Expand Use of Required CODEOWNERS approvals
Summary
The purpose of this issue is to explore possible next iterations to using CODEOWNERS to handle required approvals for gitlab-org/gitlab
.
With the recent CODEOWNERS update to support segregation of duties requirements, we introduced a top-level *
catch-all maintainer approval rule. This was a first iteration for using CODEOWNERS to handle required approvals under the newly enabled settings while allowing flexibility for cases such as documentation.
This approach comes with downsides such as having multiple approvals reset if, for example, a file covered by the *
rule and another rule changes after approvals are granted.
Ideally, it's best to have a small group for the *
rule and to make more use of required approvals for specific files types/paths. For example, we already define optional CODEOWNERS rules for backend
, frontend
, and database
. We could consider making these required as a step towards moving away from the *
rule.