I support this change because it can make it easier for non-committers to contribute.
Chen Li On Tue, May 5, 2026 at 1:00 AM Yicong Huang <[email protected]> wrote: > Hi Texera dev, > > > I'd like to propose a change to our GitHub Actions configuration on > apache/texera to reduce friction for non-committer contributors. > > *Background:* Currently, the ASF GitHub Actions policy requires committer > approval for all outside collaborators, meaning every push from a > non-committer's fork needs approval before CI runs. This leads to slow > feedback and unnecessary work for committers. > > *Proposal:* Ask ASF Infra to change to: "Require approval for first-time > contributors." This means that after a contributor's initial PR approval, > their subsequent pushes and future PRs would trigger CI automatically. > Committers still have visibility, and Infra can revert if needed. > > As a project, we need to follow certain requirements that are called out > here - https://infra.apache.org/github-actions-policy.html I have > confirmed > that: > - GitHub does not pass repository secrets to runners on fork PRs > (regardless of whether the workflow file references `secrets.*`). > GITHUB_TOKEN is provided but with read-only permissions on fork > PRs. > - Workflows that intentionally need write privileges in PR context > (auto-assign, lint-pr, pr-labeler) use `pull_request_target`, > which runs in the base-branch context and is unaffected by the > approval-policy setting. > - Workflows that touch sensitive secrets (build-and-push-images, > create-release-candidate, direct-backport-push) are gated on > `workflow_dispatch` / `push` and are not reachable from fork PRs > at all. > > *Precedent:* Several ASF projects have made this switch via Infra Jira, > including Apache ShardingSphere and Apache Druid. > - Apache ShardingSphere — > https://issues.apache.org/jira/browse/INFRA-24389 > - Apache Druid — > https://issues.apache.org/jira/browse/INFRA-24657 > > Please share your thoughts. If no-one objects within three days, I’ll > assume lazy consensus and open a ticket to INFRA. > > Best regards, > Yicong Huang >
