Skip to content

Policy bot status update issue #960

@BoseKarthikeyan

Description

@BoseKarthikeyan

We are using policy bot for checking the PR raised is passing the required conditions so that once the conditions are met then bulldozer bot should merge this PR. For one of our repository we are observing an issue that even when all checks are passed the policy bot is showing 0/1 rules are approved (seen in policy bot deployment pod logs)

Also when we click on the policy bot status which shows has pending only then the status gets updated to 1/1 rules approved in pod logs and then the PR gets merged.

Policy bot pod logs-->

{"level":"info","rid":"d04u24grha0c73ejg7hg","github_event_type":"pull_request_review","github_delivery_id":"84c2217e-20d9-11f0-954f-3745e41a5a0e","github_installation_id":61001852,"github_repository_owner":"ford-cloud","github_repository_name":"cloud-platform","github_pr_num":253,"github_sha":"be0eee9e5859882fd10bbdf30cde690eae5511d8","time":"2025-04-24T06:58:28.439081604Z","message":"Setting "policy-bot: main" status on be0eee9e5859882fd10bbdf30cde690eae5511d8 to pending: 0/1 rules approved"}
997

Screenshot from Github:
Image

ScreenShot from Policy-bot UI:
Image

Screen shot PR after clicking the Policy-bot status check:
Image

.policy.yaml file:

policy:
  approval:
    - and:
        - Cycode Secrets check passed
        - All commits are signed
        - or:
            - team team has approved
            - and:
              - only app-registration files have changed
              - CI / registration status check is successful
              - target is main branch
              - Validation is successful

approval_rules:
  - name: All commits are signed
    requires:
      conditions:
        has_valid_signatures: true

  - name: only app-registration files have changed
    requires:
      conditions:
        only_changed_files:
          paths:
            - '^app-registrations/.+/.+\.(tf|tfvars|json|md)$'
    options:
      invalidate_on_push: true

  - name: team has approved
    requires:
      count: 1
      teams:
        - "infra-auto-developers"
        - "cloudtooling-admins"
    options:
      invalidate_on_push: true
      request_review:
        enabled: false
        mode: teams

  - name: "CI / registration status check is successful"
    requires:
      conditions:
        has_successful_status:
          - Pipelines as Code CI / app-registration
    options:
      invalidate_on_push: true

  - name: "CLDCTL-Validation is successful"
    requires:
      conditions:
        has_successful_status:
          - CLDCTL-Validation
    options:
      invalidate_on_push: true

  - name: target is main branch
    requires:
      conditions:
        targets_branch:
          pattern: "^main$"

  - name: Cycode Secrets check passed
    requires:
        conditions:
          has_successful_status:
            - "Cycode: Secrets"
    options:
      invalidate_on_push: true

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions