Why environment protection rules only for public repos?

Is there a reason why environment protection rules apply only for public repos? Or could we expect that they will be extended to apply to private repos, as well?
We would like to use this to improve control over deployments - but we’re setting up to use only private repositories :-(.
Thank you!

10 Likes

Protection rules are available for private repos if you are part of an organization with an Enterprise Plan.

1 Like

That’s great!

I was going by this page, Environments - GitHub Docs
which says:

Environment protection rules and environment secrets are only available on public repositories. If you convert a repository from public to private, any configured protection rules or environment secrets will be ignored, and you will not be able to configure any environments. If you convert your repository back to public, you will have access to any previously configured protection rules and environment secrets.

I feel a little uncomfortable submitting an edit for that page, as I am not knowledgeable enough, yet :-p (In checking back, it does say in the “where is this available box” higher on the page that this is available in private repos for enterprise customers, too - I have to confess I skipped that box when reading that page :frowning: ).

Will environments be coming to private repos on Team plans any time soon?

This feature is the last blocker before my org can move to GHActions fully.

9 Likes

@chrispat I have the same question: are Environments (including protection rules, required reviewers and env secrets) going to be available for private repos in other paid plans besides Enterprise level?

Our org is on the Github Team plan and we would really like to take advantage of these features. We’re trying to show that we can migrate from Jenkins to GitHub Actions completely.

Thanks!

7 Likes

@chrispat Same thing for us, we are evaluating Github as a Bitbucket replacement and we definitely need to manage deployments across environments with approvals for compliance.

So far I am ambivalent about Github Actions because the CI is powerful, but at the same time basic features like manual step, approvals and environments are missing or reserved to the Entreprise plan.

I really think core CI features should be available for any plans and differentiate the Team and Entreprise plans on Quality, Security and Compliance features.

Anyway it just my customer feedback !

1 Like

@chrispat It was quite a surprise to see it being enabled for the public repos only. This feature is long time awaited for multiple different projects migrated to the GitHub Actions. It was treated as an investment so we expected to receive CircleCI-alike features in Github Actions.

Should we expect environment configuration (i.e. protection rules) to be delivered for the paid Teams tier private repos, any ETA?

Just in case, if you can provide the feedback like “it will be Enterprise exclusive feature” - it will also help, we will move from the Github Actions to the Travis of Circle CI.

Thanks in advance for any clarification.

3 Likes

Hi, will it be Enterprise exclusive feature?
If Github team can add more documentation on the roadmap it will be more helpfull, current roadmap not that transparent!

We’re in the same boat. We’re currently using CircleCI and we are big users of “Contexts” there. I’m not sure how we could separate dev/prod environment variables on Github without Environments. Would love to move to GH Actions but really need this first :confused:

I’m specifically interested in having different environment variables for different stage environments when using Actions, but this feature seems to be tied up in the general ‘Environments’ protection rules feature.

Public repo support aside, it seems ridiculous that Github only offer this to Enterprise customers when it’s included in the free plan for Bitbucket. Could Github please extend this at least to Github Teams customers. Github Actions is basically unusable until this is available (who in their right mind only builds for one environment).

5 Likes

Are there any plans to extend this functionality to a Github Team based subscription as well instead of Enterprise only?
We are currently looking for a bitbucket alternative but this feature does not justify the Enterprise cost for us.

When comparing plans the environment (for private repo) also doesn’t show up as an Enterprise-only feature, which is kind of misleading.

6 Likes

This is also a show stopper for us for using Github Action properly on a Team plan. I tried it in a public repo and this is awesome, but there’s no way our repo goes public to use this and we’re too small to pay for Enterprise plans.

I don’t see a reason why it wouldn’t come to private repo on Team plan. Furthermore, there’s a few bleeds of it all around like the environment section in the right, and until last week we were able to define environment in our github action, looks like this stopped working at some point last week, I had to remove them from my actions because otherwise the actions with it wasn’t working anymore.

4 Likes

Same boat. Back to GitLab unfortunately.

Any updates on Environment availability in Github Teams?

1 Like

When I saw their recent blog post I got excited thinking I could finally use this feature: Implementing least privilege for secrets in GitHub Actions - The GitHub Blog

However it seems that the post fails to mention this feature is unavailable for most customers (meaning non-enterprise paying-customers). GitHub actions has been great so far, but since it’s lacking these critical security features, using it carte blanche in my company feels like I’m hosting a ticking time bomb. The solution in the blog post looks like a great start if we can use it though. I hope this recent feature highlight means they are planning an announcement soon.

Yeah it’s quite a shame that as a paid user, I don’t even have access to something as simple as defining environments… what am I even paying for?