Skip to main content
Version: 3.16.0

Label critical changes with code pattern

The hasCodePattern built-in allows us to query the code contained in the diff.

This ability let us a query for changes and understand, for instance, if sensitive (e.g. access token) data was explicitly added to the code.

api-version: reviewpad.com/v3.x

rules:
- name: changes-env-var
description: Patch includes changes to environment variables
spec: $hasCodePattern("ENV_*")
- name: includes_gh_token
description: Patch includes a GitHub token
spec: $hasCodePattern("gh_*")

workflows:
- name: critical
if:
- rule: changes-env-var
then:
- $addLabel("critical")
- name: security
if:
- rule: includes_gh_token
then:
- $error("Patch includes a GitHub token")
- $fail("GitHub token in patch")