Excavator: Update policy-bot config

palantir · May 4, 2024 · 6789d29 · 6789d29
1 parent 38bd837
commit 6789d29
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/.policy.yml b/.policy.yml
@@ -18,13 +18,15 @@ approval_rules:
   - name: one admin has approved (PR contributors not allowed)
     options:
       allow_contributor: false
+      invalidate_on_push: true
     requires:
       count: 1
       permissions: ["admin", "maintain"]
 
   - name: two admins have approved
     options:
       allow_contributor: true
+      invalidate_on_push: true
     requires:
       count: 2
       permissions: ["admin", "maintain"]
@@ -48,20 +50,22 @@ approval_rules:
       permissions: ["admin", "maintain"]
     if:
       has_author_in:
-        users: [ "svc-excavator-bot" ]
+        users: [ "svc-excavator-bot", "dependabot[bot]" ]
 
   - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props
     requires:
       count: 0
     if:
       has_author_in:
-        users: [ "svc-excavator-bot" ]
+        users: [ "svc-excavator-bot", "dependabot[bot]" ]
       only_changed_files:
         # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes
         # this way excavator cannot change the deployability of a service or product via auto-merge
         paths:
           - "changelog/@unreleased/.*\\.yml"
           - "^\\.baseline/.*$"
+          - "^(.+/)?Cargo.toml$"
+          - "^Cargo.lock$"
           - "^\\.circleci/.*$"
           - "^\\.docker-compose-rule\\.yml$"
           - "^.*gradle$"
@@ -83,7 +87,7 @@ approval_rules:
           - "^internal/generated_src/.*"
           - "^gradle-baseline-java/src/main/resources/checkstyle.version$"
       has_valid_signatures_by_keys:
-        key_ids: ["C9AF124A484882E0"]
+        key_ids: ["C9AF124A484882E0", "4AEE18F83AFDEB23"]
 
   - name: excavator only touched config files
     requires: