Scope of the proposal
CI/CD or tooling improvement
Most impacted component
CI / GitHub Actions
Problem statement and motivation
The BIOMASS BPS repository currently has no automated routing for pull request review, no automated tracking of dependency updates, no formal licensing manifest, and no machine-readable licence files at repository root. As a result:
- Pull requests do not get assigned reviewers automatically, slowing triage and review.
- Scientific Module Experts (SMEs) responsible for specific processors are not notified when their code area is touched.
- Outdated dependencies accumulate silently and surface only when a CVE is published.
- Supply chain hygiene and REUSE compliance cannot be demonstrated to ESA or external auditors.
This issue lands the foundational configuration files that solve all four problems in a single coherent PR.
Proposed solution
Add the following files under .github/ and at the repository root:
Review and dependency routing:
- .github/CODEOWNERS — routes review automatically by file path (.github/** → maintainers, bps-l1_* → L1 SME team, bps-l2* → L2 SME team, bps-stack_* → Stack SME team, docs/** → documentation maintainers, LICENSES/** + REUSE.toml → legal maintainers).
- .github/dependabot.yml — weekly grouped updates for Python (bps-*/pyproject.toml), GitHub Actions, and Docker base images. Reviewers assigned via CODEOWNERS.
Licensing and REUSE compliance:
- REUSE.toml — REUSE.software 3.0 manifest declaring per-path licensing rules.
- LICENSES/Apache-2.0.txt — full licence text.
- LICENSES/MIT.txt — full licence text (for files distributed under MIT).
- SPDX headers (SPDX-FileCopyrightText, SPDX-License-Identifier) added to every file currently in the repository that does not have one.
Alternatives considered
- Renovate Bot instead of Dependabot: rejected for the first iteration. Renovate is more powerful but adds a third-party dependency. Dependabot is GitHub-native, free, and sufficient. Renovate can be reconsidered later.
- Manual licensing in README only: rejected. REUSE is the European norm and is required by ESA for new contracts, and machine-readable per-file headers are the only credible mechanism.
Expected impact
No impact
Additional context
No response
Pre-submission checklist
Scope of the proposal
CI/CD or tooling improvement
Most impacted component
CI / GitHub Actions
Problem statement and motivation
The BIOMASS BPS repository currently has no automated routing for pull request review, no automated tracking of dependency updates, no formal licensing manifest, and no machine-readable licence files at repository root. As a result:
This issue lands the foundational configuration files that solve all four problems in a single coherent PR.
Proposed solution
Add the following files under .github/ and at the repository root:
Review and dependency routing:
Licensing and REUSE compliance:
Alternatives considered
Expected impact
No impact
Additional context
No response
Pre-submission checklist