How to Gate Production Behind a Manual Approval in GitHub Actions
Targeting a protected production environment with required reviewers pauses the deploy until someone approves.
Configure required reviewers (and optionally a wait timer) on a production environment, then point only the production deploy job at it. The job waits in a pending state until approved.
Steps
- Add required reviewers to the
productionenvironment in settings. - Run build and staging jobs unconditionally so they are unaffected.
- Target only the prod deploy job with
environment: production.
Workflow
.github/workflows/ci.yml
jobs:
staging:
runs-on: ubuntu-latest
environment: staging
steps:
- run: ./deploy.sh --env staging
production:
needs: staging
runs-on: ubuntu-latest
environment: production
steps:
- run: ./deploy.sh --env productionGotchas
- The approval gate lives on the environment, not the workflow file.
- Combine with a wait timer or branch restriction for layered protection.
Related guides
How to Add Required Reviewers to an Environment in GitHub ActionsAdd required reviewers to a GitHub Actions environment so any job that targets it pauses for human sign-off b…
How to Set a Wait Timer Before a Deploy in GitHub ActionsAdd a wait timer to a GitHub Actions environment so any deploy that targets it is delayed for a set number of…