Skip to content
Latchkey

GitHub Actions Job Waiting on Environment Protection Rules

A deploy job targeting a protected environment is paused or rejected by its protection rules - required reviewers, a wait timer, or a deployment branch policy that excludes the current branch.

What this error means

A job referencing environment: production waits for manual approval, sits through a timer, or fails because the branch is not allowed to deploy to that environment.

Actions log
Branch "feature/x" is not allowed to deploy to production due to
environment protection rules.

Common causes

Branch not allowed by deployment policy

The environment restricts which branches may deploy. A run from a branch outside that policy is rejected outright.

Required reviewers or wait timer

Required reviewers pause the job until someone approves, and a wait timer delays it. These are intended gates, not errors.

How to fix it

Deploy from an allowed branch

Run the deploy job from a branch the environment permits, or update the deployment branch policy.

.github/workflows/deploy.yml
jobs:
  deploy:
    environment: production   # rules enforced here
    runs-on: ubuntu-latest
    steps:
      - run: ./deploy.sh

Approve or adjust the gate

  1. Have a required reviewer approve the pending deployment in the Actions UI.
  2. Adjust required reviewers, wait timer, or branch policy in environment settings.
  3. Confirm secrets and variables are defined at the environment level the job uses.

How to prevent it

  • Set deployment branch policies that match how you actually release.
  • Document who the required reviewers are so deploys are not stuck.
  • Scope environment secrets to the environments that need them.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →