",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.github.Repository;
    import com.pulumi.github.RepositoryArgs;
    import com.pulumi.github.GithubFunctions;
    import com.pulumi.github.inputs.GetUserArgs;
    import com.pulumi.github.Team;
    import com.pulumi.github.TeamArgs;
    import com.pulumi.github.BranchProtection;
    import com.pulumi.github.BranchProtectionArgs;
    import com.pulumi.github.inputs.BranchProtectionRequiredStatusCheckArgs;
    import com.pulumi.github.inputs.BranchProtectionRequiredPullRequestReviewArgs;
    import com.pulumi.github.inputs.BranchProtectionRestrictPushArgs;
    import com.pulumi.github.TeamRepository;
    import com.pulumi.github.TeamRepositoryArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleRepository = new Repository("exampleRepository", RepositoryArgs.builder()
                .name("test")
                .build());
    
            final var example = GithubFunctions.getUser(GetUserArgs.builder()
                .username("example")
                .build());
    
            var exampleTeam = new Team("exampleTeam", TeamArgs.builder()
                .name("Example Name")
                .build());
    
            // Protect the main branch of the foo repository. Additionally, require that
            // the "ci/travis" context to be passing and only allow the engineers team merge
            // to the branch.
            var exampleBranchProtection = new BranchProtection("exampleBranchProtection", BranchProtectionArgs.builder()
                .repositoryId(exampleRepository.nodeId())
                .pattern("main")
                .enforceAdmins(true)
                .allowsDeletions(true)
                .requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
                    .strict(false)
                    .contexts("ci/travis")
                    .build())
                .requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
                    .dismissStaleReviews(true)
                    .restrictDismissals(true)
                    .dismissalRestrictions(                
                        example.applyValue(getUserResult -> getUserResult.nodeId()),
                        exampleTeam.nodeId(),
                        "/exampleuser",
                        "exampleorganization/exampleteam")
                    .build())
                .restrictPushes(BranchProtectionRestrictPushArgs.builder()
                    .pushAllowances(                
                        example.applyValue(getUserResult -> getUserResult.nodeId()),
                        "/exampleuser",
                        "exampleorganization/exampleteam")
                    .build())
                .forcePushBypassers(            
                    example.applyValue(getUserResult -> getUserResult.nodeId()),
                    "/exampleuser",
                    "exampleorganization/exampleteam")
                .build());
    
            var exampleTeamRepository = new TeamRepository("exampleTeamRepository", TeamRepositoryArgs.builder()
                .teamId(exampleTeam.id())
                .repository(exampleRepository.name())
                .permission("pull")
                .build());
    
        }
    }
    
    resources:
      # Protect the main branch of the foo repository. Additionally, require that
      # the "ci/travis" context to be passing and only allow the engineers team merge
      # to the branch.
      exampleBranchProtection:
        type: github:BranchProtection
        name: example
        properties:
          repositoryId: ${exampleRepository.nodeId}
          pattern: main
          enforceAdmins: true
          allowsDeletions: true
          requiredStatusChecks:
            - strict: false
              contexts:
                - ci/travis
          requiredPullRequestReviews:
            - dismissStaleReviews: true
              restrictDismissals: true
              dismissalRestrictions:
                - ${example.nodeId}
                - ${exampleTeam.nodeId}
                - /exampleuser
                - exampleorganization/exampleteam
          restrictPushes:
            - pushAllowances:
                - ${example.nodeId}
                - /exampleuser
                - exampleorganization/exampleteam
          forcePushBypassers:
            - ${example.nodeId}
            - /exampleuser
            - exampleorganization/exampleteam
      exampleRepository:
        type: github:Repository
        name: example
        properties:
          name: test
      exampleTeam:
        type: github:Team
        name: example
        properties:
          name: Example Name
      exampleTeamRepository:
        type: github:TeamRepository
        name: example
        properties:
          teamId: ${exampleTeam.id}
          repository: ${exampleRepository.name}
          permission: pull
    variables:
      example:
        fn::invoke:
          Function: github:getUser
          Arguments:
            username: example
    

    Create BranchProtection Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new BranchProtection(name: string, args: BranchProtectionArgs, opts?: CustomResourceOptions);
    @overload
    def BranchProtection(resource_name: str,
                         args: BranchProtectionArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def BranchProtection(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         pattern: Optional[str] = None,
                         repository_id: Optional[str] = None,
                         force_push_bypassers: Optional[Sequence[str]] = None,
                         allows_deletions: Optional[bool] = None,
                         lock_branch: Optional[bool] = None,
                         enforce_admins: Optional[bool] = None,
                         allows_force_pushes: Optional[bool] = None,
                         require_conversation_resolution: Optional[bool] = None,
                         require_signed_commits: Optional[bool] = None,
                         required_linear_history: Optional[bool] = None,
                         required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
                         required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None,
                         restrict_pushes: Optional[Sequence[BranchProtectionRestrictPushArgs]] = None)
    func NewBranchProtection(ctx *Context, name string, args BranchProtectionArgs, opts ...ResourceOption) (*BranchProtection, error)
    public BranchProtection(string name, BranchProtectionArgs args, CustomResourceOptions? opts = null)
    public BranchProtection(String name, BranchProtectionArgs args)
    public BranchProtection(String name, BranchProtectionArgs args, CustomResourceOptions options)
    
    type: github:BranchProtection
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args BranchProtectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args BranchProtectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args BranchProtectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args BranchProtectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args BranchProtectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var branchProtectionResource = new Github.BranchProtection("branchProtectionResource", new()
    {
        Pattern = "string",
        RepositoryId = "string",
        ForcePushBypassers = new[]
        {
            "string",
        },
        AllowsDeletions = false,
        LockBranch = false,
        EnforceAdmins = false,
        AllowsForcePushes = false,
        RequireConversationResolution = false,
        RequireSignedCommits = false,
        RequiredLinearHistory = false,
        RequiredPullRequestReviews = new[]
        {
            new Github.Inputs.BranchProtectionRequiredPullRequestReviewArgs
            {
                DismissStaleReviews = false,
                DismissalRestrictions = new[]
                {
                    "string",
                },
                PullRequestBypassers = new[]
                {
                    "string",
                },
                RequireCodeOwnerReviews = false,
                RequireLastPushApproval = false,
                RequiredApprovingReviewCount = 0,
                RestrictDismissals = false,
            },
        },
        RequiredStatusChecks = new[]
        {
            new Github.Inputs.BranchProtectionRequiredStatusCheckArgs
            {
                Contexts = new[]
                {
                    "string",
                },
                Strict = false,
            },
        },
        RestrictPushes = new[]
        {
            new Github.Inputs.BranchProtectionRestrictPushArgs
            {
                BlocksCreations = false,
                PushAllowances = new[]
                {
                    "string",
                },
            },
        },
    });
    
    example, err := github.NewBranchProtection(ctx, "branchProtectionResource", &github.BranchProtectionArgs{
    	Pattern:      pulumi.String("string"),
    	RepositoryId: pulumi.String("string"),
    	ForcePushBypassers: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AllowsDeletions:               pulumi.Bool(false),
    	LockBranch:                    pulumi.Bool(false),
    	EnforceAdmins:                 pulumi.Bool(false),
    	AllowsForcePushes:             pulumi.Bool(false),
    	RequireConversationResolution: pulumi.Bool(false),
    	RequireSignedCommits:          pulumi.Bool(false),
    	RequiredLinearHistory:         pulumi.Bool(false),
    	RequiredPullRequestReviews: github.BranchProtectionRequiredPullRequestReviewArray{
    		&github.BranchProtectionRequiredPullRequestReviewArgs{
    			DismissStaleReviews: pulumi.Bool(false),
    			DismissalRestrictions: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			PullRequestBypassers: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			RequireCodeOwnerReviews:      pulumi.Bool(false),
    			RequireLastPushApproval:      pulumi.Bool(false),
    			RequiredApprovingReviewCount: pulumi.Int(0),
    			RestrictDismissals:           pulumi.Bool(false),
    		},
    	},
    	RequiredStatusChecks: github.BranchProtectionRequiredStatusCheckArray{
    		&github.BranchProtectionRequiredStatusCheckArgs{
    			Contexts: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Strict: pulumi.Bool(false),
    		},
    	},
    	RestrictPushes: github.BranchProtectionRestrictPushArray{
    		&github.BranchProtectionRestrictPushArgs{
    			BlocksCreations: pulumi.Bool(false),
    			PushAllowances: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    })
    
