Feature Request: Allow users with Triage (and potentially Read) Permissions to be supported by CODEOWNERS #29982
Replies: 5 comments 2 replies
-
Write access gives access to Merge. Their needs to be a way to allow people to be included as part of the review process in CODEOWNERS without giving them write access. PR -> CODEOWNERS Reviewers (with and without Write/Merge Access) -> Approval conditions met -> Merge |
Beta Was this translation helpful? Give feedback.
-
I would like to second this request. Within our organization we have teams of reviewers who are focused on particular sections of the code, and their input is almost required for PRs that touch those areas. However, they do not have write permissions. It would be great if we could set up a "codeowners" like thing that automatically requests a review from these teams and individuals when PRs touching their areas of specialization happen, but that will work with people who have triage or read level access. Thank you! |
Beta Was this translation helpful? Give feedback.
-
This would be a great feature to have. We want to set up everyone who has contributed to a translation of our docs as a codeowner of that language so they can get pinged for reviews on future changes to this language. However we don't necessarily want everyone who has ever made a docs contribution to have write access and access to repo secrets. |
Beta Was this translation helpful? Give feedback.
-
This would help a lot with the increase adoption of GitOps and platform self servicing, many organisation would benefit from having reviewers without write access. Worth pointing out that having write access also means being able to modify and run GHA workflows off a branch. |
Beta Was this translation helpful? Give feedback.
-
REgarding the option for reviewing prs I understand that allowing users who don't have write permissions would conflict with some GitHub setups that have automation, if the automation allows a pr to be merged when:
This would effectively cause users configured with Triage or Read to acquire Write permissions on demand to put content in the default branch. Which I found unexpected for the users with Triage or Read . |
Beta Was this translation helpful? Give feedback.
-
I work with projects where we have community members added to certain repositories, as Outside Collaborators, with Triage and Read permissions so that they can help with PR reviews and Issue triage.
CODEOWNERS
only supports users with Write permissions to a repository:Initially, we thought it was a GitHub bug, since it made sense that Read/Triage users would be supported for reviewing PRs. It turns out the documentation had an error (it originally said, "The people you choose as code owners must have read permissions for the repository." and has since been corrected to state write permissions).
Supporting users with Read and Triage permissions would be incredibly ideal, and would open the door to better repository management practices that lean toward least privilege when possible.
Triage seems to be made explicitly for this purpose.
For more information on what repository role permissions mean (Read,Triage,Write,Maintain,Admin):
Beta Was this translation helpful? Give feedback.
All reactions