[User Story] Skip deploy-dev workflow for non-infra PRs to avoid spurious environment gate prompts #291
Description
Story Summary
As an operator, I want the deploy-dev workflow to skip entirely for non-infra PRs, so that merging CI-only changes does not trigger a spurious environment protection gate approval request.
✅ Acceptance Criteria
- A
changesjob usingdorny/paths-filteris added todeploy-dev.ymlwith the same infra path filter aspr-tofu-plan-develop.yml - The
deployjob hasneeds: changesandif: needs.changes.outputs.infra == 'true'so it is skipped entirely (not just internally) when no infra files changed - Merging a workflow-only PR to develop does not create a GitHub deployment or trigger the
devenvironment gate - Merging an infra PR to develop still triggers the deploy job and environment gate as before
📝 Additional Context
The deploy job declares environment: dev at the job level. GitHub creates a deployment and fires the environment protection gate as soon as the job is queued — before the internal skip-check logic runs. The fix is to gate the job itself with an if condition so it is never queued for non-infra pushes. When a job is skipped via if, no deployment is created.
📦 Definition of Ready
- Acceptance criteria defined
- No unresolved external dependencies
- Story is estimated
- Team has necessary skills and access
- Priority is clear
- Business value understood
✅ Definition of Done
- All acceptance criteria met
- Peer-reviewed
- Merging a workflow-only PR does not prompt for environment approval