    var branchProtectionResource = new BranchProtection("branchProtectionResource", BranchProtectionArgs.builder()
        .pattern("string")
        .repositoryId("string")
        .forcePushBypassers("string")
        .allowsDeletions(false)
        .lockBranch(false)
        .enforceAdmins(false)
        .allowsForcePushes(false)
        .requireConversationResolution(false)
        .requireSignedCommits(false)
        .requiredLinearHistory(false)
        .requiredPullRequestReviews(BranchProtectionRequiredPullRequestReviewArgs.builder()
            .dismissStaleReviews(false)
            .dismissalRestrictions("string")
            .pullRequestBypassers("string")
            .requireCodeOwnerReviews(false)
            .requireLastPushApproval(false)
            .requiredApprovingReviewCount(0)
            .restrictDismissals(false)
            .build())
        .requiredStatusChecks(BranchProtectionRequiredStatusCheckArgs.builder()
            .contexts("string")
            .strict(false)
            .build())
        .restrictPushes(BranchProtectionRestrictPushArgs.builder()
            .blocksCreations(false)
            .pushAllowances("string")
            .build())
        .build());
    
    branch_protection_resource = github.BranchProtection("branchProtectionResource",
        pattern="string",
        repository_id="string",
        force_push_bypassers=["string"],
        allows_deletions=False,
        lock_branch=False,
        enforce_admins=False,
        allows_force_pushes=False,
        require_conversation_resolution=False,
        require_signed_commits=False,
        required_linear_history=False,
        required_pull_request_reviews=[github.BranchProtectionRequiredPullRequestReviewArgs(
            dismiss_stale_reviews=False,
            dismissal_restrictions=["string"],
            pull_request_bypassers=["string"],
            require_code_owner_reviews=False,
            require_last_push_approval=False,
            required_approving_review_count=0,
            restrict_dismissals=False,
        )],
        required_status_checks=[github.BranchProtectionRequiredStatusCheckArgs(
            contexts=["string"],
            strict=False,
        )],
        restrict_pushes=[github.BranchProtectionRestrictPushArgs(
            blocks_creations=False,
            push_allowances=["string"],
        )])
    
    const branchProtectionResource = new github.BranchProtection("branchProtectionResource", {
        pattern: "string",
        repositoryId: "string",
        forcePushBypassers: ["string"],
        allowsDeletions: false,
        lockBranch: false,
        enforceAdmins: false,
        allowsForcePushes: false,
        requireConversationResolution: false,
        requireSignedCommits: false,
        requiredLinearHistory: false,
        requiredPullRequestReviews: [{
            dismissStaleReviews: false,
            dismissalRestrictions: ["string"],
            pullRequestBypassers: ["string"],
            requireCodeOwnerReviews: false,
            requireLastPushApproval: false,
            requiredApprovingReviewCount: 0,
            restrictDismissals: false,
        }],
        requiredStatusChecks: [{
            contexts: ["string"],
            strict: false,
        }],
        restrictPushes: [{
            blocksCreations: false,
            pushAllowances: ["string"],
        }],
    });
    
