Skip to main content

Managing environments for deployment

You can create environments and secure those environments with deployment protection rules. A job that references an environment must follow any protection rules for the environment before running or accessing the environment's secrets.

谁可以使用此功能?

Repository owners

所有现行 GitHub 计划的公共存储库中都提供环境、环境机密和部署保护规则。 旧版计划(如 Bronze、Silver 或 Gold)中不提供这些内容。 要访问专用存储库或内部存储库中的环境、环境机密和部署分支,必须使用 GitHub Pro、GitHub Team 或 GitHub Enterprise 。 如果使用的是 GitHub Free、GitHub Pro 或 GitHub Team 计划,则其他部署保护规则(如等待计时器或需要审阅者)仅在公共存储库中提供。

Prerequisites

注意

Users with GitHub Free plans can only configure environments for public repositories. If you convert a repository from public to private, any configured protection rules or environment secrets will be ignored, and you will not be able to configure any environments. If you convert your repository back to public, you will have access to any previously configured protection rules and environment secrets.

Organizations with GitHub Team and users with GitHub Pro can configure environments for private repositories. For more information, see GitHub 的计划.

Creating an environment

要在个人帐户存储库中配置环境,你必须是存储库所有者。 若要在组织存储库中配置环境,必须具有 admin 访问权限。

注意

  • Creation of an environment in a private repository is available to organizations with GitHub Team and users with GitHub Pro.
  • Some features for environments have no or limited availability for private repositories. If you are unable to access a feature described in the instructions below, please see the documentation linked in the related step for availability information.
  1. 在 GitHub 上,导航到存储库的主页面。

  2. 在存储库名称下,单击 “设置”。 如果看不到“设置”选项卡,请选择“”下拉菜单,然后单击“设置”。

    存储库标头的屏幕截图,其中显示了选项卡。 “设置”选项卡以深橙色边框突出显示。

  3. 在左侧边栏中,单击“环境”。

  4. 单击“新建环境”。

  5. 为环境输入一个名称, 然后单击“配置环境”。 环境名称不区分大小写。 环境名称不能超过 255 个字符,且必须在仓库中唯一。

  6. Optionally, specify people or teams that must approve workflow jobs that use this environment. For more information, see Deployments and environments.

    1. Select Required reviewers.
    2. Enter up to 6 people or teams. Only one of the required reviewers needs to approve the job for it to proceed.
    3. Optionally, to prevent users from approving workflows runs that they triggered, select Prevent self-review.
    4. Click Save protection rules.
  7. Optionally, specify the amount of time to wait before allowing workflow jobs that use this environment to proceed. For more information, see Deployments and environments.

    1. Select Wait timer.
    2. Enter the number of minutes to wait.
    3. Click Save protection rules.
  8. Optionally, disallow bypassing configured protection rules. For more information, see Deployments and environments.

    1. Deselect Allow administrators to bypass configured protection rules.
    2. Click Save protection rules.
  9. Optionally, enable any custom deployment protection rules that have been created with GitHub Apps. For more information, see Deployments and environments.

    1. Select the custom protection rule you want to enable.
    2. Click Save protection rules.
  10. Optionally, specify what branches and tags can deploy to this environment. For more information, see Deployments and environments.

    1. Select the desired option in the Deployment branches dropdown.

    2. If you chose Selected branches and tags, to add a new rule, click Add deployment branch or tag rule

    3. In the "Ref type" dropdown menu, depending on what rule you want to apply, click Branch or Tag.

    4. Enter the name pattern for the branch or tag that you want to allow.

      注意

      必须单独为分支或标记配置名称模式。

    5. Click Add rule.

  11. Optionally, add environment secrets. These secrets are only available to workflow jobs that use the environment. Additionally, workflow jobs that use this environment can only access these secrets after any configured rules (for example, required reviewers) pass. For more information, see Deployments and environments.

    1. Under Environment secrets, click Add Secret.
    2. Enter the secret name.
    3. Enter the secret value.
    4. Click Add secret.
  12. Optionally, add environment variables. These variables are only available to workflow jobs that use the environment, and are only accessible using the vars context. For more information, see Deployments and environments.

    1. Under Environment variables, click Add Variable.
    2. Enter the variable name.
    3. Enter the variable value.
    4. Click Add variable.

You can also create and configure environments through the REST API. For more information, see 适用于部署环境的 REST API 终结点, GitHub Actions 机密的 REST API 终结点, GitHub Actions 变量的 REST API 终结点, and 适用于部署分支策略的 REST API 终结点.

Running a workflow that references an environment that does not exist will create an environment with the referenced name. If the environment is created from running implicit page builds (for example, from a branch or folder source), the source branch will be added as a protection rule to the environment. Otherwise, the newly created environment will not have any protection rules or secrets configured. Anyone that can edit workflows in the repository can create environments via a workflow file, but only repository admins can configure the environment.

Deleting an environment

要在个人帐户存储库中配置环境,你必须是存储库所有者。 若要在组织存储库中配置环境,必须具有 admin 访问权限。

Deleting an environment will delete all secrets and protection rules associated with the environment. Any jobs currently waiting because of protection rules from the deleted environment will automatically fail.

  1. 在 GitHub 上,导航到存储库的主页面。

  2. 在存储库名称下,单击 “设置”。 如果看不到“设置”选项卡,请选择“”下拉菜单,然后单击“设置”。

    存储库标头的屏幕截图,其中显示了选项卡。 “设置”选项卡以深橙色边框突出显示。

  3. 在左侧边栏中,单击“环境”。

  4. Next to the environment that you want to delete, click .

  5. Click I understand, delete this environment.

You can also delete environments through the REST API. For more information, see 存储库的 REST API 终结点.

How environments relate to deployments

当引用环境的工作流作业运行时,它将创建一个部署对象并将 environment 属性设置为环境名称。 随着工作流的进行,它还将创建部署状态对象,并将 environment 属性设置为环境名称,将 environment_url 属性设置为环境的 URL(如果在工作流中指定),以及将 state 属性设置为作业的状态。

You can access these objects through the REST API or GraphQL API. You can also subscribe to these webhook events. For more information, see 存储库的 REST API 终结点, 对象 (GraphQL API), or Webhook 事件和有效负载.

Next steps

GitHub Actions provides several features for managing your deployments. For more information, see Deploying with GitHub Actions.