v1.23.3

Other Changes

• Fix panic when processing commits with unverified or invalid signatures (#345)
• Fix detection of PR open/closed state (#350)
• Update google/go-github to v40 (#341)

v1.23.2

Other Changes

• Update validate endpoint to check local and remote policies (#329)

v1.23.1

Other Changes

• Support remote references in default config (updated go-githubapp to v0.9.1) (#328)

v1.23.0

Add support for shared organization policies (#321)

Refactor configuration loading to use the go-githubapp/appconfig package. This mostly adds support for shared organization policies (in the .github repository by default), but should also make error messages more accurate.

It also changes the policy link in the details view to point to the resolved policy, instead of the local policy file.

Other Changes

• Update google/go-github to v38 (#326)
• Upgrade build dependencies

v1.22.1

Other Changes

• Fix potential re-request loop for team reviewers (#306)
• Skip reviewer assignment on events that can't change the assigned reviewers (#307)

v1.22.0

Add signature verification predicates (#285)

Policies can now use the has_valid_signatures, has_valid_signatures_by, and has_valid_signatures_by_key to enable rules based on the GPG signatures of commits in the pull requests.

Add support for triage and maintain permissions (#294)

Policies can use the requires.permissions option to specify the minimum permission a collaborator must have to approve a rule. This option replaces the existing admins and write_collaborators options, which are now deprecated.

As a result of this change, policies that still use the admins and write_collaborators options will behave slightly differently:

• Rules that set write_collaborators: true can also be approved by users with maintain and admin permissions
• Rules that set admins: true and enable review requests will now request direct admins in addition members of admin teams

Other Changes

• Return a 404 error when trying to view details for a repository where policy-bot is not installed (#303)
• Include comparison expressions in policy validation (#300)
• Fix potential re-request loop for user reviewers (#302)
• Upgrade build dependencies

v1.21.4

Other Changes

• Build with Go 1.16.3
• Clarify errors for title predicates (#275)
• Remove Bintray publishing and using GitHub Actions for CI (#278, #279)

v1.21.3

Avoid updating state on closed PRs (#270)

• Skips updating the status check for evaluations on pull requests that are not in an "open" state. This will avoid the situation where policy-bot attempts to update the status for a PR which has been closed/merged, causing errors or confusion if successful.

Other Changes

• Add note to README about double quoted/plain YAML string escape characters (#273)
• Enable CodeQL vulnerability scanning (#271)

v1.21.2

Update status check on details page evaluation (#265)

• When the detail page is opened and evaluation is run the status check will now be updated. This resolves a class of issues where the triggered evaluation fails due to a temporary error, yet loading the details page results in a success message once the error is resolved (and the failed status check remains).
• Increased detail in logging around missing commits error message.

v1.21.1

Other Changes

• Fix static resource loading when Policy Bot's public URL contains path components (#260)