Chris Farhood
d8d995308b
Resolves add/add conflict in audit-ci.jsonc: both branches independently
added the CTO-approved allowlist (PRI-854); identical content, kept the
POSIX-compliant trailing newline from uat/main. Also adds trailing newline
to dual-approval.yaml (missed in dev commit 990c796).
Changes promoted from dev:
- .github/workflows/dual-approval.yaml: Promotion Gate workflow (uat+main trigger)
- audit-ci.jsonc: CTO-approved allowlist for 3 inherited dev-only CVEs
Co-Authored-By: Paperclip <noreply@paperclip.ing>
21 lines
548 B
YAML
21 lines
548 B
YAML
name: Promotion Gate
|
|
|
|
# Calls the shared promotion gate workflow.
|
|
# dev PRs: no gate (engineer self-merges).
|
|
# uat PRs: QA approval required.
|
|
# main PRs: UAT approval required (uat→main promotions).
|
|
|
|
on:
|
|
pull_request_review:
|
|
types: [submitted, dismissed]
|
|
pull_request:
|
|
branches: [uat, main]
|
|
types: [opened, reopened, synchronize]
|
|
|
|
jobs:
|
|
promotion-gate:
|
|
uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
|
|
secrets: inherit
|
|
with:
|
|
pr_number: ${{ github.event.pull_request.number }}
|