gradle-graal/.policy.yml
2021-06-20 06:38:52 +00:00

116 lines
3.2 KiB
YAML

# Excavator auto-updates this file. Please contribute improvements to the central template.
policy:
approval:
- or:
- infrastructure-notify has been notified
- one admin has approved (PR contributors not allowed)
- two admins have approved
- changelog only and contributor approval
- fixing excavator
- excavator only touched baseline, circle, gradle files, godel files, docker-compose-rule config or versions.props
- excavator only touched config files
- bots updated package.json and lock files
disapproval:
requires:
organizations: [ "palantir" ]
approval_rules:
- name: infrastructure-notify has been notified
options:
allow_contributor: false
request_review:
enabled: true
requires:
count: 1
teams: [ "palantir/infrastructure-notify" ]
- name: one admin has approved (PR contributors not allowed)
options:
allow_contributor: false
requires:
count: 1
admins: true
- name: two admins have approved
options:
allow_contributor: true
requires:
count: 2
admins: true
- name: changelog only and contributor approval
options:
allow_contributor: true
requires:
count: 1
admins: true
if:
only_changed_files:
paths:
- "changelog/@unreleased/.*\\.yml"
- name: fixing excavator
options:
allow_contributor: true
requires:
count: 1
admins: true
if:
has_author_in:
users: [ "svc-excavator-bot" ]
- name: excavator only touched baseline, circle, gradle files, godel files, docker-compose-rule config or versions.props
requires:
count: 0
if:
has_author_in:
users: [ "svc-excavator-bot" ]
only_changed_files:
# product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes
# this way excavator cannot change the deployability of a service or product via auto-merge
paths:
- "changelog/@unreleased/.*\\.yml"
- "^\\.baseline/.*$"
- "^\\.circleci/.*$"
- "^\\.docker-compose-rule\\.yml$"
- "^.*gradle$"
- "^gradle/wrapper/.*"
- "^gradlew$"
- "^gradlew.bat$"
- "^gradle.properties$"
- "^settings.gradle$"
- "^godelw$"
- "^godel/config/godel.properties$"
- "^versions.props$"
- "^versions.lock$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0"]
- name: excavator only touched config files
requires:
count: 0
if:
has_author_in:
users: [ "svc-excavator-bot" ]
only_changed_files:
paths:
- "^\\..*.yml$"
- "^\\.github/.*$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0"]
- name: bots updated package.json and lock files
requires:
count: 0
if:
has_author_in:
users:
- "svc-excavator-bot"
- "dependabot[bot]"
only_changed_files:
paths:
- "^.*yarn.lock$"
- "^.*package.json$"
has_valid_signatures_by_keys:
key_ids: ["C9AF124A484882E0"]