I see that bors gets the code owners from /.github/CODEOWNERS.

However I have the file stored at /CODEOWNERS. So according to the code bors should not take my code owner file into account. However bors does complain when one of our PRs has not been approved. OTOH I've seen instances where a PR was merged by bors which didn't have all the required approvals.

So I'm confused at this point. Where should I store CODEOWNERS?

Do you have the required_approvals option turned on in your bors.toml file?

No we don't.

We do set: use_codeowners = true.

I just moved /CODEOWNERS to /.github/CODEOWNERS to see if that improves things.

Moving the file to /.github/CODEOWNERS fixed the problems for us.

It would be good if bors would look for a CODEOWNER file in all the locations where GitHub looks for that file.