    type: github:BranchProtection
    properties:
        allowsDeletions: false
        allowsForcePushes: false
        enforceAdmins: false
        forcePushBypassers:
            - string
        lockBranch: false
        pattern: string
        repositoryId: string
        requireConversationResolution: false
        requireSignedCommits: false
        requiredLinearHistory: false
        requiredPullRequestReviews:
            - dismissStaleReviews: false
              dismissalRestrictions:
                - string
              pullRequestBypassers:
                - string
              requireCodeOwnerReviews: false
              requireLastPushApproval: false
              requiredApprovingReviewCount: 0
              restrictDismissals: false
        requiredStatusChecks:
            - contexts:
                - string
              strict: false
        restrictPushes:
            - blocksCreations: false
              pushAllowances:
                - string
    

    BranchProtection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The BranchProtection resource accepts the following input properties:

    Pattern string
    Identifies the protection rule pattern.
    RepositoryId string
    The name or node ID of the repository associated with this branch protection rule.
    AllowsDeletions bool
    Boolean, setting this to true to allow the branch to be deleted.
    AllowsForcePushes bool
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    EnforceAdmins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    ForcePushBypassers List<string>
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    LockBranch bool
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    RequireConversationResolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    RequireSignedCommits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    RequiredLinearHistory bool
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    RequiredPullRequestReviews List<BranchProtectionRequiredPullRequestReview>
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    RequiredStatusChecks List<BranchProtectionRequiredStatusCheck>
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    RestrictPushes List<BranchProtectionRestrictPush>
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    Pattern string
    Identifies the protection rule pattern.
    RepositoryId string
    The name or node ID of the repository associated with this branch protection rule.
    AllowsDeletions bool
    Boolean, setting this to true to allow the branch to be deleted.
    AllowsForcePushes bool
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    EnforceAdmins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    ForcePushBypassers []string
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    LockBranch bool
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    RequireConversationResolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    RequireSignedCommits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    RequiredLinearHistory bool
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    RequiredPullRequestReviews []BranchProtectionRequiredPullRequestReviewArgs
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    RequiredStatusChecks []BranchProtectionRequiredStatusCheckArgs
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    RestrictPushes []BranchProtectionRestrictPushArgs
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    pattern String
    Identifies the protection rule pattern.
    repositoryId String
    The name or node ID of the repository associated with this branch protection rule.
    allowsDeletions Boolean
    Boolean, setting this to true to allow the branch to be deleted.
    allowsForcePushes Boolean
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    enforceAdmins Boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    forcePushBypassers List<String>
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    lockBranch Boolean
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    requireConversationResolution Boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits Boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredLinearHistory Boolean
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    requiredPullRequestReviews List<BranchProtectionRequiredPullRequestReview>
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks List<BranchProtectionRequiredStatusCheck>
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictPushes List<BranchProtectionRestrictPush>
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    pattern string
    Identifies the protection rule pattern.
    repositoryId string
    The name or node ID of the repository associated with this branch protection rule.
    allowsDeletions boolean
    Boolean, setting this to true to allow the branch to be deleted.
    allowsForcePushes boolean
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    enforceAdmins boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    forcePushBypassers string[]
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    lockBranch boolean
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    requireConversationResolution boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredLinearHistory boolean
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    requiredPullRequestReviews BranchProtectionRequiredPullRequestReview[]
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks BranchProtectionRequiredStatusCheck[]
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictPushes BranchProtectionRestrictPush[]
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    pattern str
    Identifies the protection rule pattern.
    repository_id str
    The name or node ID of the repository associated with this branch protection rule.
    allows_deletions bool
    Boolean, setting this to true to allow the branch to be deleted.
    allows_force_pushes bool
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    enforce_admins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    force_push_bypassers Sequence[str]
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    lock_branch bool
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    require_conversation_resolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    require_signed_commits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    required_linear_history bool
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    required_pull_request_reviews Sequence[BranchProtectionRequiredPullRequestReviewArgs]
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    required_status_checks Sequence[BranchProtectionRequiredStatusCheckArgs]
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrict_pushes Sequence[BranchProtectionRestrictPushArgs]
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    pattern String
    Identifies the protection rule pattern.
    repositoryId String
    The name or node ID of the repository associated with this branch protection rule.
    allowsDeletions Boolean
    Boolean, setting this to true to allow the branch to be deleted.
    allowsForcePushes Boolean
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    enforceAdmins Boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    forcePushBypassers List<String>
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    lockBranch Boolean
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    requireConversationResolution Boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits Boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredLinearHistory Boolean
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    requiredPullRequestReviews List<Property Map>
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks List<Property Map>
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictPushes List<Property Map>
    Restrict pushes to matching branches. See Restrict Pushes below for details.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the BranchProtection resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing BranchProtection Resource

