From b9af21e3eae30490d0372e9352a3dc0a2f03cb0e Mon Sep 17 00:00:00 2001 From: "den (work)" <53200638+localden@users.noreply.github.com> Date: Wed, 30 Oct 2024 14:48:17 -0700 Subject: [PATCH] Add policies --- .github/policies/auto-label-pr.yml | 82 ++++++++++++++++++++++++ .github/policies/auto-merge-sync-pr.yml | 51 +++++++++++++++ .github/policies/label-new-issues.yml | 18 ++++++ .github/policies/scheduled-prod-sync.yml | 23 +++++++ .github/policies/scheduled-sync.yml | 23 +++++++ .github/policies/stale-issues.yml | 21 ++++++ 6 files changed, 218 insertions(+) create mode 100644 .github/policies/auto-label-pr.yml create mode 100644 .github/policies/auto-merge-sync-pr.yml create mode 100644 .github/policies/label-new-issues.yml create mode 100644 .github/policies/scheduled-prod-sync.yml create mode 100644 .github/policies/scheduled-sync.yml create mode 100644 .github/policies/stale-issues.yml diff --git a/.github/policies/auto-label-pr.yml b/.github/policies/auto-label-pr.yml new file mode 100644 index 0000000..d591d51 --- /dev/null +++ b/.github/policies/auto-label-pr.yml @@ -0,0 +1,82 @@ +id: +name: GitOps.PullRequestIssueManagement +description: GitOps.PullRequestIssueManagement primitive +owner: +resource: repository +disabled: false +where: +configuration: + resourceManagementConfiguration: + eventResponderTasks: + - description: Label community PRs + if: + - payloadType: Pull_Request + - isAction: + action: Opened + - and: + - not: + activitySenderHasPermission: + permission: Admin + - not: + activitySenderHasPermission: + permission: Write + - not: + isActivitySender: + user: github-actions[bot] + - not: + isActivitySender: + user: github-actions + - not: + isActivitySender: + user: azure-sdk + - not: + isActivitySender: + user: dependabot + - not: + isActivitySender: + user: microsoft-github-policy-service[bot] + then: + - addLabel: + label: community-contribution + + - description: Label ref docs sync PRs from the microsoft-github-policy-service bot + triggerOnOwnActions: true + if: + - payloadType: Pull_Request + - isAction: + action: Opened + - isActivitySender: + user: microsoft-github-policy-service[bot] + - titleContains: + pattern: Merge smoke-test into main + isRegex: False + then: + - addLabel: + label: ":octocat: auto-merge" + + - description: Label prod sync PRs from the microsoft-github-policy-service bot + triggerOnOwnActions: true + if: + - payloadType: Pull_Request + - isAction: + action: Opened + - isActivitySender: + user: microsoft-github-policy-service[bot] + - titleContains: + pattern: Merge main into live + isRegex: False + then: + - addLabel: + label: ":octocat: auto-merge" + + - description: Label PRs from dependabot/dependabot[bot] + if: + - payloadType: Pull_Request + - or: + - isActivitySender: + user: dependabot + - isActivitySender: + user: dependabot[bot] + then: + - addLabel: + label: ":octocat: auto-merge" diff --git a/.github/policies/auto-merge-sync-pr.yml b/.github/policies/auto-merge-sync-pr.yml new file mode 100644 index 0000000..8620065 --- /dev/null +++ b/.github/policies/auto-merge-sync-pr.yml @@ -0,0 +1,51 @@ +id: +name: GitOps.PullRequestIssueManagement +description: GitOps.PullRequestIssueManagement primitive +owner: +resource: repository +disabled: false +where: +configuration: + resourceManagementConfiguration: + eventResponderTasks: + - description: Approve and auto-squash-merge bot PRs to main labeled 'auto-merge' + triggerOnOwnActions: true + if: + - payloadType: Pull_Request + - labelAdded: + label: ':octocat: auto-merge' + - targetsBranch: + branch: main + - or: + - isActivitySender: + user: microsoft-github-policy-service[bot] + then: + - enableAutoMerge: + mergeMethod: Squash + - approvePullRequest: + comment: "Approved; this PR will merge when all status checks pass." + + - description: Auto-merge policy service bot PRs to live labeled 'auto-merge' + triggerOnOwnActions: true + if: + - payloadType: Pull_Request + - labelAdded: + label: ':octocat: auto-merge' + - targetsBranch: + branch: live + - or: + - isActivitySender: + user: microsoft-github-policy-service[bot] + then: + - enableAutoMerge: + mergeMethod: Merge + - approvePullRequest: + comment: "Approved; this PR will merge when all status checks pass." + + - description: Don't auto-merge PRs with 'auto-merge' label removed + if: + - payloadType: Pull_Request + - labelRemoved: + label: ':octocat: auto-merge' + then: + - disableAutoMerge \ No newline at end of file diff --git a/.github/policies/label-new-issues.yml b/.github/policies/label-new-issues.yml new file mode 100644 index 0000000..f4a5807 --- /dev/null +++ b/.github/policies/label-new-issues.yml @@ -0,0 +1,18 @@ +id: +name: GitOps.PullRequestIssueManagement +description: GitOps.PullRequestIssueManagement primitive +owner: +resource: repository +disabled: false +where: +configuration: + resourceManagementConfiguration: + eventResponderTasks: + - description: Add untriaged label to new issues + if: + - payloadType: Issues + - isAction: + action: Opened + then: + - addLabel: + label: untriaged diff --git a/.github/policies/scheduled-prod-sync.yml b/.github/policies/scheduled-prod-sync.yml new file mode 100644 index 0000000..d01d1ff --- /dev/null +++ b/.github/policies/scheduled-prod-sync.yml @@ -0,0 +1,23 @@ +name: GitOps.PullRequestIssueManagement - Scheduled PRs +description: Creates pull requests on a schedule +resource: repository + +where: +configuration: + resourceManagementConfiguration: + scheduledSearches: + - description: Push to main (scheduled sync) + frequencies: + - daily: + time: 1:00 + - daily: + time: 9:00 + - daily: + time: 17:00 + filters: [] + actions: + - createPullRequest: + head: main + base: live + title: Merge main into live + body: Please don't squash-merge this PR. \ No newline at end of file diff --git a/.github/policies/scheduled-sync.yml b/.github/policies/scheduled-sync.yml new file mode 100644 index 0000000..246b1d5 --- /dev/null +++ b/.github/policies/scheduled-sync.yml @@ -0,0 +1,23 @@ +name: GitOps.PullRequestIssueManagement - Scheduled PRs +description: Creates pull requests on a schedule +resource: repository + +where: +configuration: + resourceManagementConfiguration: + scheduledSearches: + - description: Push to main (scheduled sync) + frequencies: + - daily: + time: 1:00 + - daily: + time: 9:00 + - daily: + time: 17:00 + filters: [] + actions: + - createPullRequest: + head: smoke-test + base: main + title: Merge smoke-test into main + body: Please don't squash-merge this PR. \ No newline at end of file diff --git a/.github/policies/stale-issues.yml b/.github/policies/stale-issues.yml new file mode 100644 index 0000000..2595713 --- /dev/null +++ b/.github/policies/stale-issues.yml @@ -0,0 +1,21 @@ +name: Stale issues +description: Close needs-more-info issues that haven't had a response in 14 days +resource: repository +where: +configuration: + resourceManagementConfiguration: + scheduledSearches: + - frequencies: + - daily: + time: 12:00 + filters: + - isIssue + - isOpen + - hasLabel: + label: needs-more-info + - noActivitySince: + days: 14 + actions: + - addReply: + reply: This issue has been automatically closed due to no response from the original author. Feel free to reopen it if you have more information that can help us investigate the issue further. + - closeIssue \ No newline at end of file