Skip to content

GitHub Actions: Limit which branches can deploy to an environment

You can now limit which branches can deploy to an environment using Environment protection rules.

When a job tries to deploy to an environment with Deployment branches configured Actions will check the value of github.ref against the configuration and if it does not match the job will fail and the run will stop.

The Deployment branches rule can be configured to allow:

  1. All branches – Any branch in the repository can deploy

  2. Protected branches – Only branches with protection rules

  3. Selected branches – Branches matching a set of name patterns

    Configure Deployment branches

Learn more about Environment protection rules

For questions, visit the GitHub Actions community

To see what's next for Actions, visit our public roadmap

GitHub Enterprise Server 3.0 is now generally available.

Launched earlier this year as a release candidate, Enterprise Server 3.0 enables companies hosting GitHub themselves to securely take ideas from code to production without leaving the platform. It contains the biggest ever change to the functionality in GitHub Enterprise Server, including GitHub Actions, Packages, Advanced Security and support for the GitHub iOS and Android mobile apps. Learn more about all of the features included in the 3.0 release announcement on the GitHub Blog.

Over two release candidates, we have listened to and incorporated your feedback to improve GitHub Enterprise Server 3.0. Based on your feedback, we have addressed friction in user journeys and improved the stability, reliability, and scalability of the product. Additionally we have updated our documentation, so it’s easier for you to get started with Enterprise Server 3.0 and start using the newest features.

Learn more in the release notes and download to get started now.

See more

Improved code scanning API

The code scanning API allows users to upload data about static analysis security testing results, or export data about alerts. We are releasing updates to the API including:

  • When uploading a SARIF file, the API returns additional status information, including a pointer to the analyses endpoint for that result.
  • When exporting alerts, the API now includes additional metadata to assist in offline analysis including alert's location in the code, title, description, and full help text.
  • The alerts API also supports optionally exporting alerts in the SARIF format to improve interoperability with SARIF enabled workflows.
  • A new instances API which provides information about the instances of an alert across many branches in the GET /code-scanning/alerts/:id/instances API.
  • You can now delete the most_recent analysis using DELETE /code-scanning/analyses/:id. This will also remove any net new alerts which were introduced by that analysis.
  • The tool_name property of GET /code-scanning/analyses has been deprecated. Please use the tools object and its respective properties going forward.
  • The instances property of GET /code-scanning/alerts/:id has been deprecated. Please use the new resource GET /code-scanning/alerts/:id/instances going forward.

For more information, see the code scanning API reference

See more