Hi,
On 29/12/18 18:16, Enrico Olivelli wrote:
Il sab 29 dic 2018, 17:25 Stephen Connolly <stephen.alan.conno...@gmail.com>
ha scritto:
On Sat 29 Dec 2018 at 16:20, Stephen Connolly <
stephen.alan.conno...@gmail.com> wrote:
On Sat 29 Dec 2018 at 15:18, Enrico Olivelli <eolive...@gmail.com>
wrote:
Il sab 29 dic 2018, 15:17 Stephen Connolly <
stephen.alan.conno...@gmail.com>
ha scritto:
There is a security issue with building PRs automatically.
I can see about adding PR discovery to the existing ASF gitbox plugin,
but
we’d need committers to ok the build and have reviewed the code as the
PR
could contain attacks to be run from ASF hardware... which is why we
don’t
build PRs at present.
Now I have to review and then push to ASF repo and I have to tell to the
contributor that I will make CI start.
IMHO a good tradeoff is:
- a committer adds a 'test this please' comment, or '@asfbot test this
please' and then a CI job start
- this job updates the status line of the PR, with a link to the logs
and
the status of the job
How does it sounds to you?
Like it’ll burn through the GitHub api rate limit like crazy.
I did not think we have 100 repos
I wouldn't be that sure:
https://builds.apache.org/view/M-R/view/Maven/job/maven-box/
(96 at the moment)..
or https://gitbox.apache.org/repos/asf
search for "Apache Maven"...
Apart from that the GitHub API rate limit is for the whole ASF
orga...not only for our project...
Kind regards
Karl Heinz Marbaise
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
