forked from palantir/blueprint
-
Notifications
You must be signed in to change notification settings - Fork 1
/
.policy.yml
110 lines (102 loc) · 3.04 KB
/
.policy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Excavator auto-updates this file. Please contribute improvements to the central template.
policy:
approval:
- or:
- one admin has approved (PR contributors not allowed)
- two admins have approved
- changelog only and contributor approval
- fixing excavator
- excavator only touched baseline, circle, gradle files, godel files, go dependencies, docker-compose-rule config or versions.props
- excavator only touched config files
- bots updated package.json and lock files
disapproval:
requires:
organizations: [ "palantir" ]
approval_rules:
- name: one admin has approved (PR contributors not allowed)
options:
allow_contributor: false
requires:
count: 1
admins: true
- name: two admins have approved
options:
allow_contributor: true
requires:
count: 2
admins: true
- name: changelog only and contributor approval
options:
allow_contributor: true
requires:
count: 1
admins: true
if:
only_changed_files:
paths:
- "changelog/@unreleased/.*\\.yml"
- name: fixing excavator
options:
allow_contributor: true
requires:
count: 1
admins: true
if:
has_author_in:
users: [ "svc-excavator-bot" ]
- name: excavator only touched baseline, circle, gradle files, godel files, go dependencies, docker-compose-rule config or versions.props
requires:
count: 0
if:
has_author_in:
users: [ "svc-excavator-bot" ]
only_changed_files:
# product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes
# this way excavator cannot change the deployability of a service or product via auto-merge
paths:
- "changelog/@unreleased/.*\\.yml"
- "^\\.baseline/.*$"
- "^\\.circleci/.*$"
- "^\\.docker-compose-rule\\.yml$"
- "^.*gradle$"
- "^gradle/wrapper/.*"
- "^gradlew$"
- "^gradlew.bat$"
- "^gradle.properties$"
- "^settings.gradle$"
- "^go.mod$"
- "^go.sum$"
- "^godelw$"
- "^godel/config/godel.properties$"
- "^godel/config/godel.yml$"
- "^vendor/.*$"
- "^versions.props$"
- "^versions.lock$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0"]
- name: excavator only touched config files
requires:
count: 0
if:
has_author_in:
users: [ "svc-excavator-bot" ]
only_changed_files:
paths:
- "^\\..*.yml$"
- "^\\.github/.*$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0"]
- name: bots updated package.json and lock files
requires:
count: 0
if:
has_author_in:
users:
- "svc-excavator-bot"
- "dependabot[bot]"
only_changed_files:
paths:
- "^.*yarn.lock$"
- "^.*package.json$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0"]