From d9aaf5a1461e92fd1cfdda4dc7a47b2d71c59b74 Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Thu, 14 May 2026 04:09:48 +0000 Subject: [PATCH] Fix promotion gate: add uat branch trigger, rename to Promotion Gate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Follows canonical pattern from headlamp-sealed-secrets-plugin. The pull_request trigger now fires on [uat, main] so the promotion gate check auto-runs on PR open/sync for dev→uat PRs, not just on review events. --- .github/workflows/dual-approval.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dual-approval.yaml b/.github/workflows/dual-approval.yaml index c4a96cf..a1c6aef 100644 --- a/.github/workflows/dual-approval.yaml +++ b/.github/workflows/dual-approval.yaml @@ -1,20 +1,20 @@ -name: Dual Approval (CTO + QA) +name: Promotion Gate -# Calls the shared dual-approval-check workflow. -# Passes when both privilegedescalation-cto and privilegedescalation-qa -# have approved the PR. Add "Dual Approval (CTO + QA)" to required_status_checks -# in branch protection to enforce this gate. +# Calls the shared promotion gate workflow. +# dev PRs: no gate (engineer self-merges). +# uat PRs: QA approval required. +# main PRs: UAT approval required (uat→main promotions). on: pull_request_review: types: [submitted, dismissed] pull_request: - branches: [main] + branches: [uat, main] types: [opened, reopened, synchronize] jobs: - dual-approval: + promotion-gate: uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main secrets: inherit with: - pr_number: ${{ github.event.pull_request.number }} + pr_number: ${{ github.event.pull_request.number }} \ No newline at end of file