Closed brettcannon closed 2 years ago
Maybe we can use https://github.com/mszostok/codeowners-validator#checks.
Maybe, although giving out an access token to the action feels a little risky. Other than PEP editors we could use https://github.com/python/devguide/blob/master/developers.csv for the list of valid GitHub usernames.
Well... if you want to have careful control over the code that has access to the tokens, there are two broad options:
[^1]: GitHub does not allow pushing branches/tags that look like a commit hash, so this can't be worked around. And, it's also the main mechansim recommended for security hardening with third-party actions.
You could also use something like gitown as a pre-commit hook. That way, no need to give it a token, it runs as part of the existing pre-commit action step, and can also optionally be run locally, either automatically on commit or on-demand with pre-commit run
.
It is more designed to automatically maintain the CODEOWNERS
file by finding if an author of a customizable percent of the file isn't added as a code owner, which could potentially be useful if set high enough as an extra check that PR authors added themselves as codeowners, but on the other hand strict validation is not its primary function and it would need manual configuration (since it doesn't have token access).
So maybe not the best option, but figured it was worth mentioning since it uses the existing infra.
Seems like GitHub now validates CODEOWNERS. On a recent PR, e.g. #2320 , I see the following at the top of the CODEOWNERS file in the Files
pane. Not sure if it blares a warning if it isn't valid, but so long as reviewers glance at the Files pane, it should be visible.
@CAM-Gerlach out of interest if one intentionally invalidates the file, how noisy is the warning / error, if extant?
A
I was curious about the same thing; I was going to test but it looks like @JelleZijlstra beat me to it with #2328
Unfortunately it turns out the check doesn't actually warn about invalid usernames in CODEOWNERS.
Negative: GH doesn't validate invalid usernames
Positve: GH does validate actual syntax errors, with line level highlighting
Even more positive: actual syntax errors, invalid usernames, etc, seem to now be localised to a per-line level, and the rest of the file still works. The documentation hasn't been updated yet as far as I can tell, so this may be a soft launch, but I think this issue can now be closed as there doesn't seem to be risk of all of CODEOWNERS breaking anymore.
A
Agree with @AA-Turner. For future reference, we tried out some things in https://github.com/JelleZijlstra/ownerstest.
Thanks @JelleZijlstra and @AA-Turner ! I guess I'll close this now, since we're all in agreement that this is more or less resolved.
Even more positive: actual syntax errors, invalid usernames, etc, seem to now be localised to a per-line level, and the rest of the file still works. The documentation hasn't been updated yet as far as I can tell, so this may be a soft launch, but I think this issue can now be closed as there doesn't seem to be risk of all of CODEOWNERS breaking anymore.
The changes have now been announced:
For reference, invalid usernames are now detected and enumerated, so we can consider this issue fully closed.
I found Jelle's username misspelled in
CODEOWNERS
, and any time that file has a mistake in it, it stops working. I personally find the file handy, so I do want to keep it functioning, but not by occasionally asking why a new PR has no automated assignment to the PEP author/delegate.