Bump github/branch-deploy from 9 to 10 in the github-actions group

[dependabot]

Bumps the github-actions group with 1 update: github/branch-deploy.

Updates github/branch-deploy from 9 to 10

Release notes

Sourced from github/branch-deploy's releases.

v10.0.0

v10 of the github/branch-deploy Action is focused around safety, security, and usability improvements 🚀

BREAKING

Please note that even though there are breaking changes listed, the vast majority of users should be able to simply upgrade to github/branch-deploy@v10 without any issues

• The checks input option can now be used with a comma separated list of CI checks if you only want certain checks to be considered "blocking" in terms of deployments. Read more here.
• Pull requests in the CHANGES_REQUESTED state are now treated the same as PRs in the REVIEW_REQUIRED state.
• The structure and content of the pre/post deployment messages (that get written to PRs) has changed to contain more rich information. This isn't really a breaking change, but it could be if you are parsing these comments in some way.
• The deployment payload that gets set to the GitHub API will now contain two new attributes: params and parsed_params
• By default, you can no longer .deploy or .noop a pull request fork unless it has approvals - reference. These changes have been made as an extra safety check against potentially untrusted commits
• You will no longer be able to deploy a pull request if the target branch is not the default branch - reference1 reference2

Key Changes

• You should use ${{ steps.branch-deploy.outputs.sha }} everywhere instead of ${{ steps.branch-deploy.outputs.ref }} - documentation
• The structure of the deployment payload that gets sent to the GitHub API has a few new attributes - documentation
• You can now have fine grained control to include or ignore CI checks that can (or can't) block your deployments - documentation
• The message rendering system for pre/post deployment messages has been greatly improved. It now has many more variables for custom deployment messages and the default structures have been updated a bit - PR reference
• A new input option has been added commit_verification: true that enforces commits to be signed/verified before they can be deployed by this Action - PR reference
• A lot of new outputs have been added so subsequent workflow steps have access to even more rich data related to deployments
• Preventing the ability to deploy a pull request that is not targeting the default branch
• Branch ruleset warning checks - If you have a potential security misconfiguration in your branch rulesets, this Action will loudly warn you about it in the deployment logs
• The sha output is now available on "Merge commit strategy" deployments as well

What's Changed

Here is a full list of changes:

• Docs updates about .noop by @​caridinL6 in github/branch-deploy#324
• Store params and parsed params into deployment payload by @​fabn in github/branch-deploy#325
• Bump the npm-dependencies group with 2 updates by @​dependabot in github/branch-deploy#326
• update all node packages with npm update by @​GrantBirki in github/branch-deploy#327
• Commit Improvements by @​GrantBirki in github/branch-deploy#328
• General Fixes + Dependency Updates by @​GrantBirki in github/branch-deploy#329
• Change docs around ref to point to sha by @​GrantBirki in github/branch-deploy#330
• Fork Deployment Safety 🔒 by @​GrantBirki in github/branch-deploy#331
• Improved Messaging by @​GrantBirki in github/branch-deploy#332
• Commit Verification 🔒 by @​GrantBirki in github/branch-deploy#333
• API Version Headers by @​GrantBirki in github/branch-deploy#334
• total_seconds - Output Variable by @​GrantBirki in github/branch-deploy#335
• node package updates by @​GrantBirki in github/branch-deploy#336
• feat: ignored_checks by @​GrantBirki in github/branch-deploy#337
• General Fixes + More Logging by @​GrantBirki in github/branch-deploy#338
• feat: respect CHANGES_REQUESTED approval state by @​GrantBirki in github/branch-deploy#339
• feat: prevent deployment when the target branch is not the default branch by @​GrantBirki in github/branch-deploy#341
• Branch Ruleset Checks by @​GrantBirki in github/branch-deploy#342
• General Cleanup + SHA outputs for merge deploy mode by @​GrantBirki in github/branch-deploy#343

... (truncated)

Commits

• 1ba61f9 publish v10
• a6f4541 Merge pull request #346 from github/commit-verification-text-update
• 6a4ed7b update the text that gets returned when a commit verification fails
• 1c7b2cc Merge pull request #345 from github/branch-ruleset-fixes
• 8971daa gracefully handle cases where an org/user does not have repo rulesets availab...
• 305bb05 rename to rulesets
• 242b260 move the logging of commit SHAs in post deploys further down
• 3d4735a Merge pull request #344 from github/unlock-on-merge-improvements
• 4a9ed04 check for lock branches before checking for lock files - also add coloring
• 304e4d2 Merge pull request #343 from github/improvements
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

👋 Thanks for opening a pull request!

If you are new, please check out the trimmed down summary of our deployment process below:

1. 👀 Observe the CI jobs and tests to ensure they are passing

2. ✔️ Obtain an approval/review on this pull request

3. 🚀 Deploy your pull request to the development environment with .deploy to development

4. 🚀 Deploy your pull request to the production environment with .deploy

   If anything goes wrong, rollback with .deploy main

5. 🎉 Merge!

Need help? Type .help as a comment or visit the usage guide for more details

Please note, if you have a more complex change, it is advised to claim a deployment lock with .lock <environment> --reason <reason> to prevent other deployments from happening while you are working on your change.

Once your PR has been merged, you can remove the lock with .unlock <environment>.