How to restrict workflow actions to execute on specific parameters

hi Team,
I have a requirement where I would like to use workfow_dispatch to trigger manual workflow with input parameters
ex: when its dev or SIT everyone can execute
but when it’s Test/UAT and Prod environment only specific members of the repository should execute
how to achieve this ?

its something like applies ACLs to workflow to run based on input parameters

Hi @chaitanya-bojja-by,

You can add job level if expression, check the input value and only allow specific user to execute the workflow when value match. Code as below:

    if: github.event.inputs.value=='dev' || github.event.inputs.value=='SIT' || ((github.event.inputs.value=='Test' || github.event.inputs.value=='UAT' || github.event.inputs.value=='Prod') &&'testuser1')

When it’s dev or SIT, every member can trigger the workflow.
When it’s Test, UAT or Prod, only user testuser1 can trigger the workflow.


I have list of users to allow or not to allow
Is there anyway to enter list of users instead of hard coding in workflow file

if: github.event.inputs.environment==‘dev’ || (( github.event.inputs.environment==‘test’ || github.event.inputs.environment==‘Prod’) &&‘ram | venkat | naresh’)

Assuming that the pipe character cannot occur in the actor name, it should be safe to do:

contains('|ram|venkat|naresh|', format('|{0}|',

and also how to restrict code checkout based on branch like

if env is dev or SIT then code checkout from feature branches like
if env is test or prod then code checkout has to be from master or release branch

Hi @chaitanya-bojja-by,

You can also add step level if expression to actions/checkout:


      - name: checkout
        if: github.event.inputs.value=='dev' || github.event.inputs.value=='SIT'
        uses: actions/checkout@v2
          ref: peter/code-change