From 941fb291188c9380dc565bce0acb9d98e738a150 Mon Sep 17 00:00:00 2001
From: Pranish Nepal <pranishnepal@bitgo.com>
Date: Tue, 2 Jun 2026 14:50:37 -0400
Subject: [PATCH] ci(gha): gate release workflow approval

Add environment: prod to the release job so releases require approval
from the hsm/wallet-platform reviewers configured on the prod
environment in infra.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

Ticket: WAL-1513
---
 .github/workflows/release-to-ghcr.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release-to-ghcr.yaml b/.github/workflows/release-to-ghcr.yaml
index 0317748..d4b67fd 100644
--- a/.github/workflows/release-to-ghcr.yaml
+++ b/.github/workflows/release-to-ghcr.yaml
@@ -17,6 +17,7 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    environment: prod
     # Expose semantic-release outputs so downstream jobs can gate on and read the version
     outputs:
       new-release-published: ${{ steps.release.outputs.new_release_published }}