{"id":13530006,"url":"https://github.com/mszostok/codeowners-validator","last_synced_at":"2025-04-13T04:59:44.320Z","repository":{"id":37952997,"uuid":"167810789","full_name":"mszostok/codeowners-validator","owner":"mszostok","description":"The GitHub CODEOWNERS file validator","archived":false,"fork":false,"pushed_at":"2024-05-01T03:04:16.000Z","size":3689,"stargazers_count":228,"open_issues_count":54,"forks_count":50,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-11T10:01:36.316Z","etag":null,"topics":["checker","codeowners","codeowners-validator","github","github-action","github-api","github-codeowners","go","golang","hacktoberfest","validator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mszostok.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-27T13:17:18.000Z","updated_at":"2025-03-23T18:31:20.000Z","dependencies_parsed_at":"2024-05-01T04:24:27.855Z","dependency_job_id":null,"html_url":"https://github.com/mszostok/codeowners-validator","commit_stats":{"total_commits":119,"total_committers":19,"mean_commits":"6.2631578947368425","dds":"0.15966386554621848","last_synced_commit":"84b4fa2742240c05af8c81185e91947d90222106"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mszostok%2Fcodeowners-validator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mszostok%2Fcodeowners-validator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mszostok%2Fcodeowners-validator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mszostok%2Fcodeowners-validator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mszostok","download_url":"https://codeload.github.com/mszostok/codeowners-validator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248546024,"owners_count":21122246,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checker","codeowners","codeowners-validator","github","github-action","github-api","github-codeowners","go","golang","hacktoberfest","validator"],"created_at":"2024-08-01T07:00:42.070Z","updated_at":"2025-04-13T04:59:44.296Z","avatar_url":"https://github.com/mszostok.png","language":"Go","readme":"\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cp align=\"center\"\u003e\n \u003cimg alt=\"logo\" src=\"./docs/assets/logo.png\" width=\"320px\"/\u003e\n \u003cp align=\"center\"\u003eEnsures the correctness of your CODEOWNERS file.\u003c/p\u003e\n\u003c/p\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e\n\u003cbr/\u003e\n\n## Codeowners Validator\n\u003ca href=\"/LICENSE\"\u003e\u003cimg alt=\"Software License\" src=\"https://img.shields.io/badge/license-Apache-brightgreen.svg?style=flat-square\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://goreportcard.com/report/github.com/mszostok/codeowners-validator\"\u003e\u003cimg alt=\"Go Report Card\" src=\"https://goreportcard.com/badge/github.com/mszostok/codeowners-validator?style=flat-square\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/m_szostok\"\u003e\u003cimg alt=\"Twitter Follow\" src=\"https://img.shields.io/twitter/follow/m_szostok?color=a\u0026label=Follow%20%40m_szostok%20for%20updates\u0026style=social\"\u003e\u003c/a\u003e\n\nThe Codeowners Validator project validates the GitHub [CODEOWNERS](https://help.github.com/articles/about-code-owners/) file based on [specified checks](#checks). It supports public and private GitHub repositories and also GitHub Enterprise installations.\n\n![usage](./docs/assets/usage.svg)\n\n## Usage\n\n#### Docker\n\n```bash\nexport GH_TOKEN=\u003cyour_token\u003e\ndocker run --rm -v $(pwd):/repo -w /repo \\\n -e REPOSITORY_PATH=\".\" \\\n -e GITHUB_ACCESS_TOKEN=\"$GH_TOKEN\" \\\n -e EXPERIMENTAL_CHECKS=\"notowned\" \\\n -e OWNER_CHECKER_REPOSITORY=\"org-name/rep-name\" \\\n mszostok/codeowners-validator:v0.7.4\n```\n\n#### Command line\n\n```bash\nexport GH_TOKEN=\u003cyour_token\u003e\nenv REPOSITORY_PATH=\".\" \\\n GITHUB_ACCESS_TOKEN=\"$GH_TOKEN\" \\\n EXPERIMENTAL_CHECKS=\"notowned\" \\\n OWNER_CHECKER_REPOSITORY=\"org-name/rep-name\" \\\n codeowners-validator\n```\n\n#### GitHub Action\n\n```yaml\n- uses: mszostok/codeowners-validator@v0.7.4\n with:\n checks: \"files,owners,duppatterns,syntax\"\n experimental_checks: \"notowned,avoid-shadowing\"\n # GitHub access token is required only if the `owners` check is enabled\n github_access_token: \"${{ secrets.OWNERS_VALIDATOR_GITHUB_SECRET }}\"\n```\n\nCheck [this](./docs/gh-action.md) document for more information about GitHub Action.\n\n----\n\nCheck the [Configuration](#configuration) section for more info on how to enable and configure given checks.\n\n## Installation\n\nIt's highly recommended to install a fixed version of `codeowners-validator`. Releases are available on the [releases page](https://github.com/mszostok/codeowners-validator/releases).\n\n### macOS \u0026 Linux\n\n`codeowners-validator` is available via [Homebrew](https://brew.sh/index_pl).\n\n#### Homebrew\n\n| Install | Upgrade |\n|--------------------------------------------------|--------------------------------------------------|\n| `brew install mszostok/tap/codeowners-validator` | `brew upgrade mszostok/tap/codeowners-validator` |\n\n#### Install script\n\n```bash\n# binary installed into ./bin/\ncurl -sfL https://raw.githubusercontent.com/mszostok/codeowners-validator/main/install.sh | sh -s v0.7.4\n\n# binary installed into $(go env GOPATH)/bin/codeowners-validator\ncurl -sfL https://raw.githubusercontent.com/mszostok/codeowners-validator/main/install.sh | sh -s -- -b $(go env GOPATH)/bin v0.7.4\n\n# In alpine linux (as it does not come with curl by default)\nwget -O - -q https://raw.githubusercontent.com/mszostok/codeowners-validator/main/install.sh | sh -s v0.7.4\n\n# Print version. Add `--oshort` to print just the version number.\ncodeowners-validator version\n```\n\nYou can also download [latest version](https://github.com/mszostok/codeowners-validator/releases/latest) from release page manually.\n\n#### From Sources\n\n\u003c!--- You can install `codeowners-validator` with `go install go.szostok.io/codeowners-validator@v0.7.5`. ---\u003e\nYou can install `codeowners-validator` with `go install github.com/mszostok/codeowners-validator@v0.7.4`.\n\n\u003e NOTE: please use Go 1.16 or greater.\n\nThis will put `codeowners-validator` in `$(go env GOPATH)/bin`.\n\n## Checks\n\nThe following checks are enabled by default:\n\n| Name | Description |\n|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| duppatterns | **[Duplicated Pattern Checker]** \u003cbr /\u003e\u003cbr /\u003e Reports if CODEOWNERS file contain duplicated lines with the same file pattern. |\n| files | **[File Exist Checker]** \u003cbr /\u003e\u003cbr /\u003e Reports if CODEOWNERS file contain lines with the file pattern that do not exist in a given repository. |\n| owners | **[Valid Owner Checker]** \u003cbr /\u003e\u003cbr /\u003e Reports if CODEOWNERS file contain invalid owners definition. Allowed owner syntax: `@username`, `@org/team-name` or `user@example.com` \u003cbr /\u003e _source: https://help.github.com/articles/about-code-owners/#codeowners-syntax_. \u003cbr /\u003e \u003cbr /\u003e **Checks:** \u003cbr /\u003e \u0026#x09; \u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;1. Check if the owner's definition is valid (is either a GitHub user name, an organization team name or an email address). \u003cbr /\u003e\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;2. Check if a GitHub owner has a GitHub account \u003cbr /\u003e\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;3. Check if a GitHub owner is in a given organization \u003cbr /\u003e \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;4. Check if an organization team exists |\n| syntax | **[Valid Syntax Checker]** \u003cbr /\u003e\u003cbr /\u003e Reports if CODEOWNERS file contain invalid syntax definition. It is imported as: \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\"If any line in your CODEOWNERS file contains invalid syntax, the file will not be detected\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;and will not be used to request reviews. Invalid syntax includes inline comments \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;and user or team names that do not exist on GitHub.