Chris Farhood
0b44deeeff
When triggered by pull_request_review events, github.event.pull_request is undefined, which can cause issues when the job tries to access github.event.pull_request.number. Add a job-level if guard to prevent the job from running in these conditions. This addresses the dual approval failures seen on feature branches where the workflow was running without a valid PR context. Co-Authored-By: Paperclip <noreply@paperclip.ing>
22 lines
662 B
YAML
22 lines
662 B
YAML
name: Dual Approval (CTO + QA)
|
|
|
|
# Calls the shared dual-approval-check workflow.
|
|
# Passes when both privilegedescalation-cto and privilegedescalation-qa
|
|
# have approved the PR. Add "Dual Approval (CTO + QA)" to required_status_checks
|
|
# in branch protection to enforce this gate.
|
|
|
|
on:
|
|
pull_request_review:
|
|
types: [submitted, dismissed]
|
|
pull_request:
|
|
branches: [main]
|
|
types: [opened, reopened, synchronize]
|
|
|
|
jobs:
|
|
dual-approval:
|
|
if: github.event.pull_request != null
|
|
uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main
|
|
secrets: inherit
|
|
with:
|
|
pr_number: ${{ github.event.pull_request.number }}
|