diff options
| -rw-r--r-- | .github/CODEOWNERS | 26 | ||||
| -rw-r--r-- | .github/workflows/android-app.yml | 1 | ||||
| -rw-r--r-- | .github/workflows/daemon.yml | 1 | ||||
| -rw-r--r-- | .github/workflows/verify-locked-down-signatures.yml | 1 |
4 files changed, 29 insertions, 0 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000000..ecd64eb8e4 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,26 @@ +# Defining who has to review changes to what files. +# Try to keep the entries sorted alphabetically, so they end up in the same order as +# they would if you listed the entire repository as a tree. + +# Container images used for building the app are owned by respective team leads and tech lead +/building/android-container-image.txt @faern @albin-mullvad +/building/linux-container-image.txt @faern @raksooo + +# Developer signing keys must be approved by team/tech leads +/ci/keys/ @faern @raksooo @pinkisemils @albin-mullvad + +# Desktop build server files owned by desktop leads +/ci/buildserver* @faern @raksooo +/ci/linux-repository-builder/ @faern @raksooo + +# Cargo deny config must be approved by tech lead or desktop team lead +**/deny.toml @faern @raksooo + +# Changes to what CVEs are ignored must be approved by leads +**/osv-scanner.toml @faern @raksooo @pinkisemils @albin-mullvad +/.github/workflows/osv-scanner*.yml @faern @raksooo @pinkisemils @albin-mullvad + +# The CODEOWNERS itself must be protected from unauthorized changes, +# otherwise the protection becomes quite moot. +# Keep this entry last, so it is sure to override any existing previous wildcard match +/.github/CODEOWNERS @faern @raksooo @pinkisemils @albin-mullvad diff --git a/.github/workflows/android-app.yml b/.github/workflows/android-app.yml index bb930fc886..48a8079369 100644 --- a/.github/workflows/android-app.yml +++ b/.github/workflows/android-app.yml @@ -6,6 +6,7 @@ on: - '**' - '!.github/workflows/**' - '.github/workflows/android-app.yml' + - '!.github/CODEOWNERS' - '!audits/**' - '!ci/**' - '!dist-assets/**' diff --git a/.github/workflows/daemon.yml b/.github/workflows/daemon.yml index 12cdef8d9c..723d32c487 100644 --- a/.github/workflows/daemon.yml +++ b/.github/workflows/daemon.yml @@ -7,6 +7,7 @@ on: - '!**/**.md' - '!.github/workflows/**' - '.github/workflows/daemon.yml' + - '!.github/CODEOWNERS' - '!android/**' - '!audits/**' - '!build-apk.sh' diff --git a/.github/workflows/verify-locked-down-signatures.yml b/.github/workflows/verify-locked-down-signatures.yml index 118e44914a..362a57d91e 100644 --- a/.github/workflows/verify-locked-down-signatures.yml +++ b/.github/workflows/verify-locked-down-signatures.yml @@ -4,6 +4,7 @@ on: pull_request: paths: - .github/workflows/verify-locked-down-signatures.yml + - .github/CODEOWNERS - Cargo.toml - test/Cargo.toml - Cargo.lock |