From c044ac21087e369cbd2127326f0a65d44eaafeb4 Mon Sep 17 00:00:00 2001
From: AJ Mabry <81774843+aj-bw@users.noreply.github.com>
Date: Tue, 29 Jul 2025 21:18:58 -0400
Subject: [PATCH] add branch protection for staging

---
 .github/workflows/deploy-web.yml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml
index e21f7ae1e79..720d1e317dc 100644
--- a/.github/workflows/deploy-web.yml
+++ b/.github/workflows/deploy-web.yml
@@ -147,21 +147,27 @@ jobs:
           PROD_ENV_PATTERN='USPROD|EUPROD'
           PROD_ALLOWED_TAGS_PATTERN='web-v[0-9]+\.[0-9]+\.[0-9]+'
 
-          QA_ENV_PATTERN='USQA|EUQA'
-          QA_ALLOWED_TAGS_PATTERN='.*'
+          EU_QA_ENV_PATTERN='EUQA'
+          EU_QA_ALLOWED_TAGS_PATTERN='.*'
 
           DEV_ENV_PATTERN='USDEV'
           DEV_ALLOWED_TAGS_PATTERN='main'
 
+          US_QA_ENV_PATTERN='USQA'
+          US_QA_ALLOWED_TAGS_PATTERN='rc|hotfix-rc-web'
+
           if [[ \
               ${{ inputs.environment }} =~ \.*($PROD_ENV_PATTERN)\.* && \
               ! "$BRANCH_OR_TAG_LOWER" =~ ^($PROD_ALLOWED_TAGS_PATTERN).* \
           ]] || [[ \
-              ${{ inputs.environment }} =~ \.*($QA_ENV_PATTERN)\.* && \
-              ! "$BRANCH_OR_TAG_LOWER" =~ ^($QA_ALLOWED_TAGS_PATTERN).* \
+              ${{ inputs.environment }} =~ \.*($EU_QA_ENV_PATTERN)\.* && \
+              ! "$BRANCH_OR_TAG_LOWER" =~ ^($EU_QA_ALLOWED_TAGS_PATTERN).* \
           ]] || [[ \
               ${{ inputs.environment }} =~ \.*($DEV_ENV_PATTERN)\.* && \
               $BRANCH_OR_TAG_LOWER != $DEV_ALLOWED_TAGS_PATTERN \
+          ]] || [[ \
+              ${{ inputs.environment }} =~ \.*($US_QA_ENV_PATTERN)\.* && \
+              ! "$BRANCH_OR_TAG_LOWER" =~ ^($US_QA_ALLOWED_TAGS_PATTERN).* \
           ]]; then
               echo "!Deployment blocked!"
               echo "Attempting to deploy a tag that is not allowed in ${{ inputs.environment }} environment"