Skip to content

Commit

Permalink
Prefer 1ES policies (#1157)
Browse files Browse the repository at this point in the history
  • Loading branch information
@IEvangelist
IEvangelist authored Jun 26, 2024
1 parent 791a42c commit f40d0c6
Show file tree
Hide file tree
Showing 6 changed files with 236 additions and 81 deletions.
41 changes: 41 additions & 0 deletions .github/policies/auto-merge.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
id:
name: GitOps.PullRequestIssueManagement
description: GitOps.PullRequestIssueManagement primitive
owner:
resource: repository
disabled: false
where:
configuration:
resourceManagementConfiguration:
eventResponderTasks:
- description: Auto-squash-merge PRs to main labeled with auto-merge
triggerOnOwnActions: true
if:
- payloadType: Pull_Request
- labelAdded:
label: ":octocat: auto-merge"
- targetsBranch:
branch: main
then:
- enableAutoMerge:
mergeMethod: Squash

- description: Auto-merge PRs to live labeled with auto-merge
triggerOnOwnActions: true
if:
- payloadType: Pull_Request
- labelAdded:
label: ":octocat: auto-merge"
- targetsBranch:
branch: live
then:
- enableAutoMerge:
mergeMethod: Merge

- description: Don't auto-merge PRs with auto-merge label removed
if:
- payloadType: Pull_Request
- labelRemoved:
label: ":octocat: auto-merge"
then:
- disableAutoMerge
74 changes: 74 additions & 0 deletions .github/policies/label-issues.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
id:
name: GitOps.PullRequestIssueManagement
description: GitOps.PullRequestIssueManagement primitive
owner:
resource: repository
disabled: false
where:
configuration:
resourceManagementConfiguration:
scheduledSearches:
- description: Label doc-bug issues with okr-health (scheduled search)
frequencies:
- hourly:
hour: 3
filters:
- isIssue
- isOpen
- hasLabel:
label: doc-bug
- isNotLabeledWith:
label: okr-health
actions:
- addLabel:
label: okr-health

eventResponderTasks:
- description: Add in-pr label to issues
if:
- payloadType: Pull_Request
then:
- inPrLabel:
label: in-pr

- description: Synchronize OKR and release labels from PRs to closing issues
if:
- payloadType: Pull_Request
then:
- labelSync:
pattern: okr-
- labelSync:
pattern: ':checkered_flag: Release'

- description: Label issues with okr-freshness (event-based)
if:
- payloadType: Issues
- or:
- titleContains:
pattern: freshness
isRegex: False
- titleContains:
pattern: out( |-)of( |-)date
isRegex: True
- titleContains:
pattern: stale
isRegex: False
then:
- addLabel:
label: okr-freshness

- description: Label typo issues
if:
- payloadType: Issues
- isAction:
action: Opened
- titleContains:
pattern: (T|t)ypo
isRegex: True
then:
- addLabel:
label: doc-bug
- addLabel:
label: help wanted
- addLabel:
label: good first issue
102 changes: 102 additions & 0 deletions .github/policies/label-prs.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
id:
name: GitOps.PullRequestIssueManagement
description: GitOps.PullRequestIssueManagement primitive
owner:
resource: repository
disabled: false
where:
configuration:
resourceManagementConfiguration:
eventResponderTasks:
- description: Label community PRs
if:
- payloadType: Pull_Request
- isAction:
action: Opened
- and:
- not:
activitySenderHasPermission:
permission: Admin
- not:
activitySenderHasPermission:
permission: Write
- not:
isActivitySender:
user: github-actions[bot]
- not:
isActivitySender:
user: github-actions
- not:
isActivitySender:
user: azure-sdk
- not:
isActivitySender:
user: dependabot
then:
- addLabel:
label: community-contribution

- description: Label publish PRs from the dotnet-policy-service bot
triggerOnOwnActions: true
if:
- payloadType: Pull_Request
- isAction:
action: Opened
- isActivitySender:
user: dotnet-policy-service[bot]
- titleContains:
pattern: Merge main into live
isRegex: False
then:
- addLabel:
label: ":octocat: auto-merge"

- description: Label PRs from the Azure SDK bot
if:
- payloadType: Pull_Request
- isActivitySender:
user: azure-sdk
then:
- approvePullRequest:
comment: "Approved; this PR will merge when all status checks pass."
- addLabel:
label: ":octocat: auto-merge"

- description: Label PRs from dependabot
if:
- payloadType: Pull_Request
- isActivitySender:
user: dependabot
then:
- approvePullRequest:
comment: "Approved; this PR will merge when all status checks pass."
- addLabel:
label: ":octocat: auto-merge"

- description: Label PRs with okr-health
if:
- payloadType: Pull_Request
- or:
- titleContains:
pattern: build warning
isRegex: False
- bodyContains:
pattern: build warning
isRegex: False
then:
- addLabel:
label: okr-health

- description: Label PRs with okr-freshness
if:
- payloadType: Pull_Request
- or:
- titleContains:
pattern: freshness
isRegex: False
- bodyContains:
pattern: freshness
isRegex: False
then:
- addLabel:
label: okr-freshness
19 changes: 19 additions & 0 deletions .github/policies/scheduled-prs.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: GitOps.PullRequestIssueManagement - Scheduled PRs
description: Creates pull requests on a schedule
resource: repository

where:
configuration:
resourceManagementConfiguration:
scheduledSearches:
- description: Push to live branch (scheduled publish)
frequencies:
- daily:
time: 08:0
filters: []
actions:
- createPullRequest:
head: main
base: live
title: "✅ Merge `main` into `live`"
body: "🤖 Queue merge when ready..."
27 changes: 0 additions & 27 deletions .github/workflows/dependabot-approve-and-automerge.yml
View file

This file was deleted.

54 changes: 0 additions & 54 deletions .github/workflows/merge-main-to-live.yml
View file

This file was deleted.

0 comments on commit f40d0c6

Please sign in to comment.