Have Danger recommend integrations reviews
This issue is part of the epic &6933 (closed). Please see that epic for extra context.
About
groupintegrations [DEPRECATED] are responsible for the performance and security of code marked category: integrations
.
The quality of our codebase affects the group with regards to:
- Error budgets.
- Feature change locks.
Category:Integrations codebase is reasonably unique in that other groups can consider themselves owners of certain integrations.
To align with our responsibility to the category, we need more oversight into the quality of integrations code contributed.
As a single data point of the problem: when I authored the Confluence integration !36262 (merged) as part of Create:Knowledge, I was unaware of an integrations group (ecosystem, then), or that another team might have interest in new integrations code. The MR received the required number of approvals by members of Knowledge and Stability. The MR was very simple, but Knowledge had extensive plans to expand it &3629.
Proposal
Merge requests that touch integrations code should receive at least one approval from an integrations team member, like how a product intelligence review is recommended by GitLab Bot through Danger
(see https://gitlab.com/gitlab-org/gitlab-dangerfiles/-/merge_requests/25 and !56098 (merged).
We do not need a label system like product intelligenceapproved (this would be a divergence from their implementation).
This would be recommended but not enforced (similar to product intelligence).
The team can collaborate on finalising the list of files and directories on the MR.