TopicTrick Logo
Topictrick
DevOpsGitHub

GitHub Environments: Approvals, Wait Timers, and Deployment Rules

TT
TopicTrick Team
GitHub Environments: Approvals, Wait Timers, and Deployment Rules
← Back to GitHub Mastery

GitHub Environments: Approvals, Wait Timers, and Deployment Rules

While Continuous Deployment (CD) is the dream, fully automating code to production without any human oversight can be terrifying, especially in high-stakes industries like finance or healthcare. GitHub Environments provide the ultimate safety net: they allow you to define specialized protection rules like Manual Approvals and Wait Timers that a workflow must satisfy before it is ever allowed to deploy code to a sensitive server.

Table of Contents

What is a GitHub Environment?

A GitHub Environment is a logical "target" for your deployment. Most teams use three standard environments:

  1. Development (dev): Where developers test their latest experimental features. No protection rules.
  2. Staging (stage): A replica of production for final QA testing.
  3. Production (prod): The actual live application used by customers. Heavily protected.

Environments are configured in the Settings > Environments tab of your repository.

Defining Environments in YAML

To link a job in your workflow to an environment, you use the environment: key.

yaml


As soon as GitHub sees environment: production, it pauses the workflow and checks if that environment has any protection rules. If it does, the workflow will sit in a "Waiting" state until the rules are cleared.




The Manual Approval Gate


This is the most popular protection rule. It prevents any code from hitting production until a specific human (or a group of humans) clicks an "Approve" button in the GitHub UI.


Why to use Approvals:


    

  • Compliance: Many industries require a "two-person rule" where the person who wrote the code cannot be the same person who releases it.
    • 

  • Business Readiness: Sometimes code is technically perfect, but the Marketing team isn't ready for the feature to go live yet.
    • 

  • Confidence: It provides one final "sanity check" before the button is pushed.
    • 



When a workflow hits an environment with an approval rule, the assigned approvers receive an email notification. They can view the PR, check the logs, and then click "Approve and deploy".




Wait Timers: The 'Cool Down' Period


A Wait Timer forces exactly what it sounds like: a mandatory delay.


If you set a 15-minute timer on your staging environment, the deployment will automatically pause for 15 minutes after the code is pushed. This is useful for:


    

  • Giving the dev environment a few minutes to settle.
    • 

  • Forcing a lead-time between a developer pushing code and that code becoming live, which can prevent "impulse deployments".
    • 





Branch Protection Rules for Environments


You can also restrict which branches are allowed to deploy to an environment.


For example, you can configure your production environment to only allow deployments from the main branch. If a rogue developer attempts to deploy directly to production from a feature branch like fix-typo, GitHub Actions will instantly block the job with a "Deployment protected" error.




Frequently Asked Questions


Are Environments free?
Environments are free for public repositories. For private repositories, they are only available if you have a GitHub Pro, Team, or Enterprise account.


What happens if an approver rejects the deployment?
The workflow job is immediately cancelled. No code is deployed, and the status of the run is marked as "Rejected".




Key Takeaway


GitHub Environments are the mandatory bridge between "fast development" and "safe operations." By implementing Manual Approvals and Branch Protection, you ensure that the speed of your GitHub Actions automation is always balanced by the rigorous safety standards required for a professional production application.


Read next: Monitoring and Debugging GitHub Actions Workflows →