refactor(ci): add shared ci success (#41)

Co-authored-by: Codex <noreply@openai.com>

Author: jbeckwith-oai

.github/workflows/promptfoo-code-scan.yml

@@ -2,7 +2,7 @@ name: Promptfoo Code Scan
 
 on:
   pull_request:
-    types: [opened]
+    types: [opened, synchronize, reopened]
 
 jobs:
   security-scan:
@@ -24,3 +24,20 @@ jobs:
           min-severity: medium
           guidance: |
             - Always comment on a block of code—never just a single line. And always make sure the start line comes before the end line.
+
+  ci-success:
+    name: CI Success
+    runs-on: ubuntu-latest
+    needs: [security-scan]
+    if: always()
+    timeout-minutes: 5
+    permissions:
+      checks: read
+      statuses: read
+
+    steps:
+      - name: Wait for all PR checks to succeed
+        uses: promptfoo/.github/.github/actions/ci-success@main
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          timeout-seconds: 300