Excavator: Update policy-bot config (#3569)

palantir · Jun 21, 2021 · 66633c7 · 66633c7 · blueprint-bot · Jun 21, 2021
1 parent cd8302f
commit 66633c7
Showing 1 changed file with 110 additions and 0 deletions.
diff --git a/.policy.yml b/.policy.yml
@@ -0,0 +1,110 @@
+# Excavator auto-updates this file. Please contribute improvements to the central template.
+
+policy:
+  approval:
+    - or:
+      - one admin has approved (PR contributors not allowed)
+      - two admins have approved
+      - changelog only and contributor approval
+      - fixing excavator
+      - excavator only touched baseline, circle, gradle files, godel files, go dependencies, docker-compose-rule config or versions.props
+      - excavator only touched config files
+      - bots updated package.json and lock files
+  disapproval:
+    requires:
+      organizations: [ "palantir" ]
+
+approval_rules:
+  - name: one admin has approved (PR contributors not allowed)
+    options:
+      allow_contributor: false
+    requires:
+      count: 1
+      admins: true
+
+  - name: two admins have approved
+    options:
+      allow_contributor: true
+    requires:
+      count: 2
+      admins: true
+
+  - name: changelog only and contributor approval
+    options:
+      allow_contributor: true
+    requires:
+      count: 1
+      admins: true
+    if:
+      only_changed_files:
+        paths:
+          - "changelog/@unreleased/.*\\.yml"
+
+  - name: fixing excavator
+    options:
+      allow_contributor: true
+    requires:
+      count: 1
+      admins: true
+    if:
+      has_author_in:
+        users: [ "svc-excavator-bot" ]
+
+  - name: excavator only touched baseline, circle, gradle files, godel files, go dependencies, docker-compose-rule config or versions.props
+    requires:
+      count: 0
+    if:
+      has_author_in:
+        users: [ "svc-excavator-bot" ]
+      only_changed_files:
+        # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes
+        # this way excavator cannot change the deployability of a service or product via auto-merge
+        paths:
+          - "changelog/@unreleased/.*\\.yml"
+          - "^\\.baseline/.*$"
+          - "^\\.circleci/.*$"
+          - "^\\.docker-compose-rule\\.yml$"
+          - "^.*gradle$"
+          - "^gradle/wrapper/.*"
+          - "^gradlew$"
+          - "^gradlew.bat$"
+          - "^gradle.properties$"
+          - "^settings.gradle$"
+          - "^go.mod$"
+          - "^go.sum$"
+          - "^godelw$"
+          - "^godel/config/godel.properties$"
+          - "^godel/config/godel.yml$"
+          - "^vendor/.*$"
+          - "^versions.props$"
+          - "^versions.lock$"
+      has_valid_signatures_by_keys:
+        key_ids: ["C9AF124A484882E0"]
+
+  - name: excavator only touched config files
+    requires:
+      count: 0
+    if:
+      has_author_in:
+        users: [ "svc-excavator-bot" ]
+      only_changed_files:
+        paths:
+          - "^\\..*.yml$"
+          - "^\\.github/.*$"
+      has_valid_signatures_by_keys:
+        key_ids: ["C9AF124A484882E0"]
+
+  - name: bots updated package.json and lock files
+    requires:
+      count: 0
+    if:
+      has_author_in:
+        users:
+        - "svc-excavator-bot"
+        - "dependabot[bot]"
+      only_changed_files:
+        paths:
+          - "^.*yarn.lock$"
+          - "^.*package.json$"
+      has_valid_signatures_by_keys:
+        key_ids: ["C9AF124A484882E0"]