From 4f966fd3108a1cdebc5bdd03f27d3073bdca5202 Mon Sep 17 00:00:00 2001
From: AJ Mabry <81774843+aj-bw@users.noreply.github.com>
Date: Tue, 29 Jul 2025 13:23:47 -0400
Subject: [PATCH] update trigger logic to deploy rc branches to staging

---
 .github/workflows/build-web.yml | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index f00ae07fba3..16d36bf1e63 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -381,7 +381,7 @@ jobs:
 
   trigger-web-vault-deploy:
     name: Trigger web vault deploy
-    if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
+    if: github.event_name != 'pull_request' && ( github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-web' )
     runs-on: ubuntu-24.04
     needs: build-containers
     permissions:
@@ -404,7 +404,8 @@ jobs:
       - name: Log out from Azure
         uses: bitwarden/gh-actions/azure-logout@main
 
-      - name: Trigger web vault deploy using GitHub Run ID
+      - name: Trigger US-DEV web vault deploy using GitHub Run ID
+        if: github.ref == 'refs/heads/main'
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
@@ -419,6 +420,25 @@ jobs:
                 'build-web-run-id': '${{ github.run_id }}'
               }
             })
+      
+      - name: Trigger US-QA staging web vault deploy using GitHub Run ID
+        if: github.event_name != 'pull_request' && ( github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-web' )
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          script: |
+            const tag = context.ref === 'refs/heads/rc' ? 'rc' : 'hotfix-rc-web';
+            
+            await github.rest.actions.createWorkflowDispatch({
+              owner: 'bitwarden',
+              repo: 'clients',
+              workflow_id: 'deploy-web.yml',
+              ref: tag,
+              inputs: {
+                'environment': 'USQA',
+                'build-web-run-id': '${{ github.run_id }}'
+              }
+            })
 
 
   check-failures: