| title | shortTitle | intro | product | versions | topics | redirect_from | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Configuring custom deployment protection rules |
Configure custom protection rules |
Use {% data variables.product.prodname_github_apps %} to automate protecting deployments with third-party systems. |
{% data reusables.actions.custom-deployment-protection-rules-availability %} |
|
|
|
{% data reusables.actions.custom-deployment-protection-rules-beta-note %}
Custom deployment protection rules are powered by {% data variables.product.prodname_github_apps %}. Once a deployment protection rule is configured and installed in a repository, it can be enabled for any environments in the repository.
After you enable a custom deployment protection rule on an environment, every time a workflow step targets that environment, the deployment protection rule will run automatically. For more information about targeting an environment for deployments, see AUTOTITLE.
When a custom deployment protection rule is triggered it will wait for up to 30 days for a webhook event response before it times out and the workflow job fails.
For more information about creating your own custom deployment protection rules, see AUTOTITLE.
{% data reusables.actions.custom-deployment-protection-rules-limits %}
You can choose to create your own custom deployment protection rules or you may use any existing custom deployment protection rules.
The following is a list of official partner implementations for deployment protection rules.
- Datadog: you can enforce protection rules on your {% data variables.product.prodname_actions %} deployment workflows using Datadog monitors. For more information, see Gating your {% data variables.product.prodname_actions %} Deployments with Datadog Monitors in the Datadog documentation.
- Honeycomb: you can define thresholds to reject or approve deployments based on data you are sending to Honeycomb. For more information, see the Honeycomb app in the {% data variables.product.prodname_marketplace %}.
- New Relic: for more information, see the New Relic app in the {% data variables.product.prodname_marketplace %}.
- NCM NodeSource: for more information, see the NCM NodeSource app in the {% data variables.product.prodname_marketplace %}.
- Sentry: for more information, see the Sentry Deployment Gate app in the {% data variables.product.prodname_marketplace %}.
- ServiceNow: for more information, see GitHub integration with DevOps Change Velocity in the ServiceNow documentation.
In order for a custom deployment protection rule to be available to all environments in a repository, you must first install the custom deployment protection rule on the repository. For more information, see AUTOTITLE.
After a custom deployment protection rule has been installed in a repository, it must be enabled for each environment where you want the rule to apply.
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.actions.sidebar-environment %}
- Select the environment you want to configure.
- Under "Deployment protection rules," check the box next to each custom deployment protection rule you want to enable for the environment.
- Click Save protection rules.
Once a custom deployment protection rule has been enabled for an environment, it will automatically run whenever a workflow reaches a job that references the environment. You can see the results of an approval or rejection for your deployment by reviewing the details of the deployment. For more information, see AUTOTITLE.