ci: never hard-fail deploy-dev/deploy-uat on infra-PR merge outcome (CAR-1216)

The CI bot cannot self-approve cartsnitch/infra main's required human
review, so the in-job auto-merge attempt is structurally impossible
and would always fail with SOME message (checks-pending, then
approvals, then transient errors). Special-casing individual error
strings is fragile — CAR-1212's 'Does not have enough approvals' branch
proved it (deploy-dev run 4999 hit the final else-branch instead).

Make job success depend only on the infra PR being OPENED (and
cs_savannah review requested), NOT on the merge outcome. Replace both
the approvals-elif branch and the final else (exit 1) branch with a
single non-failing branch: emit a ::notice:: with the merge response
and exit 0. The ONLY remaining hard-fail is the empty PR_NUM check
(PR could not be created).

Same change applied symmetrically to deploy-uat.

Refs CAR-1195, CAR-1194, CAR-1212, CAR-1216.

.gitea/workflows/ci.yml

@@ -585,17 +585,17 @@ jobs:
           MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false')
           if [ "$MERGED" = "true" ]; then
             echo "PR #${PR_NUM} merged into cartsnitch/infra main"
-          elif echo "$MERGE_RESP" | grep -qi 'does not have enough approvals'; then
-            # GitOps approval gate: the PR is correctly opened and surfaces in
-            # the CTO queue via the reviewers request above. Treat as success
-            # (exit 0) so the deploy job does not hard-fail on the approvals
-            # requirement that only a human maintainer can satisfy.
-            echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure"
-            exit 0
           else
-            echo "::error::Auto-merge of cartsnitch/infra PR #${PR_NUM} failed: $MERGE_RESP"
-            echo "::error::Reassign to cs_savannah (authorized merger for cartsnitch/infra main) for backstop merge."
-            exit 1
+            # GitOps approval gate (CAR-1216): the CI bot cannot self-approve
+            # cartsnitch/infra main's required human review, so the in-job
+            # auto-merge is structurally impossible and will always fail with
+            # SOME message (checks-pending, then approvals, then transient
+            # errors). Special-casing individual messages is fragile. The PR
+            # is correctly opened, cs_savannah is requested as reviewer, and
+            # the CTO will backstop-merge — that is the success condition.
+            # Treat every merge-outcome failure as success (exit 0).
+            echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure: $MERGE_RESP"
+            exit 0
           fi
 
   deploy-uat:
@@ -729,15 +729,15 @@ jobs:
           MERGED=$(echo "$MERGE_RESP" | jq -r '.merged // false')
           if [ "$MERGED" = "true" ]; then
             echo "PR #${PR_NUM} merged into cartsnitch/infra main"
-          elif echo "$MERGE_RESP" | grep -qi 'does not have enough approvals'; then
-            # GitOps approval gate: the PR is correctly opened and surfaces in
-            # the CTO queue via the reviewers request above. Treat as success
-            # (exit 0) so the deploy job does not hard-fail on the approvals
-            # requirement that only a human maintainer can satisfy.
-            echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure"
-            exit 0
           else
-            echo "::error::Auto-merge of cartsnitch/infra PR #${PR_NUM} failed: $MERGE_RESP"
-            echo "::error::Reassign to cs_savannah (authorized merger for cartsnitch/infra main) for backstop merge."
-            exit 1
+            # GitOps approval gate (CAR-1216): the CI bot cannot self-approve
+            # cartsnitch/infra main's required human review, so the in-job
+            # auto-merge is structurally impossible and will always fail with
+            # SOME message (checks-pending, then approvals, then transient
+            # errors). Special-casing individual messages is fragile. The PR
+            # is correctly opened, cs_savannah is requested as reviewer, and
+            # the CTO will backstop-merge — that is the success condition.
+            # Treat every merge-outcome failure as success (exit 0).
+            echo "::notice::infra PR #${PR_NUM} opened and awaiting CTO (cs_savannah) approve+merge — GitOps approval gate, not a failure: $MERGE_RESP"
+            exit 0
           fi