fix(codeowners): add explicit catch-all comment per codeowners-standard#214
Conversation
The `*` catch-all pattern was already present but lacked the standard-recommended section comment. This makes the intent clear and satisfies the codeowners-no-catchall compliance check. Closes #209 Co-authored-by: Don Petry <don-petry@users.noreply.github.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR adds a default catch-all comment section to ChangesCODEOWNERS Default Catch-All
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Possibly related issues
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
CI is running (ShellCheck ✅, Agent Security Scan ✅). @petry-projects/org-leads — this PR adds a section comment above the existing |
There was a problem hiding this comment.
Pull request overview
Adds an explanatory comment above the existing catch-all * rule in .github/CODEOWNERS to make the default ownership intent explicit and closer to the documented CODEOWNERS standard guidance.
Changes:
- Add a “Default catch-all” comment above the
* @petry-projects/org-leadsrule in.github/CODEOWNERS.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: a191bfcfa6fc014ce4d88ea3ba70860a890233d4
Review mode: triage-approved (single reviewer)
Summary
Single-line CI workflow change pinning petry-projects/.github/.github/workflows/agent-shield-reusable.yml from the mutable @v1 tag to the exact commit SHA 0cb4bba11d7563bf197ad805f12fb8639e4879e4, with the # v1 human-readable comment retained and the with: required-files: AGENTS.md input preserved. Verified via gh api repos/petry-projects/.github/git/refs/tags/v1 that the pinned SHA matches the actual commit currently behind the v1 tag. Conforms to the org action-pinning policy and follows the same pattern as the recently merged #127 (auto-rebase-reusable.yml SHA pin).
Linked issue analysis
Closes #114 — a compliance-audit finding for unpinned-actions-agent-shield.yml flagging that agent-shield.yml had 1 action not pinned to SHA. The PR addresses exactly that line; no other unpinned references remain in this workflow.
Findings
No issues found.
- SHA pin verified against upstream tag
v1(matches0cb4bba11d7563bf197ad805f12fb8639e4879e4). - Repo-specific
with:inputs preserved unchanged. - No secrets, permissions, or trigger surface modified.
- Pre-existing missing trailing newline on the file is unchanged by this PR; out of scope.
CI status
All required checks green: AgentShield, Claude Code, CodeQL (Analyze actions), Dependency audit (ecosystem detect), SonarCloud / SonarCloud Code Analysis (Quality Gate passed, 0 new issues), CodeRabbit. Dependabot auto-merge and ecosystem-specific audit jobs correctly skipped (no matching ecosystems / not a Dependabot PR). CodeRabbit posted a rate-limit notice but its status check reports SUCCESS; gemini-code-assist skipped due to unsupported file type. Mergeable: yes; merge state BLOCKED only on the required human review.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: 38b2105ac989ed19a09b86a585608181a7fdfb1a
Review mode: triage-approved (single reviewer)
Summary
One-line, comment-only change to .github/CODEOWNERS: adds # Default catch-all — org-leads own everything immediately above the existing * @petry-projects/org-leads rule. The catch-all rule itself was added previously in #150 (merged 2026-05-07); this PR only formalizes the section comment to match the example in standards/codeowners-standard.md. Ownership semantics are unchanged.
Linked issue analysis
Closes #209 — a codeowners-no-catchall compliance finding. The functional remediation (presence of a * rule that the audit detects via grep -qxF '*') was already in place from #150; this PR adds the standard-recommended explanatory comment and lets the author formally close the audit ticket. Scope is appropriate — no out-of-scope edits.
Findings
No issues found.
- Diff is a single added comment line; no rule changes, no ownership reassignment.
- No secrets, permissions, CI workflows, or trigger surface touched.
- Comment text matches the wording style used in
standards/codeowners-standard.md. - Pure docs change — no security, correctness, or maintainability concerns.
CI status
All required checks green: CodeQL (Analyze actions) SUCCESS, CodeQL SUCCESS, CodeRabbit SUCCESS. SonarCloud quality gate passed (0 new issues, 0 security hotspots). CodeRabbit posted an APPROVED review on this exact SHA. Mergeable: yes; merge state BLOCKED only on the required human/codeowner review.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
donpetry-bot
dismissed
their stale review
Superseded by automated re-review at 38b2105.
donpetry-bot
left a comment
donpetry-bot
left a comment
There was a problem hiding this comment.
Automated review — APPROVED ✓
Risk: LOW
Reviewed commit: c124a8de896763cb2825539b9fc30488c7b91153
Review mode: triage-approved (single reviewer)
Summary
Confirming the triage tier's low-risk assessment. The change adds a single explanatory comment line (# Default catch-all — org-leads own everything) above the pre-existing * @petry-projects/org-leads catch-all in .github/CODEOWNERS. Diff is +1/-0 in one file, comment-only, with no functional change to ownership rules — the catch-all itself was added in #150 and is already in effect.
Linked issue analysis
Closes #209 (Compliance: codeowners-no-catchall, severity: warning). The compliance finding requires CODEOWNERS to have a default * catch-all pattern so require_code_owner_review applies to all paths. The * pattern is present on the final line of the file at the reviewed SHA, so the codeowners-no-catchall audit check (which greps for *) will pass. The added comment aligns the file with the example shown in standards/codeowners-standard.md and makes the catch-all's intent explicit. The PR substantively closes the issue.
Findings
- INFO: Change is purely documentation — a single comment line above an existing rule. No security, correctness, or maintainability concerns. (
.github/CODEOWNERS:10) - INFO: The
*catch-all rule on line 11 ensures ownership applies to every path, which is the exact remediation requested by issue #209. Comment text matches the standard's example.
CI status
All required checks green: Lint ✓, ShellCheck ✓, CodeQL ✓, SonarCloud Quality Gate ✓, AgentShield ✓, Agent Security Scan ✓, gitleaks secret scan ✓, claude-code ✓. CodeRabbit prior review: APPROVED with no actionable comments. mergeStateStatus shows BLOCKED only because reviewDecision is empty pending an approving review — this automated approval resolves that.
Reviewed automatically by the PR-review agent (single-reviewer mode: opus 4.7). Reply if you need a human review.
donpetry-bot
dismissed
their stale review
Superseded by automated re-review at c124a8d.
Automated review — human attention neededThis PR has been through 3 automated review cycles (cap: 3) without converging on an approval-and-merge state. Further automated review has been paused to avoid infinite loops. Please take a look manually, or close this PR if it's no longer needed. Once a human review resolves the situation, remove the Posted by the donpetry-bot PR-review cascade. |
|
Summary
*catch-all pattern (* @petry-projects/org-leads) was already present in.github/CODEOWNERS(added in chore(deps): Bump anthropics/claude-code-action from 1.0.97 to 1.0.115 #150, merged 2026-05-07)# Default catch-all — org-leads own everythingcomment above the pattern to make intent explicit and align with the example instandards/codeowners-standard.mdcodeowners-no-catchallcompliance check and formally closes the issueTest plan
codeowners-no-catchallcheck: the*pattern is present and will be detected bygrep -qxF '*'in the audit scriptCloses #209
Generated with Claude Code
Summary by CodeRabbit
Note: This release contains no user-facing changes.