fix(backtrack): unblock Merges API when enforce_admins + PR reviews are active (#191)

The backtrack workflow's automated `POST /repos/.../merges` calls were
blocked by branch protection: `enforce_admins: true` combined with
`required_pull_request_reviews` rejects the Merges API even for admin
tokens — there's no bypass.

## Changes

**`lock/action.yml`** — adds `skip-pull-request-reviews` input. When
`true`, sends `required_pull_request_reviews: null` in the PUT payload
instead of the review config object:

```yaml
"required_pull_request_reviews": (if $skip_reviews then null else {
  "dismiss_stale_reviews": $dismiss_stale,
  "require_code_owner_reviews": false,
  "required_approving_review_count": $review_count
} end)
```

**`backtrack.yml`** — the two "unlock for merge" steps (preview and
develop branches) now pass `skip-pull-request-reviews: 'true'`. The
existing `always()`-guarded restore steps re-apply full PR review
requirements after each merge regardless of outcome.

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: petesramek <2333452+petesramek@users.noreply.github.com>

Author: Copilot

.github/actions/github/branch-protection/lock/action.yml

@@ -24,6 +24,10 @@ inputs:
     description: 'When true, repository admins are exempt from all branch protection rules (enforce_admins is disabled). When false (default), admins are also subject to the rules.'
     required: false
     default: 'false'
+  skip-pull-request-reviews:
+    description: 'When true, sets required_pull_request_reviews to null (removes PR review requirement). Use temporarily before automated merges so the merge API is not blocked. When false (default), PR reviews are required as configured.'
+    required: false
+    default: 'false'
 
 runs:
   using: composite
@@ -43,14 +47,15 @@ runs:
           --argjson dismiss_stale '${{ inputs.dismiss-stale-reviews }}' \
           --argjson enforce_admins "$ENFORCE_ADMINS" \
           --argjson lock_branch '${{ inputs.lock-branch }}' \
+          --argjson skip_reviews '${{ inputs.skip-pull-request-reviews }}' \
           '{
             "required_status_checks": null,
             "enforce_admins": $enforce_admins,
-            "required_pull_request_reviews": {
+            "required_pull_request_reviews": (if $skip_reviews then null else {
               "dismiss_stale_reviews": $dismiss_stale,
               "require_code_owner_reviews": false,
               "required_approving_review_count": $review_count
-            },
+            } end),
             "restrictions": null,
             "allow_force_pushes": false,
             "allow_deletions": false,

.github/workflows/backtrack.yml

@@ -94,6 +94,7 @@ jobs:
           branch: ${{ steps.targets.outputs.preview-branch }}
           token: ${{ secrets.GH_ADMIN_TOKEN }}
           lock-branch: 'false'
+          skip-pull-request-reviews: 'true'
 
       - name: 'Backtrack: merge ${{ github.base_ref }} into ${{ steps.targets.outputs.preview-branch }}'
         if: ${{ steps.targets.outputs.preview-branch != '' }}
@@ -112,6 +113,7 @@ jobs:
           branch: ${{ steps.targets.outputs.develop-branch }}
           token: ${{ secrets.GH_ADMIN_TOKEN }}
           lock-branch: 'false'
+          skip-pull-request-reviews: 'true'
 
       - name: 'Backtrack: merge ${{ steps.targets.outputs.merge-source }} into ${{ steps.targets.outputs.develop-branch }}'
         if: ${{ steps.check-develop.outputs.exists == 'true' }}