You create an environment, restrict it to the main branch, add your secret to it and then tie your deploy workflow to it.
If someone runs that workflow against another branch it will run but it won’t be able to access those secrets.
[0] https://docs.github.com/en/actions/managing-workflow-runs-an...
You create an environment, restrict it to the main branch, add your secret to it and then tie your deploy workflow to it.
If someone runs that workflow against another branch it will run but it won’t be able to access those secrets.
[0] https://docs.github.com/en/actions/managing-workflow-runs-an...