GitHub Actions: Create and share your own deployment protection rules for safe and controlled deployments #53324
Replies: 14 comments 7 replies
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as spam.
This comment was marked as spam.
-
Do they require the use of GH Apps to work? Can I run a code quality scan job in parallel and break my build down the line as a result of that parallel job? |
Beta Was this translation helpful? Give feedback.
-
Why is this limited to GitHub Enterprise? |
Beta Was this translation helpful? Give feedback.
-
Improvements in the security of posts! This assistance is greatly appreciated. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
Thanks for the information! |
Beta Was this translation helpful? Give feedback.
-
Hey folks! I need help in completing my Actions. I am building an action to participate in the HackGitHub challenge. Dev+GitHub hackathon. Here is my repository for review to publish on Marketplace Repository |
Beta Was this translation helpful? Give feedback.
-
Hi @tuves , Thank you for rolling this out, custom protection rules is a great step forward. We have a set of secrets that we want to attach to the protected GHA environment. Most of the workflows that need access to those secrets will require manual approval. However, some workflows (CI pipeline, scheduled daily rebuilds etc) will need automatic access. The new custom protection rules could be handy here - but the complexity of the setup currently prevents us from implementing it. To recap, we need a dedicated org-level GitHub App per repo-specific environment and a dedicated server to process the incoming webhook (which we have to build, deploy and maintain)... I tried to attach the webhook to a dedicated workflow that listens to the For us, it would be great to have a separate workflow in the same repository act as the deployment approver, without the need to define separate GitHub App and worry about the outgoing and incoming webhooks. I'm open to discuss that in more details if needed. Thank you, |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Product Feedback
Body
GitHub today announced public beta support for custom deployment protection rules for safely rolling out deployments using GitHub Actions.
Custom deployment protection rules are powered by GitHub Apps and can be enabled on any GitHub org/repo/environment to allow external systems to approve or reject deployments.
Each rule evaluates specific conditions in those external systems to assess the readiness of the environments for automated deployments, making them less risky and more robust.
Starting with this public beta, GitHub Enterprise Cloud (GHEC) users can create their own protection rules to control deployment workflows and, if desired, share them by publishing their apps to the GitHub Marketplace.
You could also install official apps for deployment protection rules from various external partners to define security, compliance and governance related conditions in their services that can be used to control deployments with Actions workflows.
Read more here!
Beta Was this translation helpful? Give feedback.
All reactions