forked from palantir/pkg
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.policy.yml
116 lines (108 loc) · 3.47 KB
/
.policy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Excavator auto-updates this file. Please contribute improvements to the central template.
policy:
approval:
- or:
- one admin has approved (PR contributors not allowed)
- two admins have approved
- changelog only and contributor approval
- fixing excavator
- excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props
- excavator only touched config files
- bots updated package.json and lock files
disapproval:
requires:
organizations: [ "palantir" ]
approval_rules:
- name: one admin has approved (PR contributors not allowed)
options:
allow_contributor: false
requires:
count: 1
permissions: ["admin", "maintain"]
- name: two admins have approved
options:
allow_contributor: true
requires:
count: 2
permissions: ["admin", "maintain"]
- name: changelog only and contributor approval
options:
allow_contributor: true
requires:
count: 1
permissions: ["admin", "maintain"]
if:
only_changed_files:
paths:
- "changelog/@unreleased/.*\\.yml"
- name: fixing excavator
options:
allow_contributor: true
requires:
count: 1
permissions: ["admin", "maintain"]
if:
has_author_in:
users: [ "svc-excavator-bot", "dependabot[bot]" ]
- name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props
requires:
count: 0
if:
has_author_in:
users: [ "svc-excavator-bot", "dependabot[bot]" ]
only_changed_files:
# product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes
# this way excavator cannot change the deployability of a service or product via auto-merge
paths:
- "changelog/@unreleased/.*\\.yml"
- "^\\.baseline/.*$"
- "^(.+/)?Cargo.toml$"
- "^Cargo.lock$"
- "^\\.circleci/.*$"
- "^\\.docker-compose-rule\\.yml$"
- "^.*gradle$"
- "^\\.palantir/go-version$"
- "^gradle/wrapper/.*"
- "^gradlew$"
- "^gradlew.bat$"
- "^gradle.properties$"
- "^settings.gradle$"
- "^.*go.mod$"
- "^.*go.sum$"
- "^.*godelw$"
- "^.*godel/config/godel.properties$"
- "^.*godel/config/godel.yml$"
- "^.*vendor/.*$"
- "^versions.props$"
- "^versions.lock$"
- "^internal/generated/.*"
- "^internal/generated_src/.*"
- "^gradle-baseline-java/src/main/resources/checkstyle.version$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0", "4AEE18F83AFDEB23"]
- name: excavator only touched config files
requires:
count: 0
if:
has_author_in:
users: [ "svc-excavator-bot" ]
only_changed_files:
paths:
- "^\\..*.yml$"
- "^\\.github/.*$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0"]
- name: bots updated package.json and lock files
requires:
count: 0
if:
has_author_in:
users:
- "svc-excavator-bot"
- "dependabot[bot]"
only_changed_files:
paths:
- "^.*yarn.lock$"
- "^.*package.json$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0"]