-
Notifications
You must be signed in to change notification settings - Fork 2.5k
Expand file tree
/
Copy pathCODEOWNERS
More file actions
45 lines (34 loc) · 2.15 KB
/
CODEOWNERS
File metadata and controls
45 lines (34 loc) · 2.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# If a file is set here, then PRs will require that team's approval to get that code merged.
# WE DO NOT USE CODEOWNERS FOR MANAGING ORDINARY RISK.
# Risk of outages, incidents, and operational difficulty
# are not sufficient reason to add a region of the codebase
# to the CODEOWNERS file. Handle these by de-risking your
# code, or by modifying CI to suit your products needs.
# Adding entries to the codeowners file is an anti-social
# and anti-posthog-values thing to do. It must have extraordinary
# justification. If you are not _certain_ there is _no other way_
# to manage the risk you're thinking about, do not add an entry.
# ClickHouse team owns Clickhouse migrations
posthog/clickhouse/migrations/** @PostHog/clickhouse
# HogQL team owns HogQL changes
posthog/hogql/** @PostHog/hogql
# Being open source brings us unwanted problems because Github Actions are untrusted and inherently unsafe
# so we have to be extra careful with changes here. Let's have the security team own these checks.
.github/workflows/ci-security.yaml @PostHog/team-security
.github/workflows/codeql.yml @PostHog/team-security
# This workflow runs on the `pull_request_target` event so that it can run without needing a GitHub org member to explicitly approve it.
# We must be careful to only execute code from this repo's default branch, and never execute code from the PR's branch.
.github/workflows/auto-assign-reviewers.yml @PostHog/team-security
.github/scripts/assign-reviewers.js @PostHog/team-security
# And of course modifying this file can bring us problems so let's have the security team own it.
# This does not affect CODEOWNERS-soft which is used for assigning non-required reviewers and it's much safer to change.
CODEOWNERS @PostHog/team-security
# PR approval agent — can auto-approve PRs, so changes need review
.github/workflows/pr-approval-agent.yml @PostHog/team-security
tools/pr-approval-agent/** @PostHog/team-security
# Ingestion team owns persons migrations
rust/persons_migrations/** @PostHog/team-ingestion
# Critical authentication logic
posthog/api/authentication.py @PostHog/team-security
posthog/auth.py @PostHog/team-security
ee/api/scim/auth.py @PostHog/team-security