ci: add dual-approval caller workflow
Calls the shared privilegedescalation/.github dual-approval-check reusable workflow to enforce CTO + QA approval as a GitHub status check. Once privilegedescalation/.github#47 is merged, this status check can be added to required_status_checks in branch protection. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
privilegedescalation-engineer[bot]
committed by
GitHub
GitHub
parent
fbd8e27a56
commit
e3c17c9380
@@ -0,0 +1,18 @@
|
|||||||
|
name: Dual Approval (CTO + QA)
|
||||||
|
|
||||||
|
# Calls the shared dual-approval-check workflow.
|
||||||
|
# Passes when both privilegedescalation-cto and privilegedescalation-qa
|
||||||
|
# have approved the PR. Add "Dual Approval (CTO + QA)" to required_status_checks
|
||||||
|
# in branch protection to enforce this gate.
|
||||||
|
|
||||||
|
on:
|
||||||
|
pull_request_review:
|
||||||
|
types: [submitted, dismissed]
|
||||||
|
pull_request:
|
||||||
|
branches: [main]
|
||||||
|
types: [opened, reopened, synchronize]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
dual-approval:
|
||||||
|
uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
|
||||||
|
secrets: inherit
|
||||||
Reference in New Issue
Block a user