A merge bot to compliance-trestle.

butler54 commented 1 month ago

Issue description / feature objectives

What groups need to approval
Do we need codeowners for approval?
Two approvers?
Which merge bot (tool)
Caveats / Assumptions
Documentation required.
Completion Criteria
[x] Add CODEOWNERS
[X] Setup teams
[X] Require two approvers
[ ] Integrate a merge bot tools

jpower432 commented 1 month ago

I think this tiered contributor approach may be relevant here -> https://github.com/oscal-compass/community/pull/70

jpower432 commented 1 month ago

@butler54 Since this ties into a community proposal, I am willing to work on this issue.

jpower432 commented 1 month ago

Documenting the "why" for this issue as discussed in today's community meeting. @vikas-agarwal76 @mrgadgil Please let me know if you see any inaccuracies per the discussion today.

As it stands today, the typical workflow for pull request merging in compliance-trestle includes one approving review from a person with write permissions and the author must merge their own PRs. Due to this process, PRs from forks or PRs from dependabot are not getting merged right away once requirements are met. With the addition of automatic merging, we require updates to what requirements must be met for approval to ensure the right reviewers are looking at the changes.

jpower432 commented 3 weeks ago

Updates have been made to require two approvals for PRs.

jpower432 commented 1 day ago

Reopening issue as the last item was not completed.

oscal-compass / compliance-trestle

A merge bot to compliance-trestle. #1716

Issue description / feature objectives

Caveats / Assumptions

Completion Criteria