Add OWNERS file, maintainer-approval workflow, and rewrite suggest-reviewers in JS#4912
Merged
simonfaltum merged 4 commits intomainfrom Apr 8, 2026
Merged
Add OWNERS file, maintainer-approval workflow, and rewrite suggest-reviewers in JS#4912simonfaltum merged 4 commits intomainfrom
simonfaltum merged 4 commits intomainfrom
Conversation
Add a GitHub Actions workflow that blocks merge unless a core team member has approved. This is Step 1 of replacing CODEOWNERS with OWNERS. CODEOWNERS stays for now so existing behavior is unchanged. The OWNERS file is an exact copy of CODEOWNERS. The maintainer-approval workflow reads it at runtime to determine the core team from the * catch-all rule, then checks if any core team member has approved the PR. Domain-specific exemption: if all changed files are owned by non-core owners that include the PR author, any approval suffices.
simonfaltum
requested review from
andrewnester,
anton-107,
denik,
pietern and
shreyas-goenka
as code owners
Eligible reviewersCould not determine reviewers from git history. Based on CODEOWNERS, these people or teams could review: @andrewnester, @anton-107, @denik, @pietern, @shreyas-goenka Suggestions based on git history of 3 changed files (0 scored). See CODEOWNERS for path-specific ownership rules. |
denik
reviewed
Apr 8, 2026
denik
approved these changes
Apr 8, 2026
Fix null user destructuring in maintainer-approval.js that would crash on reviews from deleted GitHub accounts. Add empty file list guard in the exemption check. Add success output for debugging. Add round-robin fallback to suggest_reviewers.py: when git history can't determine a reviewer, query the GitHub search API for each eligible reviewer's review count over the last 30 days and pick the person with the fewest reviews. Falls back to random if the API fails. Also fix yamlfmt: script block uses |- instead of |.
The CODEOWNERS entry only covered the single file. The intent was to include lennartkats-db on all bundle command changes, not just the root registration file. Since OWNERS is our new file and CODEOWNERS stays unchanged for now, we can fix this here.
Replace tools/suggest_reviewers.py with a JavaScript version that runs via actions/github-script. This drops the uv/Python dependency from the suggest-reviewers workflow. Extract shared OWNERS parsing into .github/scripts/owners.js, imported by both maintainer-approval.js and suggest-reviewers.js. Both scripts now read .github/OWNERS instead of .github/CODEOWNERS. The JS version uses Octokit for all GitHub API calls (no gh CLI) and child_process.execSync for git log only. Includes round-robin fallback: when git history can't determine a reviewer, queries the GitHub search API for recent review counts and picks the person with fewest reviews.
simonfaltum
changed the title
simonfaltum
added a commit
that referenced
this pull request
Apr 8, 2026
Simon is already covered by the * catch-all rule. Listing him explicitly on /cmd/bundle/ is redundant. This PR also serves to verify the maintainer-approval and suggest-reviewers workflows added in #4912.
2 tasks
github-merge-queue bot
pushed a commit
that referenced
this pull request
Apr 8, 2026
## Why The maintainer-approval workflow from #4912 used `ubuntu-latest` (GitHub public runners), which can't make API calls against the `databricks` org due to the IP allow-list. Also, `@simonfaltum` was listed on the `/cmd/bundle/` OWNERS rule but isn't on the bundle team. ## Changes 1. Switch `maintainer-approval.yml` from `ubuntu-latest` to the `databricks-deco-testing-runner-group` custom runner, matching all other workflows in the repo. 2. Remove `@simonfaltum` from `/cmd/bundle/` in `.github/OWNERS` since he's not on the bundle team. ## Test plan - [x] `suggest-reviewers / suggest-reviewers` fired and posted a reviewer suggestion comment with round-robin fallback - [ ] After merge, verify `Maintainer approval / check` runs on the custom runner (requires a new PR since `pull_request_target` reads workflows from the base branch)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
GitHub's CODEOWNERS auto-assigns all matching owners on every PR. There's no setting to disable this. Our
*catch-all means all 6 core team members get auto-assigned on every single PR.We want core team approval to be required, but nobody should get auto-assigned. This PR adds the new enforcement mechanism (maintainer-approval workflow) and rewrites the suggest-reviewers script from Python to JavaScript, so both workflow scripts share a common OWNERS parsing module and we can drop the
uv/Python dependency from the suggest-reviewers workflow.This is Step 1 of replacing CODEOWNERS. CODEOWNERS stays for now so existing auto-assignment behavior is unchanged. Step 2 will delete CODEOWNERS.
Changes
Before: CODEOWNERS auto-assigns all owners. suggest-reviewers runs via Python/uv. No merge gate for core team approval.
Now: A new maintainer-approval check blocks merge without core team approval. suggest-reviewers is rewritten in JS using Octokit (no more Python/uv dependency). Both scripts share an OWNERS parsing module. A round-robin fallback picks a reviewer when git history has no signal.
New files
.github/OWNERS: Copy of CODEOWNERS with/cmd/bundle/widened to cover the whole directory (was/cmd/bundle/bundle.go). Both workflow scripts read this file..github/scripts/owners.js: Shared module for OWNERS file parsing, pattern matching, and owner resolution. ExportsparseOwnersFile,ownersMatch,findOwners,getCoreTeam. Supports an{ includeTeams: true }option for the suggest-reviewers use case..github/workflows/maintainer-approval.yml+.js: GitHub Actions workflow that triggers onpull_request_targetandpull_request_review. Blocks merge unless a core team member has approved. Includes exemption logic for domain-specific owners..github/workflows/suggest-reviewers.js: JS port oftools/suggest_reviewers.py. Uses Octokit for all GitHub API calls (authenticated, with built-in retries and pagination). Useschild_process.execSyncforgit logonly (no Octokit equivalent for per-path history). Includes a round-robin fallback that queries review counts via the GitHub search API.Modified files
.github/workflows/suggest-reviewers.yml: Dropsastral-sh/setup-uvstep. Usesactions/github-scriptinstead ofuv run tools/suggest_reviewers.py. Keepsfetch-depth: 0(needed for git log), custom runner group, and draft/fork checks.Deleted files
tools/suggest_reviewers.py: Replaced by the JS version.Manual step after merge
Add "Maintainer approval" as a required status check in branch protection for
main.Test plan