v10.0.0-rc.1

v10.0.0-rc.1 (⚠️ this is a release candidate)

Do not use this release unless you want to live on the edge

BREAKING

Please note that even though there are breaking changes listed, the vast majority of users should be able to simply upgrade to github/branch-deploy@v10 without any issues

• The checks input option can now be used with a comma separated list of CI checks if you only want certain checks to be considered "blocking" in terms of deployments. Read more here.
• Pull requests in the CHANGES_REQUESTED state are now treated the same as PRs in the REVIEW_REQUIRED state.
• The structure and content of the pre/post deployment messages (that get written to PRs) has changed to contain more rich information. This isn't really a breaking change, but it could be if you are parsing these comments in some way.
• The deployment payload that gets set to the GitHub API will now contain two new attributes: params and parsed_params
• By default, you can no longer .deploy or .noop a pull request fork unless it has approvals - reference. These changes have been made as an extra safety check against potentially untrusted commits
• You will no longer be able to deploy a pull request if the target branch is not the default branch - reference1 reference2

Key Changes

• You should use ${{ steps.branch-deploy.outputs.sha }} everywhere instead of ${{ steps.branch-deploy.outputs.ref }} - documentation
• The structure of the deployment payload that gets sent to the GitHub API has a few new attributes - documentation
• You can now have fine grained control to include or ignore CI checks that can (or can't) block your deployments - documentation
• The message rendering system for pre/post deployment messages has been greatly improved. It now has many more variables for custom deployment messages and the default structures have been updated a bit - PR reference
• A new input option has been added commit_verification: true that enforces commits to be signed/verified before they can be deployed by this Action - PR reference
• A lot of new outputs have been added so subsequent workflow steps have access to even more rich data related to deployments
• Preventing the ability to deploy a pull request that is not targeting the default branch
• Branch ruleset warning checks - If you have a potential security misconfiguration in your branch rulesets, this Action will loudly warn you about it in the deployment logs
• The sha output is now available on "Merge commit strategy" deployments as well

What's Changed

Here is a full list of changes:

• Docs updates about .noop by @caridinL6 in #324
• Store params and parsed params into deployment payload by @fabn in #325
• Bump the npm-dependencies group with 2 updates by @dependabot in #326
• update all node packages with npm update by @GrantBirki in #327
• Commit Improvements by @GrantBirki in #328
• General Fixes + Dependency Updates by @GrantBirki in #329
• Change docs around ref to point to sha by @GrantBirki in #330
• Fork Deployment Safety 🔒 by @GrantBirki in #331
• Improved Messaging by @GrantBirki in #332
• Commit Verification 🔒 by @GrantBirki in #333
• API Version Headers by @GrantBirki in #334
• total_seconds - Output Variable by @GrantBirki in #335
• node package updates by @GrantBirki in #336
• feat: ignored_checks by @GrantBirki in #337
• General Fixes + More Logging by @GrantBirki in #338
• feat: respect CHANGES_REQUESTED approval state by @GrantBirki in #339
• feat: prevent deployment when the target branch is not the default branch by @GrantBirki in #341
• Branch Ruleset Checks by @GrantBirki in #342
• General Cleanup + SHA outputs for merge deploy mode by @GrantBirki in #343
• Unlock on Merge branch check improvements by @GrantBirki in #344

New Contributors

• @caridinL6 made their first contribution in #324

Full Changelog: v9.10.0...v10.0.0-rc.1