Bump github/branch-deploy from 9.10.0 to 10.0.0 #321

dependabot · 2024-12-16T23:27:42Z

Bumps github/branch-deploy from 9.10.0 to 10.0.0.

Release notes

Sourced from github/branch-deploy's releases.

v10.0.0

v10 of the github/branch-deploy Action is focused around safety, security, and usability improvements 🚀

BREAKING

Please note that even though there are breaking changes listed, the vast majority of users should be able to simply upgrade to github/branch-deploy@v10 without any issues

The checks input option can now be used with a comma separated list of CI checks if you only want certain checks to be considered "blocking" in terms of deployments. Read more here.

Pull requests in the CHANGES_REQUESTED state are now treated the same as PRs in the REVIEW_REQUIRED state.

The structure and content of the pre/post deployment messages (that get written to PRs) has changed to contain more rich information. This isn't really a breaking change, but it could be if you are parsing these comments in some way.

The deployment payload that gets set to the GitHub API will now contain two new attributes: params and parsed_params

By default, you can no longer .deploy or .noop a pull request fork unless it has approvals - reference. These changes have been made as an extra safety check against potentially untrusted commits

You will no longer be able to deploy a pull request if the target branch is not the default branch - reference1 reference2

Key Changes

You should use ${{ steps.branch-deploy.outputs.sha }} everywhere instead of ${{ steps.branch-deploy.outputs.ref }} - documentation

The structure of the deployment payload that gets sent to the GitHub API has a few new attributes - documentation

You can now have fine grained control to include or ignore CI checks that can (or can't) block your deployments - documentation

The message rendering system for pre/post deployment messages has been greatly improved. It now has many more variables for custom deployment messages and the default structures have been updated a bit - PR reference

A new input option has been added commit_verification: true that enforces commits to be signed/verified before they can be deployed by this Action - PR reference

A lot of new outputs have been added so subsequent workflow steps have access to even more rich data related to deployments

Preventing the ability to deploy a pull request that is not targeting the default branch

Branch ruleset warning checks - If you have a potential security misconfiguration in your branch rulesets, this Action will loudly warn you about it in the deployment logs

The sha output is now available on "Merge commit strategy" deployments as well

What's Changed

Here is a full list of changes:

Docs updates about .noop by @caridinL6 in github/branch-deploy#324

Store params and parsed params into deployment payload by @fabn in github/branch-deploy#325

Bump the npm-dependencies group with 2 updates by @dependabot in github/branch-deploy#326

update all node packages with npm update by @GrantBirki in github/branch-deploy#327

Commit Improvements by @GrantBirki in github/branch-deploy#328

General Fixes + Dependency Updates by @GrantBirki in github/branch-deploy#329

Change docs around ref to point to sha by @GrantBirki in github/branch-deploy#330

Fork Deployment Safety 🔒 by @GrantBirki in github/branch-deploy#331

Improved Messaging by @GrantBirki in github/branch-deploy#332

Commit Verification 🔒 by @GrantBirki in github/branch-deploy#333

API Version Headers by @GrantBirki in github/branch-deploy#334

total_seconds - Output Variable by @GrantBirki in github/branch-deploy#335

node package updates by @GrantBirki in github/branch-deploy#336

feat: ignored_checks by @GrantBirki in github/branch-deploy#337

General Fixes + More Logging by @GrantBirki in github/branch-deploy#338

feat: respect CHANGES_REQUESTED approval state by @GrantBirki in github/branch-deploy#339

feat: prevent deployment when the target branch is not the default branch by @GrantBirki in github/branch-deploy#341

Branch Ruleset Checks by @GrantBirki in github/branch-deploy#342

General Cleanup + SHA outputs for merge deploy mode by @GrantBirki in github/branch-deploy#343

... (truncated)

Commits

1ba61f9 publish v10
a6f4541 Merge pull request #346 from github/commit-verification-text-update
6a4ed7b update the text that gets returned when a commit verification fails
1c7b2cc Merge pull request #345 from github/branch-ruleset-fixes
8971daa gracefully handle cases where an org/user does not have repo rulesets availab...
305bb05 rename to rulesets
242b260 move the logging of commit SHAs in post deploys further down
3d4735a Merge pull request #344 from github/unlock-on-merge-improvements
4a9ed04 check for lock branches before checking for lock files - also add coloring
304e4d2 Merge pull request #343 from github/improvements
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github/branch-deploy](https://github.com/github/branch-deploy) from 9.10.0 to 10.0.0. - [Release notes](https://github.com/github/branch-deploy/releases) - [Commits](github/branch-deploy@v9.10.0...v10.0.0) --- updated-dependencies: - dependency-name: github/branch-deploy dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 16, 2024

dependabot bot deployed to Staging December 16, 2024 23:28 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github/branch-deploy from 9.10.0 to 10.0.0 #321

Bump github/branch-deploy from 9.10.0 to 10.0.0 #321

dependabot bot commented on behalf of github Dec 16, 2024

Bump github/branch-deploy from 9.10.0 to 10.0.0 #321

Are you sure you want to change the base?

Bump github/branch-deploy from 9.10.0 to 10.0.0 #321

Conversation

dependabot bot commented on behalf of github Dec 16, 2024

v10.0.0

BREAKING

Key Changes

What's Changed