\" \u003cbr /\u003e \u003cbr /\u003e _source: https://help.github.com/articles/about-code-owners/#codeowners-syntax_. |\n\nThe experimental checks are disabled by default:\n\n| Name | Description |\n|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| notowned | **[Not Owned File Checker]** \u003cbr /\u003e\u003cbr /\u003e Reports if a given repository contain files that do not have specified owners in CODEOWNERS file. |\n| avoid-shadowing | **[Avoid Shadowing Checker]** \u003cbr /\u003e\u003cbr /\u003e Reports if entries go from least specific to most specific. Otherwise, earlier entries are completely ignored. \u003cbr /\u003e\u003cbr /\u003eFor example:\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; `# First entry`\u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; `/build/logs/ @octocat` \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; `# Shadows` \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; `* @s1` \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; `/b*/logs @s5` \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; `# OK` \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; `/b*/other @o1` \u003cbr /\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp; `/script/*\t @o2` |\n\nTo enable experimental check set `EXPERIMENTAL_CHECKS=notowned` environment variable.\n\nCheck the [Configuration](#configuration) section for more info on how to enable and configure given checks.\n\n## Configuration\n\nUse the following environment variables to configure the application:\n\n| Name | Default | Description |\n|-----------------------------------------------|:------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| \u003ctt\u003eREPOSITORY_PATH\u003c/tt\u003e \u003cb\u003e*\u003c/b\u003e | | Path to your repository on your local machine. |\n| \u003ctt\u003eGITHUB_ACCESS_TOKEN\u003c/tt\u003e | | GitHub access token. Instruction for creating a token can be found [here](./docs/gh-auth.md). If not provided, the owners validating functionality may not work properly. For example, you may reach the API calls quota or, if you are setting GitHub Enterprise base URL, an unauthorized error may occur. |\n| \u003ctt\u003eGITHUB_BASE_URL\u003c/tt\u003e | `https://api.github.com/` | GitHub base URL for API requests. Defaults to the public GitHub API but can be set to a domain endpoint to use with GitHub Enterprise. |\n| \u003ctt\u003eGITHUB_UPLOAD_URL\u003c/tt\u003e | `https://uploads.github.com/` | GitHub upload URL for uploading files. \u003cbr\u003e \u003cbr\u003eIt is taken into account only when `GITHUB_BASE_URL` is also set. If only `GITHUB_BASE_URL` is provided, this parameter defaults to the `GITHUB_BASE_URL` value. |\n| \u003ctt\u003eGITHUB_APP_ID\u003c/tt\u003e | | Github App ID for authentication. This replaces the `GITHUB_ACCESS_TOKEN`. Instruction for creating a Github App can be found [here](./docs/gh-auth.md) |\n| \u003ctt\u003eGITHUB_APP_INSTALLATION_ID\u003c/tt\u003e | | Github App Installation ID. Required when `GITHUB_APP_ID` is set. |\n| \u003ctt\u003eGITHUB_APP_PRIVATE_KEY\u003c/tt\u003e | | Github App private key in PEM format. Required when `GITHUB_APP_ID` is set. |\n| \u003ctt\u003eCHECKS\u003c/tt\u003e | | List of checks to be executed. By default, all checks are executed. Possible values: `files`,`owners`,`duppatterns`,`syntax`. |\n| \u003ctt\u003eEXPERIMENTAL_CHECKS\u003c/tt\u003e | | The comma-separated list of experimental checks that should be executed. By default, all experimental checks are turned off. Possible values: `notowned`. |\n| \u003ctt\u003eCHECK_FAILURE_LEVEL\u003c/tt\u003e | `warning` | Defines the level on which the application should treat check issues as failures. Defaults to `warning`, which treats both errors and warnings as failures, and exits with error code 3. Possible values are `error` and `warning`. |\n| \u003ctt\u003eOWNER_CHECKER_REPOSITORY\u003c/tt\u003e \u003cb\u003e*\u003c/b\u003e | | The owner and repository name separated by slash. For example, gh-codeowners/codeowners-samples. Used to check if GitHub owner is in the given organization. |\n| \u003ctt\u003eOWNER_CHECKER_IGNORED_OWNERS\u003c/tt\u003e | `@ghost` | The comma-separated list of owners that should not be validated. Example: `\"@owner1,@owner2,@org/team1,example@email.com\"`. |\n| \u003ctt\u003eOWNER_CHECKER_ALLOW_UNOWNED_PATTERNS\u003c/tt\u003e | `true` | Specifies whether CODEOWNERS may have unowned files. For example: \u003cbr\u003e \u003cbr\u003e `/infra/oncall-rotator/ @sre-team` \u003cbr\u003e `/infra/oncall-rotator/oncall-config.yml` \u003cbr\u003e \u003cbr\u003e The `/infra/oncall-rotator/oncall-config.yml` file is not owned by anyone. |\n| \u003ctt\u003eOWNER_CHECKER_OWNERS_MUST_BE_TEAMS\u003c/tt\u003e | `false` | Specifies whether only teams are allowed as owners of files. |\n| \u003ctt\u003eNOT_OWNED_CHECKER_SKIP_PATTERNS\u003c/tt\u003e | | The comma-separated list of patterns that should be ignored by `not-owned-checker`. For example, you can specify `*` and as a result, the `*` pattern from the **CODEOWNERS** file will be ignored and files owned by this pattern will be reported as unowned unless a later specific pattern will match that path. It's useful because often we have default owners entry at the begging of the CODOEWNERS file, e.g. `* @global-owner1 @global-owner2` |\n| \u003ctt\u003eNOT_OWNED_CHECKER_SUBDIRECTORIES\u003c/tt\u003e | | The comma-separated list of subdirectories to check in `not-owned-checker`. When specified, only files in the listed subdirectories will be checked if they do not have specified owners in CODEOWNERS. |\n| \u003ctt\u003eNOT_OWNED_CHECKER_TRUST_WORKSPACE\u003c/tt\u003e | `false` | Specifies whether the repository path should be marked as safe. See: https://github.com/actions/checkout/issues/766. |\n\n \u003cb\u003e*\u003c/b\u003e - Required\n\n#### Exit status codes\n\nApplication exits with different status codes which allow you to easily distinguish between error categories.\n\n| Code | Description |\n|:-----:|:------------------------------------------------------------------------------------------|\n| **1** | The application startup failed due to the wrong configuration or internal error. |\n| **2** | The application was closed because the OS sends a termination signal (SIGINT or SIGTERM). |\n| **3** | The CODEOWNERS validation failed - executed checks found some issues. |\n\n## Contributing\n\nContributions are greatly appreciated! The project follows the typical GitHub pull request model. See [CONTRIBUTING.md](CONTRIBUTING.md) for more details.\n\n## Roadmap\n\nThe [codeowners-validator roadmap uses GitHub milestones](https://github.com/mszostok/codeowners-validator/milestone/1) to track the progress of the project.\n\nThey are sorted with priority. First are most important.\n","funding_links":[],"categories":["Community Resources"],"sub_categories":["GitHub Tools and Management"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmszostok%2Fcodeowners-validator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmszostok%2Fcodeowners-validator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmszostok%2Fcodeowners-validator/lists"}