From 8e19413bbb408633efd1b372d7b47982bf1abf3e Mon Sep 17 00:00:00 2001
From: Dafydd Jones <dafydd@techneg.it>
Date: Mon, 16 Mar 2026 22:11:46 +0000
Subject: [PATCH] fix(safe-settings): allow GitLab CI to bypass status checks
 for releasing

* Releases are currently managed using GitLab CI so GitHub doesn't know
  whether the status checks have passed or not (on GitLab).
  This bypass allows `semantic-release` to push to the `master` branch
  using the `saltstack-formulas-github` user token.
---
 safe-settings/suborgs/rulesets.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/safe-settings/suborgs/rulesets.yml b/safe-settings/suborgs/rulesets.yml
index ec9b3f9..32ec19c 100644
--- a/safe-settings/suborgs/rulesets.yml
+++ b/safe-settings/suborgs/rulesets.yml
@@ -19,6 +19,12 @@ rulesets:
   - name: Require status checks before updating the default branch
     target: branch
     enforcement: active
+    bypass_actors:
+      # Bypass needed for the team `release-automation-bots` to allow for
+      # GitLab CI-managed releases
+      - actor_id: 16592346
+        actor_type: Team
+        bypass_mode: always
     conditions:
       ref_name:
         include: