CODEOWNERS works with users but not teams

In https://github.com/ciena-blueplanet/ciena-devops-testbed when using the CODEOWNERS entries of

* @notmessenger @juwara0 @job13er

README.md @notmessenger @juwara0

and making a PR changing just the .THROWAWAY file all three users (@notmessenger @juwara0 @job13er) are added as reviewers and it only takes one approver for the PR to be mergeable (https://github.com/ciena-blueplanet/ciena-devops-testbed/pull/45)

When the .THROWAWAY file and the README.md file are changed it requires one of the three users (@notmessenger @juwara0 @job13er) as well as one of the two (@notmessenger @juwara0) to be mergeable (https://github.com/ciena-blueplanet/ciena-devops-testbed/pull/46)

This is exactly what I expected to happen per https://help.github.com/articles/about-codeowners/

However when I attempt to do similar via using teams things get all messed up and I’m not sure why.

I created the https://github.com/orgs/ciena-blueplanet/teams/reviewers-tooling/members team and added @notmessenger, @juwara0, and @job13er to it.

I created the https://github.com/orgs/ciena-blueplanet/teams/owners-architecture team and added @notmessenger and @juwara0 to it.

I then used these CODEOWNERS entries:

* @ciena-blueplanet/reviewers-tooling

README.md @ciena-blueplanet/owners-architecture

and got this result for only the .THROWAWAY file changed (https://github.com/ciena-blueplanet/ciena-devops-testbed/pull/45):

and this result for the .THROWAWAY file and README.md file changed (https://github.com/ciena-blueplanet/ciena-devops-testbed/pull/46):

Have I set the teams and/or CODEOWNERS up correctly?

Sorry that I only have screenshots for the failed state - I am using the same repo to work through these issues so I made changes to the files for different scenarios I’m testing. It may even be likely that the current content of the CODEOWNERS file are different than what I’ve pasted here as I’m still making changes but the content pasted here is accurate and I will not be making any changes to the teams I have setup so they can be looked at.

You can ignore the double travis-ci required status checks - I know why there are two and it is unrelated to this issue.

I also now realize that my screen captures did not capture the reviewers that were assigned.  For PR 45 it did not assign everyone in the https://github.com/orgs/ciena-blueplanet/teams/reviewers-tooling/members team as I expected, and like it does when individual users are listed.  For PR 46 it assigned no one at all.

1 Like

I have received this reply from the GitHub Support Staff which I will give a try and report back on the status of:

It looks like you've set up the CODEOWNERS file correctly, but I believe the issue you're having is down to team permissions.

Teams are only requested for a review on a pull request when they have write access to the repository on the team itself. It's not enough for all the members to have write access, you need to grant write access to the actual team.

https://help.github.com/articles/managing-team-access-to-an-organization-repository/

Once you do this all future pull requests that involve files owned by that team should be automatically requested for a review.
20 Likes

This is exactly what the problem was.

I’m having a similar issue, but I’m pretty sure mine is not being caused by team permissions. Here’s my CODEOWNERS file (with org and team name anonymized):

# This file is used to automatically request reviews on PRs.

# These owners will be the default owners for everything in
# the repo, unless a match on a later line takes precedence.
# "@MyOrganization/MyTeam" below requests review from all members of MyTeam.
* @MyOrganization/MyTeam

# It's also possible to add notifications based on language
# or location in repo, etc.
# More info at docs: https://help.github.com/articles/about-codeowners/

However, when I make a PR in a repo with that CODEOWNERS file, no members of the team are notified for review. After seeing @notmessenger’s message from GitHub Support saying that the team needs write permissions for the repo, I verified the team had write permission for the repo, but subsequent PRs still do not kick off a review request by team members.

Am I missing something else? I can replace the “@MyOrganization/MyTeam” part with a list of all the team users and reviews are automatically requested, but I want to be able to do this on a team basis, not on a user-by-user basis.

The only other two confounding factors I can think of are these:

  1. The team name’s capitalization is kinda funky. Clicking through the org’s team list, I can see the team capitalized in some places (MYTEAM), lowercaps in others (myteam). Asking our admin to hit the GitHub API, I found that the team’s “name” field is MYTEAM, whereas its “slug” field is myteam. But at this point I’ve tried using both capitalization styles in my CODEOWNERS file and neither has worked, so that shouldn’t be it.
  2. In the org, the team is marked as a “Secret” team. (Mousing over the “Secret” box, a tooltip appears and says “Only visible to its members.”) If it’s necessary, I can talk to admin and see if we can remove the team’s “Secret” designation, but I’d rather avoid that.
2 Likes

Following up – I did speak to GitHub support, and the issue was the “Secret” status for the team. CODEOWNER notifications to members of a “Secret” team (at least as of late October) just aren’t supported.

Luckily my team was able to switch over to “Visible” (the opposite of Secret status), at which point the CODEOWNERS notifications worked exactly as expected. If you need to keep the Secret status though, I think there’s currently no way to get the auto notifications as well.

3 Likes

I’m having this problem also.

  • My team is “visible”.
  • My team has “Write” access to the repository.

I’m not sure what else to try.

  • My organization is private. Could that be a problem?
  • My organization name is not all lowercase. Could case sensitivity be a problem?
    • A note here, I’ve tried both “AdCellerant” and “adcellerant” variants with no luck. If this is the problem, it likely resides within github.com.

I have this issue both in my CODEOWNERS file and when trying to use hub.

BTW, the team I’m trying to hook up is @AdCellerant/app.

CODEOWNERS

I know this worked in the past. It stopped working the day I added app/renovate-approve. Since then, it doesn’t, even when I remove app/renovate-approve. I’m stumped.

Hub

I know this part is unrelated but I’m hoping it’s helpful…

I’m trying to assign team reviewers via repo-sync/pull-request@v2 which uses hub under the hood.

This is the API call that fails. (Hub executes the POST.)

> POST api.github.com/repos/AdCellerant/ui-marketing-backend/pulls/461/requested_reviewers
> Authorization: token [REDACTED]
> Accept: application/vnd.github.v3+json;charset=utf-8
{"reviewers":[],"team_reviewers":["app"]}
< HTTP 422
{"message":"Validation Failed","errors":["Could not resolve to a node with the global id of 'MDQ6VGVhbTMyNjk0NDI='."],"documentation_url":"docs.github.com/rest/reference/pulls#request-reviewers-for-a-pull-request"}
Error requesting reviewer: Unprocessable Entity (HTTP 422)
Could not resolve to a node with the global id of 'MDQ6VGVhbTMyNjk0NDI='.

Ours just started having this issue as well. We switched from having a lot of members to having teams with members (at at least the top level team i’m on is definitely visible), and now our PRs don’t have CODEOWNERS properly assigned either.