github.com/palantir/witchcraft-go-server/v2@v2.76.0/.policy.yml (about) 1 # Excavator auto-updates this file. Please contribute improvements to the central template. 2 3 policy: 4 approval: 5 - or: 6 - one admin has approved (PR contributors not allowed) 7 - two admins have approved 8 - changelog only and contributor approval 9 - fixing excavator 10 - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props 11 - excavator only touched config files 12 - bots updated package.json and lock files 13 disapproval: 14 requires: 15 organizations: [ "palantir" ] 16 17 approval_rules: 18 - name: one admin has approved (PR contributors not allowed) 19 options: 20 allow_contributor: false 21 invalidate_on_push: true 22 requires: 23 count: 1 24 permissions: ["admin", "maintain"] 25 26 - name: two admins have approved 27 options: 28 allow_contributor: true 29 invalidate_on_push: true 30 requires: 31 count: 2 32 permissions: ["admin", "maintain"] 33 34 - name: changelog only and contributor approval 35 options: 36 allow_contributor: true 37 requires: 38 count: 1 39 permissions: ["admin", "maintain"] 40 if: 41 only_changed_files: 42 paths: 43 - "changelog/@unreleased/.*\\.yml" 44 45 - name: fixing excavator 46 options: 47 allow_contributor: true 48 requires: 49 count: 1 50 permissions: ["admin", "maintain"] 51 if: 52 has_author_in: 53 users: [ "svc-excavator-bot", "dependabot[bot]" ] 54 55 - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props 56 requires: 57 count: 0 58 if: 59 has_author_in: 60 users: [ "svc-excavator-bot", "dependabot[bot]" ] 61 only_changed_files: 62 # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes 63 # this way excavator cannot change the deployability of a service or product via auto-merge 64 paths: 65 - "changelog/@unreleased/.*\\.yml" 66 - "^\\.baseline/.*$" 67 - "^(.+/)?Cargo.toml$" 68 - "^Cargo.lock$" 69 - "^\\.circleci/.*$" 70 - "^\\.docker-compose-rule\\.yml$" 71 - "^.*gradle$" 72 - "^\\.palantir/go-version$" 73 - "^gradle/wrapper/.*" 74 - "^gradlew$" 75 - "^gradlew.bat$" 76 - "^gradle.properties$" 77 - "^settings.gradle$" 78 - "^.*go.mod$" 79 - "^.*go.sum$" 80 - "^.*godelw$" 81 - "^.*godel/config/godel.properties$" 82 - "^.*godel/config/godel.yml$" 83 - "^.*vendor/.*$" 84 - "^versions.props$" 85 - "^versions.lock$" 86 - "^internal/generated/.*" 87 - "^internal/generated_src/.*" 88 - "^gradle-baseline-java/src/main/resources/checkstyle.version$" 89 has_valid_signatures_by_keys: 90 key_ids: ["C9AF124A484882E0", "4AEE18F83AFDEB23"] 91 92 - name: excavator only touched config files 93 requires: 94 count: 0 95 if: 96 has_author_in: 97 users: [ "svc-excavator-bot" ] 98 only_changed_files: 99 paths: 100 - "^\\..*.yml$" 101 - "^\\.github/.*$" 102 has_valid_signatures_by_keys: 103 key_ids: ["C9AF124A484882E0"] 104 105 - name: bots updated package.json and lock files 106 requires: 107 count: 0 108 if: 109 has_author_in: 110 users: 111 - "svc-excavator-bot" 112 - "dependabot[bot]" 113 only_changed_files: 114 paths: 115 - "^.*yarn.lock$" 116 - "^.*package.json$" 117 has_valid_signatures_by_keys: 118 key_ids: ["C9AF124A484882E0"]