GitHub Actions "Branch is not allowed to deploy to environment"
Protected environments can restrict which branches may deploy to them. When a workflow runs on a branch outside that allow-list, the job is blocked before any deploy step runs. This is a policy decision, not a flake.
What this error means
A deploy job targeting a protected environment is rejected at the gate because the current ref is not in the environment deployment-branch policy.
github-actions
Error: Branch "feature/x" is not allowed to deploy to production due to environment protection rules.Common causes
Deployment branch policy excludes the branch
The environment is set to allow only selected branches (e.g. main or release/*) and the current branch is not covered.
Deploying from a tag or PR ref
The run ref is a tag or pull_request ref that does not match the configured branch patterns.
How to fix it
Adjust the deployment branch policy or branch
- Under Settings > Environments > production, review Deployment branches.
- Either add the branch pattern to the allow-list or run the deploy from an allowed branch.
- For tag deploys, add a matching tag rule if supported, or deploy from a branch.
.github/workflows/deploy.yml
# Run the deploy only on allowed branches to avoid the gate
on:
push:
branches: [main, 'release/**']How to prevent it
- Keep deployment-branch policies aligned with the branches your deploy workflows actually run on.
- Use environment protection deliberately so only intended branches reach production.
Related guides
GitHub Actions "The deployment branch is not allowed"Fix the deployments-API error "The deployment branch is not allowed" when creating a deployment via the API f…
GitHub Actions "Missing environment 'production'"Fix the GitHub Actions missing-environment error - a job references an environment that does not exist in the…
GitHub Actions "required reviewers cannot approve own deployment"Fix the GitHub Actions environment gate where required reviewers cannot approve their own deployment, leaving…