.policy.yml

policy:
  approval:
  - or:
    - Dependabot update
    - Code change

approval_rules:
- name: Dependabot update
  requires:
    count: 1
    teams:
    - "coopnorge/engineering"
  options:
    invalidate_on_push: true
    request_review:
      enabled: true
      mode: random-users
      count: 8
    methods:
      github_review: true
  if:
    only_has_contributors_in:
      users:
      - "dependabot[bot]"
    only_changed_files:
      paths:
      - ".*Dockerfile$"
      - ".*Dockerfile.app$"
      - ".*go.mod$"
      - ".*go.sum$"
      - ".*package-lock.json$"
      - ".*package.json$"
      - ".*poetry.lock$"
      - ".*pyproject.toml$"
      - ".*requirements.*.in$"
      - ".*requirements.*.txt$"
      - "^.github/workflows/.*$"
    has_valid_signatures_by_keys:
      key_ids: ["B5690EEEBB952194"]

- name: Code change
  if:
    changed_files:
      paths:
        - ".*"
  requires:
    count: 2
    teams:
    - "coopnorge/engineering"
  options:
    invalidate_on_push: true
    request_review:
      enabled: true
      mode: random-users
      count: 8
    methods:
      github_review: true