Skip to content

Review Sensitive Files

Compare the changed files to a pre-defined list of files and directories in. If any files match, require a review from the team my-organization/security.

Review Sensitive Files

Configuration Description

Conditions (all must be true):

  • Any files match the files or directories listed in the sensitive_files custom expression. Customize this list for your project.

Automation Actions:

  • Assign my-organization/security to review the PR. Customize this value to match your organization.
  • Require 2 approvals.
  • Post a comment that explains the automation.

Review Sensitive Files

# -*- mode: yaml -*-
  version: 1.0

  # Assign special teams to review sensitive files. 
  # This requires the `sensitive` custom expression found at the bottom of this file.
    # For all files listed in the sensitive custom expression.
      - {{ files | match(list=sensitive_files) | some }}
      # Add reviewers from the dev-leads team, and require two approvals
      # Modify `my-organization/security` to match your organization.
      - action: add-reviewers@v1
          reviewers: [my-organization/security]
      - action: set-required-approvals@v1
          approvals: 2
      - action: add-comment@v1
          comment: |
            This PR affects one or more sensitive files and requires review from the security team.

# The `sensitive_file_review` automation requires this custom expression.
# Modify this list to suit your security needs.
  - src/app/auth/
  - src/app/routing/
  - src/app/resources/

Additional Resources

gitStream is a workflow automation tool that enables you to use YAML configuration files to optimize your code review process. Add context to PRs, find code experts for reviews, and automate the merge process to maximize developer productivity.

Learn More about how gitStream Works.

Related Automations:

More Automations can be found on the Automation Library and Integrations pages.