Skip to content

Commit 7592104

Browse files
committed
data-sync-maintainers: summary list of CODEOWNERS users lacking write access
A CODEOWNERS entry only works if the user has write (push) access — otherwise GitHub silently ignores it and never review-requests them. Add a final step that cross-checks the generated CODEOWNERS individuals against the repo's push-capable collaborators (paginated) and appends, to the workflow summary, the ones without write access (so maintainers can grant access or drop the entry). Degrades gracefully (notes "check skipped") if the token can't read collaborators; org teams (@org/team) are excluded. Against the current repo this flags ~59 of the CODEOWNERS users — entries that are currently dead. Signed-off-by: Igor Pecovnik <igor@armbian.com>
1 parent 61f1881 commit 7592104

1 file changed

Lines changed: 38 additions & 0 deletions

File tree

.github/workflows/data-sync-maintainers.yml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,44 @@ jobs:
116116
117117
./.github/generate_CODEOWNERS.sh
118118
119+
- name: "Flag CODEOWNERS users without write access"
120+
env:
121+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
122+
run: |
123+
set -uo pipefail
124+
125+
# Individuals referenced in the generated CODEOWNERS (drop any @org/team refs).
126+
mapfile -t users < <(grep -oE '@[A-Za-z0-9_/-]+' .github/CODEOWNERS \
127+
| sed 's/^@//' | grep -v '/' | tr 'A-Z' 'a-z' | sort -u)
128+
129+
# Collaborators that actually have push (write) access. A CODEOWNERS entry
130+
# for anyone WITHOUT write access is silently ignored by GitHub — never
131+
# review-requested — so surface them for the maintainers to fix.
132+
collabs="$(gh api --paginate "repos/${GITHUB_REPOSITORY}/collaborators" \
133+
--jq '.[] | select(.permissions.push) | .login' 2>/dev/null || true)"
134+
have_push="$(tr 'A-Z' 'a-z' <<<"$collabs" | sort -u)"
135+
136+
{
137+
echo ""
138+
echo "### CODEOWNERS users without write access"
139+
echo ""
140+
if [[ -z "$have_push" ]]; then
141+
echo "_Could not read repository collaborators (token lacks access) — check skipped._"
142+
else
143+
missing=()
144+
for u in "${users[@]}"; do
145+
grep -qxF "$u" <<<"$have_push" || missing+=("$u")
146+
done
147+
if (( ${#missing[@]} )); then
148+
echo "These ${#missing[@]} CODEOWNERS entries are ignored by GitHub until granted write access:"
149+
echo ""
150+
printf -- '- @%s\n' "${missing[@]}"
151+
else
152+
echo "_All ${#users[@]} CODEOWNERS users have write access._"
153+
fi
154+
fi
155+
} >> "$GITHUB_STEP_SUMMARY"
156+
119157
- name: Create Pull Request
120158
id: cpr
121159
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1

0 commit comments

Comments
 (0)