From 557a00a758b4b3b64ae813794b302e102b4925e9 Mon Sep 17 00:00:00 2001
From: "privilegedescalation-engineer[bot]"
 <269729446+privilegedescalation-engineer[bot]@users.noreply.github.com>
Date: Mon, 4 May 2026 18:26:45 +0000
Subject: [PATCH] fix: enable CI on feature branches and add workflow_dispatch
 (#13)

Fixes PRI-524. Changes push trigger from branches:[main] to branches:['**'] so CI fires on every branch. Adds workflow_dispatch for manual trigger. Adds permissions: contents: read for least-privilege hardening.

All gates clear: CI green, UAT correctly skipped (YAML-only), QA approved (Regina), CTO approved (Nancy).
---
 .github/workflows/ci.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b51bac0..cdcca8a 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -2,9 +2,13 @@ name: CI
 
 on:
   push:
-    branches: [main]
+    branches: ['**']
   pull_request:
     branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: read
 
 jobs:
   ci: