workflows/check: don't check github api for owners file
This removes the "owners" check from codeowners-validator. With it, all tokens and permissions can be removed, because these were only needed to make these requests. This solves the problem of codeowners-validator not supporting our new nested team structure for nixpkgs-maintainers. To make the onboarding of new teams easier, we moved all teams "under" the nixpkgs-maintainers team. This makes them inherit the right privileges (triage) for Nixpkgs. However, this inheritance is not recognized by codeowners-validator, thus it assumes that these teams don't have access to Nixpkgs. This then fails the owners check immediately. Removing the owners check also has a few other advantages: - This check depends on external state: If a user is renamed or a team removed, the check will fail. This makes it a bad check for required status checks or merge queues - the check might fail randomly, independent of the current PR. - Running this check in a fork will never work, because the respective users and teams don't have access to the fork's repo. Both of this required us to set `continue-on-error: true` most of the time.
This commit is contained in:
Wolfgang Walther
@@ -221,7 +221,6 @@ module.exports = async ({ github, context, core, dry }) => {
|
||||
|
||||
const touched = []
|
||||
if (files.includes('ci/pinned.json')) touched.push('pinned')
|
||||
if (files.includes('ci/OWNERS')) touched.push('owners')
|
||||
core.setOutput('touched', touched)
|
||||
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user