-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider CODEOWNERS to improve maintainer workload #12977
Comments
https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax |
So they must have a GitHub account and also commit rights. I'll test if a folder is still blocked even if the email address is not linked to an account. |
The initial file could be created via the following command:
Here is the current output: |
You need a / at the start of the path |
Thanks, I updated the previous comment. The codeowners file work with multiple users/email addresses, however as the maintainer variable partly contains linebreaks I skipped the hassle to get this figured out. Instead the file could be updated over time as it also support GitHub/GitLab user names instead of mail address. |
I prefer to keep email, even if I like GitHub the is the tool of the year, that might be replaced or not, email is the real handle/username ;) |
I just "unwatched" my own fork and added the CODEOWNERS file. Please create a PR affecting Prometheus. It correctly detects the file as "owned" by me: |
A quick game of pingpong with @champtar worked as expected. As another point, we can set that only admins can push to stable branches. If a maintainer with commit rights screws thins up badly on the development branch, we can just drop their commit rights. On a meta level, my intention here is to make the merge of the routing repository easier. |
Reality check. Note that many/most of the maintainers do not have commit rights. Preventing commits to stable branches from the current committers who merge PRs would pretty much stop backporting activity, I think, as there aren't that many actual owners/admins among those who actively merge PRs. Most of us (including me) have only commit rights. |
Not sure either we want to make commit rights too tight, maybe just make PR mandatory so CI run, but let people merge anyway. The biggest feature from CODEOWNERS is selective notification, everything else is optional for me |
Yes, but I would suggest to give the maintainers from routing.git commit access to packages.git to allow a migration. As we set all those codeowners, they could not interfere with packages they don't own.
I think the "long term trusted" committers can use their own group like "meta-maintainer which is then added to codeowners like "* @meta-maintainer". So they get a notification whenever someone tries to add a new file. This essentially prevents anyone with commit rights to do anything bad except to their own packages. For backporting the CODEOWNERS file could be set to "* @meta-maintainers" to allow only meta maintainers to handle things.
Fine with me
And that sadly only works if the person has commit rights. |
Code owners are helpful, but not if there is a growing lack of package maintainers (talking about #6584) and mostly about this issue #7125 (see those mentions as well). In the past, the most active merger was @hnyman kudos for him and these days is @neheb. Sometimes there are others including me. It was tough to receive commit access. I'd say that this does not get to the bottom of this issue as it is. Are you want to give commit access to everyone? No, you don't want to do that. Pull requests should be reviewed, compile, and run tested. Most of it is just compile tested by CI or locally, which is not good as you need to know if it works on the router as well. Who is reviewing those pull requests? @neheb. For Python packages there are two maintainers @jefferyto and @commodo , praise them as well! However, there are some pull requests stalled (e.g #12896) and sometimes people lost interest in their packages. Looking at https://github.com/openwrt/packages/graphs/contributors these days are not many active people and you (as part of OpenWrt even though without commit access) you should motivate your community. ;-) Oh and I am not talking about old versions of packages (unmaintained, etc.). All of this is connected to improve maintainer workload. How many people is using internal group for https://github.com/orgs/openwrt/teams/package-maintainers/discussions/ ? There was discussion for libjpeg-turbo and just three people (@neheb, @diizzyy and me) said something about that. Currently, this just adds overhead. |
I'm happy to improve the situation for maintainers as I highly honour their work. I'll create some PRs for a CI building packages in multiple architectures and we could also test compiled packages in a x86 docker containers. I don't thing we can implement a full runtime testing environment but trivial tests like My motivation is to merge openwrt-routing into packages, something the maintainers disliked because there is to much noise on packages.git. Adding their packages here and to CODEOWNERS allows them to keep track without being flooded with notifications. Granting more people commit access later on because they could only break their own packages is another thing to discuss in some future. The overhead is marginal, whenever a new package is added a single line is added to CODEOWNERS. |
@aparcar that codeowners file from PR #12982 is not handling co-maintainers well; |
I chose the easiest way to create the file, we could also do some make magic but then again we can just update the codeowners whenever a package is updated |
I agree with @BKPepe and @hnyman Regarding workload we still don't have any common guidelines which makes work tedius, sends mixed signals and maintaining tedius as a lot gets committed with additional patches without any upstream support etc. That said, I don't think it's ever going to change unless we create a new repo and really enforce such practices. What I also think might be a barrier is the amount of platforms we're trying to more or less enforce maintainers to maintain, there's no tier system and I can fully unstand if you don't want to support a platform you don't own and/or care about. In short, this is a no go solution given the current setup which needs to be resolved first and discussed if that's the way we want to proceed. |
Some thoughts I have after reading the comments so far:
I have a different suggestion: set up a bot that watches for new PRs and mentions/assigns them to the package maintainer(s). Ideally it can look at the files changed, find the maintainers in the package Makefiles and translate their names/email addresses into GitHub usernames, but if this is too complex I think we can settle for a simpler solution like looking up a centralized, CODEOWNERS-type file. (This is probably specific to my use-case, but a nice-to-have feature would be if individual contributors can add keywords they are interested in and the bot can mention them when it see those keywords. I subscribe to all notifications just so I see mentions of Python or the other packages I maintain, even if I am not mentioned specifically.) Yes, there are downsides:
But:
If there are better, more helpful and realistic suggestions, let's hear them. (Side note: Sometimes I feel like this repo is missing effective leadership / an effective decision-making process. It's natural that we all have our opinions but we're not arriving at concrete goals or actions. Perhaps there are more productive conversations in the package-maintainers discussion area, but that is only open to team members and so I am not privy to these discussions.) |
A custom bot would be possible but adds additional complexity I'd like to avoid. Maybe there is a misunderstanding on how the codeowner file works: It neither gives anyone automatically commit access nor does it not work if people within the file don't have commit access, those commit-less people just won't get any notifications. For my focus on merging For those special groups concerning Python, Go, Rust, Perl or even routing, admin etc we can just add GitHub groups like @openwrt/python-maintainers and extend the codeowner file like this:
|
I am aware of this.
