feat(ci): utilize file_not_deleted predicate

dblinkhorn · dblinkhorn · commit 68c3c23fea98 · 2025-03-21T09:21:49.000-07:00
When a workflow file that a policy rule depends on is deleted in a PR, the rule should be skipped rather than fail. This is achieved by adding the file_not_deleted predicate to each workflow-based policy rule.
diff --git a/cmd/generate-policy-bot-config/main_test.go b/cmd/generate-policy-bot-config/main_test.go
@@ -209,6 +209,9 @@ on:
 							ChangedFiles: &predicate.ChangedFiles{
 								Paths: mustRegexpsFromGlobs(t, []string{"src/**"}),
 							},
+							FileNotDeleted: &predicate.FileNotDeleted{
+								Paths: mustRegexpsFromGlobs(t, []string{".github/workflows/workflow.yml"}),
+							},
 						},
 						Requires: approval.Requires{
 							Conditions: predicate.Predicates{
@@ -385,6 +388,9 @@ func expectedConfig(t *testing.T) policy.Config {
 					ChangedFiles: &predicate.ChangedFiles{
 						Paths: mustRegexpsFromGlobs(t, []string{"src/**"}),
 					},
+					FileNotDeleted: &predicate.FileNotDeleted{
+						Paths: mustRegexpsFromGlobs(t, []string{".github/workflows/workflow.yml"}),
+					},
 				},
 				Requires: approval.Requires{
 					Conditions: predicate.Predicates{
diff --git a/go.mod b/go.mod
@@ -1,11 +1,13 @@
 module github.com/grafana/generate-policy-bot-config
 
-go 1.23.0
+go 1.24.0
+
+toolchain go1.24.1
 
 require (
 	github.com/jessevdk/go-flags v1.6.1
 	github.com/lmittmann/tint v1.0.7
-	github.com/palantir/policy-bot v1.35.0
+	github.com/palantir/policy-bot v1.36.6-0.20250320223329-6245c9d9b3af
 	github.com/redmatter/go-globre v1.2.0
 	github.com/stretchr/testify v1.10.0
 	github.com/willabides/actionslog v0.5.1
@@ -18,23 +20,24 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fatih/color v1.10.0 // indirect
 	github.com/goccy/go-yaml v1.11.0 // indirect
-	github.com/google/go-github/v63 v63.0.0 // indirect
+	github.com/google/go-github/v69 v69.2.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rs/zerolog v1.33.0 // indirect
 	github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7 // indirect
 	github.com/shurcooL/graphql v0.0.0-20181231061246-d48a9a75455f // indirect
-	golang.org/x/net v0.36.0 // indirect
+	golang.org/x/net v0.37.0 // indirect
 	golang.org/x/sys v0.31.0 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 )
 
 // Includes PRs to test:
 // - https://github.com/palantir/policy-bot/pull/796
 // - https://github.com/palantir/policy-bot/pull/794
 // - https://github.com/palantir/policy-bot/pull/789
-replace github.com/palantir/policy-bot => github.com/iainlane/policy-bot v1.35.1-0.20240904124510-b6b6121c33c8
diff --git a/go.sum b/go.sum
@@ -1,4 +1,5 @@
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/fatih/color v1.10.0 h1:s36xzo75JdqLaaWoiEHk767eHiwo0598uUxyfiPkDsg=
@@ -15,16 +16,21 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-github/v63 v63.0.0 h1:13xwK/wk9alSokujB9lJkuzdmQuVn2QCPeck76wR3nE=
-github.com/google/go-github/v63 v63.0.0/go.mod h1:IqbcrgUmIcEaioWrGYei/09o+ge5vhffGOcxrO0AfmA=
+github.com/google/go-github/v69 v69.2.0 h1:wR+Wi/fN2zdUx9YxSmYE0ktiX9IAR/BeePzeaUUbEHE=
+github.com/google/go-github/v69 v69.2.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c=
 github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/iainlane/policy-bot v1.35.1-0.20240904124510-b6b6121c33c8 h1:BegqDJQDSs+S51TZp2Pm06bh4aKyzk+PsDWQ/A7r2wE=
-github.com/iainlane/policy-bot v1.35.1-0.20240904124510-b6b6121c33c8/go.mod h1:zQuaWUKRIO+qc5qYErd/raGB4Pok/6H1S7kIfulFcpw=
 github.com/jessevdk/go-flags v1.6.1 h1:Cvu5U8UGrLay1rZfv/zP7iLpSHGUZ/Ou68T0iX1bBK4=
 github.com/jessevdk/go-flags v1.6.1/go.mod h1:Mk8T1hIAWpOiJiHa9rJASDK2UGWji0EuPGBnNLMooyc=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/lmittmann/tint v1.0.7 h1:D/0OqWZ0YOGZ6AyC+5Y2kD8PBEzBk6rFHVSfOqCkF9Y=
@@ -36,12 +42,17 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/palantir/policy-bot v1.36.6-0.20250320223329-6245c9d9b3af h1:H9XC0mT1IBwTkDQNZj0tOerSpFB0cLAsjJ/ZkuS625c=
+github.com/palantir/policy-bot v1.36.6-0.20250320223329-6245c9d9b3af/go.mod h1:zJKYkrRCN0lpZ9N/RYEeSnKF5LCvmuxc4AyYMiRnirg=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/redmatter/go-globre v1.2.0 h1:Ru6C0wf8ORayShgpEM8l2RCE738rkO7BzaV4ZhSRF/A=
 github.com/redmatter/go-globre v1.2.0/go.mod h1:6wjSGhVB4cpmL+nJgfqJ6QYOzkhKZ0xj0h63N0vl9vI=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
 github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
@@ -55,14 +66,14 @@ github.com/vektah/gqlparser v1.3.1 h1:8b0IcD3qZKWJQHSzynbDlrtP3IxVydZ2DZepCGofqf
 github.com/vektah/gqlparser v1.3.1/go.mod h1:bkVf0FX+Stjg/MHnm8mEyubuaArhNEqfQhF+OTiAL74=
 github.com/willabides/actionslog v0.5.1 h1:dJ/Cxg8vO1pEohgC2O4CW1tCWFKJrYJXTZDWYJQK0+E=
 github.com/willabides/actionslog v0.5.1/go.mod h1:WDufDP3XZUMBOmau2BvfVCGYuUcVRZI6Eqy8ZRw4pJ8=
-golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
-golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
-golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
-golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
-golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -75,8 +86,9 @@ golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
diff --git a/internal/policybot.go b/internal/policybot.go
@@ -115,6 +115,15 @@ func makeApprovalRule(path string, wf GitHubWorkflow) (*approval.Rule, error) {
 		}
 	}
 
