Skip to content

ci: enable merge queue and release environment approval gate#97

Merged
SebTardif merged 1 commit into
mainfrom
ci/merge-queue-release-env
May 27, 2026
Merged

ci: enable merge queue and release environment approval gate#97
SebTardif merged 1 commit into
mainfrom
ci/merge-queue-release-env

Conversation

@SebTardif

@SebTardif SebTardif commented May 27, 2026

Copy link
Copy Markdown
Contributor

Changes

Migrate to repository rulesets (#75)

Replaced legacy branch protection rules on main with a repository
ruleset (main-branch-protection, ID 16941636):

Setting Legacy Ruleset
Required checks CI Gate, DCO CI Gate, DCO
Linear history Yes Yes
Force push Blocked Blocked (non_fast_forward)
Deletions Blocked Blocked
Admin bypass No Yes (RepositoryRole: Admin)
Merge queue N/A Enabled (new)

Legacy branch protection rules have been deleted.

Enable merge queue (#61)

Merge queue is configured in the ruleset with:

  • Merge method: squash
  • Grouping: ALLGREEN (all PRs in group must pass checks)
  • Build concurrency: 5
  • Min entries: 1 (no batching delay for solo PRs)
  • Wait time: 1 min before merging below min threshold
  • Check timeout: 30 min

Added merge_group: {} trigger to ci.yaml so CI runs on merge queue
events.

Release environment with approval gate (#67)

Created a release environment with:

  • Required reviewer: @SebTardif
  • Deployment policy: restricted to v* tags only
  • Admin bypass: enabled

The release workflow now declares environment: release, so pushing a
v* tag will pause the release job until approved in the GitHub UI.

Closes #75
Closes #61
Closes #67

@SebTardif
ci: enable merge queue and release environment approval gate
59124c6 
Add merge_group trigger to ci.yaml so CI runs when PRs enter the merge
queue. The merge queue is configured in the new main-branch-protection
ruleset (replaces legacy branch protection rules) with squash merging,
ALLGREEN grouping, and 1-min wait before merging singles.

Add environment: release to the release workflow. The release environment
requires approval from @SebTardif before the release job can proceed,
preventing accidental tag pushes from triggering unreviewed releases.
Deployment is restricted to v* tags.

Ruleset and environment were created via API in this session:
- Ruleset ID 16941636 (main-branch-protection)
- Environment: release (required reviewer: SebTardif, tag policy: v*)

Closes #75
Closes #61
Closes #67

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
@github-actions github-actions Bot added area/ci CI/CD workflows size/xs < 10 lines changed labels May 27, 2026
@SebTardif SebTardif merged commit 7203df5 into main May 27, 2026
33 checks passed
@SebTardif SebTardif deleted the ci/merge-queue-release-env branch May 27, 2026 17:13
@SebTardif SebTardif mentioned this pull request May 27, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/ci CI/CD workflows size/xs < 10 lines changed

Projects

None yet

Milestone

No milestone

1 participant

@SebTardif