Skip to content

Review Sensitive Files

Compare the changed files to a pre-defined list of files and directories in. If any files match, require a review from the team my-organization/security.

Review Sensitive Files

Conditions (all must be true):

  • Any files match the files or directories listed in the sensitive_files custom expression. Customize this list for your project.

Automation Actions:

  • Assign my-organization/security to review the PR. Customize this value to match your organization.
  • Require 2 approvals.
  • Post a comment that explains the automation.

Review Sensitive Files

# -*- mode: yaml -*-
  version: 1.0

  # Assign special teams to review sensitive files. 
  # This requires the `sensitive` custom expression found at the bottom of this file.
    # For all files listed in the sensitive custom expression.
      - {{ files | match(list=sensitive_files) | some }}
      # Add reviewers from the dev-leads team, and require two approvals
      # Modify `my-organization/security` to match your organization.
      - action: add-reviewers@v1
          reviewers: [my-organization/security]
      - action: set-required-approvals@v1
          approvals: 2
      - action: add-comment@v1
          comment: |
            This PR affects one or more sensitive files and requires review from the security team.

# The `sensitive_file_review` automation requires this custom expression.
# Modify this list to suit your security needs.
  - src/app/auth/
  - src/app/routing/
  - src/app/resources/