+	regexPath, err := RegexpsFromGlobs([]string{path})
+	if err != nil {
+		return nil, fmt.Errorf("couldn't convert path to regex: %w", err)
+	}
+
+	preds.FileNotDeleted = &predicate.FileNotDeleted{
+		Paths: regexPath,
+	}
+
 	requires := approval.Requires{
 		Conditions: predicate.Predicates{
 			HasWorkflowResult: &predicate.HasWorkflowResult{
diff --git a/internal/policybot_test.go b/internal/policybot_test.go
@@ -104,6 +104,9 @@ func TestMakeApprovalRule(t *testing.T) {
 						Paths:       mustRegexpsFromGlobs(t, []string{"src/**"}),
 						IgnorePaths: mustRegexpsFromGlobs(t, []string{"docs/**"}),
 					},
+					FileNotDeleted: &predicate.FileNotDeleted{
+						Paths: mustRegexpsFromGlobs(t, []string{".github/workflows/test.yml"}),
+					},
 				},
 				Requires: approval.Requires{
 					Conditions: predicate.Predicates{
@@ -125,6 +128,11 @@ func TestMakeApprovalRule(t *testing.T) {
 			},
 			expected: &approval.Rule{
 				Name: "Workflow .github/workflows/build.yml succeeded or skipped",
+				Predicates: predicate.Predicates{
+					FileNotDeleted: &predicate.FileNotDeleted{
+						Paths: mustRegexpsFromGlobs(t, []string{".github/workflows/build.yml"}),
+					},
+				},
 				Requires: approval.Requires{
 					Conditions: predicate.Predicates{
 						HasWorkflowResult: &predicate.HasWorkflowResult{
@@ -151,6 +159,9 @@ func TestMakeApprovalRule(t *testing.T) {
 					TargetsBranch: &predicate.TargetsBranch{
 						Pattern: mustRegexp(t, "(^main$|^develop$)"),
 					},
+					FileNotDeleted: &predicate.FileNotDeleted{
+						Paths: mustRegexpsFromGlobs(t, []string{".github/workflows/test.yml"}),
+					},
 				},
 				Requires: approval.Requires{
 					Conditions: predicate.Predicates{
@@ -184,6 +195,9 @@ func TestMakeApprovalRule(t *testing.T) {
 					TargetsBranch: &predicate.TargetsBranch{
 						Pattern: mustRegexp(t, "(^main$|^develop$)"),
 					},
+					FileNotDeleted: &predicate.FileNotDeleted{
+						Paths: mustRegexpsFromGlobs(t, []string{".github/workflows/test.yml"}),
+					},
 				},
 				Requires: approval.Requires{
 					Conditions: predicate.Predicates{
@@ -283,6 +297,11 @@ func TestGitHubWorkflowCollectionPolicyBotConfig(t *testing.T) {
 		ApprovalRules: []*approval.Rule{
 			{
 				Name: "Workflow .github/workflows/build.yml succeeded or skipped",
+				Predicates: predicate.Predicates{
+					FileNotDeleted: &predicate.FileNotDeleted{
+						Paths: mustRegexpsFromGlobs(t, []string{".github/workflows/build.yml"}),
+					},
+				},
 				Requires: approval.Requires{
 					Conditions: predicate.Predicates{
 						HasWorkflowResult: &predicate.HasWorkflowResult{
@@ -298,6 +317,9 @@ func TestGitHubWorkflowCollectionPolicyBotConfig(t *testing.T) {
 					ChangedFiles: &predicate.ChangedFiles{
 						Paths: mustRegexpsFromGlobs(t, []string{"src/**"}),
 					},
+					FileNotDeleted: &predicate.FileNotDeleted{
+						Paths: mustRegexpsFromGlobs(t, []string{".github/workflows/test.yml"}),
+					},
 				},
 				Requires: approval.Requires{
 					Conditions: predicate.Predicates{
