When combining pull-request-check and pull-request-approval-rule packages, it is not currently possible to require that the approval is made by the actual Pull Request Check. We need to populate the approvalPoolMembers property.
In my experience, I found when Pull Request Check approves a Pull Request, it does so by with the IAM role syntax {roleArn}/{lambdaArn}.
If list of approval pool members is empty, then any type of approval, will satisfy the approval rule, which might not be desired.
Hardcoding the resource names in approvalPoolMembers are obviously not good, so therefor I changed PullRequestCheck to expose the underlying Lambda function. After this change, one can do:
When combining
pull-request-checkandpull-request-approval-rulepackages, it is not currently possible to require that the approval is made by the actual Pull Request Check. We need to populate theapprovalPoolMembersproperty. In my experience, I found when Pull Request Check approves a Pull Request, it does so by with the IAM role syntax{roleArn}/{lambdaArn}.So concretely one would put this
If list of approval pool members is empty, then any type of approval, will satisfy the approval rule, which might not be desired.
Hardcoding the resource names in
approvalPoolMembersare obviously not good, so therefor I changed PullRequestCheck to expose the underlying Lambda function. After this change, one can do: