From 63fdbc968324a60eb84112273ce1ecc103833df1 Mon Sep 17 00:00:00 2001
From: Marcus Aspin <maspin@unilink.com>
Date: Mon, 19 Feb 2024 09:40:47 +0000
Subject: [PATCH] PI-1795 Require approval for deployments while environment is
 disabled/read-only (#3256)

---
 .github/workflows/readonly.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/readonly.yml b/.github/workflows/readonly.yml
index 464093a261..f7ee5c5dd7 100644
--- a/.github/workflows/readonly.yml
+++ b/.github/workflows/readonly.yml
@@ -60,6 +60,16 @@ jobs:
           )
           echo "projects=$json" | tee -a "$GITHUB_OUTPUT"
 
+  approval:
+    name: Update environment approval
+    if: inputs.environment != 'prod'
+    runs-on: ubuntu-latest
+    steps:
+      - run: jq -n "$reviewers" | gh api -XPUT '/repos/ministryofjustice/hmpps-probation-integration-services/environments/${{ inputs.environment }}' --input -
+        env:
+          reviewers: ${{ inputs.action == 'enable' && '{"reviewers":[{"type":"Team","id":5521382}]}' || '{"reviewers":[]}' }}
+          GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
+
   # Event publishers always require write access to the DB, so stop them while in read-only mode
   event-publishers:
     name: ${{ inputs.action == 'enable' && 'Stop' || 'Start' }} event publishers