Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a flag to only allow teams as owners #127

Merged
merged 1 commit into from
Apr 6, 2022
Merged

Add a flag to only allow teams as owners #127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,7 @@ Use the following environment variables to configure the application:
| <tt>OWNER_CHECKER_REPOSITORY</tt> <b>*</b> | | The owner and repository name separated by slash. For example, gh-codeowners/codeowners-samples. Used to check if GitHub owner is in the given organization. |
| <tt>OWNER_CHECKER_IGNORED_OWNERS</tt> | `@ghost`| The comma-separated list of owners that should not be validated. Example: `"@owner1,@owner2,@org/team1,[email protected]"`. |
| <tt>OWNER_CHECKER_ALLOW_UNOWNED_PATTERNS</tt> | `true` | Specifies whether CODEOWNERS may have unowned files. For example: <br> <br> `/infra/oncall-rotator/ @sre-team` <br> `/infra/oncall-rotator/oncall-config.yml` <br> <br> The `/infra/oncall-rotator/oncall-config.yml` file is not owned by anyone. |
| <tt>OWNER_CHEKER_OWNERS_MUST_BE_TEAMS</tt> | `false` | Specifies whether only teams are allowed as owners of files |
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:

Suggested change
| <tt>OWNER_CHEKER_OWNERS_MUST_BE_TEAMS</tt> | `false` | Specifies whether only teams are allowed as owners of files |
| <tt>OWNER_CHEKER_OWNERS_MUST_BE_TEAMS</tt> | `false` | Specifies whether only teams are allowed as owners of files. |

Additionally, please add:

  owner_cheker_owners_must_be_teams:
    description:  "Specifies whether only teams are allowed as owners of files."
    default: "false"
    required: false

to action.yml

Copy link

@electriquo electriquo Apr 7, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sadly, this is not documented in the readme https://github.com/mszostok/codeowners-validator#checks

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for letting me know, I will add it there too. For now, it was documented in configuration and in the release notes.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no, thank you @mszostok :)

| <tt>NOT_OWNED_CHECKER_SKIP_PATTERNS</tt> | - | The comma-separated list of patterns that should be ignored by `not-owned-checker`. For example, you can specify `*` and as a result, the `*` pattern from the **CODEOWNERS** file will be ignored and files owned by this pattern will be reported as unowned unless a later specific pattern will match that path. It's useful because often we have default owners entry at the begging of the CODOEWNERS file, e.g. `* @global-owner1 @global-owner2` |

<b>*</b> - Required
Expand Down
12 changes: 10 additions & 2 deletions internal/check/valid_owner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ type ValidOwnerConfig struct {
//
// The `/infra/oncall-rotator/oncall-config.yml` this file is not owned by anyone.
AllowUnownedPatterns bool `envconfig:"default=true"`
// OwnersMustBeTeams specifies whether owners must be teams in the same org as the repository
OwnersMustBeTeams bool `envconfig:"default=false"`
}

// ValidOwner validates each owner
Expand All @@ -37,6 +39,7 @@ type ValidOwner struct {
orgRepoName string
ignOwners map[string]struct{}
allowUnownedPatterns bool
ownersMustBeTeams bool
}

// NewValidOwner returns new instance of the ValidOwner
Expand All @@ -57,6 +60,7 @@ func NewValidOwner(cfg ValidOwnerConfig, ghClient *github.Client) (*ValidOwner,
orgRepoName: split[1],
ignOwners: ignOwners,
allowUnownedPatterns: cfg.AllowUnownedPatterns,
ownersMustBeTeams: cfg.OwnersMustBeTeams,
}, nil
}

Expand Down Expand Up @@ -133,10 +137,10 @@ func (v *ValidOwner) isIgnoredOwner(name string) bool {

func (v *ValidOwner) selectValidateFn(name string) func(context.Context, string) *validateError {
switch {
case v.ownersMustBeTeams || isGitHubTeam(name):
return v.validateTeam
case isGitHubUser(name):
return v.validateGitHubUser
case isGitHubTeam(name):
return v.validateTeam
case isEmailAddress(name):
// TODO(mszostok): try to check if e-mail really exists
return func(context.Context, string) *validateError { return nil }
Expand Down Expand Up @@ -186,6 +190,10 @@ func (v *ValidOwner) validateTeam(ctx context.Context, name string) *validateErr
}
}

if !isGitHubTeam(name) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I could be moved before the v. orgTeams initialization.

return newValidateError("%s is not a team", name)
}

// called after validation it's safe to work on `parts` slice
parts := strings.SplitN(name, "/", 2)
org := parts[0]
Expand Down