+1 Best regards, Jiadong Bai
On Mon, May 4, 2026 at 10:37 PM Zuozhi Wang <[email protected]> wrote: > I also like and support this. It makes sense and reduce unnecessary > frictions. > > Best > Zuozhi > > On Mon, May 4, 2026 at 10:30 PM Chen Li <[email protected]> wrote: > > > I support this change because it can make it easier for non-committers to > > contribute. > > > > Chen Li > > > > On Tue, May 5, 2026 at 1:00 AM Yicong Huang <[email protected]> > > wrote: > > > > > Hi Texera dev, > > > > > > > > > I'd like to propose a change to our GitHub Actions configuration on > > > apache/texera to reduce friction for non-committer contributors. > > > > > > *Background:* Currently, the ASF GitHub Actions policy requires > committer > > > approval for all outside collaborators, meaning every push from a > > > non-committer's fork needs approval before CI runs. This leads to slow > > > feedback and unnecessary work for committers. > > > > > > *Proposal:* Ask ASF Infra to change to: "Require approval for > first-time > > > contributors." This means that after a contributor's initial PR > approval, > > > their subsequent pushes and future PRs would trigger CI automatically. > > > Committers still have visibility, and Infra can revert if needed. > > > > > > As a project, we need to follow certain requirements that are called > out > > > here - https://infra.apache.org/github-actions-policy.html I have > > > confirmed > > > that: > > > - GitHub does not pass repository secrets to runners on fork PRs > > > (regardless of whether the workflow file references `secrets.*`). > > > GITHUB_TOKEN is provided but with read-only permissions on fork > > > PRs. > > > - Workflows that intentionally need write privileges in PR context > > > (auto-assign, lint-pr, pr-labeler) use `pull_request_target`, > > > which runs in the base-branch context and is unaffected by the > > > approval-policy setting. > > > - Workflows that touch sensitive secrets (build-and-push-images, > > > create-release-candidate, direct-backport-push) are gated on > > > `workflow_dispatch` / `push` and are not reachable from fork PRs > > > at all. > > > > > > *Precedent:* Several ASF projects have made this switch via Infra Jira, > > > including Apache ShardingSphere and Apache Druid. > > > - Apache ShardingSphere — > > > https://issues.apache.org/jira/browse/INFRA-24389 > > > - Apache Druid — > > > https://issues.apache.org/jira/browse/INFRA-24657 > > > > > > Please share your thoughts. If no-one objects within three days, I’ll > > > assume lazy consensus and open a ticket to INFRA. > > > > > > Best regards, > > > Yicong Huang > > > > > >
