A Copilot-generated draft pull request adds a database migration that can permanently delete legacy audit rows. The team allows the migration plan to be generated automatically, but applying the migration to production must wait for explicit approval from the compliance environment reviewers. Which option completes the workflow?
name: controlled-production-migration
on:
pull_request:
branches:
- main
permissions:
contents: read
pull-requests: read
jobs:
validate-plan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Validate migration plan
run: ./scripts/validate-migration-plan.sh
apply-production-migration:
needs: validate-plan
runs-on: ubuntu-latest
(Missing value 1): production-compliance
permissions:
contents: read
(Missing value 2): write
steps:
- uses: actions/checkout@v4
- name: Apply approved migration
(Missing value 3): ./scripts/apply-production-migration.shChoose an answer
Tap an option to check your answer.
Correct answer: Missing value 1 = environment Missing value 2 = deployments Missing value 3 = run.
Why this is the answer
The correct option completes the workflow by using environment to specify the production-compliance environment, which enables required protections like manual approval. The deployments permission is necessary for the workflow to interact with environments, allowing it to create and manage deployments within the specified environment. Finally, run is the correct keyword to execute the shell script ./scripts/apply-production-migration.sh, which applies the approved migration. Incorrect options: concurrency is used for controlling job concurrency, not for defining environments. checks permission is for managing checks, not deployments. uses is for calling actions, not running shell commands directly. env is for defining environment variables, not for specifying a GitHub Environments. actions permission is for managing GitHub Actions, not deployments. with is for providing inputs to actions, not for executing shell scripts. workflowdispatch is an event trigger, not a job property. pull-requests permission is for managing pull requests, not deployments.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed