-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request for Advice on Using Policy Bot in Open Source Projects for Testing, Approving, Merging of PRs #705
Comments
Another alternative we considered was Mergify, which is free for open-source, but limited on features. I believe the features we needed are not available in the open-source offering. |
As you discovered, Policy Bot was designed for overall/merge approval workflows and doesn't support the phased approval (approved for testing vs approved for merge) that your workflow requires. Given the limitations of GitHub Actions and Policy Bot, I don't think you can achieve what you want using only features that are available today. That said, here's an idea that might work with one new Policy Bot feature:
Running two instances of Policy Bot is awkward, but they can be configured to not conflict and it avoids adding more complicated features. To achieve what you want with only a single instance, I think we'd have to add significant new features. We don't really have a concept of sub-policies or policies for different actions (the |
Thanks @bluekeyes for the phenomenally prompt response. That's very helpful! Will discuss with the team what we should do, but the suggestion makes sense. Also, thanks for confirming our suspicion that we would need to deploy two bots for the reasons you mentioned. |
We came across
policy-bot
and eagerly deployed it without realizing we couldn't do what we had hoped to do.We run a large Open Source GitHub organization with hundreds of repositories. We are a small business. Adding trusted contributors to our enterprise organization as outside collaborators or team members is cost-prohibitive (this is what we currently do).
We would like to instead follow in the footsteps of
kubernetes/test-infra
to implement a ChatOps style mechanism to approve PRs for testing and separately approve PRs for merging. Under the hood, this project uses prow.We would like this solution to play well with GitHub Action triggers
Ideal Workflow
/ok-to-test
policy-bot
receives the payload, and applies its advanced policy controls. Instead of approving the PR, it can be configured to comment on the PR with something like/terratest
(or add a label, such asok-to-test
)policy-bot
or labels. Note, non-org members cannot add labels.policy-bot
awakens and approves the PR (as aCODEOWNER
), so branch-protection rules now pass/ok-to-merge
bulldozer
then auto-merges the PR.Limitations
policy-bot
cannot interact with PRs beyond approving them, and we cannot approve a PR without first running tests.Alternatives considered
policy-bot
status checks. GHAs can only trigger on status checks in the default branch, precluding it's use on PRstest-infra
, however, the project feels overwhelming in complexity and doesn't seem to support GHA (only Jenkins), a requirement for us.The text was updated successfully, but these errors were encountered: