Review Sensitive Files
Compare the changed files to a pre-defined list of files and directories in. If any files match, require a review from the team my-organization/security.
Configuration Description
Conditions (all must be true):
- Any files match the files or directories listed in the
sensitive_filescustom expression. Customize this list for your project.
Automation Actions:
- Assign
my-organization/securityto review the PR. Customize this value to match your organization. - Require 2 approvals.
- Post a comment that explains the automation.
Review Sensitive Files
# -*- mode: yaml -*-
manifest:
version: 1.0
automations:
# Assign special teams to review sensitive files.
# This requires the `sensitive` custom expression found at the bottom of this file.
review_sensitive_files:
# For all files listed in the sensitive custom expression.
if:
- {{ files | match(list=sensitive_files) | some }}
run:
# Add reviewers from the dev-leads team, and require two approvals
# Modify `my-organization/security` to match your organization.
- action: add-reviewers@v1
args:
reviewers: [my-organization/security]
- action: set-required-approvals@v1
args:
approvals: 2
- action: add-comment@v1
args:
comment: |
This PR affects one or more sensitive files and requires review from the security team.
# The `sensitive_file_review` automation requires this custom expression.
# Modify this list to suit your security needs.
sensitive_files:
- src/app/auth/
- src/app/routing/
- src/app/resources/
Additional Resources
gitStream is a workflow automation tool that enables you to use YAML configuration files to optimize your code review process. Add context to PRs, find code experts for reviews, and automate the merge process to maximize developer productivity.
Learn More about how gitStream Works.
Related Automations:
- Assign additional reviewers for large PRs
- Assign or suggest reviewers based on level of code expertise for the code changed in a PR.
- Assign reviewers based on modified directories and files
- Assign reviewers to share knowledge based on pre-determined criteria
More Automations can be found on the Automation Library and Integrations pages.