6

My team <team-1> is sharing a github repo with <team-2>. The repo looks something like this (Simplified example):

infrastructure/
       |
       |-- .github/CODEOWNERS 
       |
       |-- directory1/ 
               |
               |-- subdirectory1.1/
               |
               |-- subdirectory1.2/
              |
       |-- directory2/ 
               |
               |-- subdirectory2.1/
               |
               |-- subdirectory2.2/
              |
       |-- directory3/ 
               |
               |-- subdirectory3.1/
               |
               |-- subdirectory3.2/

<team-2> is the CODEOWNER of every directory in the repo, and my team <team-1> owns only subdirectory1.1 and subdirectory2.1.

In otherwords the CODEOWNERS file looks something like this:

github/CODEOWNERS

* @mycompany/team2
/infrastructure/directory1/subdirectory1.1 @mycompany/team1
/infrastructure/directory2/subdirectory2.1 @mycompany/team1

Given the aforementioned, what I would like to do is exclude team2 from every folder that team1 owns, ideally without removing the wildcard in the codeowners file.

* @mycompany/team2
/infrastructure/directory1/subdirectory1.1 @mycompany/team1 AND EXCLUDE TEAM2
/infrastructure/directory2/subdirectory2.1 @mycompany/team1 AND EXCLUDE TEAM2

What is the best way to do that without rewriting the whole codeowners logic?

Adam Fratino
  • 1,245
  • 10
  • 23
Dimi
  • 309
  • 5
  • 25

3 Answers3

3

According to the documentation, your example should work just fine.

Quote from the example:

# Order is important; the last matching pattern takes the most
# precedence. When someone opens a pull request that only
# modifies JS files, only @js-owner and not the global
# owner(s) will be requested for a review.
*.js    @js-owner

So, in this case, it seems that one of the following is the case:

  • Github has fixed the issue, their docs are up to date, and your example now works just as you'd like it to.
  • OR: Their docs are incorrect and Github needs to fix either the feature or their docs to accurately describe behavior.
TheJeff
  • 3,665
  • 34
  • 52
0

GitHub native option: GitHub Action

You can try and configure the GitHub Action mszostok/codeowners-validator which can validate the GitHub CODEOWNERS file based on specified checks.

For instance:

notowned: Reports if a given repository contain files that do not have specified owners in CODEOWNERS file.

Non-GitHUb native options

Gitolite

If by "code owner" you means push/write access to a folder, this is not supported natively by Git, or GitHub: if you can push to part of a repository, you can push to all of the repository.

What you might consider is pushing to an intermediate gateway repository, on a server you control, and where you can set-up an authorization layer, like gitolite

With Gitolite, you can with VREF restrict pushes by the names of dirs and files changed.

In your case:

repo foo
        RW+                             =   @team2
        R                               =   @team1

        RW   VREF/NAME/infrastructure/directory1/subdirectory1.1 @team1
        RW   VREF/NAME/infrastructure/directory1/subdirectory2.1 @team1

Once the push is validated by Gitolite, that same server could in turn push to GitHub.

Split repository and git filter-repo

But a more natural way would be to split the repository in two, referencing the team1 content in the main parent teeam2 repository, as a submodule.
Not easy though, considering it would involve history rewriting, and folder reorganization.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Yeah, I believe submodules would be the bet handling such situations, you could also have a look here in addition to the official documentation: https://www.atlassian.com/git/tutorials/git-submodules, and here https://github.blog/2016-02-01-working-with-submodules/ to get started with submodules. – Utmost Creator Nov 01 '21 at 11:22
  • @UtmostCreator Agreed. But it involves splitting the repository in two first, using git filter-repo: https://stackoverflow.com/a/58983975/6309 – VonC Nov 01 '21 at 11:24
  • I have splitted up 2 project with default git tools, but having read [git filter-repo](https://github.com/newren/git-filter-repo), seems powerful enough, not to mention the fact that it is recommended by the owners! it really may come in handy in such situations! – Utmost Creator Nov 01 '21 at 11:33
  • downvoted because it mentions adding another service instead of answering the question about CODEOWNERS file and possible ways to deal with this using github actions. – airtonix Jul 15 '22 at 02:43
  • @airtonix Thank you for this feedback. I have edited the answer to include a possible GitHub Action-based option to this question. – VonC Jul 15 '22 at 04:33
  • @VonC running a github action to validate the CODEOWNER file is not what the question is about though. It's about enforcing ownership of the code described by the CODEOWNERS file... I'm so confused as to why this isn't obvious to you? none of what you described in your answer satisfies this. – airtonix Jul 18 '22 at 04:25
  • @airtonix Hopefully someone will have a better answer then. – VonC Jul 18 '22 at 04:36
-1

In theory, prefixing a line with ! should work, since

In practice, though, I tried this and the CODEOWNERS lines starting with ! are invalid according to mszostok/codeowners-validator checks, so, no luck.

Michael L
  • 69
  • 1
  • 6
  • 2
    This is documented right now. It's not valid to use `!` https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-syntax – Serdar Sayın Oct 18 '22 at 12:11