By "maintainers" are you referring to users with commit access to routing.git or routing package maintainers (who do not have commit access to routing.git)?
The About code owners page talks about pull requests only. It doesn't prevent users listed in CODEOWNERS from pushing directly to the repo. If you intend to combine code owners with protected branches / branch restrictions, perhaps you can describe how those settings can be configured to limit pushed changes to those paths listed in CODEOWNERS. |
I am against "special groups" that will receive commit access - I think all package maintainers should be treated equally. I know some package maintainers have commit access but that is because they are also core OpenWrt project members. |
I thought the maintainers and committers are pretty much the same. I might remember that wrong.
I do, from my understanding one could add a
I don't share that opinion as that results in the awkward situation OpenWrt has right now: Having new members with a voice in votes must have commit access to git.openwrt.org. This rule is even object to changed based on a recent online meeting. Having this binary approach of no or full access makes it much harder to accept new committers. |
There are perhaps maybe 30 committers, but over hundred maintainers. I haven't really checked/calculated that. (It might be several hundreds, as there are lots of "1-2 packages" maintainers.) |
Sorry if that was unclear, I was talking about the routing repository, where I count about 30 packages. |
How does this stop someone from pushing directly to the repo, bypassing pull requests? Please elaborate on the protected branch settings required.
I'm not referring to who has decision making power (e.g. setting project rules and policies) in the repo (there does not seem to be an organized decision making process here, at least in the main repo there are rules around calling for votes). I'm only talking about commit access. Commit access is a privilege; it infers a level of trust and responsibility. I'm not against only core project members having it, or if some package maintainers have it and some do not, but I would like to see some clear (ideally merit-based) rules around who gets to have commit access and who doesn't. |
Setting the
Not sure what's the best way to implement this as it's a community management decision. I'd put the most active maintainers in the @meta-maintainers group allowing them to decide on new packages and e.g. the README. People working on the Makefile-magic around Golang or Python should get members of @python-maintainers etc. People maintaining a package and doing n qualified PRs to keep it updated should get their initial commit access. People adding a package for the first time should team up with a co-maintainer which already has commit access to guide the newbie until they get commit access themself. This is just a spontaneous idea. Maybe the whole thing is irrelevant, |
@openwrt/package-maintainers Lately I got requests to grant people commit access so they can maintain their own packages. I'm hesitating as I can't check every commit of those people and even if the "track record" is fine, this doesn't seem feasible as the project continues to grow. I'd like to bump again the idea of admins that have control to add committers. Whenever a committer is added, a new line to |
Based on a [previous discussion] about merging the
openwrt-routing
feed into this repository, I want to suggest a new workflow possibly in favour of everyone.The main concern of
routing
maintainer seem to be the overwhelming number of notifications from thepackages
repository. That's true as multiple hundreds of packages are maintained while therouting
repository only contains a few dozens.To improve that I'd like to consider the usage of a
CODEOWNERS
file. It contains patch within a repository and links them to individuals or teams. This concept exists both for GitHub and GitLab (in case OpenWrt ever considers moving fully to a self hosted GitLab instance).The file contains lines like the following, marking me as a maintainer:
Whenever someone tries to change a file in my maintained package, I'll get a notification. To make thins more secure, it is possible to lock down the merging of pull requests so that it requires a approval from the code-owner to merge anything.
The
CODEOWNERS
file is only editable by admins and repository owners.Using a
CODEOWNERS
file essentially allows to give more people commit access topackages.git
, as they can only modify their maintained packages.Additionally it is possible to set the number of required review to two, meaning even a codeowner can't upgrade their owned packages and only are able to merge if a second, likely admin reviewer approves the changes.
It's possible to create a
CODEOWNERS
file based on thePKG_MAINTAINER
.The text was updated successfully, but these errors were encountered: