Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Fix formatting of CODEOWNERS" #3967

Merged
merged 1 commit into from
Dec 13, 2024
Merged

Revert "Fix formatting of CODEOWNERS" #3967

merged 1 commit into from
Dec 13, 2024
+1 −1

Conversation

haydentherapper
Copy link
Contributor

Reverts #3957

One of Sigstore's admins helps maintain a number of repos without explicitly being a codeowner. It seems like almost every repo across the Sigstore org has this same syntax error, which means effectively we haven't been using codeowners files for approvals. I have a few thoughts on ideas to fix this, but for now, I'm reverting this change so the admin can continue merging PRs.

A few ideas for fixes:

  • Remove requiring codeowners approvals (each repo should be making that decision, and it's not ideal for the lack of notifications)
  • Remove push restrictions (-1 on this, this mandates those with maintain can merge, but not those with write, which lets us implement review vs merge permissions)
  • Allow admins to bypass branch protection rules (-1 on this, insider risk mitigation)

@haydentherapper
Revert "Fix formatting of CODEOWNERS (#3957)"

Verified

This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
a587d5c 
This reverts commit 77f46ca.
@haydentherapper haydentherapper requested a review from a team as a code owner December 12, 2024 21:46
@haydentherapper haydentherapper enabled auto-merge (squash) December 12, 2024 21:47
@haydentherapper haydentherapper merged commit a213ea9 into main Dec 13, 2024
23 checks passed
@haydentherapper haydentherapper deleted the revert-3957-codeowners-format branch December 13, 2024 09:49
@haydentherapper haydentherapper mentioned this pull request Jan 31, 2025
Closed
@codysoyland
Copy link
Member

@haydentherapper Is this mostly for Dependabot updates? If so, we could add a "dep-maintainer" group (or even just Carlos's username) and give it ownership of go.mod/go.sum.

@haydentherapper haydentherapper mentioned this pull request Feb 4, 2025
Merged
@haydentherapper
Copy link
Contributor Author

Thanks @codysoyland for the suggestion, I've created PRs to create dep-maintainers and grant it maintainer perms over cosign, fulcio, rekor and sigstore/sigstore. Then we can fix the codeowners syntax and grant the team ownership over go.mod/sum

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hectorj2f hectorj2f

@cpanato cpanato

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@haydentherapper @codysoyland @hectorj2f @cpanato