The GitHub docs page for CODEOWNERS is not very helpful in terms of how the file is interpreted. I’ve done a little experimentation to figure out how it works, and here are the results.
For each modified file in a PR, GitHub examines the codeowners file and selects the last matching entry. It then combines the set of mentions for all files in the PR and assigns them as reviewers.
An entry can specify no reviewers by containing only a pattern and no mentions.
Consider this CODEOWNERS:
* @org/reviewers *.js @org/js-reviewers *.go @org/go-reviewers security/** @org/sec-reviewers generated/**
Then a change to:
README.mdwould get review from
src/foo.jswould get review from
bar.gowould get review from
security/crypto.gowould get review from
generated/reference.gowould get review from nobody
And thus a PR with, for example:
M src/foo.js M security/crypto.go M generated/reference.go
would get reviewed by
If I wanted per-language reviews even under
security/, then I’d use
security/** @org/sec-reviewers security/**/*.js @org/sec-reviewers @org/js-reviewers security/**/*.go @org/sec-reviewers @org/go-reviewers