Accept successful status checks as approval

[bluekeyes]

Many users have requested a way to write policies that conditionally require status checks, for instance by only requiring passing tests for automated dependency update pull requests. While Policy Bot has a predicate for status checks, in practice it was hard to write these types of policies using predicates, because they skips the rule when the status is missing/pending/failed, instead of leaving the rule pending.

This change makes it possible to require passing status checks as an approval condition for a rule. For conditional status check policies, this means you can write rules that remain pending until the passing status checks are present. It's also possible to combine status check approval with normal actor-based approval.

See #627

[Andrei-Predoiu]

Thanks for tackling this topic, your changes would add some much awaited functionality. Firstly, this only works for statuses and it would be nice to work for all rules. In policy bot the rules are the ones that are skipped or passed. My suggestion is to add a new parameter to all rules that can change the behavior so a rule cannot be skipped. Something like "enforce" or "mandatory"

Fx:

- name: dependabot is making the PR
  mandatory: true
  if:
    has_author_in:
      users:
        - "dependabot[bot]"
        - "dependabot-circleci[bot]"

[bluekeyes]

Thanks for the suggestion. I don't think the idea of a mandatory field fits well with the rest Policy Bot's design, as it changes the behavior and meaning of predicates, but I think I understand the behavior you'd like to see.

I created an alternate proposal in #752 that adds a new conditions field to the requires section. This field can accept any key that is currently allowed in the if block, but instead of skipping or enabling the rule, it will contribute to the approved or pending status.

[bluekeyes]

Closing in favor of #752.