add deployment_confirmation and deployment_confirmation_timeout to the action inputs

Author: GrantBirki

README.md

@@ -301,6 +301,8 @@ As seen above, we have two steps. One for a noop deploy, and one for a regular d
 | `enforced_deployment_order` | `false` | `""` | A comma separated list of environments that must be deployed in a specific order. Example: `"development,staging,production"`. If this is set then you cannot deploy to latter environments unless the former ones have a successful and active deployment on the latest commit first - See the [enforced deployment order docs](./docs/enforced-deployment-order.md) for more details |
 | `use_security_warnings` | `false` | `"true"` | Whether or not to leave security related warnings in log messages during deployments. Default is `"true"` |
 | `allow_non_default_target_branch_deployments` | `false` | `"false"` | Whether or not to allow deployments of pull requests that target a branch other than the default branch (aka stable branch) as their merge target. By default, this Action would reject the deployment of a branch named `feature-branch` if it was targeting `foo` instead of `main` (or whatever your default branch is). This option allows you to override that behavior and be able to deploy any branch in your repository regardless of the target branch. This option is potentially unsafe and should be used with caution as most default branches contain branch protection rules. Often times non-default branches do not contain these same branch protection rules. Follow along in this [issue thread](https://github.com/github/branch-deploy/issues/340) to learn more. |
+| `deployment_confirmation` | `false` | `"false"` | Whether or not to require an additional confirmation before a deployment can continue. Default is `"false"`. If your project requires elevated security, it is highly recommended to enable this option - especially in open source projects where you might be deploying forks. |
+| `deployment_confirmation_timeout` | `false` | `60` | The number of seconds to wait for a deployment confirmation before timing out. Default is `60` seconds (1 minute). |
 
 ## Outputs 📤
 

__tests__/functions/help.test.js

@@ -51,7 +51,9 @@ const defaultInputs = {
   ignored_checks: [],
   enforced_deployment_order: [],
   use_security_warnings: true,
-  allow_non_default_target_branch_deployments: false
+  allow_non_default_target_branch_deployments: false,
+  deployment_confirmation: false,
+  deployment_confirmation_timeout: 60
 }
 
 test('successfully calls help with defaults', async () => {
@@ -91,7 +93,8 @@ test('successfully calls help with non-defaults', async () => {
     commit_verification: false,
     enforced_deployment_order: [],
     use_security_warnings: false,
-    allow_non_default_target_branch_deployments: false
+    allow_non_default_target_branch_deployments: false,
+    deployment_confirmation: true
   }
 
   expect(await help(octokit, context, 123, inputs))

__tests__/main.test.js

@@ -228,6 +228,22 @@ test('successfully runs the action', async () => {
   )
 })
 
+test('fails the action early on when it fails to parse an int input', async () => {
+  process.env.INPUT_DEPLOYMENT_CONFIRMATION_TIMEOUT = 'not-an-int'
+
+  expect(await run()).toBe(undefined)
+  expect(setFailedMock).toHaveBeenCalledWith(
+    'Invalid value for deployment_confirmation_timeout: must be an integer'
+  )
+  expect(saveStateMock).toHaveBeenCalledWith('bypass', 'true')
+  expect(infoMock).not.toHaveBeenCalledWith(
+    `🧑‍🚀 commit sha to deploy: ${COLORS.highlight}${mock_sha}${COLORS.reset}`
+  )
+  expect(infoMock).not.toHaveBeenCalledWith(
+    `🚀 ${COLORS.success}deployment started!${COLORS.reset}`
+  )
+})
+
 test('successfully runs the action with deployment confirmation', async () => {
   process.env.INPUT_DEPLOYMENT_CONFIRMATION = 'true'
 

__tests__/schemas/action.schema.yml

@@ -500,6 +500,26 @@ inputs:
     default:
       type: string
       required: false
+  deployment_confirmation:
+    description:
+      type: string
+      required: true
+    required:
+      type: boolean
+      required: true
+    default:
+      type: string
+      required: false
+  deployment_confirmation_timeout:
+    description:
+      type: string
+      required: true
+    required:
+      type: boolean
+      required: true
+    default:
+      type: string
+      required: false
 
 # outputs section
 outputs:

action.yml

@@ -193,6 +193,14 @@ inputs:
     description: 'Whether or not to allow deployments of pull requests that target a branch other than the default branch (aka stable branch) as their merge target. By default, this Action would reject the deployment of a branch named "feature-branch" if it was targeting "foo" instead of "main" (or whatever your default branch is). This option allows you to override that behavior and be able to deploy any branch in your repository regardless of the target branch. This option is potentially unsafe and should be used with caution as most default branches contain branch protection rules. Often times non-default branches do not contain these same branch protection rules. Follow along in this issue thread to learn more https://github.com/github/branch-deploy/issues/340'
     required: false
     default: "false"
+  deployment_confirmation:
+    description: 'Whether or not to require an additional confirmation before a deployment can continue. Default is "false". If your project requires elevated security, it is highly recommended to enable this option - especially in open source projects where you might be deploying forks.'
+    required: false
+    default: "false"
+  deployment_confirmation_timeout:
+    description: 'The number of seconds to wait for a deployment confirmation before timing out. Default is "60" seconds (1 minute).'
+    required: false
+    default: "60"
 outputs:
   continue:
     description: 'The string "true" if the deployment should continue, otherwise empty - Use this to conditionally control if your deployment should proceed or not'

dist/index.js

@@ -230,6 +230,14 @@ export async function help(octokit, context, reactionId, inputs) {
     inputs.draft_permitted_targets
   }\` - ${draft_permitted_targets_message}
   - \`admins: ${inputs.admins}\` - ${admins_message}
+  - \`deployment_confirmation: ${
+    inputs.deployment_confirmation
+  }\` - This Action will ${
+    inputs.deployment_confirmation === true ? 'require' : 'not require'
+  } additional confirmation before deploying
+  - \`deployment_confirmation_timeout: ${
+    inputs.deployment_confirmation_timeout
+  }\` - The timeout (seconds) for the deployment confirmation
   - \`permissions: ${inputs.permissions.join(
     ','
   )}\` - The acceptable permissions that this Action will require to run

dist/index.js.map

@@ -15,6 +15,17 @@ function validateInput(inputName, inputValue, validValues) {
   }
 }
 
+// Helper function to parse and validate integer inputs
+// :param inputName: The name of the input being parsed (string)
+// :returns: The parsed integer value
+function getIntInput(inputName) {
+  const value = parseInt(core.getInput(inputName), 10)
+  if (isNaN(value)) {
+    throw new Error(`Invalid value for ${inputName}: must be an integer`)
+  }
+  return value
+}
+
 // Helper function to get all the inputs for the Action
 // :returns: An object containing all the inputs
 export function getInputs() {
@@ -62,7 +73,7 @@ export function getInputs() {
   const deployment_confirmation = core.getBooleanInput(
     'deployment_confirmation'
   )
-  const deployment_confirmation_timeout = core.getInput(
+  const deployment_confirmation_timeout = getIntInput(
     'deployment_confirmation_timeout'
   )