From 7972c930e109643f2f2269f67baf8400ce868631 Mon Sep 17 00:00:00 2001
From: scottbrumley <scott@nsisecure.com>
Date: Mon, 24 Nov 2025 13:03:38 -0500
Subject: [PATCH 1/3] Protect  Staging from side loading

---
 .github/workflows/protect-staging-merge | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/workflows/protect-staging-merge

diff --git a/.github/workflows/protect-staging-merge b/.github/workflows/protect-staging-merge
new file mode 100644
index 0000000..f94140b
--- /dev/null
+++ b/.github/workflows/protect-staging-merge
@@ -0,0 +1,23 @@
+name: Protect staging from unauthorized merges
+
+on:
+  pull_request:
+    branches:
+      - staging
+
+jobs:
+  restrict-staging-source:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Enforce allowed source branches into staging
+        run: |
+          SRC="${{ github.head_ref }}"
+          echo "PR source branch: $SRC"
+
+          if [[ "$SRC" == "develop" ]]; then
+            echo "✅ Allowed source branch into staging."
+            exit 0
+          fi
+
+          echo "❌ PRs into staging must come from 'develop'."
+          exit 1

From 183b207d9b0d9801b2b20cf3e0e9ea52acea5ff9 Mon Sep 17 00:00:00 2001
From: scottbrumley <scott@nsisecure.com>
Date: Mon, 24 Nov 2025 13:05:44 -0500
Subject: [PATCH 2/3] Delete .github/workflows/protect-staging-merge

---
 .github/workflows/protect-staging-merge | 23 -----------------------
 1 file changed, 23 deletions(-)
 delete mode 100644 .github/workflows/protect-staging-merge

diff --git a/.github/workflows/protect-staging-merge b/.github/workflows/protect-staging-merge
deleted file mode 100644
index f94140b..0000000
--- a/.github/workflows/protect-staging-merge
+++ /dev/null
@@ -1,23 +0,0 @@
-name: Protect staging from unauthorized merges
-
-on:
-  pull_request:
-    branches:
-      - staging
-
-jobs:
-  restrict-staging-source:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Enforce allowed source branches into staging
-        run: |
-          SRC="${{ github.head_ref }}"
-          echo "PR source branch: $SRC"
-
-          if [[ "$SRC" == "develop" ]]; then
-            echo "✅ Allowed source branch into staging."
-            exit 0
-          fi
-
-          echo "❌ PRs into staging must come from 'develop'."
-          exit 1

From 1875f09b319f44a7709f890153ea0a13ea21b02b Mon Sep 17 00:00:00 2001
From: scottbrumley <scott@nsisecure.com>
Date: Mon, 24 Nov 2025 13:08:10 -0500
Subject: [PATCH 3/3] Add workflow to protect staging from unauthorized merges

---
 .github/workflows/protect-staging-merge | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/workflows/protect-staging-merge

diff --git a/.github/workflows/protect-staging-merge b/.github/workflows/protect-staging-merge
new file mode 100644
index 0000000..f94140b
--- /dev/null
+++ b/.github/workflows/protect-staging-merge
@@ -0,0 +1,23 @@
+name: Protect staging from unauthorized merges
+
+on:
+  pull_request:
+    branches:
+      - staging
+
+jobs:
+  restrict-staging-source:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Enforce allowed source branches into staging
+        run: |
+          SRC="${{ github.head_ref }}"
+          echo "PR source branch: $SRC"
+
+          if [[ "$SRC" == "develop" ]]; then
+            echo "✅ Allowed source branch into staging."
+            exit 0
+          fi
+
+          echo "❌ PRs into staging must come from 'develop'."
+          exit 1