devops-kubernetes-gitops-robusta/mergify.yml at main · GurdipSCode/devops-kubernetes-gitops-robusta · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110

merge_protections:
  # Commit Standards
  - name: Enforce conventional commit
    description: Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/
    if:
      - base = main
    success_conditions:
      - "title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\\(.+\\))?:"

  # Label Requirements
  - name: Require type label
    description: PR must have a type label (bug, feature, enhancement, chore, docs, refactor)
    if:
      - base = main
    success_conditions:
      - label ~= ^(bug|feature|enhancement|chore|docs|refactor|hotfix|security)$

  - name: Require priority label
    description: PR must have a priority label
    if:
      - base = main
    success_conditions:
      - label ~= ^priority/(critical|high|medium|low)$

  - name: Require size label
    description: PR must have a size label indicating scope of changes
    if:
      - base = main
    success_conditions:
      - label ~= ^size/(XS|S|M|L|XL)$

  # Blocking Labels
  - name: Block WIP PRs
    description: PRs marked as work-in-progress cannot be merged
    if:
      - base = main
    success_conditions:
      - -label ~= ^(WIP|wip|work-in-progress|do-not-merge|blocked|on-hold)$

  - name: Require approval label
    description: PR must be explicitly approved for merge
    if:
      - base = main
    success_conditions:
      - label ~= ^(approved|ready-to-merge|lgtm)$

  # Breaking Changes
  - name: Breaking changes must be labeled
    description: PRs with breaking changes (feat! or fix!) must have breaking-change label
    if:
      - base = main
      - "title ~= ^(fix|feat)!:"
    success_conditions:
      - label = breaking-change

  # Review Requirements
  - name: Require approved review
    description: PR must have at least one approved review
    if:
      - base = main
    success_conditions:
      - "#approved-reviews-by >= 1"

  - name: No pending requested changes
    description: All requested changes must be resolved
    if:
      - base = main
    success_conditions:
      - "#changes-requested-reviews-by = 0"

  # PR Quality
  - name: No merge conflicts
    description: PR must not have merge conflicts
    if:
      - base = main
    success_conditions:
      - -conflict

  - name: PR description required
    description: PR must have a meaningful description
    if:
      - base = main
    success_conditions:
      - body ~= .{50,}

  - name: Limit PR size
    description: Large PRs (>500 lines) must be labeled as size/XL or split up
    if:
      - base = main
      - files > 20
    success_conditions:
      - label = size/XL

  # CI Requirements
  - name: CI must pass
    description: All CI checks must pass before merging
    if:
      - base = main
    success_conditions:
      - check-success = true

  # Security
  - name: Security review for sensitive files
    description: Changes to security-sensitive files need security label
    if:
      - base = main
      - files ~= ^(\.env|auth|security|\.github/workflows)/
    success_conditions:
      - label = security-review