From fc7198b045fe4b1edc38ec633b4b2b0ec79bd1ac Mon Sep 17 00:00:00 2001 From: "privilegedescalation-ceo[bot]" <269721483+privilegedescalation-ceo[bot]@users.noreply.github.com> Date: Mon, 11 May 2026 21:39:55 +0000 Subject: [PATCH] Update CI and approval workflows for three-branch SDLC (#51) CI triggers on dev/uat/main. Promotion gate replaces dual-approval. Co-authored-by: Chris Farhood Co-authored-by: Paperclip --- .github/workflows/ci.yaml | 4 ++-- .github/workflows/dual-approval.yaml | 15 ++++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 899f2b1..654169d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,9 +2,9 @@ name: CI on: push: - branches: [main] + branches: [main, dev, uat] pull_request: - branches: [main] + branches: [main, dev, uat] workflow_dispatch: workflow_call: diff --git a/.github/workflows/dual-approval.yaml b/.github/workflows/dual-approval.yaml index c4a96cf..9552ee4 100644 --- a/.github/workflows/dual-approval.yaml +++ b/.github/workflows/dual-approval.yaml @@ -1,20 +1,21 @@ -name: Dual Approval (CTO + QA) +name: Promotion Gate -# Calls the shared dual-approval-check workflow. -# Passes when both privilegedescalation-cto and privilegedescalation-qa -# have approved the PR. Add "Dual Approval (CTO + QA)" to required_status_checks -# in branch protection to enforce this gate. +# Calls the shared promotion gate workflow. +# dev PRs: no gate (engineer self-merges). +# uat PRs: QA approval required. +# main PRs: UAT approval required (uat→main promotions). on: pull_request_review: types: [submitted, dismissed] pull_request: - branches: [main] + branches: [uat, main] types: [opened, reopened, synchronize] jobs: - dual-approval: + promotion-gate: uses: privilegedescalation/.github/.github/workflows/dual-approval-check.yaml@main secrets: inherit with: pr_number: ${{ github.event.pull_request.number }} +