Skip to content

Add Code Ownership Rules for Package Management and Build Infrastructure #1022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 30, 2025
Merged

Add Code Ownership Rules for Package Management and Build Infrastructure #1022

merged 3 commits into from
Nov 30, 2025

Conversation

@kanushka
Copy link
Contributor

@kanushka kanushka commented Nov 30, 2025
edited by coderabbitai bot
Loading

Summary

This PR adds code ownership rules to protect critical package management files, build infrastructure, and CI/CD workflows from unauthorized changes, enhancing security and preventing supply chain vulnerabilities like the Shai-Hulud worm.

Changes

Protected Files & Directories

  • /.github/ - GitHub workflows, actions, and configuration files
  • package.json - All package.json files across the monorepo
  • package-lock.json - NPM lock files
  • pnpm-lock.yaml - PNPM lock files
  • pnpm-workspace.yaml - PNPM workspace configuration
  • rush.json - Rush configuration
  • /common/ - Build scripts, config, and shared utilities

Code Owners

@hevayo @gigara @kanushka are now required reviewers for all changes to the above files and directories.

Security Impact

🛡️ Protection Against Supply Chain Attacks

  • Prevents unauthorized dependency additions or modifications
  • Ensures security review for build configuration changes
  • Protects critical infrastructure files from accidental or malicious changes
  • Adds accountability for package management decisions
  • Secures CI/CD pipeline from unauthorized workflow modifications

Summary by CodeRabbit

  • Chores
    • Expanded code ownership coverage across additional repository areas and workspaces.
    • Added several new ownership blocks to clarify review responsibilities.
    • Replaced the previous single-line entry with a broader wildcard ownership pattern.

✏️ Tip: You can customize this high-level summary in your review settings.

@kanushka
chore: add code ownership rules for package management files
9f16475 
- Add @hevayo @gigara @kanushka as owners for package.json, lock files, and rush configuration
- Add ownership for /common/ directory to protect build and dependency infrastructure
- Ensure all dependency and build configuration changes require security review
@kanushka
chore: add code ownership for .github directory
c72882e 
- Protect GitHub workflows, actions, and configuration files
- Ensure security review for CI/CD pipeline changes
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Nov 30, 2025
edited
Loading

Walkthrough

Updated the repository CODEOWNERS to add and expand ownership entries for repository configuration files, monorepo locks/configs, common libraries, and multiple workspace-specific directories (including ballerina, choreo, and wso2-platform).

Changes

Cohort / File(s) Summary
CODEOWNERS configuration
/.github/CODEOWNERS		 Replaced the previous single-line entry with multiple ownership entries covering .github/, package manager lock files (package.json, package-lock.json, pnpm-lock.yaml, pnpm-workspace.yaml), monorepo config (rush.json), top-level common/, workspace common libs (/workspaces/common-libs/), /workspaces/mi/, specific workspace packages (/workspaces/ballerina/ballerina-rpc-client, /workspaces/choreo/, /workspaces/wso2-platform/), and a specific interface file (.../ballerina-core/src/interfaces/extended-lang-client.ts).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

  • Review focus: verify path patterns and owner usernames/teams for correctness and absence of unintended overlaps.

Poem

🐇 I hopped through lines of owners new,
I nudged the paths and stamped my view,
From locks to libs and workspace light,
Each folder found a keeper bright,
A rabbit cheers the CODEOWNERS crew!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The pull request title accurately and clearly summarizes the main change: adding code ownership rules for package management and build infrastructure files.
Description check ✅ Passed The pull request description provides clear context on purpose, changes, and security impact, though it does not follow the detailed repository template structure.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c72882e and f702811.

📒 Files selected for processing (1)
  • .github/CODEOWNERS (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/CODEOWNERS

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@kanushka kanushka merged commit 0248276 into wso2:main Nov 30, 2025
6 checks passed
@kanushka kanushka deleted the task-3 branch November 30, 2025 15:55
@kanushka kanushka mentioned this pull request Dec 1, 2025
Closed
28 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gigara gigara gigara approved these changes

@hevayo hevayo Awaiting requested review from hevayo hevayo is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kanushka @gigara