diff --git a/.bazelrc b/.bazelrc index 0e626ae3099..1c528288726 100644 --- a/.bazelrc +++ b/.bazelrc @@ -437,6 +437,8 @@ coverage --legacy_external_runfiles common --define codeowners_add_auto_approve_user=True common --define codeowners_have_allowed_unowned_files=True common --define codeowners_allowed_unowned_files_path=.github/ALLOWED_UNOWNED_FILES.yml +common --define codeowners_have_banned_codeowners=True +common --define codeowners_banned_codeowners_file_path=.github/BANNED_CODEOWNERS.txt common --define codeowners_have_default_owner=True common --define codeowners_default_owner=@10gen/mongo-default-approvers diff --git a/.github/BANNED_CODEOWNERS.txt b/.github/BANNED_CODEOWNERS.txt new file mode 100644 index 00000000000..81e285add52 --- /dev/null +++ b/.github/BANNED_CODEOWNERS.txt @@ -0,0 +1,7 @@ +# +# Code owners in this file are not allowed to be assigned to any files in the repo. +# This is a new-line separated list. Lines starting with '#' are comments and ignored. +# + +# Only assign ownership to sub-teams of Storage Execution. +10gen/server-storage-execution diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 0f502df4fa7..2389fbae9da 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1214,7 +1214,7 @@ WORKSPACE.bazel @10gen/devprod-build @svc-auto-approve-bot # The following patterns are parsed from ./jstests/noPassthrough/oplog/OWNERS.yml /jstests/noPassthrough/oplog/**/* @10gen/server-oplog @svc-auto-approve-bot -/jstests/noPassthrough/oplog/**/check_for_oplog_cap_maintainer_thread.js @10gen/server-storage-execution @svc-auto-approve-bot +/jstests/noPassthrough/oplog/**/check_for_oplog_cap_maintainer_thread.js @10gen/server-storage-engine-integration @svc-auto-approve-bot # The following patterns are parsed from ./jstests/noPassthrough/profile/OWNERS.yml /jstests/noPassthrough/profile/**/* @10gen/query-integration-observability @svc-auto-approve-bot @@ -3123,7 +3123,7 @@ WORKSPACE.bazel @10gen/devprod-build @svc-auto-approve-bot /src/third_party/**/gperftools @10gen/server-workload-resilience @svc-auto-approve-bot /src/third_party/**/grpc @10gen/server-networking-and-observability @svc-auto-approve-bot /src/third_party/**/icu4c* @10gen/query-execution @svc-auto-approve-bot -/src/third_party/**/immer @10gen/server-storage-execution @svc-auto-approve-bot +/src/third_party/**/immer @10gen/server-catalog-and-routing @svc-auto-approve-bot /src/third_party/**/IntelRDFPMathLib* @10gen/server-programmability @svc-auto-approve-bot /src/third_party/**/JSON-Schema-Test-Suite @10gen/query-optimization @svc-auto-approve-bot /src/third_party/**/libbson @10gen/server-security @svc-auto-approve-bot @@ -3133,7 +3133,7 @@ WORKSPACE.bazel @10gen/devprod-build @svc-auto-approve-bot /src/third_party/**/libstemmer_c @10gen/query-integration @svc-auto-approve-bot /src/third_party/**/mock_ocsp_responder @10gen/server-security @svc-auto-approve-bot /src/third_party/**/mozjs @10gen/query-integration-features @10gen/server-security @svc-auto-approve-bot -/src/third_party/**/murmurhash3 @10gen/server-storage-execution @svc-auto-approve-bot +/src/third_party/**/murmurhash3 @10gen/server-programmability @svc-auto-approve-bot /src/third_party/**/nlohmann-json @10gen/server-networking-and-observability @svc-auto-approve-bot /src/third_party/**/node @10gen/server-workload-resilience @svc-auto-approve-bot /src/third_party/**/opentelemetry-cpp @10gen/server-networking-and-observability @svc-auto-approve-bot diff --git a/buildscripts/bazel_rules_mongo/codeowners/BUILD.bazel b/buildscripts/bazel_rules_mongo/codeowners/BUILD.bazel index 62586bcde56..6616e037227 100644 --- a/buildscripts/bazel_rules_mongo/codeowners/BUILD.bazel +++ b/buildscripts/bazel_rules_mongo/codeowners/BUILD.bazel @@ -36,6 +36,11 @@ py_binary( "CODEOWNERS_DEFAULT_OWNER": "$(codeowners_default_owner)", }, "//conditions:default": {}, + }) | select({ + ":have_banned_codeowners": { + "BANNED_CODEOWNERS_FILE_PATH": "$(codeowners_banned_codeowners_file_path)", + }, + "//conditions:default": {}, }), main = "codeowners_generate.py", visibility = ["//visibility:public"], @@ -76,3 +81,10 @@ config_setting( "codeowners_have_default_owner": "True", }, ) + +config_setting( + name = "have_banned_codeowners", + define_values = { + "codeowners_have_banned_codeowners": "True", + }, +) diff --git a/buildscripts/bazel_rules_mongo/codeowners/codeowners_generate.py b/buildscripts/bazel_rules_mongo/codeowners/codeowners_generate.py index 082ee27244a..be88710b53c 100644 --- a/buildscripts/bazel_rules_mongo/codeowners/codeowners_generate.py +++ b/buildscripts/bazel_rules_mongo/codeowners/codeowners_generate.py @@ -260,9 +260,64 @@ def post_generation_checks( codeowners_binary_path, expansions_file, branch, codeowners_file_path ) + status |= check_banned_codeowners(codeowners_file_path) return status +def get_banned_codeowners_file_path() -> Optional[str]: + return os.environ.get("BANNED_CODEOWNERS_FILE_PATH", None) + + +# Check that there are no banned codeowners in the codeowners file +def check_banned_codeowners(codeowners_file_path: str) -> int: + banned_codeowners_file_path = get_banned_codeowners_file_path() + if not banned_codeowners_file_path: + return 0 + + if not os.path.isfile(banned_codeowners_file_path): + print(f"{banned_codeowners_file_path} file not found.") + return 1 + + banned_owners: set[str] = set() + with open(banned_codeowners_file_path, "r", encoding="utf8") as file: + for line in file: + line = line.strip() + if not line: + continue + + if line.startswith("@"): + line = line[1:] + + if not line.startswith("#"): + banned_owners.add(line) + + print(f"Banned codeowners loaded: {banned_owners}") + + offending_lines = [] + with open(codeowners_file_path, "r", encoding="utf8") as file: + for i, line in enumerate(file.readlines()): + parts = line.split() + if len(parts) < 2: + continue + owners = parts[1:] + for owner in owners: + if owner.startswith("@"): + owner = owner[1:] + + if owner in banned_owners: + offending_lines.append((i + 1, line.strip(), owner)) + + if not offending_lines: + return 0 + + print("The following lines in the CODEOWNERS file contain banned owners:") + for line_num, line, owner in offending_lines: + print(f" line {line_num}: {line} (banned owner: {owner})") + + print("Please remove the banned owners from the CODEOWNERS file.") + return 1 + + def get_allowed_unowned_files_path() -> Optional[str]: return os.environ.get("ALLOWED_UNOWNED_FILES_PATH", None) diff --git a/docs/owners/banned_codeowners_format.md b/docs/owners/banned_codeowners_format.md new file mode 100644 index 00000000000..d6a826f48b2 --- /dev/null +++ b/docs/owners/banned_codeowners_format.md @@ -0,0 +1,23 @@ +# Code Owners + +## BANNED_CODEOWNERS.txt File Format + +This file enumerates code owners that are not allowed to own code. + +Banned owners should be separated by newlines. Empty lines and lines starting with '#' are ignored. + +### Example file + +``` +# Only assign ownership to sub-teams of Organization Team. +10gen/server-organization-team +``` + +### Configuration + +This can be configured in any repo with `bazel_rules_mongo` by putting the following lines in your `.bazelrc` file: + +``` +common --define codeowners_have_banned_codeowners=True +common --define codeowners_banned_codeowners_file_path=.github/BANNED_CODEOWNERS.txt +``` diff --git a/jstests/noPassthrough/oplog/OWNERS.yml b/jstests/noPassthrough/oplog/OWNERS.yml index 8a3702ac4fb..d18f964d57f 100644 --- a/jstests/noPassthrough/oplog/OWNERS.yml +++ b/jstests/noPassthrough/oplog/OWNERS.yml @@ -5,4 +5,4 @@ filters: - 10gen/server-oplog - "check_for_oplog_cap_maintainer_thread.js": approvers: - - 10gen/server-storage-execution + - 10gen/server-storage-engine-integration diff --git a/src/third_party/OWNERS.yml b/src/third_party/OWNERS.yml index 75a0f4d8653..9ce4e990a6c 100644 --- a/src/third_party/OWNERS.yml +++ b/src/third_party/OWNERS.yml @@ -47,7 +47,7 @@ filters: - 10gen/query-execution - "immer": approvers: - - 10gen/server-storage-execution + - 10gen/server-catalog-and-routing - "IntelRDFPMathLib*": approvers: - 10gen/server-programmability @@ -78,7 +78,7 @@ filters: - 10gen/server-security - "murmurhash3": approvers: - - 10gen/server-storage-execution + - 10gen/server-programmability - "nlohmann-json": approvers: - 10gen/server-networking-and-observability