I'mglad to see that PR build/merge discussed, it seems to have a good potential value for many in simplifying it.
FWIW, at Eclipse Foundation, similar questions were faced and risks identified. The result is that at the moment, all PRs from anyone can be built on Eclipse infra without much visible restriction. The Foundation might have extra guards under the hood but it's not something we developers need to care about. While this is probably unsafe, it's so far so good. We weren't warned by the Foundation about malicious usage of this permissive access to build machines. AFAIK, there is no issue from developer POV about GitHub API rates limit. I suggest the Apache infra team gets in touch with Eclipse Foundation one to sort out whether similar configurations could be implemented in a safe-enough way. The GitHub PR builder plugin already has support for whitelisting users and giving them ability to trigger a build from a non-whitelidsted contributor with a single «test PR» comment or similar. Then build progress and report are reported as expected. And, again, TravisCI also does the same in a decent way, with the benefit of worrying less about underlying infra and security, and only drawback of being discoupled from a specific infra (is it really a drawback?) Cheers, -- Mickael Istria Eclipse IDE <https://www.eclipse.org/downloads/eclipse-packages/> developer, for Red Hat Developers <https://developers.redhat.com/>