From e0d4bbad89253d22104daa26323676f9185de864 Mon Sep 17 00:00:00 2001
From: sauagarwa <sauagarw@redhat.com>
Date: Wed, 11 Mar 2026 16:09:39 -0400
Subject: [PATCH 1/2] ci: enforce PR target branch policy

Require contributor PRs to target dev and allow main PRs only from automated release branches created by GitHub Actions.

Made-with: Cursor
---
 .github/workflows/enforce-pr-target.yml | 48 +++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 .github/workflows/enforce-pr-target.yml

diff --git a/.github/workflows/enforce-pr-target.yml b/.github/workflows/enforce-pr-target.yml
new file mode 100644
index 0000000..dd441fb
--- /dev/null
+++ b/.github/workflows/enforce-pr-target.yml
@@ -0,0 +1,48 @@
+name: Enforce PR Target Branch
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize, edited]
+
+jobs:
+  validate-target-branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate PR base branch policy
+        env:
+          BASE_REF: ${{ github.event.pull_request.base.ref }}
+          HEAD_REF: ${{ github.event.pull_request.head.ref }}
+          ACTOR: ${{ github.actor }}
+        run: |
+          echo "Validating PR policy..."
+          echo "base=${BASE_REF} head=${HEAD_REF} actor=${ACTOR}"
+
+          # Standard development flow: PRs target dev.
+          if [ "${BASE_REF}" = "dev" ]; then
+            echo "OK: PR targets dev."
+            exit 0
+          fi
+
+          # Release flow: only GitHub Actions can open release/* PRs to main.
+          if [ "${BASE_REF}" = "main" ]; then
+            if [ "${ACTOR}" != "github-actions[bot]" ]; then
+              echo "ERROR: PRs to main are restricted to github-actions[bot]."
+              echo "Please open your PR against dev."
+              exit 1
+            fi
+
+            case "${HEAD_REF}" in
+              release/*)
+                echo "OK: Automated release PR to main."
+                exit 0
+                ;;
+              *)
+                echo "ERROR: Automated PRs to main must come from release/* branches."
+                exit 1
+                ;;
+            esac
+          fi
+
+          echo "ERROR: Invalid PR base branch '${BASE_REF}'."
+          echo "PRs must target dev. Only automated release PRs may target main."
+          exit 1

From e7f96a62753ae25366c47f89ae12a163255d5eba Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 11 Mar 2026 20:13:30 +0000
Subject: [PATCH 2/2] chore: bump version to 0.2.36

---
 deploy/helm/rag/Chart.yaml  | 4 ++--
 deploy/helm/rag/values.yaml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/deploy/helm/rag/Chart.yaml b/deploy/helm/rag/Chart.yaml
index 5239436..a362bd2 100644
--- a/deploy/helm/rag/Chart.yaml
+++ b/deploy/helm/rag/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: rag
 description: A Helm chart for Kubernetes
 type: application
-version: 0.2.33
-appVersion: "0.2.33"
+version: 0.2.36
+appVersion: "0.2.36"
 
 dependencies:
   - name: pgvector
diff --git a/deploy/helm/rag/values.yaml b/deploy/helm/rag/values.yaml
index cba540d..458feda 100644
--- a/deploy/helm/rag/values.yaml
+++ b/deploy/helm/rag/values.yaml
@@ -3,7 +3,7 @@ replicaCount: 1
 image:
   repository: quay.io/rh-ai-quickstart/llamastack-dist-ui
   pullPolicy: Always
-  tag: latest-dev
+  tag: 0.2.36
 
 service:
   type: ClusterIP