Prefer 1ES policies

.github/policies/auto-merge.yml

@@ -0,0 +1,41 @@
+id:
+name: GitOps.PullRequestIssueManagement
+description: GitOps.PullRequestIssueManagement primitive
+owner:
+resource: repository
+disabled: false
+where:
+configuration:
+ resourceManagementConfiguration:
+ eventResponderTasks:
+ - description: Auto-squash-merge PRs to main labeled with auto-merge
+ triggerOnOwnActions: true
+ if:
+ - payloadType: Pull_Request
+ - labelAdded:
+ label: ":octocat: auto-merge"
+ - targetsBranch:
+ branch: main
+ then:
+ - enableAutoMerge:
+ mergeMethod: Squash
+
+ - description: Auto-merge PRs to live labeled with auto-merge
+ triggerOnOwnActions: true
+ if:
+ - payloadType: Pull_Request
+ - labelAdded:
+ label: ":octocat: auto-merge"
+ - targetsBranch:
+ branch: live
+ then:
+ - enableAutoMerge:
+ mergeMethod: Merge
+
+ - description: Don't auto-merge PRs with auto-merge label removed
+ if:
+ - payloadType: Pull_Request
+ - labelRemoved:
+ label: ":octocat: auto-merge"
+ then:
+ - disableAutoMerge

.github/policies/label-issues.yml

@@ -0,0 +1,74 @@
+id:
+name: GitOps.PullRequestIssueManagement
+description: GitOps.PullRequestIssueManagement primitive
+owner:
+resource: repository
+disabled: false
+where:
+configuration:
+ resourceManagementConfiguration:
+ scheduledSearches:
+ - description: Label doc-bug issues with okr-health (scheduled search)
+ frequencies:
+ - hourly:
+ hour: 3
+ filters:
+ - isIssue
+ - isOpen
+ - hasLabel:
+ label: doc-bug
+ - isNotLabeledWith:
+ label: okr-health
+ actions:
+ - addLabel:
+ label: okr-health
+
+ eventResponderTasks:
+ - description: Add in-pr label to issues
+ if:
+ - payloadType: Pull_Request
+ then:
+ - inPrLabel:
+ label: in-pr
+
+ - description: Synchronize OKR and release labels from PRs to closing issues
+ if:
+ - payloadType: Pull_Request
+ then:
+ - labelSync:
+ pattern: okr-
+ - labelSync:
+ pattern: ':checkered_flag: Release'
+
+ - description: Label issues with okr-freshness (event-based)
+ if:
+ - payloadType: Issues
+ - or:
+ - titleContains:
+ pattern: freshness
+ isRegex: False
+ - titleContains:
+ pattern: out( |-)of( |-)date
+ isRegex: True
+ - titleContains:
+ pattern: stale
+ isRegex: False
+ then:
+ - addLabel:
+ label: okr-freshness
+
+ - description: Label typo issues
+ if:
+ - payloadType: Issues
+ - isAction:
+ action: Opened
+ - titleContains:
+ pattern: (T|t)ypo
+ isRegex: True
+ then:
+ - addLabel:
+ label: doc-bug
+ - addLabel:
+ label: help wanted
+ - addLabel:
+ label: good first issue

.github/policies/label-prs.yml

@@ -0,0 +1,102 @@
+id:
+name: GitOps.PullRequestIssueManagement
+description: GitOps.PullRequestIssueManagement primitive
+owner:
+resource: repository
+disabled: false
+where:
+configuration:
+ resourceManagementConfiguration:
+ eventResponderTasks:
+ - description: Label community PRs
+ if:
+ - payloadType: Pull_Request
+ - isAction:
+ action: Opened
+ - and:
+ - not:
+ activitySenderHasPermission:
+ permission: Admin
+ - not:
+ activitySenderHasPermission:
+ permission: Write
+ - not:
+ isActivitySender:
+ user: github-actions[bot]
+ - not:
+ isActivitySender:
+ user: github-actions
+ - not:
+ isActivitySender:
+ user: azure-sdk
+ - not:
+ isActivitySender:
+ user: dependabot
+ then:
+ - addLabel:
+ label: community-contribution
+
+ - description: Label publish PRs from the dotnet-policy-service bot
+ triggerOnOwnActions: true
+ if:
+ - payloadType: Pull_Request
+ - isAction:
+ action: Opened
+ - isActivitySender:
+ user: dotnet-policy-service[bot]
+ - titleContains:
+ pattern: Merge main into live
+ isRegex: False
+ then:
+ - addLabel:
+ label: ":octocat: auto-merge"
+
+ - description: Label PRs from the Azure SDK bot
+ if:
+ - payloadType: Pull_Request
+ - isActivitySender:
+ user: azure-sdk
+ then:
+ - approvePullRequest:
+ comment: "Approved; this PR will merge when all status checks pass."
+ - addLabel:
+ label: ":octocat: auto-merge"
+
+ - description: Label PRs from dependabot
+ if:
+ - payloadType: Pull_Request
+ - isActivitySender:
+ user: dependabot
+ then:
+ - approvePullRequest:
+ comment: "Approved; this PR will merge when all status checks pass."
+ - addLabel:
+ label: ":octocat: auto-merge"
+
+ - description: Label PRs with okr-health
+ if:
+ - payloadType: Pull_Request
+ - or:
+ - titleContains:
+ pattern: build warning
+ isRegex: False
+ - bodyContains:
+ pattern: build warning
+ isRegex: False
+ then:
+ - addLabel:
+ label: okr-health
+
+ - description: Label PRs with okr-freshness
+ if:
+ - payloadType: Pull_Request
+ - or:
+ - titleContains:
+ pattern: freshness
+ isRegex: False
+ - bodyContains:
+ pattern: freshness
+ isRegex: False
+ then:
+ - addLabel:
+ label: okr-freshness

.github/policies/scheduled-prs.yml

@@ -0,0 +1,19 @@
+name: GitOps.PullRequestIssueManagement - Scheduled PRs
+description: Creates pull requests on a schedule
+resource: repository
+
+where:
+configuration:
+ resourceManagementConfiguration:
+ scheduledSearches:
+ - description: Push to live branch (scheduled publish)
+ frequencies:
+ - daily:
+ time: 08:0
+ filters: []
+ actions:
+ - createPullRequest:
+ head: main
+ base: live
+ title: "✅ Merge `main` into `live`"
+ body: "🤖 Queue merge when ready..."