The CODEOWNERS
file in GitLab is a special file that lets you define who is responsible (owner) for specific files, directories, or patterns in your repository. It’s a powerful feature to enforce code reviews, approvals, and accountability—especially for sensitive or critical parts of your codebase.
✅ What Does the CODEOWNERS
File Do?
When a file or directory covered by a CODEOWNERS
rule is modified in a merge request:
- GitLab automatically requests approval from the listed owners.
- If you enforce approval rules, the MR cannot be merged without their review (when configured).
📄 Syntax of CODEOWNERS
Each line defines a path pattern followed by one or more GitLab usernames or groups.
# Syntax: <file pattern> <usernames or groups>
/README.md @john
/docs/ @tech-writers
/secrets/* @security-team @admin
*.yml @devops
Code language: PHP (php)
📁 Where to Place CODEOWNERS
GitLab looks for the file in one of these locations (in order of priority):
.gitlab/CODEOWNERS
docs/CODEOWNERS
CODEOWNERS
(root)
👉 Best practice: place it in .gitlab/CODEOWNERS
.
🔐 How CODEOWNERS Works with Approval Rules
To enforce the rules:
- Go to Project → Settings → General → Merge request approvals
- Enable: “Require approval from Code Owners”
- GitLab will now enforce at least one approval from any listed owner if their path is touched.
🧠 Example Use Case
# Enforce ownership on critical configs
/config/production.yml @devops-lead
# Only security team can approve secrets file
/secrets/* @security-team
Code language: PHP (php)
When someone opens an MR touching /config/production.yml
, GitLab:
- Requests approval from
@devops-lead
- Blocks merging if approval is required and not yet given
🔍 Pro Tips
- You can use groups like
@my-org/security
as owners. - Owners must have at least Developer access to the repo.
- Use together with merge request approval rules for full control.
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND