Excavator: Update policy-bot config (#850)

svc-excavator-bot · delta003 · web-flow · commit 322a976d07c1 · 2020-09-07T23:43:39.000+02:00
* Excavator: Update policy-bot config

* Update .policy.yml

Co-authored-by: svc-excavator-bot &lt;svc-excavator-bot@palantir.com&gt;
Co-authored-by: Marko Bakovic &lt;delta003@users.noreply.github.com&gt;
diff --git a/.policy.yml b/.policy.yml
@@ -0,0 +1,100 @@
+# Excavator auto-updates this file. Please contribute improvements to the central template.
+
+policy:
+  approval:
+    - or:
+      - one admin or contributor has approved
+      - two admins have approved
+      - changelog only and contributor approval
+      - fixing excavator
+      - excavator only touched baseline, circle, gradle files, godel files, docker-compose-rule config or versions.props
+      - excavator only touched config files
+      - bots updated package.json and lock files
+  disapproval:
+    requires:
+      organizations: [ "palantir" ]
+
+approval_rules:
+  - name: one admin or contributor has approved
+    options:
+      allow_contributor: true
+    requires:
+      count: 1
+      admins: true
+
+  - name: two admins have approved
+    options:
+      allow_contributor: true
+    requires:
+      count: 2
+      admins: true
+
+  - name: changelog only and contributor approval
+    options:
+      allow_contributor: true
+    requires:
+      count: 1
+      admins: true
+    if:
+      only_changed_files:
+        paths:
+          - "changelog/@unreleased/.*\\.yml"
+
+  - name: fixing excavator
+    options:
+      allow_contributor: true
+    requires:
+      count: 1
+      admins: true
+    if:
+      has_author_in:
+        users: [ "svc-excavator-bot" ]
+
+  - name: excavator only touched baseline, circle, gradle files, godel files, docker-compose-rule config or versions.props
+    requires:
+      count: 0
+    if:
+      has_author_in:
+        users: [ "svc-excavator-bot" ]
+      only_changed_files:
+        # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes
+        # this way excavator cannot change the deployability of a service or product via auto-merge
+        paths:
+          - "changelog/@unreleased/.*\\.yml"
+          - "^\\.baseline/.*$"
+          - "^\\.circleci/.*$"
+          - "^\\.docker-compose-rule\\.yml$"
+          - "^.*gradle$"
+          - "^gradle/wrapper/.*"
+          - "^gradlew$"
+          - "^gradlew.bat$"
+          - "^gradle.properties$"
+          - "^settings.gradle$"
+          - "^godelw$"
+          - "^godel/config/godel.properties$"
+          - "^versions.props$"
+          - "^versions.lock$"
+
+  - name: excavator only touched config files
+    requires:
+      count: 0
+    if:
+      has_author_in:
+        users: [ "svc-excavator-bot" ]
+      only_changed_files:
+        paths:
+          - "^\\..*.yml$"
+          - "^\\.github/.*$"
+
+  - name: bots updated package.json and lock files
+    requires:
+      count: 0
+    if:
+      has_author_in:
+        users:
+        - "svc-excavator-bot"
+        - "dependabot[bot]"
+      only_changed_files:
+        paths:
+          - "^.*yarn.lock$"
+          - "^.*package.json$"
