Load pull request data directly instead of using the timeline (#54)
Since 1.4.0, the pull request timeline has not been used for event ordering. The API also has some small delay in recording new events, particularly when the pull request is from a fork. This delay could cause policy-bot
to miss new commits and post incorrect rules statuses based on old commits when the invalidate_on_push
option was used.
Verify that the head commit of a pull request exists in the internal commit list (#55)
As described above, if GitHub APIs do not return all information for a pull request, policy-bot
can generate incorrect results. There is now an explicit check for this condition, which will cause rule evaluation to fail closed if this happens again instead of failing open.
Other Changes
- Update the app URL on the install page to account for changes on github.com