GitHub Actions Workflow for Manual Approval Before Deploy
Gate production deploys behind a human approval.
This workflow builds freely, then a second job targets a protected environment so GitHub pauses for a required reviewer before deploying.
The workflow
.github/workflows/ci.yml
name: Deploy
on:
push:
branches: [main]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: ./build.sh
deploy:
needs: build
runs-on: ubuntu-latest
environment:
name: production
url: https://app.example.com
steps:
- uses: actions/checkout@v4
- run: ./deploy.shNotes
- Create the
productionenvironment in repo settings and add required reviewers. - The
deployjob stays pending until a reviewer approves. - No extra action is needed -- the environment protection rule enforces the gate.
Run it cheaper
Point runs-on: at a Latchkey label to run this workflow at roughly 69% lower per-minute cost, with self-healing for transient failures.
Related guides
How to Use Secrets in GitHub Actions SafelyUse GitHub Actions secrets correctly - repo vs environment vs org secrets, why forks can not read them, and h…
How to Speed Up GitHub Actions: 9 High-Impact TacticsMake GitHub Actions faster: caching, parallelization, test splitting, Docker layer caching, slimmer images, a…