[CHORE] Use CODEOWNERS to delegate namespace authority
coderpatros opened this issue · comments
@jkowalleck, hoping I can get your advice on this one.
For example, PRs for the gomod
namespace should go to Go Maintainers
team for review and merging.
Is that possible while limiting access to other areas of this repo?
And, to make it easier to define, should the existing file cdx/gomod.md
be moved to a sub-directory? i.e. all Go related files go under the cdx/go
directory or something like that?
Is that possible while limiting access to other areas of this repo?
yes
And, to make it easier to define, should the existing file cdx/gomod.md be moved to a sub-directory? i.e. all Go related files go under the cdx/go directory or something like that?
no idea. we could see how the repo evolves and adapt in the future.
hoping I can get your advice on this one.
i thins a CODEOWNERS file for this repo could look like this:
## see the docs: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
## see the teams: https://github.com/orgs/CycloneDX/teams
* @CycloneDX/core-team
/cdx/gomod.md @CycloneDX/core-team @CycloneDX/go-maintainers
/cdx/go/ @CycloneDX/core-team @CycloneDX/go-maintainers
PS: github requires the codeowners to have certain permissions. jsut drop in a CODEOWNERS
file in the repo and view it in the master branch - github will then tell which permissions need to be granted, to make it work
@coderpatros the pullrequest #50 suggests, that the code owners need write access to this repository.
This is shown on the pull request:
This CODEOWNERS file contains errors
CODEOWNERS errors
Unknown owner on line 11: make sure the team @CycloneDX/go-maintainers exists, is publicly visible, and has write access to the repository
/cdx/gomod.md @CycloneDX/go-maintainers @CycloneDX/core-team
Unknown owner on line 13: make sure the team @CycloneDX/javascript-maintainers exists, is publicly visible, and has write access to the repository
/cdx/npm.md @CycloneDX/javascript-maintainers @CycloneDX/core-team
Unknown owner on line 15: make sure the team @CycloneDX/php-maintainers exists, is publicly visible, and has write access to the repository
/cdx/composer.md @CycloneDX/php-maintainers @CycloneDX/core-team
Unknown owner on line 17: make sure the team @CycloneDX/python-maintainers exists, is publicly visible, and has write access to the repository
/cdx/pipenv.md @CycloneDX/python-maintainers @CycloneDX/core-team
Unknown owner on line 18: make sure the team @CycloneDX/python-maintainers exists, is publicly visible, and has write access to the repository
/cdx/poetry.md @CycloneDX/python-maintainers @CycloneDX/core-team
to fully close this, the repo permissions need to be adjusted:
#1 (comment)