According to the publishing documentation^1, CODEOWNERS and the gatekeper team must be owners of a crate published on crates.io in addition to the original crate authors. We can add a check that runs for every crate located in a repository that verifies the ownership status is correct with the crates.io API^2.
Example:
Find all crates:
for manifest_file in $(find . -type f -name Cargo.toml | grep --invert-match "/target/" | grep --invert-match "/fuzz/"); do
NAME=$(grep --max-count=1 name "${manifest_file}" | sed -e 's/name = "\(.\+\)"/\1/')
if ! [ -z "${NAME}" ]; then
echo ${NAME}
fi
done
Check owner for a crate:
CRATE_NAME="$1"
echo "INFO: querying https://crates.io/api/v1/crates/${CRATE_NAME}/owners"
OWNERS_REPLY=$(curl --silent "https://crates.io/api/v1/crates/${CRATE_NAME}/owners")
echo "INFO: API reply was ${OWNERS_REPLY}"
case "${OWNERS_REPLY}" in
*'{"errors":[{"detail":"Not Found"}]}'* ) echo "INFO: Crate ${CRATE_NAME} was not found on crates.io and is assumed unpublished." ; exit 0 ;; # Crate is not published.
esac
ERROR=""
case "${OWNERS_REPLY}" in
*github:rust-vmm:gatekeepers* ) echo "OK: rust-vmm:gatekeepers is an owner." ;;
* ) echo "ERROR: rust-vmm:gatekeepers team must be in ${CRATE_NAME}'s owners." ; ERROR="yes";;
esac
for owner in $(sed -e '/^#.\+$/d' -e 's/^[*]\s*//' -e 's/[@]//g' < CODEOWNERS); do
case "${OWNERS_REPLY}" in
*${owner}* )
echo "OK: ${owner} is an owner."
;;
* )
echo "ERROR: ${owner} is not an owner." ; ERROR="yes"
esac
done
if ! [ -z "${ERROR}" ]; then
echo "Missing crate owners for ${CRATE_NAME}, please add them."
exit 1
fi
Running it for virtio-bindings outputs:
INFO: querying https://crates.io/api/v1/crates/virtio-bindings/owners
INFO: API reply was {"users":[{"avatar":"https://avatars.githubusercontent.com/u/1043863?v=4","id":35756,"kind":"user","login":"sameo","name":"Samuel Ortiz","url":"https://github.com/sameo"},{"avatar":"https://avatars.githubusercontent.com/u/2815944?v=4","id":37110,"kind":"user","login":"andreeaflorescu","name":"Andreea Florescu","url":"https://github.com/andreeaflorescu"},{"avatar":"https://avatars.githubusercontent.com/u/8278356?v=4","id":53759,"kind":"user","login":"epilys","name":"Manos Pitsidianakis","url":"https://github.com/epilys"},{"avatar":"https://avatars.githubusercontent.com/u/115481277?v=4","id":186043,"kind":"user","login":"roypat","name":"Patrick Roy","url":"https://github.com/roypat"},{"avatar":"https://avatars.githubusercontent.com/u/46028664?v=4","id":1481,"kind":"team","login":"github:rust-vmm:gatekeepers","name":"gatekeepers","url":"https://github.com/rust-vmm"}]}
OK: rust-vmm:gatekeepers is an owner.
ERROR: alexandruag is not an owner.
OK: andreeaflorescu is an owner.
ERROR: jiangliu is not an owner.
ERROR: slp is not an owner.
ERROR: stsquad is not an owner.
OK: epilys is an owner.
Missing crate owners for virtio-bindings, please add them.
andreeaflorescu
commented
10 months ago
According to the publishing documentation^1, CODEOWNERS and the gatekeper team must be owners of a crate published on crates.io in addition to the original crate authors. We can add a check that runs for every crate located in a repository that verifies the ownership status is correct with the crates.io API^2.
Example:
Find all crates:
Check owner for a crate:
Running it for
virtio-bindingsoutputs: