diff --git a/.github/workflows/check_cla.yml b/.github/workflows/check_cla.yml
index 1319306..731d92e 100644
--- a/.github/workflows/check_cla.yml
+++ b/.github/workflows/check_cla.yml
@@ -26,13 +26,8 @@ jobs:
         with:
           repository: 'dfinity/public-workflows'
 
-      - name: Install Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-
-      - name: Install Dependencies
-        run: pip install -r requirements.txt
+      - name: Python Setup
+        uses: ./.github/workflows/python-setup
         
       - name: Check Membership
         id:  check-membership
@@ -61,13 +56,8 @@ jobs:
         with:
           repository: 'dfinity/public-workflows'
 
-      - name: Install Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.12'
-
-      - name: Install Dependencies
-        run: pip install -r requirements.txt
+      - name: Python Setup
+        uses: ./.github/workflows/python-setup
 
       - name: Check if accepting external contributions
         id: accepts_external_contrib
diff --git a/.github/workflows/check_cla_signed.yml b/.github/workflows/check_cla_signed.yml
index e37c519..00dabd6 100644
--- a/.github/workflows/check_cla_signed.yml
+++ b/.github/workflows/check_cla_signed.yml
@@ -14,13 +14,8 @@ jobs:
         uses: actions/checkout@v3
         with:
           repository: dfinity/public-workflows
-      - name: Install Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.12'
-      - name: Install Dependencies
-        run: pip install -q -r requirements.txt
-        shell: bash
+      - name: Python Setup
+        uses: ./.github/workflows/python-setup
       - name: Check CLA issue
         run: |
           export PYTHONPATH="$PWD/reusable_workflows/"
diff --git a/.github/workflows/python-setup/action.yml b/.github/workflows/python-setup/action.yml
new file mode 100644
index 0000000..385fbd5
--- /dev/null
+++ b/.github/workflows/python-setup/action.yml
@@ -0,0 +1,14 @@
+name: Python Setup
+description: Installs Python and necessary dependencies
+
+runs:
+  using: composite
+  steps:
+    - name: Install Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.12'
+
+    - name: Install Dependencies
+      run: pip install -r requirements.txt
+      shell: bash
diff --git a/.github/workflows/python_lint_test.yml b/.github/workflows/python_lint_test.yml
index 3f6c2f3..f320e2a 100644
--- a/.github/workflows/python_lint_test.yml
+++ b/.github/workflows/python_lint_test.yml
@@ -20,13 +20,8 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v3
 
-    - name: Install Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.12'
-
-    - name: Install Dependencies
-      run: pip install -r requirements.txt
+    - name: Python Setup
+      uses: ./.github/workflows/python-setup
 
     - name: Run tests
       run: pytest reusable_workflows/
diff --git a/.github/workflows/repo_policies.yml b/.github/workflows/repo_policies.yml
new file mode 100644
index 0000000..eda665c
--- /dev/null
+++ b/.github/workflows/repo_policies.yml
@@ -0,0 +1,33 @@
+name: Repository Policies
+
+on:
+  workflow_call:
+
+jobs:
+  check-bot-policies:
+    name: Check Bot Policies
+    runs-on: ubuntu-latest
+    # Dont run this workflow on merge queue
+    if:  ${{ github.event_name != 'merge_group' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          repository: dfinity/public-workflows
+
+      - name: Python Setup
+        uses: ./.github/workflows/python-setup
+
+      - name: Bot Checks
+        id:  bot-checks
+        run: |
+          export PYTHONPATH="$PWD/reusable_workflows/"
+          python reusable_workflows/repo_policies/bot_checks/check_bot_approved_files.py
+        shell: bash
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_ORG: ${{ github.repository_owner }}
+          USER: ${{ github.event.pull_request.user.login }}
+          REPO: ${{ github.repository }}
+          MERGE_BASE_SHA: ${{ github.event.pull_request.base.sha }}
+          BRANCH_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/repo_policies_ruleset.yml b/.github/workflows/repo_policies_ruleset.yml
new file mode 100644
index 0000000..e6267f2
--- /dev/null
+++ b/.github/workflows/repo_policies_ruleset.yml
@@ -0,0 +1,12 @@
+# triggered on all repositories via rulesets
+
+name: Repo Policies Ruleset
+
+on:
+  pull_request:
+  merge_group:
+
+jobs:
+  call-repo-policies:
+    uses: dfinity/public-workflows/.github/workflows/repo_policies.yml@main
+    secrets: inherit
diff --git a/reusable_workflows/repo_policies/bot_checks/check_bot_approved_files.py b/reusable_workflows/repo_policies/bot_checks/check_bot_approved_files.py
index 4d72ce6..dc0a3f3 100644
--- a/reusable_workflows/repo_policies/bot_checks/check_bot_approved_files.py
+++ b/reusable_workflows/repo_policies/bot_checks/check_bot_approved_files.py
@@ -86,7 +86,7 @@ def main() -> None:
 
     else:
         print(
-            f"{user} is not an approved bot. Letting CLA check handle contribution decision."
+            f"{user} is not a bot. Letting CLA check handle contribution decision."
         )
         block_pr = False