Skip to content

v0.11.0
Compare
Choose a tag to compare
@cloudpossebot cloudpossebot released this 30 Aug 17:45
· 27 commits to refs/heads/master since this release
0.11.0
9d09121
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Update Go versions. Update GitHub workflows. Update Dockerfile @aknysh (#50)

what

  • Update Go versions
  • Update GitHub workflows
  • Update Dockerfile

why

  • Keep up to date
git.io->cloudposse.tools update @dylanbannon (#42)

what and why

Change all references to git.io/build-harness into cloudposse.tools/build-harness, since git.io redirects will stop working on April 29th, 2022.

References

  • DEV-143
Update mszostok/codeowners-validator action to v0.7.1 @renovate (#35)

This PR contains the following updates:

Package Type Update Change
mszostok/codeowners-validator action minor v0.5.0 -> v0.7.1

Release Notes

mszostok/codeowners-validator

v0.7.1

Compare Source

🔧 Bug fix release for 0.7.0 is now available!

Issue

Reports Team does not belong to organization error even if team is assigned to a proper GitHub organization. (https://github.com/mszostok/codeowners-validator/issues/121)

Root cause

This was a side effect of https://github.com/mszostok/codeowners-validator/pull/78#issuecomment-941445181 where not only team was normalized. Unfortunately, it was not detected by the integration test, as I used only the gh-codeowners organization. As you can see, it's all lower-case.

To reproduce the problem, I created a new organization GitHubCODEOWNERS and executed the v0.7 against it and ran into the same problem: https://github.com/GitHubCODEOWNERS/codeowners-samples/runs/5173200010?check_suite_focus=true

I tested that further to check whether GitHub also is case-insensitive for Organization names:

Corrective and Preventative Measures

To fix that problem, I created this PR: https://github.com/mszostok/codeowners-validator/pull/122 and tested also against a newly created organization: https://github.com/GitHubCODEOWNERS/codeowners-samples/runs/5173279973?check_suite_focus=true

I also added new integration tests against new GitHubCODEOWNERS organization to ensure no regression in the future.

Additional Corrective and Preventative Measures

In this case it's a bit of revers engineering as I don't have access to GitHub code which is responsible for assigning owners. As a result, I will need to create yet another e2e test that will be executed periodically to:

  • Create a sample PR against files where @GiTHubCodeOwners/A-TeAm is specified and check whether GitHub is still case-insensitive and assigns @GitHubCodeowners/a-team properly.

In this way, I will be notified when GitHub will change its behavior and I will be able to release a new version that will match a changed functionality.

Changelog

Please see: https://github.com/mszostok/codeowners-validator/releases/tag/v0.7.0

v0.7.0

Compare Source

🎉 GitHub Codeowners Validator 0.7.0 is now available!

Highlights

🔧 Bug Fixes

  • Normalize team name before comparison (#​78) (@​mszostok)
    GitHub is case-insensitive when assigning owners for a review. To match this approach now owners are normalized before checking if they exist under a given GitHub organization.

  • Allow unowned patterns by default with an option to change it (#​113) (@​mszostok)
    GitHub allows you to define a pattern and left its owners empty. For example:

    /apps/ @​octocat
/apps/github

    In version 0.6 this was reported as error (Missing owner, at least one owner is required).
    In this release, this check was moved under owner checker and made optional. As a result, validator may work in a picky mode when needed, see new option:

    Name Default Description
    OWNER_CHECKER_ALLOW_UNOWNED_PATTERNS true Specifies whether CODEOWNERS may have unowned files. For example:

    /infra/oncall-rotator/ @​sre-team
    /infra/oncall-rotator/oncall-config.yml

    The /infra/oncall-rotator/oncall-config.yml file is not owned by anyone.
    To enable strict mode on GitHub Action specify: 
          - name: GitHub CODEOWNERS Validator
        uses: mszostok/[email protected]
        with:
          owner_checker_allow_unowned_patterns: "false"

    Additionally, it is now reported as warning not error:

    ==> Executing Valid Owner Checker (1.2s)
    [war] line 23: Missing owner, at least one owner is required

  • Fix spelling of brand GitHub (#​106) (@​jsoref)

  • 0e709b4: Changed belongs to belong in error message, add integration tests(#​108) (@​kyleellman)

✨ New checks

  • Enforce only one CODEOWNERS file (#​100) (@​athtran)
    In v0.7 an error is reported when more than one CODEOWNERS file is detected.

📖 Docs

🛡️ Security

Installation

See the Installation section for more installation options.

Docker images

ghcr.io:

  • docker pull ghcr.io/mszostok/codeowners-validator:stable
  • docker pull ghcr.io/mszostok/codeowners-validator:v0
  • docker pull ghcr.io/mszostok/codeowners-validator:v0.7
  • docker pull ghcr.io/mszostok/codeowners-validator:v0.7.0

Docker Hub:

NOTE: Pushing to docker Hub will be deprecated and removed soon.

  • docker pull mszostok/codeowners-validator:latest
  • docker pull mszostok/codeowners-validator:v0.7.0
  • docker pull mszostok/codeowners-validator:v0.7
Changelog 🚀

v0.6.0

Compare Source

🚨GitHub Codeowners Validator 0.6.0 is now available!

Highlights

  • ✨ Add validation for checking if team has a proper permission
    Due to the new permission validation step in Owners Checker, this check takes a little more time.

  • 🐛 Fix bug in Owners Checker. Now Owners Checker supports child teams with inherited repo perms.

  • ⚠️ Error message was changed in Owners Checker.

From
[err] line 15: Team "avengers" does not have permissions associated with the repository "codeowners-samples".
To
[err] line 15: Team "avengers" does not exist in organization "gh-codeowners" or has no permissions associated with the repository.
```
Installation

To install the codeowners-validator, run:

##### Install codeowners-validator in /usr/local/bin in version 0.6.0
curl -sfL https://raw.githubusercontent.com/mszostok/codeowners-validator/master/install.sh| sh -s -- -b /usr/local/bin v0.6.0

See the Installation section for more installation options.

Docker images
  • docker pull mszostok/codeowners-validator:latest
  • docker pull mszostok/codeowners-validator:v0.6.0
  • docker pull mszostok/codeowners-validator:v0.6
Changelog 🚀

8fafb0b Adjust docs and GitHub action for v0.6.0 release
2f6e3bb Fix badly worded error (#​64)
5ed7b98 Adjust integration test after changing error message
204640e address comments from PR #​62
9224144 Add permissions check to valid_owner
cde24ed Add a twitter badge
e5e11b0 rename test to comply with golang.org/x/mod/module.CheckFilePath (#​60)

Contributors

Thanks again to everyone who contributed to this release! ✨

Users whose commits are in this release:

v0.5.1

Compare Source

Changelog

d6bdfac Add CONTRIBUTING.md and development.md (#​56)
4f46df1 Add configurability for the list of ignored owners (#​55)
085f270 Adjust docs and GitHub action for v0.5.1 release
97fb795 Ignore ghost user (#​53)
0b6c2ef Update info about new checker (#​51)

Docker images
  • docker pull mszostok/codeowners-validator:latest
  • docker pull mszostok/codeowners-validator:v0.5.1
  • docker pull mszostok/codeowners-validator:v0.5

Contributors

renovate, aknysh, and dylanbannon
Assets 18
Loading