Skip to content
Latchkey

GitHub Actions "Branch is not allowed to deploy to environment"

Protected environments can restrict which branches may deploy to them. When a workflow runs on a branch outside that allow-list, the job is blocked before any deploy step runs. This is a policy decision, not a flake.

What this error means

A deploy job targeting a protected environment is rejected at the gate because the current ref is not in the environment deployment-branch policy.

github-actions
Error: Branch "feature/x" is not allowed to deploy to production due to environment protection rules.

Common causes

Deployment branch policy excludes the branch

The environment is set to allow only selected branches (e.g. main or release/*) and the current branch is not covered.

Deploying from a tag or PR ref

The run ref is a tag or pull_request ref that does not match the configured branch patterns.

How to fix it

Adjust the deployment branch policy or branch

  1. Under Settings > Environments > production, review Deployment branches.
  2. Either add the branch pattern to the allow-list or run the deploy from an allowed branch.
  3. For tag deploys, add a matching tag rule if supported, or deploy from a branch.
.github/workflows/deploy.yml
# Run the deploy only on allowed branches to avoid the gate
on:
  push:
    branches: [main, 'release/**']

How to prevent it

  • Keep deployment-branch policies aligned with the branches your deploy workflows actually run on.
  • Use environment protection deliberately so only intended branches reach production.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →