v1.36.2

Fixes

• Fix issue where dismissed approvals do not trigger a rule evaluation (#866 )
• Ignore Workflow Run Events that are sent by a different repository than the source repository (#861 by @iainlane )

Other Changes

• Minor dependency updates

Full Changelog: v1.36.1...v1.36.2

v1.36.1

Fixes

• Fix GitHub API errors caused by submitting duplicate requested reviewers (#856 by @FraBle)

Other Changes

• Build with Go 1.23
• Update dependencies and build tools

Full Changelog: v1.36.0...v1.36.1

v1.36.0

Add the no_changed_files predicate (#756)

The no_changed_files predicate is the negation of the changed_files predicate and allows users to write rules that apply when files are not changed. Contributed by @erikburt.

Add the has_status predicate (#789)

The new has_status predicate replaces has_successful_status (which is now deprecated) and allows matching conclusions other than success. This is most useful to write rules that also accept skipped and neutral statuses from check runs. Contributed by @iainlane.

Add the has_workflow_result predicate (#794)

The has_workflow_result predicate is similar to has_status, but matches on the result of a full GitHub Actions workflow. This can be preferable to matching on check runs for workflows that have top-level conditions or for workflows that have many jobs. Contributed by @iainlane.

Fixes

• Fix an issue where Policy Bot could incorrectly detect other statuses as its own (#801)
• Avoid trying to load check run results from other repositories (#807 by @iainlane)
• The base path from the server's public URL is now included in OAuth2 redirect URLs (#806)
• Fix an issue where Policy Bot could use out-of-date check run results in evaluation (#823)

Other Changes

• Server administrators can now disable shared policy lookups (#812 by @iainlane)
• Avoid unnecessary GitHub API requests for rules that do not require approval (#808 by @iainlane)
• Update dependencies and build tools

Full Changelog: v1.35.0...v1.36.0

v1.35.0

Add support for required approval conditions (#752)

Policies can now define required approval conditions. These are similar to predicates, but instead of controlling if a rule is skipped, they control if the rule is pending or approved. You can use any of the existing predicate types as a required condition. See the new Designing Policies section of the README for additional information about this feature.

Other Changes

• Update dependencies and build tools

Full Changelog: v1.34.1...v1.35.0

v1.34.1

Other Changes

• Correctly detect draft pull requests when handling certain webhook events (#742)

Full Changelog: v1.34.0...v1.34.1

v1.34.0

Add Prometheus metrics endpoint (#738)

Policy Bot now exposes Prometheus-style metrics at the /api/metrics path. Users can add labels or adjust summary quantiles using the server configuration file. Policy Bot continues to supports DogStatsD metrics, which are now described in the configuration example.

Other Changes

• Suppress health check requests in logs and metrics (#737)
• Minor dependency upgrades

Full Changelog: v1.33.0...v1.34.0

v1.33.0

Add policy simulation API (#725)

The Simulation API provides a way to test new policies against existing pull requests or see how a policy would behave if different conditions were true. This is most useful when developing new policies but may also help when integrating Policy Bot with other systems.

See the README for details on how to use the API and which conditions can be simulated.

Other Changes

• Line modification conditions now support the equals (=) operator (#712 by @RoryDoherty)
• The OAuth2 callback URL is now set using the public_url server option instead of the Host header (#730 by @KnisterPeter)
• Update dependencies and build tools

Full Changelog: v1.32.0...v1.33.0

v1.32.0

Add the ability to expand reviewers in the details UI (#656)

When the expand_required_reviewers option is set in the server configuration, the Policy Bot UI will expand organizations, teams, and permissions into the list of users who can approve each rule. This can make it easier for users to know who they should ask for reviews.

This feature is disabled by default because it can leak otherwise private information about the membership of teams and organizations. See the README for more information and only enable this feature in trusted environments, like with corporate GitHub Enterprise server.

Other Changes

• Allow requesting a custom number of reviewers when using random-users mode (#636 by @AtzeDeVries)
• Update UI colors to match the latest Blueprint styles (#657)
• Enable long-term caching for frontend assets (#663)
• Improve the implementation of the "Hide Skipped Rules" toggle (#658)
• Build with Go 1.21.4
• Update dependencies and build tools

Full Changelog: v1.31.0...v1.32.0

v1.31.0

Re-implement invalidate_on_push using supported APIs (#602, #612)

The invalidate_on_push option now uses the creation timestamps of commit statuses to estimate the push time instead of the deprecated and removed pushedDate GraphQL field. This should work in most practical cases, but may ignore some approvals that occur immediately after a push. See the README for more details.

The do_not_load_commit_pushed_date option introduced in version 1.30.0 is now deprecated. While the option is still recognized in configuration files, it has no effect.

Other Changes

• Allow changing the environment variable prefix used in configuration variables (#610 by @daleal)
• Update dependencies and build tools

v1.30.0

Add a server option to avoid loading pushed dates (#599)

In Github 2023-07-01, the Github.com V4 API no longer returns pushedDate for commits. Policy bot now supports an option do_not_load_commit_pushed_date to avoid loading data that is no longer returned.

See #598 for more details

Other Changes

• Exclude policy-bot pages from search indexing (#588)
• Update dependencies and build tools