diff --git a/.github/policies/auto-merge.yml b/.github/policies/auto-merge.yml index f3af703973133..e61ab0c1571cb 100644 --- a/.github/policies/auto-merge.yml +++ b/.github/policies/auto-merge.yml @@ -8,37 +8,46 @@ where: configuration: resourceManagementConfiguration: eventResponderTasks: - - description: Approve and auto-squash-merge PRs to main labeled with 'auto-merge' + - description: Approve and auto-squash-merge bot PRs to main labeled 'auto-merge' triggerOnOwnActions: true if: - - payloadType: Pull_Request - - labelAdded: - label: ':octocat: auto-merge' - - targetsBranch: - branch: main + - payloadType: Pull_Request + - labelAdded: + label: ':octocat: auto-merge' + - targetsBranch: + branch: main + - or: + - isActivitySender: + user: azure-sdk + - isActivitySender: + user: dependabot + - isActivitySender: + user: dependabot[bot] then: - - enableAutoMerge: - mergeMethod: Squash - - approvePullRequest: - comment: "Approved; this PR will merge when all status checks pass." + - enableAutoMerge: + mergeMethod: Squash + - approvePullRequest: + comment: "Approved; this PR will merge when all status checks pass." - - description: Auto-merge PRs to live labeled with 'auto-merge' + - description: Auto-merge policy service bot PRs to live labeled 'auto-merge' triggerOnOwnActions: true if: - - payloadType: Pull_Request - - labelAdded: - label: ':octocat: auto-merge' - - targetsBranch: - branch: live + - payloadType: Pull_Request + - labelAdded: + label: ':octocat: auto-merge' + - targetsBranch: + branch: live + - isActivitySender: + user: dotnet-policy-service[bot] then: - - enableAutoMerge: - mergeMethod: Merge + - enableAutoMerge: + mergeMethod: Merge - description: Don't auto-merge PRs with 'auto-merge' label removed if: - - payloadType: Pull_Request - - labelRemoved: - label: ':octocat: auto-merge' + - payloadType: Pull_Request + - labelRemoved: + label: ':octocat: auto-merge' then: - - disableAutoMerge + - disableAutoMerge diff --git a/.github/policies/label-prs.yml b/.github/policies/label-prs.yml index 899b2bf0154e9..6bdcf350c7307 100644 --- a/.github/policies/label-prs.yml +++ b/.github/policies/label-prs.yml @@ -64,10 +64,10 @@ configuration: if: - payloadType: Pull_Request - or: - - isActivitySender: - user: dependabot - - isActivitySender: - user: dependabot[bot] + - isActivitySender: + user: dependabot + - isActivitySender: + user: dependabot[bot] then: - addLabel: label: ":octocat: auto-merge" diff --git a/.github/policies/policy-edits.yml b/.github/policies/policy-edits.yml new file mode 100644 index 0000000000000..60bdc347d9fe1 --- /dev/null +++ b/.github/policies/policy-edits.yml @@ -0,0 +1,32 @@ +id: +name: GitOps.PullRequestIssueManagement +description: GitOps.PullRequestIssueManagement primitive +owner: +resource: repository +disabled: false +where: +configuration: + resourceManagementConfiguration: + eventResponderTasks: + - description: Flag PRs that change .github folder files. + triggerOnOwnActions: true + if: + - payloadType: Pull_Request + - isAction: + action: Opened + - filesMatchPattern: + pattern: .github/* + matchAny: true + excludedFiles: + - .github/CODEOWNERS + - not: + or: + - activitySenderHasPermission: + permission: admin + - activitySenderHasPermission: + permission: write + then: + - addReply: + reply: >- + @${issueAuthor} - This PR edits a file in the .github folder, which is not allowed. CC @dotnet/docs. + - closePullRequest