Failure status check on branches not configured
gpadavala opened this issue · 3 comments
We require policy bot only for main branch, we have enabled the same in policy.yaml and added in the branch protection status checks
But the bot is posting failure status checks (like below) on other branches also, how can we bypass this
When Policy Bot is enabled on a repository, it posts statuses for all PRs where the target branch of the PR contains a policy file. As you found, we require that every policy evaluation has a least one rule matching rule, to avoid accidentally approving things if there's a mistake or missed case in the policy.
The recommended way to fix this is to modify the policy to contain a rule that automatically approves all PRs made against other branches. If you're not sure how to do this, please share your policy and I might be able to help.
The other option is to delete the policy file from all branches except the main branch. This might not be possible if you regularly merge branches together.
policy:
approval:
- and:
- ops_review
approval_rules:
- name: ops_review
description: Ops to approve production merge
requires:
count: 1
teams:
- OPS_TEAM
if:
targets_branch:
pattern: main
options:
invalidate_on_push: true
request_review:
enabled: true
mode: teams
Try something like this:
policy:
approval:
- ops_review
- autoapproved
approval_rules:
- name: ops_review
description: Ops to approve production merge
requires:
count: 1
teams:
- OPS_TEAM
if:
targets_branch:
pattern: main
options:
invalidate_on_push: true
request_review:
enabled: true
mode: teams
- name: autoapproved
description: Changes to all branches are auto-approved
requires:
count: 0For PRs targeting main both conditions are required, so the ops team must approve. For all other PRs, the ops review condition is skipped and the second rule automatically approves.