Script Valley
CI/CD with GitHub Actions
Deployment WorkflowsLesson 4.3

How to use GitHub Actions environments for staged deployments

environments, environment protection rules, required reviewers, wait timer, environment secrets, staging vs production, deployment approval

What are Environments?

Staged deployment with environment approval gate

GitHub Environments model deployment targets (staging, production) with protection rules. A job referencing an environment pauses until all protection rules are satisfied.

Defining Environments

Create environments in Settings โ†’ Environments. Add protection rules: required reviewers (specific GitHub users must approve), wait timer (mandatory delay before deploy runs), or branch restrictions (only certain branches can deploy).

Using Environments in Workflows

jobs:
  deploy-staging:
    runs-on: ubuntu-latest
    environment: staging
    steps:
      - run: echo "Deploying to staging"

  deploy-production:
    runs-on: ubuntu-latest
    needs: deploy-staging
    environment:
      name: production
      url: https://myapp.com
    steps:
      - run: echo "Deploying to production"

The deploy-production job will pause at the environment gate and send a review request to the required reviewers. Only after approval does the job execute. Environment secrets are separate from repository secrets โ€” values in the production environment override identically named repository secrets, allowing different API keys per environment.

Up next

How to deploy to AWS using OIDC instead of long-lived credentials

Sign in to track progress

How to use GitHub Actions environments for staged deployments โ€” Deployment Workflows โ€” CI/CD with GitHub Actions โ€” Script Valley โ€” Script Valley