When combining pull-request-check and pull-request-approval-rule packages, it is not currently possible to require that the approval is made by the actual Pull Request Check. We need to populate the approvalPoolMembers property.
In my experience, I found when Pull Request Check approves a Pull Request, it does so by with the IAM role syntax {roleArn}/{lambdaArn}.
If list of approval pool members is empty, then any type of approval, will satisfy the approval rule, which might not be desired.
Hardcoding the resource names in approvalPoolMembers are obviously not good, so therefor I changed PullRequestCheck to expose the underlying Lambda function. After this change, one can do:
When combining
pull-request-check
andpull-request-approval-rule
packages, it is not currently possible to require that the approval is made by the actual Pull Request Check. We need to populate theapprovalPoolMembers
property. In my experience, I found when Pull Request Check approves a Pull Request, it does so by with the IAM role syntax{roleArn}/{lambdaArn}
.So concretely one would put this
If list of approval pool members is empty, then any type of approval, will satisfy the approval rule, which might not be desired.
Hardcoding the resource names in
approvalPoolMembers
are obviously not good, so therefor I changed PullRequestCheck to expose the underlying Lambda function. After this change, one can do: