Conversation
There was a problem hiding this comment.
Pull request overview
This PR introduces automated validation of the CODEOWNERS file through a new GitHub Actions workflow. The check runs on pull requests to identify issues like missing teams, incorrect permissions, or invalid configurations—initially as a warning-only feature before becoming a blocking requirement.
- Adds a reusable GitHub Actions workflow that validates CODEOWNERS configuration on every PR
- Updates CODEOWNERS to include ownership rules for the new validation workflow itself
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/codeowner-check.yml | New workflow that calls a centralized CODEOWNERS validation job from the GHAS-enablement-repo |
| .github/CODEOWNERS | Adds ownership entry for the new codeowner-check.yml workflow file, assigning it to @deliveroo/product-sec-eng |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,13 @@ | |||
| name: CODEOWNERS Validation Call | |||
There was a problem hiding this comment.
There's a leading whitespace before 'name' that should be removed for proper YAML formatting.
There was a problem hiding this comment.
no there isn't. stop hallucinating.
| * @deliveroo/engineering | ||
| **/codeql*.yml @deliveroo/product-sec-eng # DO NOT MODIFY/REMOVE, AUTOGENERATED by Product Security | ||
| **/dependency*.yml @deliveroo/product-sec-eng # DO NOT MODIFY/REMOVE, AUTOGENERATED by Product Security | ||
| **/codeowner-check.yml @deliveroo/product-sec-eng # DO NOT MODIFY/REMOVE, AUTOGENERATED by DevSecOps |
There was a problem hiding this comment.
The filename pattern 'codeowner-check.yml' is inconsistent with the actual filename 'codeowners-check.yml' referenced in the workflow. This pattern won't match the workflow file being added.
| **/codeowner-check.yml @deliveroo/product-sec-eng # DO NOT MODIFY/REMOVE, AUTOGENERATED by DevSecOps | |
| **/codeowners-check.yml @deliveroo/product-sec-eng # DO NOT MODIFY/REMOVE, AUTOGENERATED by DevSecOps |
JIRA: PSC-1944
Why this PR?
We're adding a CI/CD check to automatically validate your
CODEOWNERSfile on every commit.The Problem
Invalid or misconfigured
CODEOWNERSfiles can cause:The Solution
A new CI check will:
CODEOWNERSfile is missing or invalidFor now, this is a warning only.
We’ll make it blocking soon.
What to Do
CODEOWNERSfile and fix any issues. Confirm this PR is either updating an existing codeowners file or adding a new one.For help, ask in #support-devsecops.