CODEOWNERS documentation claims that a user needs at least read access, but GitHub's built in linter claims the user needs write access

[ScriptAutomate]

Code of Conduct

• I have read and agree to the GitHub Docs project's Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners

What part(s) of the article would you like to see updated?

The people you choose as code owners must have read permissions for the repository. When the code owner is a team, that team must be visible and it must have write permissions, even if all the individual members of the team already have write permissions directly, through organization membership, or through another team membership.

I read this as:

• Only teams with at least write permissions can be listed
• Individual users can be listed as long as they have at least read permissions

The GitHub linter throws a This CODEOWNERS file contains errors message, for my users with at least read access, and says:

Unknown owner: make sure @octocat exists and has write access to the repository

The problem is:

• The user exists
• The user has Outside Collaborator permissions for at least read
• Other users with triage permissions also get flagged
• The documentation states that read permissions is enough, even though GitHub flags it saying that write permissions are required for users

I can't tell whether the docs are wrong or the GitHub linter is wrong. This is why I'm raising this issue here.

Additional information

Example from PR:

• Fix CODEOWNERS format; Add Outside Collaborators saltstack/salt#62325

Problems:

• @ryan-lane exists
• He has the Read role to the repository
• Docs state that Read, at a minimum (thus also Triage), should be enough for individuals

[cmwilson21]

@ScriptAutomate Thanks so much for opening an issue! I'll triage this for the team to take a look 👀

[lecoursen]

Thanks @ScriptAutomate, by coincidence this was actually just fixed internally and should be published shortly. 🙇🏻

[ScriptAutomate]

Thanks!

For documentation purposes: It looks like the error was in the documentation, which has since been fixed. It does mean that only users with Write access can be used in the CODEOWNERS file.

New docs content:

The people you choose as code owners must have write permissions for the repository. When the code owner is a team, that team must be visible and it must have write permissions, even if all the individual members of the team already have write permissions directly, through organization membership, or through another team membership.

Is there a route I can take for a feature request? With our open source project, we would love to be able to have community members with explicit Read or Triage permissions to be able to be assigned to review PRs (since I thought that is what Triage was for??).

[damon-atkins]

It would be nice to able to have people who can not merge code (write), be apart of the review/notification/approval process for a PR.

[lecoursen]

Is there a route I can take for a feature request?

Yes! You can provide product feedback here. Thanks for helping us improve GitHub! 💖

[ScriptAutomate]

Related feature request has been opened:

• Feature Request: Allow users with Triage and/or Read Permissions to be supported by CODEOWNERS

[damon-atkins]

ScriptAutomate has submitted the request, @lecoursen can you please ensure it has the correct labels. Many thanks.

[lecoursen]

👋🏻 @damon-atkins, the GitHub community discussions are owned by a different team. (We only own this repo and docs.github.com.) 💖 I'm sure the appropriate team will review the post shortly! 😊