Code Reference

Environments

GitHub Actions · Reference cheat sheet

Environments

GitHub Actions · Reference cheat sheet


📋 Overview

Environments (environment: production) gate deployments with protection rules: required reviewers, wait timers, and branch restrictions. Each environment can hold dedicated secrets and variables. Use them to separate staging and production credentials.

🔧 Core concepts

FeatureRole
environment:Bind job to named env
environment.name / urlName + deployment URL
Protection rulesApprovals, wait timer
Deployment branchesLimit which refs can deploy
Env secrets/varsScoped credentials
Deployment historyVisible in repo UI

Environments are configured in repo Settings → Environments. Public repos have limitations on private env secrets for forks.

💡 Examples

Simple environment:

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment:
      name: production
      url: https://example.com
    steps:
      - uses: actions/checkout@v4
      - run: ./deploy.sh
        env:
          TOKEN: ${{ secrets.DEPLOY_TOKEN }}

Dynamic name:

environment: ${{ inputs.target }}

With concurrency:

concurrency:
  group: deploy-production
  cancel-in-progress: false
jobs:
  deploy:
    environment: production

⚠️ Pitfalls

  • Job waits indefinitely for approval—communicate SLAs to reviewers.
  • Environment secrets aren’t available until the job is approved (by design).
  • Misnamed environments create new empty envs silently—match Settings names.
  • Protection rules don’t replace proper authz in your deploy scripts.
  • url is informational for the UI; it doesn’t verify the deployment.
  • Combining matrix + environment can create many deployment records—name carefully.

On this page