apply_requirements or similar way to block applies of unapproved PRs

[ZIJ]

Currently the only way to prevent applies of un-approved PRs is via Access Policy [EE feature] in the Management Repo

Atlantis has a simple apply_requirements config options; it might make sense to have smth similar in Digger CE

[al-lac]

This would be really nice to have!

[ben-of-codecraft]

This is a really key feature for us as well

[al-lac]

This actually works already (kind of). When a PR is not mergable (due to lacking reviews or failing checks), digger will not run applies and fail with the following error:

For our use case this was enough.

[ben-of-codecraft]

I did notice this yesterday for the GitHub CI. It looks like it checks IsMergeable so if you have approvals or status checks set up it will not allow they to apply to happen.

What I would prefer now is a way to configure that at a project level. If you set up your repo to be a multi-account project, the most common case being a dev/prod environment that shares common modules. Then you run into a problem, as you may want to have your developer environment be able to apply without approvals, but your production environment still requires approval requirements be met.

This is more of a request at the GitHub level being able to specify directory level checks in branch protection vs having to write a custom status check action; however, it would be nice to allow Digger to have an option to override the default behavior of always forcing a mergeable PR for lower level environments.

Maybe something like

projects:
    - name: "{{github.org}}-{{github.repo}}-dev"
      dir: dev
      workflow: default
      skip_merge_check: true   # skips the isMergeable check on Digger Apply
      include_patterns: [
        "./modules/**",
        "./config/dev/**",
      ]
      workflow_file: digger_workflow.yml
      aws_role_to_assume:
        state: {{output.stsStateRole.dev}}
        command: {{output.stsCommandRole.dev}}              

    - name: "{{github.org}}-{{github.repo}}-prod"
      dir: prod
      workflow: default
      skip_merge_check: false      # default anyway  just here for illustration 
      include_patterns: [
        "./modules/**",
        "./config/prod/**",
      ]
      workflow_file: digger_workflow.yml
      aws_role_to_assume:
        state: {{output.stsStateRole.prod}}
        command: {{output.stsCommandRole.prod}}  

[matanyall]

Would love to get an update here