Back to all posts

Expose github teams to Policies

We are wanting to make certain PR’s require reviews from certain teams and would want the teams to be managed in github and not have to sync them over

Workaround
Creating a plugin to pull from at run time with Creds to github or manual sync in policy
Problem
To require specific approval based on specific changes ie deleting a database, provisioning a public IP or to exempt from block policies if a specific team is added to the PR Require Specific Team Combination Require approval from both SRE and Security teams: package spacelift deny["Changes require approval from both SRE and Security teams"] { approvers := input.third_party_metadata.custom.github_approvers.approvers # Collect teams that have approved approver_teams := {team | approvers[_].teams[_] = team } required_teams := {"sre-team", "security-team"} missing_teams := required_teams - approver_teams count(missing_teams) > 0 }

Please authenticate to join the conversation.

Upvoters
Status

👀 In Review

Board

💡 Feature Requests

Date

About 2 hours ago

Subscribe to post

Get notified by email when there are changes.