add allow_non_default_target_branch_deployments as a new input option

GrantBirki · GrantBirki · commit 0336ed77b51c · 2025-01-22T11:58:46.000-08:00
diff --git a/README.md b/README.md
@@ -300,6 +300,7 @@ As seen above, we have two steps. One for a noop deploy, and one for a regular d
 | `skip_successful_deploy_labels_if_approved` | `false` | `"false"` | Whether or not the post run logic should skip adding successful deploy labels if the pull request is approved. This can be useful if you add a label such as "ready-for-review" after a `.deploy` completes but want to skip adding that label in situations where the pull request is already approved. |
 | `enforced_deployment_order` | `false` | `""` | A comma separated list of environments that must be deployed in a specific order. Example: `"development,staging,production"`. If this is set then you cannot deploy to latter environments unless the former ones have a successful and active deployment on the latest commit first - See the [enforced deployment order docs](./docs/enforced-deployment-order.md) for more details |
 | `use_security_warnings` | `false` | `"true"` | Whether or not to leave security related warnings in log messages during deployments. Default is `"true"` |
+| `allow_non_default_target_branch_deployments` | `false` | `"false"` | Whether or not to allow deployments of pull requests that target a branch other than the default branch (aka stable branch) as their merge target. By default, this Action would reject the deployment of a branch named `feature-branch` if it was targeting `foo` instead of `main` (or whatever your default branch is). This option allows you to override that behavior and be able to deploy any branch in your repository regardless of the target branch. This option is potentially unsafe and should be used with caution as most default branches contain branch protection rules. Often times non-default branches do not contain these same branch protection rules. |
 
 ## Outputs 📤
 
diff --git a/__tests__/functions/help.test.js b/__tests__/functions/help.test.js
@@ -50,7 +50,8 @@ const defaultInputs = {
   commit_verification: true,
   ignored_checks: [],
   enforced_deployment_order: [],
-  use_security_warnings: true
+  use_security_warnings: true,
+  allow_non_default_target_branch_deployments: false
 }
 
 test('successfully calls help with defaults', async () => {
@@ -89,7 +90,8 @@ test('successfully calls help with non-defaults', async () => {
     ignored_checks: ['lint', 'format'],
     commit_verification: false,
     enforced_deployment_order: [],
-    use_security_warnings: false
+    use_security_warnings: false,
+    allow_non_default_target_branch_deployments: false
   }
 
   expect(await help(octokit, context, 123, inputs))
@@ -127,7 +129,8 @@ test('successfully calls help with non-defaults again', async () => {
     ignored_checks: ['lint'],
     commit_verification: false,
     enforced_deployment_order: ['development', 'staging', 'production'],
-    use_security_warnings: false
+    use_security_warnings: false,
+    allow_non_default_target_branch_deployments: false
   }
 
   expect(await help(octokit, context, 123, inputs))
@@ -176,7 +179,8 @@ test('successfully calls help with non-defaults and unknown update_branch settin
     checks: 'required',
     ignored_checks: ['lint'],
     enforced_deployment_order: [],
-    use_security_warnings: false
+    use_security_warnings: false,
+    allow_non_default_target_branch_deployments: true
   }
 
   expect(await help(octokit, context, 123, inputs))
@@ -197,4 +201,9 @@ test('successfully calls help with non-defaults and unknown update_branch settin
   expect(debugMock).toHaveBeenCalledWith(
     expect.stringMatching(/not use security warnings/)
   )
+  expect(debugMock).toHaveBeenCalledWith(
+    expect.stringMatching(
+      /will allow the deployments of pull requests that target a branch other than the default branch/
+    )
+  )
 })
diff --git a/__tests__/main.test.js b/__tests__/main.test.js
@@ -90,6 +90,7 @@ beforeEach(() => {
   process.env.INPUT_COMMIT_VERIFICATION = 'false'
   process.env.INPUT_IGNORED_CHECKS = ''
   process.env.INPUT_USE_SECURITY_WARNINGS = 'true'
+  process.env.INPUT_ALLOW_NON_DEFAULT_TARGET_BRANCH_DEPLOYMENTS = 'false'
 
   github.context.payload = {
     issue: {
diff --git a/__tests__/schemas/action.schema.yml b/__tests__/schemas/action.schema.yml
@@ -490,6 +490,16 @@ inputs:
     default:
       type: string
       required: false
+  allow_non_default_target_branch_deployments:
+    description:
+      type: string
+      required: true
+    required:
+      type: boolean
+      required: true
+    default:
+      type: string
+      required: false
 
 # outputs section
 outputs:
diff --git a/action.yml b/action.yml
@@ -189,6 +189,10 @@ inputs:
     description: 'Whether or not to leave security related warnings in log messages during deployments. Default is "true"'
     required: false
     default: "true"
+  allow_non_default_target_branch_deployments:
+    description: 'Whether or not to allow deployments of pull requests that target a branch other than the default branch (aka stable branch) as their merge target. By default, this Action would reject the deployment of a branch named "feature-branch" if it was targeting "foo" instead of "main" (or whatever your default branch is). This option allows you to override that behavior and be able to deploy any branch in your repository regardless of the target branch. This option is potentially unsafe and should be used with caution as most default branches contain branch protection rules. Often times non-default branches do not contain these same branch protection rules.'
+    required: false
+    default: "false"
 outputs:
   continue:
     description: 'The string "true" if the deployment should continue, otherwise empty - Use this to conditionally control if your deployment should proceed or not'
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/functions/help.js b/src/functions/help.js
@@ -236,6 +236,13 @@ export async function help(octokit, context, reactionId, inputs) {
   - \`allow_sha_deployments: ${
     inputs.allow_sha_deployments
   }\` - ${sha_deployment_message}
+  - \`allow_non_default_target_branch_deployments: ${
+    inputs.allow_non_default_target_branch_deployments
+  }\` - This Action will ${
+    inputs.allow_non_default_target_branch_deployments === true
+      ? 'allow'
+      : 'not allow'
+  } the deployments of pull requests that target a branch other than the default branch (aka stable branch)
 
   ---
 
diff --git a/src/functions/inputs.js b/src/functions/inputs.js
@@ -56,6 +56,9 @@ export function getInputs() {
   const commit_verification = core.getBooleanInput('commit_verification')
   const ignored_checks = stringToArray(core.getInput('ignored_checks'))
   const use_security_warnings = core.getBooleanInput('use_security_warnings')
+  const allow_non_default_target_branch_deployments = core.getBooleanInput(
+    'allow_non_default_target_branch_deployments'
+  )
 
   // validate inputs
   validateInput('update_branch', update_branch, ['disabled', 'warn', 'force'])
@@ -106,6 +109,8 @@ export function getInputs() {
     enforced_deployment_order: enforced_deployment_order,
     commit_verification: commit_verification,
     ignored_checks: ignored_checks,
-    use_security_warnings: use_security_warnings
+    use_security_warnings: use_security_warnings,
+    allow_non_default_target_branch_deployments:
+      allow_non_default_target_branch_deployments
   }
 }
