GitHub Actions Job Waiting on Environment Protection Rules
A deploy job targeting a protected environment is paused or rejected by its protection rules - required reviewers, a wait timer, or a deployment branch policy that excludes the current branch.
What this error means
A job referencing environment: production waits for manual approval, sits through a timer, or fails because the branch is not allowed to deploy to that environment.
Branch "feature/x" is not allowed to deploy to production due to
environment protection rules.Common causes
Branch not allowed by deployment policy
The environment restricts which branches may deploy. A run from a branch outside that policy is rejected outright.
Required reviewers or wait timer
Required reviewers pause the job until someone approves, and a wait timer delays it. These are intended gates, not errors.
How to fix it
Deploy from an allowed branch
Run the deploy job from a branch the environment permits, or update the deployment branch policy.
jobs:
deploy:
environment: production # rules enforced here
runs-on: ubuntu-latest
steps:
- run: ./deploy.shApprove or adjust the gate
- Have a required reviewer approve the pending deployment in the Actions UI.
- Adjust required reviewers, wait timer, or branch policy in environment settings.
- Confirm secrets and variables are defined at the environment level the job uses.
How to prevent it
- Set deployment branch policies that match how you actually release.
- Document who the required reviewers are so deploys are not stuck.
- Scope environment secrets to the environments that need them.