What is it?
The Smart Policy feature is a pull request gatekeeper that makes sure all developers are aligned within an organization, follow policies, and adhere to specific best practices.
Smart Policy helps to maintain technical excellence, professionalism, and business goals, by preventing common developer errors, such as pushing a private key to remote, or misconfiguration of a commit etc.
Why is it important?
Most development horror stories are based on human errors, like accidentally pushing a private key to remote, using the wrong package version caused discrepancy in production, forget to update the route after changes were made in the back broke your API, or just misconfiguration of commit made it harder to trace back who is responsible for function in your codebase which just crashed.
Those are all are common examples of mistakes made in good faith, but affect your technical excellence and business goals.
How does it work?
We have a set of built-in smart policy rules to choose from, together with the option to choose on which repositories they will be applied:
Select a rule and choose the repositories you wish to apply the rule to.
The selected rules are checked per each pull request made to the default branch, and verifies if all the rules are applied.
View the smart policy check status in the conversation and checks section of your GitHub pull request.
Who gets it?
Organizations with catalog and smart policy plan
Which integration are supported?
Languages: node.js / ruby / python / c# / java
Git vendors: GitHub
Can I set my own custom policy?
🐐 Yes. You can either edit an existing built-in rule or you can create a new rule related to the following categories:
- Custom commit message - e.g validate all commits messages follow "Angular's commit message convention"
- Exclude files or dirs - e.g do not include ".env" files in your repositories
- Mandatory files or dirs - e.g always have a CODEOWNERS files
- Black / white listing code components - e.g skip ESLint malicious version
- Docker file properties - e.g. set all docker images to “node:10”
- Manifest file properties - e.g. verify “package.json” files contain “test coverage” scripts
- CI/CD file properties - e.g. make sure all the “Jenkins” files contain “security scan” steps
Will it blocks me from merging my pull request?
It depends on your GitHub repository settings, so you can decide if applying to the smart policy will block the user from merging the pull request.
Can every user set a policy?
No. Only users with “Admin” permissions can set policies.
|Activate a policy|