v10.0.0

v10.0.0

v10 of the github/branch-deploy Action is focused around safety, security, and usability improvements 🚀

BREAKING

Please note that even though there are breaking changes listed, the vast majority of users should be able to simply upgrade to github/branch-deploy@v10 without any issues

• The checks input option can now be used with a comma separated list of CI checks if you only want certain checks to be considered "blocking" in terms of deployments. Read more here.
• Pull requests in the CHANGES_REQUESTED state are now treated the same as PRs in the REVIEW_REQUIRED state.
• The structure and content of the pre/post deployment messages (that get written to PRs) has changed to contain more rich information. This isn't really a breaking change, but it could be if you are parsing these comments in some way.
• The deployment payload that gets set to the GitHub API will now contain two new attributes: params and parsed_params
• By default, you can no longer .deploy or .noop a pull request fork unless it has approvals - reference. These changes have been made as an extra safety check against potentially untrusted commits
• You will no longer be able to deploy a pull request if the target branch is not the default branch - reference1 reference2

Key Changes

• You should use ${{ steps.branch-deploy.outputs.sha }} everywhere instead of ${{ steps.branch-deploy.outputs.ref }} - documentation
• The structure of the deployment payload that gets sent to the GitHub API has a few new attributes - documentation
• You can now have fine grained control to include or ignore CI checks that can (or can't) block your deployments - documentation
• The message rendering system for pre/post deployment messages has been greatly improved. It now has many more variables for custom deployment messages and the default structures have been updated a bit - PR reference
• A new input option has been added commit_verification: true that enforces commits to be signed/verified before they can be deployed by this Action - PR reference
• A lot of new outputs have been added so subsequent workflow steps have access to even more rich data related to deployments
• Preventing the ability to deploy a pull request that is not targeting the default branch
• Branch ruleset warning checks - If you have a potential security misconfiguration in your branch rulesets, this Action will loudly warn you about it in the deployment logs
• The sha output is now available on "Merge commit strategy" deployments as well

What's Changed

Here is a full list of changes:

• Docs updates about .noop by @caridinL6 in #324
• Store params and parsed params into deployment payload by @fabn in #325
• Bump the npm-dependencies group with 2 updates by @dependabot in #326
• update all node packages with npm update by @GrantBirki in #327
• Commit Improvements by @GrantBirki in #328
• General Fixes + Dependency Updates by @GrantBirki in #329
• Change docs around ref to point to sha by @GrantBirki in #330
• Fork Deployment Safety 🔒 by @GrantBirki in #331
• Improved Messaging by @GrantBirki in #332
• Commit Verification 🔒 by @GrantBirki in #333
• API Version Headers by @GrantBirki in #334
• total_seconds - Output Variable by @GrantBirki in #335
• node package updates by @GrantBirki in #336
• feat: ignored_checks by @GrantBirki in #337
• General Fixes + More Logging by @GrantBirki in #338
• feat: respect CHANGES_REQUESTED approval state by @GrantBirki in #339
• feat: prevent deployment when the target branch is not the default branch by @GrantBirki in #341
• Branch Ruleset Checks by @GrantBirki in #342
• General Cleanup + SHA outputs for merge deploy mode by @GrantBirki in #343
• Unlock on Merge branch check improvements by @GrantBirki in #344
• bug: Branch Ruleset API call fails when a user/org doesn't have the ruleset feature by @GrantBirki in #345
• Improve commit verification failure text by @GrantBirki in #346

New Contributors

• @caridinL6 made their first contribution in #324

Full Changelog: v9.10.0...v10.0.0