Currently, the Valid Owner Checker performs the following checks:
1. Check if the owner's definition is valid (is either a GitHub user name, an organization team name or an email address).
2. Check if a GitHub owner has a GitHub account
3. Check if a GitHub owner is in a given organization
4. Check if an organization team exists
In Step 3, instead of checking whether the owner is a member of the organization, the Valid Owner Checker should check whether the owner has Write or Admin access to the repository.
This change would lead the codeowners validator status check to report failure under the following scenarios, consistent with the native validation check:
A code owner is added who does not have access, or who only has Read access
A code owner's access is removed (explicitly or when their team membership is changed)
In the GitHub native codeowners validator, each of these would result in the following error:
Clicking the ellipsis shows more details about the error.
iamstarkov
commented
1 year ago
Currently, the Valid Owner Checker performs the following checks:
In Step 3, instead of checking whether the owner is a member of the organization, the Valid Owner Checker should check whether the owner has Write or Admin access to the repository.
Reasons
This is consistent with the native GitHub codeowners validation check that appears in the GitHub web interface. Only a code owner with Write access or greater can approve PRs: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/approving-a-pull-request-with-required-reviews
This change would lead the codeowners validator status check to report failure under the following scenarios, consistent with the native validation check:
In the GitHub native codeowners validator, each of these would result in the following error:
Clicking the ellipsis shows more details about the error.