template-oss icon indicating copy to clipboard operation
template-oss copied to clipboard

Published 20 hours ago verified publisher icon npm

Pull requests do not run tests automatically

Open rotu opened this issue 2 years ago • 5 comments

Contrary to the documentation, pull requests require approval to run.

https://github.com/npm/template-oss/blame/d67bd699b759c766ddf5fd5aecd5c024f38dcfad/CONTRIBUTING.md#L32

image

rotu avatar Sep 06 '23 23:09 rotu

Let's call it a loose definition of 'automatically'. External PRs have an approval gate but it's still part of the PR process that github does automatically.

wraithgar avatar Sep 08 '23 14:09 wraithgar

I can't understate the usefulness of CI's fast feedback in:

  1. helping contribute to unfamiliar projects and in unfamiliar environments
  2. not feeling like I'm wasting a human's time with my silly code and SCM mistakes

Can you at least add to the docs instructions how to enable the test workflows to run in a fork? And maybe modify the manual approval so it's needed only once per PR and not on every commit?

rotu avatar Sep 08 '23 15:09 rotu

The every commit for external contributors is a security measure we can't really budge on. If you want to add language that assures folks we are more than happy to re-run those tests every time, feel free. We love external PRs on an order of magnitude beyond any other kind of contribution. It's really no problem to click that button again when you make changes.

As far as the test workflows in a fork, I think as long as tests are passing locally you should be good, and we historically have helped folks work through errors that happen in CI but not locally. I know this is less than ideal but as it currently is it's light years better than it was in the recent past (no consolidated CI or release process).

wraithgar avatar Sep 08 '23 16:09 wraithgar

And on a personal note I want to reassure you your recent activity on a LOT of different repos here has been greatly appreciated. Commit all you want, update your PRs as often as you want, they are very welcome and greatly noticed.

wraithgar avatar Sep 08 '23 16:09 wraithgar

Thanks for the response (and especially the words of encouragement!).

The bit I don't understand is this:

The every commit for external contributors is a security measure we can't really budge on.

Certainly there are some huge possible risk vectors. But the "Approving workflow runs from public forks" page makes it sound like it's just nuisance mitigation. Is there somewhere to learn more?

rotu avatar Sep 11 '23 04:09 rotu