From 2d0cc2181c0aee78170b46714dd4b6210f951306 Mon Sep 17 00:00:00 2001
From: Falk Scheerschmidt <falk@staffbase.com>
Date: Wed, 22 Apr 2026 11:01:21 +0200
Subject: [PATCH 1/3] feat: pass through create-deployment input from
 gitops-github-action

Temporarily points to the feat/create-deployment branch of
gitops-github-action to enable end-to-end testing of the new
GitHub Deployment tracking feature (CI-1201).

Co-Authored-By: Claude <claude@anthropic.com>
---
 .github/workflows/template_gitops.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml
index a553749f..d22bf44a 100644
--- a/.github/workflows/template_gitops.yml
+++ b/.github/workflows/template_gitops.yml
@@ -80,6 +80,11 @@ on:
         required: false
         type: string
         default: "."
+      create-deployment:
+        required: false
+        type: boolean
+        default: false
+        description: "Create GitHub Deployments on the source repository and write tracking annotations to the GitOps CRs"
     # waiting for: https://github.com/github-community/community/discussions/17554
     secrets:
       docker-username:
@@ -108,6 +113,7 @@ jobs:
     if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')
     permissions:
       contents: read
+      deployments: write
 
     env:
       USING_APP_CREDENTIALS: ${{ secrets.app-id != '' && secrets.private-key != '' }}
@@ -127,7 +133,7 @@ jobs:
 
       - name: GitOps (build, push and deploy a new Docker image)
         id: gitops
-        uses: Staffbase/gitops-github-action@4c47a273ab3456d6615dde95784239b5f5a1f49d # v7.1
+        uses: Staffbase/gitops-github-action@0a0bb2220d45dff8943d83299ef9d89149510aa7 # feat/create-deployment
         with:
           docker-registry: ${{ inputs.docker-registry }}
           docker-username: ${{ secrets.docker-username }}
@@ -157,3 +163,5 @@ jobs:
           upwind-client-secret: ${{ secrets.upwind-client-secret }}
           upwind-organization-id: ${{ inputs.upwind-organization-id }}
           working-directory: ${{ inputs.working-directory }}
+          create-deployment: ${{ inputs.create-deployment && 'true' || 'false' }}
+          github-token: ${{ inputs.create-deployment && github.token || '' }}

From 340ce643964dff6924a0650d529d7581fc7ddb73 Mon Sep 17 00:00:00 2001
From: Falk Scheerschmidt <falk@staffbase.com>
Date: Wed, 22 Apr 2026 13:48:59 +0200
Subject: [PATCH 2/3] feat: update gitops-github-action to v7.2 with
 create-deployment support

Co-Authored-By: Claude <claude@anthropic.com>
---
 .github/workflows/template_gitops.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/template_gitops.yml b/.github/workflows/template_gitops.yml
index d22bf44a..7a619152 100644
--- a/.github/workflows/template_gitops.yml
+++ b/.github/workflows/template_gitops.yml
@@ -133,7 +133,7 @@ jobs:
 
       - name: GitOps (build, push and deploy a new Docker image)
         id: gitops
-        uses: Staffbase/gitops-github-action@0a0bb2220d45dff8943d83299ef9d89149510aa7 # feat/create-deployment
+        uses: Staffbase/gitops-github-action@2f0c03866d15503b7d1f1d4ca9929ec4bc9e7cf3 # v7.2
         with:
           docker-registry: ${{ inputs.docker-registry }}
           docker-username: ${{ secrets.docker-username }}

From 9f41d48e1a387671b3fc7f207ea8a94481e6dc6f Mon Sep 17 00:00:00 2001
From: Falk Scheerschmidt <falk@staffbase.com>
Date: Wed, 22 Apr 2026 13:50:50 +0200
Subject: [PATCH 3/3] docs: document create-deployment input in GitOps example

Co-Authored-By: Claude <claude@anthropic.com>
---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 7637f99b..ad8ec06e 100644
--- a/README.md
+++ b/README.md
@@ -245,6 +245,7 @@ jobs:
     uses: Staffbase/gha-workflows/.github/workflows/template_gitops.yml@963c984dde02b0a8711f0d098aa9f8a7f2e50bca # v12.0.1
     permissions:
       contents: read
+      deployments: write # only required when create-deployment is true
     with:
       # optional: host of the docker registry, default: "registry.staffbase.com"
       docker-registry: '<your-registry>'
@@ -284,6 +285,8 @@ jobs:
       # optional: files which should be updated for prod
       gitops-prod: |-
         your files
+      # optional: create GitHub Deployments on the source repository and write tracking annotations to the GitOps CRs, default: false
+      create-deployment: true
       # optional: defines the github runner for the gitops step if (e.g. ubuntu-24.04-arm for arm builds), default: ubuntu-24.04
       runs-on: ubuntu-24.04-arm
       # optional: Upwind.io client ID