    Get an existing BranchProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: BranchProtectionState, opts?: CustomResourceOptions): BranchProtection
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            allows_deletions: Optional[bool] = None,
            allows_force_pushes: Optional[bool] = None,
            enforce_admins: Optional[bool] = None,
            force_push_bypassers: Optional[Sequence[str]] = None,
            lock_branch: Optional[bool] = None,
            pattern: Optional[str] = None,
            repository_id: Optional[str] = None,
            require_conversation_resolution: Optional[bool] = None,
            require_signed_commits: Optional[bool] = None,
            required_linear_history: Optional[bool] = None,
            required_pull_request_reviews: Optional[Sequence[BranchProtectionRequiredPullRequestReviewArgs]] = None,
            required_status_checks: Optional[Sequence[BranchProtectionRequiredStatusCheckArgs]] = None,
            restrict_pushes: Optional[Sequence[BranchProtectionRestrictPushArgs]] = None) -> BranchProtection
    func GetBranchProtection(ctx *Context, name string, id IDInput, state *BranchProtectionState, opts ...ResourceOption) (*BranchProtection, error)
    public static BranchProtection Get(string name, Input<string> id, BranchProtectionState? state, CustomResourceOptions? opts = null)
    public static BranchProtection get(String name, Output<String> id, BranchProtectionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllowsDeletions bool
    Boolean, setting this to true to allow the branch to be deleted.
    AllowsForcePushes bool
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    EnforceAdmins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    ForcePushBypassers List<string>
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    LockBranch bool
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    Pattern string
    Identifies the protection rule pattern.
    RepositoryId string
    The name or node ID of the repository associated with this branch protection rule.
    RequireConversationResolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    RequireSignedCommits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    RequiredLinearHistory bool
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    RequiredPullRequestReviews List<BranchProtectionRequiredPullRequestReview>
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    RequiredStatusChecks List<BranchProtectionRequiredStatusCheck>
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    RestrictPushes List<BranchProtectionRestrictPush>
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    AllowsDeletions bool
    Boolean, setting this to true to allow the branch to be deleted.
    AllowsForcePushes bool
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    EnforceAdmins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    ForcePushBypassers []string
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    LockBranch bool
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    Pattern string
    Identifies the protection rule pattern.
    RepositoryId string
    The name or node ID of the repository associated with this branch protection rule.
    RequireConversationResolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    RequireSignedCommits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    RequiredLinearHistory bool
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    RequiredPullRequestReviews []BranchProtectionRequiredPullRequestReviewArgs
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    RequiredStatusChecks []BranchProtectionRequiredStatusCheckArgs
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    RestrictPushes []BranchProtectionRestrictPushArgs
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    allowsDeletions Boolean
    Boolean, setting this to true to allow the branch to be deleted.
    allowsForcePushes Boolean
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    enforceAdmins Boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    forcePushBypassers List<String>
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    lockBranch Boolean
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    pattern String
    Identifies the protection rule pattern.
    repositoryId String
    The name or node ID of the repository associated with this branch protection rule.
