Workflow approval for first time contributors

[Alexander Brandes]

Hey everyone,

I would like to propose to enable workflow approval for first time contributors, at least for jenkinsci/jenkins, if we don't want to enforce it on the organization.

Not every new contributor proposes a PR with good intentions, see https://github.com/jenkinsci/jenkins/pull/6669 for a recent core PR example.

While these kinds of "contributions" cause no real harm to a repository itself, they do waste resources, especially if you do that on core or other core repositories like ATH, bom, etc.

Enabling workflow approval for new contributors requires maintainers to click a button on the repository to allow the workflow to start, if the PR has been submitted by a first time contributor, which sounds fine to me, instead of watching builds on ci.jenkins taking hours for nothing.

Kind regards,

~Alex

[Tim Jacomb]

Hi Alex

Workflow approval is a GitHub actions only thing.

Unless it’s very spammy I don’t think it’s something to worry about, we often block these sort of people for 24 hours in case they continue.

We get this sort of thing occasionally but it’s not normally that many

Cheers

Tim

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/da121788-6e8c-48f3-a3be-cfc4f158a85fn%40googlegroups.com.

[Alexander Brandes]

> Workflow approval is a GitHub actions only thing.

Right, right. While it would apply to the checks integration, the core job on ci.j would build it nevertheless I assume, considering it builds all branches and PRs.

I was merely worried about ATH and similar sensitive components, which sometimes already takes several runs to complete a single build, you could abuse with ease if you submit contributions with bad intentions and nobody notices it in a timely manner.