product-example checked
GitHub Actions deployment protection rules
Documents environment deployment protection rules, required reviewers, manual approval before a job proceeds, prevention of self-review, wait timers, branch restrictions, bypass controls, and custom protection rules.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| AI agent acts without approval | Flag this anti-pattern when an AI agent or automation executes a high-impact side effect without showing and requiring approval for the exact action and payload first. | The agent distinguishes read-only steps, draft steps, reversible local changes, and external side-effect steps before execution. | Supports required approval before protected jobs proceed, self-review prevention, wait timers, and bypass controls. |
| Approval workflow | Choose approval workflow when the core job is routing a submitted request through one or more authorized decisions before work can continue. | Submitting creates a durable approval record with requester, target, requested action, version, approver rule, due date, and route state. | GitHub supports required reviewers for deployment jobs, self-review prevention, wait timers, environment restrictions, bypass controls, and custom deployment protection rules. |
| Dangerous-action review | Choose dangerous-action review when the user is about to execute a high-impact action and needs to inspect the exact payload, risk, evidence, and side effects before it leaves the safe preview state. | The review is bound to a specific action ID, payload version, target, actor, permission scope, source context, evidence set, and policy trigger. | Supports protected high-impact execution with required review, self-review prevention, wait timers, branch controls, bypass, and deployment protection. |
| Human approval gate | Choose human approval gate when automation is paused at runtime and cannot execute the next step until an eligible human authorizes it. | The gate belongs to a specific automation run, step ID, payload version, model or workflow version, target object, and approver rule. | Supports manual approval before a run proceeds, required reviewers, self-review prevention, wait timers, bypass controls, and custom protection rules. |
Evidence Role
This source is treated as product-example evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: GitHub Docs. Last checked: .