Skip to content

docs: add CODEOWNERS and issue/PR templates#112

Merged
rubenhensen merged 1 commit into
mainfrom
docs/repo-governance
Jul 1, 2026
Merged

docs: add CODEOWNERS and issue/PR templates#112
rubenhensen merged 1 commit into
mainfrom
docs/repo-governance

Conversation

@rubenhensen

Copy link
Copy Markdown
Contributor

Closes #106.

Adds the repo-governance scaffolding: automatic reviewer routing plus consistent issue/PR structure.

What's added

  • .github/CODEOWNERS — global ownership so PRs auto-request a review.
  • .github/PULL_REQUEST_TEMPLATE.md — summary + linked issue + a checklist that reinforces existing gates (lint, check, test:unit/test:e2e, db:check migration safety) and reminds contributors of the Conventional-Commit title rule.
  • .github/ISSUE_TEMPLATE/bug_report.md, feature_request.md, and a config.yml whose contact link routes security reports to the private advisory flow (so they don't get filed as public issues — pairs with Security: add SECURITY.md (responsible-disclosure policy) #102 / SECURITY.md).

One thing to confirm

CODEOWNERS currently defaults everything to @rubenhensen (the dominant committer). If you'd rather route reviews to a team (e.g. @encryption4all/<team>) or split ownership by path (e.g. drizzle/, .github/, src/lib/server/), say the word — it's a one-line change.

@dobby-coder

dobby-coder Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

On it, @rubenhensen! I'm picking up PR #112 now and will review the repo governance scaffolding for correctness and rule-compliance.

@dobby-coder dobby-coder Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Governance scaffolding looks solid — clean, minimal, and consistent with the repo. Verified: PR-template scripts (lint, check, test:unit/test:e2e, db:check) all exist; the template's "Conventional Commit" enforcement claim is accurate (repo has .github/workflows/pr-title.yml); the advisory URL matches SECURITY.md; both auto-applied labels (bug/enhancement) exist; YAML and frontmatter valid. Ran a per-rule check (security-issue routing, conventional-commit titles, AI-slop tells, docs/README standards, repo notes) — all compliant.

One non-blocking nit inline. Not blocking merge.

On the open question: defaulting CODEOWNERS to @rubenhensen is a reasonable start; moving to a team or path-split later is a one-liner as noted.

Comment thread .github/ISSUE_TEMPLATE/config.yml
@dobby-coder

dobby-coder Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Reviewed! Everything looks good — all rule checks passed (security routing, commit titles, docs standards, repo notes, PR template).

One non-blocking nit: has , which means users can still open blank issues and bypass the security advisory routing. Setting it to would enforce the template/advisory flow properly. Not a blocker for merge though.

Full details in the PR comment.

@rubenhensen rubenhensen merged commit 01bbf76 into main Jul 1, 2026
14 checks passed
@rubenhensen rubenhensen deleted the docs/repo-governance branch July 1, 2026 11:27
@rubenhensen

Copy link
Copy Markdown
Contributor Author

Thanks @dobby-coder — set blank_issues_enabled: false so contributors go through the template chooser (with the private security-advisory contact link) rather than being able to bypass it with a blank public issue. That aligns the config with the PR's stated goal of keeping security reports out of public issues.

@rubenhensen

Copy link
Copy Markdown
Contributor Author

Note: this PR had already merged by the time I applied the blank_issues_enabled: false change, so it's gone out as a small follow-up in #119 rather than here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Repo hygiene: add CODEOWNERS and PR/issue templates

1 participant