ARCH-4643 Add org-wide CODEOWNERS enforcement workflow#4
Open
NielsDoucet wants to merge 1 commit intomainfrom
Open
ARCH-4643 Add org-wide CODEOWNERS enforcement workflow#4NielsDoucet wants to merge 1 commit intomainfrom
NielsDoucet wants to merge 1 commit intomainfrom
Conversation
NielsDoucet
force-pushed
the
feature/ARCH-4643
branch
from
80bef6b to
c510926
Compare
rathpc
requested changes
Apr 27, 2026
NielsDoucet
force-pushed
the
feature/ARCH-4643
branch
3 times, most recently
from
3de48a4 to
0b7ac0e
Compare
Introduces a Required Workflow (org-workflows/enforce-codeowners-teams.yml) that blocks PRs across the entire organisation when CODEOWNERS entries name individual GitHub users instead of @org/team references. Logic is extracted to a testable shell script (scripts/check-codeowners.sh) with 16 BATS tests. A repo-local workflow (.github/workflows/test-scripts.yml) runs the BATS suite on changes to scripts/. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
NielsDoucet
force-pushed
the
feature/ARCH-4643
branch
from
0b7ac0e to
963b9e0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of your changes
Introduces an organisation-wide policy that disallows individual GitHub user accounts in CODEOWNERS files — only
@collibra/<team>references (or no owner at all, to explicitly mark files as unowned) are permitted.What's added:
org-workflows/enforce-codeowners-teams.yml— GitHub Actions Required Workflow that runs on every PR across the entire org. Checks out the target repo and runs the validation script. Must be registered under Org Settings → Actions → Required workflows pointing tocollibra/.github/org-workflows/enforce-codeowners-teams.yml@main.scripts/check-codeowners.sh— Shell script with two testable functions:find_codeowners(locates the CODEOWNERS file per GitHub's priority order) andextract_individuals(detects bare@usernameentries while ignoring teams, email addresses, comments, and pattern-only/no-owner lines).scripts/check-codeowners.bats— 16 BATS unit tests covering all edge cases..github/workflows/test-scripts.yml— Repo-local workflow that runs the BATS suite on every push/PR touchingscripts/.README.md— Documents the purpose and structure oforg-workflows/,.github/workflows/, andscripts/.JIRA reference
ARCH-4643
Impact Analysis
The Required Workflow will need to be registered by an org admin after merge. Until registered it has no effect on other repositories. The check is non-destructive: it only fails PRs that introduce new individual-user CODEOWNERS entries. Repositories that already have individual entries will surface failures only on their next PR.
Checklist