In a recent update you can now put if conditionals at job level. See the documentation here. https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idif

I tested this workflow which runs the job test on every push, but only runs deploy on the master branch.

name: my workflow
on: push
jobs:
 test:
 runs-on: ubuntu-latest
 steps:
 - name: Execute tests
 run: exit 0
 deploy:
 runs-on: ubuntu-latest
 needs: test
 if: github.ref == 'refs/heads/master'
 steps:
 - name: Deploy app
 run: exit 0

What follows is my original answer, and an alternative solution if you prefer to have separate workflows.

The first workflow runs for every branch except master. In this workflow you run tests only.

on:
 push:
 branches:
 - '*'
 - '!master'

The second workflow runs for just master and runs both your tests and deploys if the tests were successfully passed.

on:
 push:
 branches:
 - master

Most answers provide a solution for one single branch. To restrict the job to run on any specific set of branches, you can do it using the if conditional with multiple disjunction (||) operators; but this is too verbose and doesn't respect the DRY principle.

The same can be archived with less repetition using the contains function.

Using contains:

contains('
 refs/heads/dev
 refs/heads/staging
 refs/heads/production
', github.ref)

compared to using multiple ||:

github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/production' || ...

Full example:

---
on: push
jobs:
 test:
 name: Test
 runs-on: ubuntu-latest
 steps:
 - uses: actions/checkout@v2
 - name: Run tests
 run: ...
 deployment:
 name: Deployment
 runs-on: ubuntu-latest
 needs: [test]
 if:
 contains('
 refs/heads/dev
 refs/heads/staging
 refs/heads/production
 ', github.ref)
 steps:
 - uses: actions/checkout@v2
 - name: Deploy
 run: ...

Here is what I've done for steps that should only run on a specific branch.

- name: Publish Image
 # Develop branch only
 if: github.ref == 'refs/heads/develop'
 run: |
 ... publish commands ...

2021 update

I know it's possible to only run entire workflows on a specific branch, however that would mean I would have a "test" workflow and a "deploy" workflow.

This sounds like a solution, however they would run parallel. In an ideal world, the tests would run first, and only if they succeed, then the deploy job would start. This isn't the case when using 2 separate workflows.

You can now use the event workflow_run to achieve the part the tests would run first, and only if they succeed, then the deploy job would start (read on to see how):

Documentation page of workflow_run

https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_run

This event occurs when a workflow run is requested or completed, and allows you to execute a workflow based on the finished result of another workflow. A workflow run is triggered regardless of the result of the previous workflow.

For example, if your pull_request workflow generates build artifacts, you can create a new workflow that uses workflow_run to analyze the results and add a comment to the original pull request.

Now, considering OP's initial issue:

I want the tests to run on every branch, but deploying should only happen when something gets pushed to master

This now could be solved like this:

The following setup is working, a few minutes ago I just implemented the same logic in one of my repository

Workflow <your_repo>/.github/workflows/tests.yml

name: My tests workflow
on:
 push:
 branches:
 - master
 pull_request: {}
jobs:
 test:
 # ... your implementation to run your tests

Workflow <your_repo>/.github/workflows/deploy.yml

name: My deploy workflow
on:
 workflow_run:
 workflows: My tests workflow # Reuse the name of your tests workflow
 branches: master
 types: completed
jobs:
 deploy:
 # `if` required because a workflow run is triggered regardless of
 # the result of the previous workflow (see the documentation page)
 if: ${{ github.event.workflow_run.conclusion == 'success' }}
 # ... your implementation to deploy your project

Although this discussion is very old but recently I came across the same problem with a slight addition. if condition to check whether the branch is main works but what if someone pushes their branch and updates the workflow yml file to remove the if condition? The deploy job will get triggered without their branch even being reviewed or merged in main and could potentially break the production environment. This could be a concern in open source projects.

I couldn't find an answer for this anywhere so wanted to share my findings. I hope this is the right thread for it.

To ensure that there's no way a job is triggered except for in specific branches, environments can be used. A deploy job will most likely have some api keys to connect to the destination server that might be stored in secrets. Instead of storing them in repository secrets which are accessible globally within the repository, we should store them in respective environments.

The official docs for environments contain detailed explanation with sample scripts but sharing a simple example here. Let's say we want to run production deployment only when main is updated

1. From repository Settings, create a production environment
2. Choose Selected Branches in Deployment Branches dropdown and add main in the pattern
3. Add the api keys in production environment secrets

In the workflow yml we just need to add environment information environment: production as follows (using script from @peterevans's answer)

name: my workflow
on: push
jobs:
 test:
 runs-on: ubuntu-latest
 steps:
 - name: Execute tests
 run: exit 0
 deploy:
 runs-on: ubuntu-latest
 needs: test
 if: github.ref == 'refs/heads/main'
 environment: production
 steps:
 - name: Deploy app
 run: exit 0

The environment information indicates where the secrets have to be read from. If the current branch name doesn't match the pattern provided in Selected Branches then the job will immediately fail with an error. Since we have a condition to only run this on main, normally that won't bother us because this job will be skipped on other branches anyways. But if someone, mistakenly or with ill intentions, modifies the yml file and removes the condition before pushing their branch, they'll get an error. So, our system remains secure at least from the threat here.

Hope this helps anyone wondering the same.

For steps or jobs you can also use github.ref_name which is the branch or tag name that triggered the workflow run.

name: my workflow
on: push
jobs:
 if: github.ref_name == 'main'
 test:
 runs-on: ubuntu-latest
 steps:
 - name: Execute tests
 run: exit 0

For more information about the github context check here.

The following worked for me inside a job:

Where a PR target branch is one of the following:

if: contains(github.base_ref, 'staging')
 || contains(github.base_ref, 'production')

When the source branch of the pull request is one of them below:

if: contains(github.head_ref, 'feature')
 || contains(github.head_ref, 'release')

While you can't have conditions at job level at this moment, you can have conditions at step level - see Contexts and expression syntax for GitHub Actions.

For getting a branch name, current solution is to check GITHUB_REF environment variable - see Default environment variables and this question for details.

Putting it all together - if you decide to go with accepted answer in last link, your workflow might look like this:

jobs:
 test:
 runs-on: ubuntu-latest
 steps:
 - name: Run tests
 run: ./my-tests.sh
 deploy:
 runs-on: ubuntu-latest
 needs: test
 steps:
 - name: Extract branch name
 shell: bash
 run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF##*/})"
 id: extract_branch
 - name: Deploy
 run: ./deploy.sh
 if: steps.extract_branch.outputs.branch == 'master'

If you'd rather keep everything in workflow file instead of separated script, you can always add if to each step in given job.

I hope it's just a temporary solution/workaround, and job conditions are going to be added before end of beta.

name: CI
on: push
jobs:
 prod-check:
 if: ${{ github.ref == 'refs/heads/main' }}
 runs-on: ubuntu-latest
 steps:
 - run: echo "Deploying to production server on branch $GITHUB_REF"

According to the documentation, the if condition is wrapped like so if: ${{ github.ref == 'refs/heads/main' }}

There are already some pretty good answers. Here's a way to specify multiple branches in your conditional:

name: my workflow
on: push
jobs:
 deploy:
 if: contains(fromJson('["refs/heads/master", "refs/heads/main"]'), github.ref)
 runs-on: ubuntu-latest
 steps:
 - name: Execute tests
 run: exit 0

This works to exit early:

 - name: Exit if not on master branch
 if: github.ref == 'refs/heads/main'
 run: exit 1

You need to add these two script to the workflows

//main.yml
name: main
on:
 push:
 branches:
 - main
//size.yml 
name: size
on:
 pull_request:
 branches:
 - main

• github
• github-actions