community icon indicating copy to clipboard operation
community copied to clipboard

Published 20 hours ago verified publisher icon open-telemetry

"New contributor"-friendly setting for running workflows

Open trask opened this issue 2 years ago • 3 comments

I'd like to propose

Require approval for first-time contributors who are new to GitHub

as a better documented default for OpenTelemetry repos over the GitHub default of

Require approval for first-time contributors

We changed this setting a while ago in the Java repos to reduce friction for new contributors, and we haven't seen any cryptomining problems (I'm just guessing that cryptominers wouldn't pick high traffic repositories where they would be noticed quickly).

I have noticed this setting causing some friction for new contributors recently in the specification repo (e.g. https://github.com/open-telemetry/opentelemetry-specification/pull/2458 and https://github.com/open-telemetry/opentelemetry-specification/pull/2292), so thought it would be worth raising here.

trask avatar Apr 07 '22 23:04 trask

Require approval for first-time contributors who are new to GitHub

What does it mean to be "new to GitHub" in this context? Would people with one or two merged PRs be considered new?

jpkrohling avatar Apr 08 '22 11:04 jpkrohling

@jpkrohling The setting just says the following whereas the docs don't give any more detail:

Only first-time contributors who recently created a GitHub account will require approval to run workflows.

I would assume even an old, resurrected Github account with no activity at all would fulfill this requirement.

@trask

I'm just guessing that cryptominers wouldn't pick high traffic repositories where they would be noticed quickly

I agree with that. I'd be willing to just try it out with the relaxed settings and if we ever run into an issue with it we can revert it again.

arminru avatar Apr 08 '22 13:04 arminru

What does it mean to be "new to GitHub" in this context? Would people with one or two merged PRs be considered new?

hey @jpkrohling, I may not be following your question exactly. if they have one merged PR in the repo then they are not considered a new contributor. the proposed setting is less strict than the existing setting.

trask avatar Apr 08 '22 20:04 trask

@open-telemetry/governance-committee @open-telemetry/technical-committee any thoughts/concerns about changing this? It should address the issue of having to manually approve CI runs for new contributors in most cases.

trask avatar Apr 06 '23 15:04 trask