Skip to content

Instantly share code, notes, and snippets.

@triangletodd

triangletodd/README.md

Created June 12, 2024 04:27
Show Gist options
  • Save triangletodd/d76989293d25791a7f2664520c8d33d3 to your computer and use it in GitHub Desktop.
Save triangletodd/d76989293d25791a7f2664520c8d33d3 to your computer and use it in GitHub Desktop.
Download ZIP
When to Use Deployment Protection Rules vs. Rulesets in GitHub Enterprise
Raw
README.md

When to Use Deployment Protection Rules vs. Rulesets in GitHub Enterprise

Deployment Protection Rules

Deployment protection rules are used to enforce checks and policies specifically around the deployment of code to environments. You would use a deployment protection rule when you want to ensure that certain conditions are met before code can be deployed. This can include:

  • Security Checks: Ensuring that security scans or vulnerability assessments have been completed and passed.
  • Approval Processes: Requiring manual approvals from designated reviewers or teams before deployment.
  • Integration with External Systems: Verifying that external systems or services have approved the deployment.

These rules are particularly useful in continuous deployment or continuous delivery pipelines where the final step is deploying to a production or staging environment. They help ensure that only code that meets all specified criteria is deployed, reducing the risk of introducing issues into live environments.

Rulesets

Rulesets, on the other hand, apply more broadly across repositories within an organization. These rulesets are designed to enforce policies at a higher level, typically related to code quality, collaboration, and governance. You would use a ruleset when you want to:

  • Enforce Consistent Practices: Ensure that all repositories within the organization follow certain practices, such as requiring code reviews, enforcing branch protection, or maintaining commit message standards.
  • Security and Compliance: Implement organization-wide security policies, such as requiring signed commits, enforcing 2FA, or ensuring that sensitive data is not committed.
  • Automate Workflows: Apply automation rules across repositories, such as triggering specific actions or workflows when certain events occur.

Rulesets help maintain consistency and governance across all projects within an organization, ensuring that all teams adhere to the same standards and practices.

When to Use Each

  • Use a Deployment Protection Rule When:

    • You need to enforce specific conditions for code deployments.
    • You want to integrate checks and approvals into your deployment pipeline.
    • Your focus is on ensuring safe and compliant deployments to production or staging environments.

  • Use a Ruleset When:

    • You need to enforce consistent practices and policies across multiple repositories.
    • Your focus is on maintaining code quality, security, and governance at an organizational level.
    • You want to automate and standardize workflows across the organization.

In summary, deployment protection rules are more granular and focused on the deployment process itself, while rulesets provide broader governance and consistency across the entire organization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment