diff --git a/.github/workflows/test-ci-command.yml b/.github/workflows/test-ci-command.yml
index 0c10671d..d8e45a85 100644
--- a/.github/workflows/test-ci-command.yml
+++ b/.github/workflows/test-ci-command.yml
@@ -54,6 +54,7 @@ jobs:
       PR_head_ref: ${{ fromJSON(steps.comment-branch.outputs.result).ref }}
       PR_num: ${{ fromJSON(steps.comment-branch.outputs.result).num }}
       PR_repo: ${{ fromJSON(steps.comment-branch.outputs.result).repo }}
+      PR_head_sha: ${{ fromJSON(steps.comment-branch.outputs.result).head_sha }}
     steps:
     - uses: actions/github-script@v6
       id: comment-branch
@@ -64,7 +65,7 @@ jobs:
             repo: context.repo.repo,
             pull_number: context.issue.number
           })
-          return { repo: result.data.head.repo.full_name, num: result.data.number, ref: result.data.head.ref }
+          return { repo: result.data.head.repo.full_name, num: result.data.number, ref: result.data.head.ref, head_sha: result.data.head.sha }
   
   get-test-image-tag:
     runs-on: ubuntu-latest
@@ -87,8 +88,10 @@ jobs:
     uses: ./.github/workflows/test-ci-reusable.yml
     needs: [get-test-image-tag, checkout-branch]
     permissions:
+      statuses: write
       packages: write
     with:
       repository: ${{ needs.checkout-branch.outputs.PR_repo }}
       ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
       tag: ${{ needs.get-test-image-tag.outputs.tag }}
+      sha: ${{ needs.checkout-branch.outputs.PR_head_sha }}
diff --git a/.github/workflows/test-ci-push.yml b/.github/workflows/test-ci-push.yml
index 0bc83e3d..0975e414 100644
--- a/.github/workflows/test-ci-push.yml
+++ b/.github/workflows/test-ci-push.yml
@@ -13,6 +13,13 @@ on:
       - cryostat-v[0-9]+.[0-9]+
 
 jobs:
+  check-before-test:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Fail if needs-triage label applied
+      if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-triage') }}
+      run: exit 1
+
   get-test-image-tag:
     runs-on: ubuntu-latest
     outputs:
@@ -30,5 +37,9 @@ jobs:
   run-test-jobs:
     uses: ./.github/workflows/test-ci-reusable.yml
     needs: [get-test-image-tag]
+    permissions:
+      packages: write
+      statuses: write
     with:
       tag: ${{ needs.get-test-image-tag.outputs.tag }}
+      sha: ${{ needs.checkout-branch.outputs.PR_head_sha }}
diff --git a/.github/workflows/test-ci-reusable.yml b/.github/workflows/test-ci-reusable.yml
index a697ff36..a1c9be76 100644
--- a/.github/workflows/test-ci-reusable.yml
+++ b/.github/workflows/test-ci-reusable.yml
@@ -10,11 +10,18 @@ on:
       ref:
         required: false
         type: string
+      sha:
+        required: true
+        type: string
       
 env:
   OPENSUSE_UNOFFICIAL_LIBCONTAINERS_KEY_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04/Release.key"
   OPENSUSE_UNOFFICIAL_LIBCONTAINERS_SOURCE_URL: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_22.04"
 
+permissions:
+  statuses: write
+  packages: write
+
 jobs:
   clean-up-test-images:
     runs-on: ubuntu-latest
@@ -44,6 +51,14 @@ jobs:
         go-version: '1.20.*'
     - name: Run controller tests
       run: make test-envtest
+    - name: Set latest commit status as ${{ job.status }}
+      uses: myrotvorets/set-commit-status-action@master
+      if: always()
+      with:
+        sha: ${{ inputs.sha }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        status: ${{ job.status }}
+        context: ${{ github.job }}
   
   scorecard-test:
     runs-on: ubuntu-latest
@@ -127,3 +142,11 @@ jobs:
         make test-scorecard
     - name: Clean up Kind cluster
       run: kind delete cluster -n ci-${{ github.run_id }}
+    - name: Set latest commit status as ${{ job.status }}
+      uses: myrotvorets/set-commit-status-action@master
+      if: always()
+      with:
+        sha: ${{ inputs.sha }}
+        token: ${{ secrets.GITHUB_TOKEN }}
+        status: ${{ job.status }}
+        context: ${{ github.job }}