-
Notifications
You must be signed in to change notification settings - Fork 123
Description
We are using policy bot for checking the PR raised is passing the required conditions so that once the conditions are met then bulldozer bot should merge this PR. For one of our repository we are observing an issue that even when all checks are passed the policy bot is showing 0/1 rules are approved (seen in policy bot deployment pod logs)
Also when we click on the policy bot status which shows has pending only then the status gets updated to 1/1 rules approved in pod logs and then the PR gets merged.
Policy bot pod logs-->
{"level":"info","rid":"d04u24grha0c73ejg7hg","github_event_type":"pull_request_review","github_delivery_id":"84c2217e-20d9-11f0-954f-3745e41a5a0e","github_installation_id":61001852,"github_repository_owner":"ford-cloud","github_repository_name":"cloud-platform","github_pr_num":253,"github_sha":"be0eee9e5859882fd10bbdf30cde690eae5511d8","time":"2025-04-24T06:58:28.439081604Z","message":"Setting "policy-bot: main" status on be0eee9e5859882fd10bbdf30cde690eae5511d8 to pending: 0/1 rules approved"}
997
ScreenShot from Policy-bot UI:
Screen shot PR after clicking the Policy-bot status check:
.policy.yaml file:
policy:
approval:
- and:
- Cycode Secrets check passed
- All commits are signed
- or:
- team team has approved
- and:
- only app-registration files have changed
- CI / registration status check is successful
- target is main branch
- Validation is successful
approval_rules:
- name: All commits are signed
requires:
conditions:
has_valid_signatures: true
- name: only app-registration files have changed
requires:
conditions:
only_changed_files:
paths:
- '^app-registrations/.+/.+\.(tf|tfvars|json|md)$'
options:
invalidate_on_push: true
- name: team has approved
requires:
count: 1
teams:
- "infra-auto-developers"
- "cloudtooling-admins"
options:
invalidate_on_push: true
request_review:
enabled: false
mode: teams
- name: "CI / registration status check is successful"
requires:
conditions:
has_successful_status:
- Pipelines as Code CI / app-registration
options:
invalidate_on_push: true
- name: "CLDCTL-Validation is successful"
requires:
conditions:
has_successful_status:
- CLDCTL-Validation
options:
invalidate_on_push: true
- name: target is main branch
requires:
conditions:
targets_branch:
pattern: "^main$"
- name: Cycode Secrets check passed
requires:
conditions:
has_successful_status:
- "Cycode: Secrets"
options:
invalidate_on_push: true