# Excavator auto-updates this file. Please contribute improvements to the central template. policy: approval: - or: - one admin has approved (PR contributors not allowed) - two admins have approved - changelog only and contributor approval - fixing excavator - excavator only touched baseline, circle, gradle files, godel files, go dependencies, docker-compose-rule config or versions.props - excavator only touched config files - bots updated package.json and lock files disapproval: requires: organizations: [ "palantir" ] approval_rules: - name: one admin has approved (PR contributors not allowed) options: allow_contributor: false requires: count: 1 admins: true - name: two admins have approved options: allow_contributor: true requires: count: 2 admins: true - name: changelog only and contributor approval options: allow_contributor: true requires: count: 1 admins: true if: only_changed_files: paths: - "changelog/@unreleased/.*\\.yml" - name: fixing excavator options: allow_contributor: true requires: count: 1 admins: true if: has_author_in: users: [ "svc-excavator-bot" ] - name: excavator only touched baseline, circle, gradle files, godel files, go dependencies, docker-compose-rule config or versions.props requires: count: 0 if: has_author_in: users: [ "svc-excavator-bot" ] only_changed_files: # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes # this way excavator cannot change the deployability of a service or product via auto-merge paths: - "changelog/@unreleased/.*\\.yml" - "^\\.baseline/.*$" - "^\\.circleci/.*$" - "^\\.docker-compose-rule\\.yml$" - "^.*gradle$" - "^\\.palantir/go-version$" - "^gradle/wrapper/.*" - "^gradlew$" - "^gradlew.bat$" - "^gradle.properties$" - "^settings.gradle$" - "^go.mod$" - "^go.sum$" - "^godelw$" - "^godel/config/godel.properties$" - "^godel/config/godel.yml$" - "^vendor/.*$" - "^versions.props$" - "^versions.lock$" has_valid_signatures_by_keys: key_ids: ["C9AF124A484882E0"] - name: excavator only touched config files requires: count: 0 if: has_author_in: users: [ "svc-excavator-bot" ] only_changed_files: paths: - "^\\..*.yml$" - "^\\.github/.*$" has_valid_signatures_by_keys: key_ids: ["C9AF124A484882E0"] - name: bots updated package.json and lock files requires: count: 0 if: has_author_in: users: - "svc-excavator-bot" - "dependabot[bot]" only_changed_files: paths: - "^.*yarn.lock$" - "^.*package.json$" has_valid_signatures_by_keys: key_ids: ["C9AF124A484882E0"]