Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert required certify safe #805

Closed
wants to merge 2 commits into from
Closed

Revert required certify safe #805

wants to merge 2 commits into from

Conversation

mcollina
Copy link
Member

@mcollina mcollina commented May 2, 2024

Fixes #801

@mcollina
Copy link
Member Author

mcollina commented May 2, 2024

I think this is too restrictive and a different implementation should be reached.
This is blocking collaborators in starting CI using the flag, essentially nullifying the usefulness of the flag itself.

(I was wrong in LGTMing this, sorry)

@mcollina
Copy link
Member Author

mcollina commented May 2, 2024

cc @joyeecheung @nodejs/tsc

@aduh95
Copy link
Contributor

aduh95 commented May 2, 2024

I'd prefer if we find another solution than to revert, maybe we could improve the CLI flow for starting CI.

@MoLow
Copy link
Member

MoLow commented May 2, 2024

I think we should wait before landing this to discuss with TSC since #801 is on the agenda.
I wonder if there is a way/GitHub API to check which user added the label to a PR, then we can check if the user who added the label is a collaborator

@targos
Copy link
Member

targos commented May 2, 2024

We could have an action that automatically removes the label if it was applied by someone who's not allowed.

@aduh95
Copy link
Contributor

aduh95 commented May 2, 2024

We could have an action that automatically removes the label if it was applied by someone who's not allowed.

There would be a race condition though, I don't think that's a sound solution. The GHA workflow could add --certify-safe on PRs opened by collaborators – but I still think there would be value in nudging folks into using the CLI flow.

@mcollina
Copy link
Member Author

mcollina commented May 2, 2024

There would be a race condition though, I don't think that's a sound solution. The GHA workflow could add --certify-safe on PRs opened by collaborators – but I still think there would be value in nudging folks into using the CLI flow.

I do most of my CI-nudging on mobile :(

@MoLow
Copy link
Member

MoLow commented May 2, 2024

but I still think there would be value in nudging folks into using the CLI flow.

what is that value? and in that case, why won't I access https://ci.nodejs.org/ and trigger a job manually?
I think there is a huge value in performing this via Github UI. (I use mobile a lot as well)

@aduh95
Copy link
Contributor

aduh95 commented May 2, 2024

what is that value?

There would be incentive to improve the CLI, while keeping for triaggers the ability to run CI on approved PRs – and only approved PRs.

why won't I access https://ci.nodejs.org/ and trigger a job manually?

It's always been a possibility, nothing changes on that front (no matter if this revert lands or not, no matter if the CLI improves or not).

I think there is a huge value in performing this via Github UI

It's still there – only for fewer PRs, the one that have been approved.

(I use mobile a lot as well)

Surely you don't send your PRs from mobile do you? If you mean reviewing PRs, how often does it happen that you would want to run CI before you approve it? I suppose it would depend on the type of changes that's being suggested, and maybe we have different experiences around it, the current settings were chosen because it matched my personal "kicking off CIs" style.

@mcollina
Copy link
Member Author

mcollina commented May 2, 2024

If you mean reviewing PRs, how often does it happen that you would want to run CI before you approve it?

I would guess 80-90% of the time.

I suppose it would depend on the type of changes that's being suggested, and maybe we have different experiences around it, the current settings were chosen because it matched my personal "kicking off CIs" style.

Fair enough, but we should be supportive of others too.

@mcollina
Copy link
Member Author

mcollina commented May 2, 2024

I think we should wait before landing this to discuss with TSC since #801 is on the agenda.

I would prefer to not loose another week.

@ShogunPanda
Copy link

I also incurred into this. This is definitely not what we want.

@marco-ippolito
Copy link
Member

Another annoying issue is when your pr is approved, you amend a nit and you cannot start CI, without asking to re-approve the PR

Copy link
Contributor

@aduh95 aduh95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverting this is not the right move IMO, if you'd like to unblock the situation, you should open a PR to make the action pass --certify-safe label on nodejs/node – or make it use the older version of ncu. Reverting this is going to make it harder to iterate on it.

@mcollina
Copy link
Member Author

I don't have much time to iterate on this atm. I think reverting gives us the quickest path forward to restore functionality.

@mcollina
Copy link
Member Author

Where should the option be passed?

@aduh95
Copy link
Contributor

aduh95 commented May 10, 2024

Where should the option be passed?

When calling nci-ci – that bypass the check for approvals.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allowing using request-ci label for collaborators in unapproved PRs
6 participants