RepoKitteh-based selective CODEOWNERS enforcement on select subtrees #7423
Description
As part of the stable API versioning initiative in #6271, we need to be able to ensure that @envoyproxy/udpa-wg has visibility on API changes and that @envoyproxy/api-shepherds sign-off on any API changes in the api/ subtree.
While we make use of CODEOWNERS in GitHub to allow more permissive management of extensions and the like, this mechanism is too coarse grained, since when we enabled mandatory CODEOWNERS sign-off along with b9a1b6e#diff-5daf978e60e03b3975b485d5f1b449dc, this resulted in all aspects of the Envoy tree requiring CODEOWNERS sign-off.
I think RepoKitteh could be a solution here. We would want the following behavior on api/
- When a PR contains changes to
api/, @envoyproxy/api-shepherds are notified via a CC comment. - When a PR contains changes to
api/udpa, @envoyproxy/udpa-wg is notified via a CC comment. - An additional GitHub check blocking merge is added that will only be marked as passing once an approval review is received from someone in @envoyproxy/api-shepherds.
I think 1/2 can turned into a general notification mechanism. We could implement them independent of 3, which could also be a mechanism useful elsewhere in the code base.
@itayd WDYT? CC @mattklein123 @caniszczyk for CNCF visibility.