ci: notify platform monorepo on push to main

[haasonsaas]

Dispatches a repository_dispatch event to evalops/platform when this repo pushes to main, triggering the automated crossover sync workflow to keep _import/ mirrors up to date.

See evalops/platform#80 for the receiving workflow.
See evalops/platform#65 for the drift tracking issue.

[cursor]

PR Summary

Medium Risk
Introduces a new CI workflow that uses repository secrets to trigger cross-repo automation; misconfigured tokens or unexpected dispatch frequency could impact downstream workflows.

Overview
On every push to main, a new workflow (.github/workflows/notify-platform.yml) triggers a cross-repo dispatch to evalops/platform to kick off downstream sync automation.

The job calls gh api repos/evalops/platform/dispatches with event_type=upstream-service-push and includes the service name plus source SHA/ref in client_payload, failing fast with a clear error if no cross-repo token secret is configured.

^{Reviewed by Cursor Bugbot for commit 3977ae4. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Default token fallback can't dispatch cross-repo events
  • The workflow now requires an explicit cross-repo token and fails early with a clear error when no compatible secret is configured.

Preview (c916332d32)

diff --git a/.github/workflows/notify-platform.yml b/.github/workflows/notify-platform.yml
new file mode 100644
--- /dev/null
+++ b/.github/workflows/notify-platform.yml
@@ -1,0 +1,29 @@
+name: Notify Platform Monorepo
+
+on:
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  dispatch:
+    runs-on: blacksmith-2vcpu-ubuntu-2404
+    steps:
+      - name: Dispatch sync to platform
+        env:
+          GH_TOKEN: ${{ secrets.ADMIN_CONTROL_PLANE_SYNC_TOKEN || secrets.GH_BOT_TOKEN || secrets.PAT }}
+        run: |
+          if [ -z "${GH_TOKEN}" ]; then
+            echo "::error::Set ADMIN_CONTROL_PLANE_SYNC_TOKEN, GH_BOT_TOKEN, or PAT to dispatch to evalops/platform."
+            exit 1
+          fi
+
+          service="${GITHUB_REPOSITORY#*/}"
+          gh api repos/evalops/platform/dispatches \
+            -X POST \
+            -f event_type="upstream-service-push" \
+            -f "client_payload[service]=${service}" \
+            -f "client_payload[source_sha]=${GITHUB_SHA}" \
+            -f "client_payload[source_ref]=${GITHUB_REF_NAME}"

_{You can send follow-ups to the cloud agent here.}

^{Reviewed by Cursor Bugbot for commit 25636af. Configure here.}