From e4e40b8bd41853a139481e83cf8fc1b433c57869 Mon Sep 17 00:00:00 2001
From: Justin Beckwith <jbeckwith@openai.com>
Date: Mon, 23 Mar 2026 14:24:54 -0700
Subject: [PATCH] refactor(ci): add shared ci success

Co-authored-by: Codex <noreply@openai.com>
---
 .github/workflows/promptfoo-code-scan.yml | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/promptfoo-code-scan.yml b/.github/workflows/promptfoo-code-scan.yml
index 49ed9c0..10b3d61 100644
--- a/.github/workflows/promptfoo-code-scan.yml
+++ b/.github/workflows/promptfoo-code-scan.yml
@@ -2,7 +2,7 @@ name: Promptfoo Code Scan
 
 on:
   pull_request:
-    types: [opened]
+    types: [opened, synchronize, reopened]
 
 jobs:
   security-scan:
@@ -24,3 +24,20 @@ jobs:
           min-severity: medium
           guidance: |
             - Always comment on a block of code—never just a single line. And always make sure the start line comes before the end line.
+
+  ci-success:
+    name: CI Success
+    runs-on: ubuntu-latest
+    needs: [security-scan]
+    if: always()
+    timeout-minutes: 5
+    permissions:
+      checks: read
+      statuses: read
+
+    steps:
+      - name: Wait for all PR checks to succeed
+        uses: promptfoo/.github/.github/actions/ci-success@main
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          timeout-seconds: 300