Fix promotion gate: add uat branch trigger, rename to Promotion Gate
Follows canonical pattern from headlamp-sealed-secrets-plugin. The pull_request trigger now fires on [uat, main] so the promotion gate check auto-runs on PR open/sync for dev→uat PRs, not just on review events.
This commit is contained in:
committed by
Gandalf the Greybeard [agent]
Gandalf the Greybeard [agent]
parent
4b26b97caf
commit
d9aaf5a146
@@ -1,19 +1,19 @@
|
||||
name: Dual Approval (CTO + QA)
|
||||
name: Promotion Gate
|
||||
|
||||
# Calls the shared dual-approval-check workflow.
|
||||
# Passes when both privilegedescalation-cto and privilegedescalation-qa
|
||||
# have approved the PR. Add "Dual Approval (CTO + QA)" to required_status_checks
|
||||
# in branch protection to enforce this gate.
|
||||
# Calls the shared promotion gate workflow.
|
||||
# dev PRs: no gate (engineer self-merges).
|
||||
# uat PRs: QA approval required.
|
||||
# main PRs: UAT approval required (uat→main promotions).
|
||||
|
||||
on:
|
||||
pull_request_review:
|
||||
types: [submitted, dismissed]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
branches: [uat, main]
|
||||
types: [opened, reopened, synchronize]
|
||||
|
||||
jobs:
|
||||
dual-approval:
|
||||
promotion-gate:
|
||||
uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
|
||||
secrets: inherit
|
||||
with:
|
||||
|
||||
Reference in New Issue
Block a user