feat: implement data-driven collaborator management

- Add collaborators.yaml as single source of truth
- Auto-generate CODEOWNERS from collaborators list
- Include power-edge and nikolauspschuetz as reviewers
- Add pattern groupings with descriptions
- Create COLLABORATORS.md documentation

Author: nikolauspschuetz

.github/terraform/COLLABORATORS.md

@@ -0,0 +1,79 @@
+# Collaborators Management
+
+## Single Source of Truth: `collaborators.yaml`
+
+All repository access, code review requirements, and CODEOWNERS are driven from `collaborators.yaml`.
+
+### Structure
+
+```yaml
+collaborators:
+  - username: power-edge
+    permission: admin      # admin, maintain, push, triage, pull
+    is_reviewer: true      # Can review PRs
+    is_owner: true         # Organization owner
+
+  - username: nikolauspschuetz
+    permission: push       # write access
+    is_reviewer: true      # Can review PRs
+    is_admin: true         # Can bypass some protections
+```
+
+### What Gets Generated
+
+1. **GitHub Collaborators** (`collaborators.tf`)
+   - Creates `github_repository_collaborator` resources
+   - Skips `power-edge` (org owner already has access)
+   - Grants permissions as specified
+
+2. **CODEOWNERS File** (`main.tf`)
+   - Auto-generated from `codeowner_patterns` in `collaborators.tf`
+   - All reviewers (`is_reviewer: true`) are added to all patterns
+   - Committed to `.github/CODEOWNERS`
+
+3. **Review Requirements**
+   - Branch protection uses CODEOWNERS
+   - All reviewers must have at least `push` permission
+
+### How to Add a New Collaborator
+
+1. Edit `collaborators.yaml`:
+   ```yaml
+   - username: new-user
+     permission: push
+     is_reviewer: false  # or true if they can review PRs
+   ```
+
+2. Apply Terraform:
+   ```bash
+   cd .github/terraform
+   source load-env.sh
+   terraform apply
+   ```
+
+3. User must accept invitation via email/GitHub
+
+### File Patterns Requiring Review
+
+Defined in `collaborators.tf` → `codeowner_patterns`:
+- `*` - Everything (default)
+- `/pymlb_statsapi/` - Core package
+- `/tests/` - Test files
+- `/.github/` - CI/CD and infrastructure
+- `/scripts/` - Scripts
+- `/docs/` - Documentation
+- `*.md` - Markdown files
+- `pyproject.toml`, `setup.py`, `*.cfg`, `*.ini` - Config files
+
+To modify patterns, edit the `codeowner_patterns` list in `collaborators.tf`.
+
+### Validation
+
+- Reviewers must have at least `push` permission (enforced in code)
+- All patterns get all reviewers (simplified management)
+- CODEOWNERS is auto-committed on Terraform apply
+
+### Outputs
+
+- `collaborators_list` - All collaborator usernames
+- `reviewers_list` - Usernames who can review PRs

