Skip to content

[WIP] Add CODEOWNERS defaults and governance guidance #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BreakableHoodie merged 2 commits into from
Feb 2, 2026
Merged

[WIP] Add CODEOWNERS defaults and governance guidance #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
093a96c
Initial plan
Copilot Feb 2, 2026
996e99b
Address review comments: fix file paths, grammar, and documentation
Copilot Feb 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ Default files that appear in all CivicTechWR repositories (unless overridden):
- **SECURITY.md** - Security policy and vulnerability reporting
- **ISSUE_TEMPLATE/** - Issue templates for bugs, features, and questions
- **PULL_REQUEST_TEMPLATE.md** - Pull request template
- **CODEOWNERS** - Default repository ownership and review responsibilities

### Organization Profile

Expand Down
4 changes: 2 additions & 2 deletions docs/gitleaks-response.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,11 @@ This guide helps CivicTechWR maintainers triage, contain, and remediate potentia
## 5. Verify and Prevent Recurrence

- Re-run the Gitleaks workflow (or trigger it manually) to confirm the repository is clean.
- Add new patterns to the `gitleaks.toml` allowlist only after validating they are false positives.
- Update the Gitleaks configuration in `.github/workflows/gitleaks.yml` to add new allowlist patterns, and only after validating they are false positives.

## Reference

- Repository workflow: `.github/workflows/reusable-gitleaks.yml`
- Repository workflow: `.github/workflows/gitleaks.yml`
- Team contact: `civictechwr@gmail.com`

Always assume a leaked credential is compromised until rotated and confirmed inactive.
6 changes: 3 additions & 3 deletions docs/governance/codeowners-branch-protection.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Apply these settings to the organization's default branch rule (settings > Code
3. **Required reviewers:**
- At least **1 approval**, prefer **2 approvals** for active codebases.
- **Require review from Code Owners** (once the default CODEOWNERS file lands).
4. **Status checks:** enable the projects primary CI build (e.g., `lint`, `test`, `deploy-preview`). Start with the checks that already exist; new projects should add them before their first release.
4. **Status checks:** enable the project's primary CI build (e.g., `lint`, `test`, `deploy-preview`). Start with the checks that already exist; new projects should add them before their first release.
5. **Additional safeguards:**
- Require conversation resolution before merging.
- Require linear history.
Expand Down Expand Up @@ -48,7 +48,7 @@ Projects stay under `@CivicTechWR/organizers` until their project team exists **

## Default CODEOWNERS Strategy

Create `.github/CODEOWNERS` (this repository) so GitHub applies it to every CivicTechWR repo that does not define its own CODEOWNERS file.
Create a repository-root `CODEOWNERS` file (this repository) so GitHub applies it to every CivicTechWR repo that does not define its own CODEOWNERS file.

```text
# Default owners for every file in repos without project-specific CODEOWNERS
Expand All @@ -65,7 +65,7 @@ Create `.github/CODEOWNERS` (this repository) so GitHub applies it to every Civi
Key considerations:

- Patterns in this default file must be generic. Repo-specific overrides belong in that repo.
- Github evaluates CODEOWNERS top to bottom; place broader matches last.
- GitHub evaluates CODEOWNERS patterns from top to bottom and uses the last matching pattern. In the examples above, the broad `*` entry appears first so that later, more specific patterns can override it.
- Encourage projects to commit their own CODEOWNERS file as soon as they have a stable team. Provide them with a template (see below) and remind them to keep `@CivicTechWR/organizers` as a secondary owner for continuity.

### Sample project CODEOWNERS template
Expand Down
2 changes: 1 addition & 1 deletion profile/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Welcome to CivicTech Waterloo Region

Please standby—CTWR is coming back to life and taking over.
Please stand by—CTWR is coming back to life and taking over.

- Visit our website [CivicTechWR.org](https://civictechwr.org/)
- Check out what projects are currently happening here: [CTWR Projects In Progress](https://github.com/orgs/CivicTechWR/projects/10/views/6?sliceBy%5Bvalue%5D=In+progress)
Expand Down
Loading