github_branch_protection_v3

Protects a GitHub branch.

The github_branch_protection resource has moved to the GraphQL API, while this resource will continue to leverage the REST API.

This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured.

Example Usage

# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch.
resource "github_branch_protection_v3" "example" {
  repository     = github_repository.example.name
  branch         = "main"

  restrictions {
    users = ["foo-user"]
  }
}
# Protect the main branch of the foo repository. Additionally, require that
# the "ci/check" check ran by the Github Actions app is passing and only allow
# the engineers team merge to the branch.

resource "github_branch_protection_v3" "example" {
  repository     = github_repository.example.name
  branch         = "main"
  enforce_admins = true

  required_status_checks {
    strict   = false
    checks = [
      "ci/check:824642007264"
    ]
  }

  required_pull_request_reviews {
    dismiss_stale_reviews = true
    dismissal_users       = ["foo-user"]
    dismissal_teams       = [github_team.example.slug]
    dismissal_app         = ["foo-app]

    bypass_pull_request_allowances {
      users = ["foo-user"]
      teams = [github_team.example.slug]
      apps  = ["foo-app"]
    }
  }

  restrictions {
    users = ["foo-user"]
    teams = [github_team.example.slug]
    apps  = ["foo-app"]
  }
}

resource "github_repository" "example" {
  name = "example"
}

resource "github_team" "example" {
  name = "Example Name"
}

resource "github_team_repository" "example" {
  team_id    = github_team.example.id
  repository = github_repository.example.name
  permission = "pull"
}

Argument Reference

The following arguments are supported:

Required Status Checks

required_status_checks supports the following arguments:

Required Pull Request Reviews

required_pull_request_reviews supports the following arguments:

Restrictions

restrictions supports the following arguments:

restrictions is only available for organization-owned repositories.

Bypass Pull Request Allowances

bypass_pull_request_allowances supports the following arguments:

Import

GitHub Branch Protection can be imported using an ID made up of repository:branch, e.g.

$ terraform import github_branch_protection_v3.terraform terraform:main