github_actions_artifactgithub_actions_repository_runnergithub_actions_repository_secretgithub_actions_repository_workflow_rungithub_audit_loggithub_branchgithub_branch_protectiongithub_commitgithub_community_profilegithub_gistgithub_gitignoregithub_issuegithub_licensegithub_my_gistgithub_my_issuegithub_my_organizationgithub_my_repositorygithub_my_stargithub_my_teamgithub_organizationgithub_pull_requestgithub_rate_limitgithub_releasegithub_repositorygithub_search_codegithub_search_commitgithub_search_issuegithub_search_labelgithub_search_pull_requestgithub_search_repositorygithub_search_topicgithub_search_usergithub_stargazergithub_taggithub_teamgithub_team_membergithub_team_repositorygithub_traffic_view_dailygithub_traffic_view_weeklygithub_usergithub_workflow
Table: github_branch_protection
Branch protection is a set of rules protecting the branch from inappropriate changes.
The github_branch_protection table can be used to query information about any branch, and you must specify which repository in the where or join clause using the repository_full_name column.
GitHub users with admin permissions to a repository can manage branch protection rules.
Examples
List branches and their protection for a repository
select *from github_branch_protectionwhere repository_full_name = 'turbot/steampipe';Get branch protection for a specific repo
select *from github_branch_protectionwhere repository_full_name = 'turbot/steampipe' and name = 'main';Control examples
- private_repo_default_branch_blocks_deletion
- private_repo_default_branch_blocks_force_push
- private_repo_default_branch_protections_apply_to_admins
- private_repo_default_branch_requires_pull_request_reviews
- public_repo_default_branch_blocks_deletion
- public_repo_default_branch_blocks_force_push
- public_repo_default_branch_protections_apply_to_admins
- public_repo_default_branch_requires_pull_request_reviews
.inspect github_branch_protection
Branch protection defines rules for pushing to and managing a branch.
| Name | Type | Description |
|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. |
| allow_deletions_enabled | boolean | If true, allow users with push access to delete matching branches. |
| allow_force_pushes_enabled | boolean | If true, permit force pushes for all users with push access. |
| enforce_admins_enabled | boolean | If true, enforce all configured restrictions for administrators. |
| name | text | The branch name. |
| repository_full_name | text | The full name of the repository (login/repo-name). |
| required_linear_history_enabled | boolean | If true, prevent merge commits from being pushed to matching branches. |
| required_pull_request_reviews | jsonb | Pull request reviews required before merging. |
| required_status_checks | jsonb | Status checks that must pass before a branch can be merged into branches matching this rule. |
| restrictions_apps | jsonb | Applications can push to the branch only if in this list. |
| restrictions_teams | jsonb | Teams can push to the branch only if in this list. |
| restrictions_users | jsonb | Users can push to the branch only if in this list. |