From bcd1bbe950d235677beef1ac5c1a0a5ba544e6ec Mon Sep 17 00:00:00 2001
From: Grayson Adams <51373669+GraysonCAdams@users.noreply.github.com>
Date: Tue, 3 Mar 2026 00:17:45 -0600
Subject: [PATCH] fix: add security-status to release PR checks and fix
 auto-merge parsing

The release-pr-checks workflow wasn't posting a security-status commit
status, causing branch protection to block merging release PRs.

Also fix release.yml auto-merge step which was failing because
steps.rp.outputs.pr is a JSON object, not a PR number.
---
 .github/workflows/release-pr-checks.yml | 2 +-
 .github/workflows/release.yml           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release-pr-checks.yml b/.github/workflows/release-pr-checks.yml
index 1e6d8d6..5bc2bd0 100644
--- a/.github/workflows/release-pr-checks.yml
+++ b/.github/workflows/release-pr-checks.yml
@@ -137,7 +137,7 @@ jobs:
           fi
 
           echo "Posting $STATE status to $HEAD_SHA for required checks..."
-          for CHECK in "ci" "lint-and-check"; do
+          for CHECK in "ci" "lint-and-check" "security-status"; do
             gh api "repos/${{ github.repository }}/statuses/$HEAD_SHA" \
               -f state="$STATE" -f context="$CHECK" \
               -f description="$DESC" -f target_url="$RUN_URL"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 75769ee..3b331e1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,6 +34,6 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          PR_NUM="${{ steps.rp.outputs.pr }}"
+          PR_NUM=$(echo '${{ steps.rp.outputs.pr }}' | jq -r '.number')
           echo "Enabling auto-merge for release PR #$PR_NUM"
           gh pr merge "$PR_NUM" --auto --squash --repo "${{ github.repository }}"