    requireConversationResolution Boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits Boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredLinearHistory Boolean
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    requiredPullRequestReviews List<BranchProtectionRequiredPullRequestReview>
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks List<BranchProtectionRequiredStatusCheck>
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictPushes List<BranchProtectionRestrictPush>
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    allowsDeletions boolean
    Boolean, setting this to true to allow the branch to be deleted.
    allowsForcePushes boolean
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    enforceAdmins boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    forcePushBypassers string[]
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    lockBranch boolean
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    pattern string
    Identifies the protection rule pattern.
    repositoryId string
    The name or node ID of the repository associated with this branch protection rule.
    requireConversationResolution boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredLinearHistory boolean
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    requiredPullRequestReviews BranchProtectionRequiredPullRequestReview[]
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks BranchProtectionRequiredStatusCheck[]
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictPushes BranchProtectionRestrictPush[]
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    allows_deletions bool
    Boolean, setting this to true to allow the branch to be deleted.
    allows_force_pushes bool
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    enforce_admins bool
    Boolean, setting this to true enforces status checks for repository administrators.
    force_push_bypassers Sequence[str]
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    lock_branch bool
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    pattern str
    Identifies the protection rule pattern.
    repository_id str
    The name or node ID of the repository associated with this branch protection rule.
    require_conversation_resolution bool
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    require_signed_commits bool
    Boolean, setting this to true requires all commits to be signed with GPG.
    required_linear_history bool
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    required_pull_request_reviews Sequence[BranchProtectionRequiredPullRequestReviewArgs]
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    required_status_checks Sequence[BranchProtectionRequiredStatusCheckArgs]
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrict_pushes Sequence[BranchProtectionRestrictPushArgs]
    Restrict pushes to matching branches. See Restrict Pushes below for details.
    allowsDeletions Boolean
    Boolean, setting this to true to allow the branch to be deleted.
    allowsForcePushes Boolean
    Boolean, setting this to true to allow force pushes on the branch to everyone. Set it to false if you specify force_push_bypassers.
    enforceAdmins Boolean
    Boolean, setting this to true enforces status checks for repository administrators.
    forcePushBypassers List<String>
    The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, allows_force_pushes should be set to false.
    lockBranch Boolean
    Boolean, Setting this to true will make the branch read-only and preventing any pushes to it. Defaults to false
    pattern String
    Identifies the protection rule pattern.
    repositoryId String
    The name or node ID of the repository associated with this branch protection rule.
    requireConversationResolution Boolean
    Boolean, setting this to true requires all conversations on code must be resolved before a pull request can be merged.
    requireSignedCommits Boolean
    Boolean, setting this to true requires all commits to be signed with GPG.
    requiredLinearHistory Boolean
    Boolean, setting this to true enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch
    requiredPullRequestReviews List<Property Map>
    Enforce restrictions for pull request reviews. See Required Pull Request Reviews below for details.
    requiredStatusChecks List<Property Map>
    Enforce restrictions for required status checks. See Required Status Checks below for details.
    restrictPushes List<Property Map>
    Restrict pushes to matching branches. See Restrict Pushes below for details.

    Supporting Types

    BranchProtectionRequiredPullRequestReview, BranchProtectionRequiredPullRequestReviewArgs

    DismissStaleReviews bool
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    DismissalRestrictions List<string>
    The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    PullRequestBypassers List<string>
    The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    RequireCodeOwnerReviews bool
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    RequireLastPushApproval bool
    Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
    RequiredApprovingReviewCount int
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
    RestrictDismissals bool
    Restrict pull request review dismissals.
    DismissStaleReviews bool
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    DismissalRestrictions []string
    The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    PullRequestBypassers []string
    The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    RequireCodeOwnerReviews bool
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    RequireLastPushApproval bool
    Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
    RequiredApprovingReviewCount int
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
    RestrictDismissals bool
    Restrict pull request review dismissals.
    dismissStaleReviews Boolean
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    dismissalRestrictions List<String>
    The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    pullRequestBypassers List<String>
    The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    requireCodeOwnerReviews Boolean
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    requireLastPushApproval Boolean
    Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
    requiredApprovingReviewCount Integer
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
    restrictDismissals Boolean
    Restrict pull request review dismissals.
    dismissStaleReviews boolean
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    dismissalRestrictions string[]
    The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    pullRequestBypassers string[]
    The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    requireCodeOwnerReviews boolean
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    requireLastPushApproval boolean
    Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
    requiredApprovingReviewCount number
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
    restrictDismissals boolean
    Restrict pull request review dismissals.
    dismiss_stale_reviews bool
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    dismissal_restrictions Sequence[str]
    The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    pull_request_bypassers Sequence[str]
    The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    require_code_owner_reviews bool
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    require_last_push_approval bool
    Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
    required_approving_review_count int
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
    restrict_dismissals bool
    Restrict pull request review dismissals.
    dismissStaleReviews Boolean
    Dismiss approved reviews automatically when a new commit is pushed. Defaults to false.
    dismissalRestrictions List<String>
    The list of actor Names/IDs with dismissal access. If not empty, restrict_dismissals is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    pullRequestBypassers List<String>
    The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams.
    requireCodeOwnerReviews Boolean
    Require an approved review in pull requests including files with a designated code owner. Defaults to false.
    requireLastPushApproval Boolean
    Require that The most recent push must be approved by someone other than the last pusher. Defaults to false
    requiredApprovingReviewCount Number
    Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream documentation for more information. (https://developer.github.com/v3/repos/branches/#parameters-1) for more information.
    restrictDismissals Boolean
    Restrict pull request review dismissals.

    BranchProtectionRequiredStatusCheck, BranchProtectionRequiredStatusCheckArgs

    Contexts List<string>

    The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    Strict bool
    Require branches to be up to date before merging. Defaults to false.
    Contexts []string

    The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    Strict bool
    Require branches to be up to date before merging. Defaults to false.
    contexts List<String>

    The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    strict Boolean
    Require branches to be up to date before merging. Defaults to false.
    contexts string[]

    The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    strict boolean
    Require branches to be up to date before merging. Defaults to false.
    contexts Sequence[str]

    The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    strict bool
    Require branches to be up to date before merging. Defaults to false.
    contexts List<String>

    The list of status checks to require in order to merge into this branch. No status checks are required by default.

    Note: This attribute can contain multiple string patterns. If specified, usual value is the job name. Otherwise, the job id is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern (<matrix_value>[, <matrix_value>]). Matrixes should be specified based on the order of matrix properties in the workflow file. See GitHub Documentation for more information. For workflows that use reusable workflows, the pattern is <initial_workflow.jobs.job.[name/id]> / <reused-workflow.jobs.job.[name/id]>. This can extend multiple levels.

    strict Boolean
    Require branches to be up to date before merging. Defaults to false.

    BranchProtectionRestrictPush, BranchProtectionRestrictPushArgs

    BlocksCreations bool
    Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
    PushAllowances List<string>
    A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
    BlocksCreations bool
    Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
    PushAllowances []string
    A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
    blocksCreations Boolean
    Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
    pushAllowances List<String>
    A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
    blocksCreations boolean
    Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
    pushAllowances string[]
    A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
    blocks_creations bool
    Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
    push_allowances Sequence[str]
    A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.
    blocksCreations Boolean
    Boolean, setting this to false allows people, teams, or apps to create new branches matching this rule. Defaults to true.
    pushAllowances List<String>
    A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed.

    Import

    GitHub Branch Protection can be imported using an ID made up of repository:pattern, e.g.

    $ pulumi import github:index/branchProtection:BranchProtection terraform terraform:main
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    GitHub pulumi/pulumi-github
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the github Terraform Provider.
    github logo
    GitHub v6.2.2 published on Tuesday, Jun 18, 2024 by Pulumi