.github/terraform/collaborators.tf

@@ -0,0 +1,85 @@
+# Repository Collaborators
+# Single source of truth: collaborators.yaml
+
+locals {
+  # Load collaborators from YAML file
+  collaborators_raw = yamldecode(file("${path.module}/collaborators.yaml"))
+  collaborators     = local.collaborators_raw.collaborators
+
+  # Extract reviewers (must be collaborators with push+ permission)
+  reviewers = [
+    for collab in local.collaborators :
+    collab.username
+    if lookup(collab, "is_reviewer", false) == true
+  ]
+
+  # File patterns that require review with descriptions
+  codeowner_patterns = [
+    {
+      description = "Default owners for everything in the repo"
+      patterns    = ["*"]
+    },
+    {
+      description = "Core package code - requires review from maintainers"
+      patterns    = ["/pymlb_statsapi/"]
+    },
+    {
+      description = "Tests - maintainers review"
+      patterns    = ["/tests/"]
+    },
+    {
+      description = "Infrastructure and CI/CD - requires admin review"
+      patterns    = ["/.github/", "/scripts/"]
+    },
+    {
+      description = "Documentation"
+      patterns    = ["/docs/", "*.md"]
+    },
+    {
+      description = "Configuration files - requires careful review"
+      patterns    = ["pyproject.toml", "setup.py", "*.cfg", "*.ini"]
+    },
+  ]
+
+  # Generate CODEOWNERS content
+  reviewers_list = join(" ", [for r in local.reviewers : "@${r}"])
+
+  codeowners_content = <<-EOT
+    # Code Owners for PyMLB StatsAPI
+    # Auto-generated from collaborators.yaml - DO NOT EDIT MANUALLY
+    #
+    # These users/teams will be automatically requested for review when someone
+    # opens a pull request that modifies files matching the patterns below.
+    #
+    # More info: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+    ${join("\n\n", [
+      for group in local.codeowner_patterns :
+      "# ${group.description}\n${join("\n", [for pattern in group.patterns : "${pattern} ${local.reviewers_list}"])}"
+    ])}
+  EOT
+}
+
+# Create collaborator resources from YAML
+resource "github_repository_collaborator" "collaborators" {
+  for_each = {
+    for collab in local.collaborators :
+    collab.username => collab
+    if collab.username != "power-edge"  # Skip org owner (already has access)
+  }
+
+  repository = github_repository.repo.name
+  username   = each.value.username
+  permission = each.value.permission
+}
+
+# Output for use in other resources
+output "collaborators_list" {
+  description = "List of all collaborators"
+  value       = [for collab in local.collaborators : collab.username]
+}
+
+output "reviewers_list" {
+  description = "List of users who can review PRs"
+  value       = local.reviewers
+}

.github/terraform/collaborators.yaml

@@ -0,0 +1,18 @@
+# Single source of truth for repository collaborators
+# This file drives both GitHub collaborator settings and review requirements
+
+collaborators:
+  - username: power-edge
+    permission: admin
+    is_reviewer: true
+    is_owner: true  # Organization owner
+
+  - username: nikolauspschuetz
+    permission: push  # write access
+    is_reviewer: true
+    is_admin: true  # Can bypass some protections
+
+  # Add more collaborators here:
+  # - username: another-user
+  #   permission: push
+  #   is_reviewer: false

.github/terraform/main.tf

@@ -209,6 +209,7 @@ resource "github_repository_environment" "testpypi" {
 }
 
 # CODEOWNERS file for automatic review requests
+# Dynamically generated from collaborators.yaml
 resource "github_repository_file" "codeowners" {
   repository          = github_repository.repo.name
   branch              = "main"
@@ -218,38 +219,9 @@ resource "github_repository_file" "codeowners" {
   commit_email        = "nikolauspschuetz@gmail.com"
   overwrite_on_create = true
 
-  content = <<-EOT
-    # Code Owners for PyMLB StatsAPI
-    #
-    # These users/teams will be automatically requested for review when someone
-    # opens a pull request that modifies files matching the patterns below.
-    #
-    # More info: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
-
-    # Default owners for everything in the repo
-    # power-edge is the organization owner and ultimate admin
-    * @power-edge @nikolauspschuetz
-
-    # Core package code - requires review from maintainers
-    /pymlb_statsapi/ @power-edge @nikolauspschuetz
-
-    # Tests - maintainers review
-    /tests/ @power-edge @nikolauspschuetz
-
-    # Infrastructure and CI/CD - requires admin review
-    /.github/ @power-edge @nikolauspschuetz
-    /scripts/ @power-edge @nikolauspschuetz
-
-    # Documentation
-    /docs/ @power-edge @nikolauspschuetz
-    *.md @power-edge @nikolauspschuetz
-
-    # Configuration files - requires careful review
-    pyproject.toml @power-edge @nikolauspschuetz
-    setup.py @power-edge @nikolauspschuetz
-    *.cfg @power-edge @nikolauspschuetz
-    *.ini @power-edge @nikolauspschuetz
-  EOT
+  content = local.codeowners_content
+
+  depends_on = [github_repository_collaborator.collaborators]
 }
 
 # Outputs for documentation