Review Sensitive Files
Compare the changed files to a pre-defined list of files and directories in. If any files match, require a review from the team my-organization/security.
Conditions (all must be true):
- Any files match the files or directories listed in the
sensitive_filescustom expression. Customize this list for your project.
Automation Actions:
- Assign
my-organization/securityto review the PR. Customize this value to match your organization. - Require 2 approvals.
- Post a comment that explains the automation.
Review Sensitive Files
# -*- mode: yaml -*-
manifest:
version: 1.0
automations:
# Assign special teams to review sensitive files.
# This requires the `sensitive` custom expression found at the bottom of this file.
review_sensitive_files:
# For all files listed in the sensitive custom expression.
if:
- {{ files | match(list=sensitive_files) | some }}
run:
# Add reviewers from the dev-leads team, and require two approvals
# Modify `my-organization/security` to match your organization.
- action: add-reviewers@v1
args:
reviewers: [my-organization/security]
- action: set-required-approvals@v1
args:
approvals: 2
- action: add-comment@v1
args:
comment: |
This PR affects one or more sensitive files and requires review from the security team.
# The `sensitive_file_review` automation requires this custom expression.
# Modify this list to suit your security needs.
sensitive_files:
- src/app/auth/
- src/app/routing/
- src/app/resources/