Announcing GitHub Actions Deployment Protection Rules, now in public beta

Create and share your own deployment protection rules, or use the rules from our great partners, like Datadog, Honeycomb, New Relic, NodeSource, Sentry, and ServiceNow, to control your deployments with more confidence. And the API is open for the community to build their own rules to make GitHub Enterprise Cloud even better.

|
| 6 minutes

Powered by GitHub Apps, Deployment Protection Rules bring additional control to your GitHub Actions CI/CD workflows. Deployment Protection Rules allow you, your team, and your organization to employ the management mechanisms that meet your needs and standards, to ensure you’re delivering high quality, secure applications to your customers.

By configuring Deployment Protection Rules, developers can set up rigorous control mechanisms that help ensure that only high-quality, thoroughly tested code reaches production. For example, developers can enforce quality gates on every deployment environment, preventing certain deployments that do not meet specific criteria from reaching production.

By setting up Deployment Protection Rules and integrating them into their release processes, teams can break down silos and create tighter collaboration between development, operations, and other groups, which can lead to faster, more reliable releases. This can also lead to a better overall development lifecycle, with fewer bugs, better testing, and more reliable code.

Getting started

Previously, developers could only use the built-in environment protection rules to require a manual approval, delay a job, or restrict the environment to certain branches. However, there is no support for developers to create and implement custom protection rules that can be configured within their deployment workflows to safely promote deployments to (production) environments.

Now, starting with this public beta, GitHub Enterprise Cloud (GHEC) users have an extensible way to create their own rules to control deployment workflows and, if desired, share them by publishing as an app to the GitHub Marketplace. You can discover suitable community and partner-published Deployment Protection Rules (a GitHub App) from the marketplace and install them across your repositories. These Deployment Protection Rules can be enabled in your production and other critical environments to complement any existing manual approvals and other inbuilt protection rules you may have.

Partner implementations

A key feature of Deployment Protection Rules is how they provide a bridge between your CI/CD workflows and external systems that can range from monitoring and observability tools to security scanning to environment management tools.

We’re excited to announce that in addition to Deployment Protection Rules being available in public beta for GHEC, the following partners are providing their own Deployment Protection Rules that work with their tools and services.

Datadog

Datadog is a SaaS observability and security platform for modern cloud applications, bringing metrics, traces, logs, security signals, and more into a unified platform so you can collaborate more effectively and efficiently at any stage of the software development lifecycle. Through Datadog Monitors, you can actively check application performance, infrastructure health, and more prior to deploying your applications, ensuring high-quality deployments across environments.

Get started with Datadog’s Deployment Protection Rule for GitHub Actions here.

Honeycomb

Honeycomb helps you identify and solve the most perplexing performance issues in your code. Honeycomb can analyze billions of real user requests across multiple services, comparing thousands of granular fields, to surface deeply-hidden application performance issues and their causal attributes, within seconds. Our new Deployment Protection Rule for GitHub Actions allows you to prevent deployments based on the results of Honeycomb queries.

Learn more about Honeycomb’s Deployment Protection Rule for GitHub Actions here.

New Relic

New Relic delivers all-in-one observability, so engineers are empowered to monitor, debug, and improve their entire tech stack. With the New Relic Gate App for Deployment Protection Rules, you can now use New Relic’s anomaly detection to automatically intercept and validate deployments requests, set up control mechanisms, and ensure only high-quality code reaches production. This lets you prevent issues earlier in the release cycle so you can build better software and spend less time troubleshooting.

Get started with New Relic’s Deployment Protection Rule here.

NodeSource

NodeSource provides enterprise-grade solutions and support for building, managing, and securing Node.js apps with its industry-leading platform, N|Solid. The NodeSource App for Deployment Protection Rules allows easy integration of NCM (NodeSource Certified Modules) for vulnerability scanning and real-time reports in pull requests, giving developers and organizations critical security insights throughout the development lifecycle and into production.

Get started with NodeSource’s Deployment Protection Rule for GitHub Actions here.

Sentry

Sentry helps every developer fix errors and optimize the performance of their code. With Sentry, developers around the world save time, energy, and probably a few therapy sessions. With the Sentry GitHub Deployment Protection Rule integration, users can now leverage Sentry’s monitoring insights in their deployment pipelines to help ensure their releases are bug-free while they are being rolled out.

Read how to get started and all the requirements on their blog here.

ServiceNow

If you are a large or a regulated organization, you’re probably already using ServiceNow to provide highly sophisticated protections to release activities. Cutting-edge change management can be coupled with advanced automation to allow high levels of governance with minimal impact to DevOps application release timelines. ServiceNow ITSM Pro DevOps integrates with GitHub Actions and the new Deployment Protection Rules to connect your GitHub pipeline to the services you already maintain in ServiceNow. ServiceNow can provide the protection rules for your pipelines and automate change request approvals by making use of the full breadth of information available from this entire connected value stream.

Find out more about ServiceNow’s Deployment Protection Rule for GitHub Actions here.

We’re excited to have all these great partners and hope more will join us as we work together to release this feature later this year.

Building your own

We’re so happy that our partners are providing rich integration between GitHub Actions and their products. But we also know you’ll want to build your own. It’s easy to get started! Check out our documentation on creating custom deployment protection rules. And we have a sample coming soon which has code to get you started.

Writing Datadog's integration for GitHub's Deployment Protection Rules was incredibly fun. Setting up a working testing environment takes a few minutes at most, and development cycles are fast with GitHub's ability to resend an App's API calls with the press of a button. The API is well structured, easy to understand, and information rich at the same time, which is an incredibly difficult feat. I've been writing third-party integrations for Datadog for years now, and my experience with GitHub was top tier; at no point was I ever blocked because of an issue on GitHub's end, and I managed to deliver my integration way ahead of schedule.

- Bo Huang, Software Engineer II at Datadog

Get started today

Are you tired of worrying about code quality and reliability in your release process? With GitHub Actions and Deployment Protection Rules, you don’t have to be! You can set up rigorous, streamlined release processes that ensure only the highest-quality code makes it into production. Try it today and see the difference it makes in your development cycle!

Related posts