A release job deploys to an environment named production. The team wants a mandatory cooling-off period after a run reaches the environment, so that anyone can cancel the deployment within a fixed delay before it actually proceeds, even when no human approval is required. Which environment protection rule provides this fixed delay?
jobs:
deploy:
runs-on: ubuntu-latest
environment: production- AA required reviewers rule on the environment, because naming reviewers automatically inserts a fixed delay during which the queued deployment can still be cancelled.
- BA concurrency group keyed on the environment name, because grouping the runs makes GitHub hold each queued deployment for a fixed cooling-off period before releasing it.
- CA branch protection rule on the deployment branch, because requiring a status check there forces a fixed delay before the environment will accept the queued run.
- DA wait timer rule on the environment, because it holds any run that reaches the environment for the configured number of minutes before the job is allowed to proceed. Correct
Why A is wrong: Tempting because required reviewers also pause a run, but that rule waits for a named person to approve rather than counting down a fixed timer, so it provides no automatic delay window.
Why B is wrong: Tempting because concurrency does queue runs, but it only serialises or cancels by group key and never imposes a timed delay during which a pending deployment can be cancelled.
Why C is wrong: Tempting because branch protection gates merges, but it governs the repository branch and pull requests, not the timed pause an environment applies once a deployment job targets it.
Why D is correct: A wait timer is an environment protection rule that delays a deployment by a set number of minutes after it reaches the environment, giving a cancellation window without needing approval.