Bors support for CODEOWNERS

Summary: Add an option to have bors parse and enforce the GitHub-designed CODEOWNERS file.

I allow this RFC document to be modified and redistributed under the terms of the Apache-2.0 license, or the CC-BY-NC-SA 3.0 license, at your option.

Motivation

Currently, bors only supports requiring numbers of contributors. This works for many use cases but several users need the power of GitHub CODEOWNERS. CODEOWNERS let users set a 'required' code reviewer for specific code. Eg, you could require review by security team if code in the security repository is altered.

Guide-level explanation

This feature is intended to exactly mimic the functionality GitHub provides with their CODEOWNERS implementation. As such, the exact guide level docs are owner by GitHub(here)

For bors, CODEOWNERS file support will be enabled by setting enable_codeowners = true in the bors.toml file.

Reference-level explanation

Please see Github official docs

Drawbacks

This will somewhat complicate the system by requiring us to follow the CODEOWNERS file format instead of just counting required reviewers.

Rationale and alternatives

This is an important tool to support the Bors Squash merge feature. Many teams cannot switch to squash-merge if they would lose the CODEOWNERS functionality.

An alternative, this could be implemented by an external github tagger bot. The bot could label PRs that still need review and could block on the attached label.

Prior art

  • GitHub - This feature is widely used in larger organizations.

Unresolved questions

  • Should the feature simply be automatically enabled when a CODEOWNERS file is present?

Future possibilities

We could extend the CODEOWNERS functionality to support features not officially supported in GitHub proper.

5 Likes

I don’t think that we should automatically enable this feature. If a user wants to enable this feature, they can manually opt-in by adding enable_codeowners = true to their bors.toml file.

For example, I have CODEOWNERS files in several of my repositories for informational purposes only - they serve as a useful list of the users that are responsible for different parts of the codebase. But I do not want Bors to require an approving review from a codeowner.

3 Likes

As long as you make this a strictly opt-in in feature (by adding enable_codeowners = true to the bors.toml file), and you never automatically enable this feature, I support this RFC.

Edited to add a summary line.

1 Like

Well, this seems uncontroversial, so this RFC is entering final comment period. Disposition: accept.

3 Likes

As long as the implementation isn't going to create problems, this seems like it would be actively helpful to my recent usages as well. :+1:

This RFC has been approved, and added to the archive at https://bors.tech/rfcs/0357-bors-support-for-codeowners.html