Replace Dependabot reviewers config with CODEOWNERS #21864
Conversation
|
| App Name |  WordPress |
|
| Flavor | Jalapeno | |
| Build Type | Debug | |
| Version | pr21864-bcaeae1 | |
| Commit | bcaeae1 | |
| Direct Download | wordpress-prototype-build-pr21864-bcaeae1.apk |
|
| App Name |  Jetpack |
|
| Flavor | Jalapeno | |
| Build Type | Debug | |
| Version | pr21864-bcaeae1 | |
| Commit | bcaeae1 | |
| Direct Download | jetpack-prototype-build-pr21864-bcaeae1.apk |
.github/CODEOWNERS
Outdated
| @@ -0,0 +1 @@ | |||
| @wordpress-mobile/android-developers | |||
There was a problem hiding this comment.
Blocker (🚫): I think that this would not work as expected for the below reasons:
- The correct syntax expects a file location parameter first, or a
*regex if this would mean all changes within the project: - To (somehow) replicate assigning
@wordpress-mobile/android-developersfor Dependabot (:dependabot:) PRs only, and not all changes, I recommend using this configuration instead (with an associated comment):
# Dependabot
/gradle/libs.versions.toml @wordpress-mobile/android-developers
FYI: Note that the above change will also assign @wordpress-mobile/android-developers to such changes, even if they don't come through Dependabot (:dependabot:) as you cannot restrict CODEOWNERS to only Dependabot (:dependabot:) PRs; any PR (manual or automated) touching this file will trigger reviewer assignment.
PS: You could check a random Dependabot (:dependabot:) PR to understand why we target gradle/libs.versions.toml.
There was a problem hiding this comment.
Cc @wordpress-mobile/android-developers
There was a problem hiding this comment.
Thanks for the review @ParaskP7! I definitely missed the asterisk when reading their docs.
PRs only, and not all changes
Yep that's a good point.
There was a problem hiding this comment.
Thanks for the change @twstokes ! 🚀
I am very curious why this is shown as a bug when looking at the file changes, hmmm... 🤔
Unknown owner on line 2: make sure the team @wordpress-mobile/android-developers exists, is publicly visible, and has write access to the repository
/gradle/libs.versions.toml @wordpress-mobile/android-developers
There was a problem hiding this comment.
Yep:
The people you choose as code owners must have write permissions for the repository.
Reviewers must have at least read access to the repository.
So this isn't as 1:1 as originally thought.
There was a problem hiding this comment.
@ParaskP7 I think the solution here is to bump up the access of that (currently) two-person team since they are the devs that work directly on this app: https://github.com/orgs/wordpress-mobile/teams/android-developers
There was a problem hiding this comment.
I think the only reason they haven't hit blockers is because they are also members of a broader group that has higher access.
There was a problem hiding this comment.
I've bumped them to the Maintain role and the CODEOWNERS check is now green.
There was a problem hiding this comment.
Agreed to all, awesome, thanks @twstokes ! 🙇 ❤️ 🚀
twstokes
force-pushed
the
tooling/dependabot-reviewers
branch
from
0221954 to
8b24f8e
Compare
|
Description
Removes the reviewers configuration of Dependabot and replaces it with CODEOWNERS. See: https://github.blog/changelog/2025-04-29-dependabot-reviewers-configuration-option-being-replaced-by-code-owners/
Testing