Hongbo/ci secure

[hongbo-trey]

No description provided.

[claude]

The PR currently has no labels, but based on the diff, at least one label seems appropriate:

• enhancement — The main change adds environment: name: prod to the release workflow, which gates the compile job behind GitHub's environment protection rules. This is a security improvement/enhancement to the CI pipeline.
• documentation — The CODEOWNERS update (adding ownership of .github/ to a set of reviewers) is a governance/documentation change.

Neither label is currently applied. Consider adding enhancement at minimum, and possibly documentation as well.

[claude]

Good CI hardening. Two minor issues:

1. CODEOWNERS typo: Line 14 has @krabat-I (capital I) but lines 8 and 17 use @krabat-l (lowercase L). One of these is wrong — a mismatched GitHub handle means that path won't enforce the intended review requirement.

2. Missing newline at EOF in CODEOWNERS (flagged inline).

[claude]

LGTM. Both changes are correct:

• CODEOWNERS: typo fixed (@krabat-I → @krabat-l), .github/ ownership section added with trailing newline.
• release.yaml: gating the compile job behind the prod environment is the right CI hardening approach — ensures environment protection rules (e.g. required reviewers) apply before secrets are accessed.

[Troublor]

Please put a MEANINGFUL PR title and description.