+1 Sincerely,
Xinyuan Lin On Thu, May 7, 2026 at 22:13 Jiadong Bai <[email protected]> wrote: > +1 > > Best regards, > Jiadong Bai > > On Mon, May 4, 2026 at 10:37 PM Zuozhi Wang <[email protected]> wrote: > > > I also like and support this. It makes sense and reduce unnecessary > > frictions. > > > > Best > > Zuozhi > > > > On Mon, May 4, 2026 at 10:30 PM Chen Li <[email protected]> wrote: > > > > > I support this change because it can make it easier for non-committers > to > > > contribute. > > > > > > Chen Li > > > > > > On Tue, May 5, 2026 at 1:00 AM Yicong Huang <[email protected]> > > > wrote: > > > > > > > Hi Texera dev, > > > > > > > > > > > > I'd like to propose a change to our GitHub Actions configuration on > > > > apache/texera to reduce friction for non-committer contributors. > > > > > > > > *Background:* Currently, the ASF GitHub Actions policy requires > > committer > > > > approval for all outside collaborators, meaning every push from a > > > > non-committer's fork needs approval before CI runs. This leads to > slow > > > > feedback and unnecessary work for committers. > > > > > > > > *Proposal:* Ask ASF Infra to change to: "Require approval for > > first-time > > > > contributors." This means that after a contributor's initial PR > > approval, > > > > their subsequent pushes and future PRs would trigger CI > automatically. > > > > Committers still have visibility, and Infra can revert if needed. > > > > > > > > As a project, we need to follow certain requirements that are called > > out > > > > here - https://infra.apache.org/github-actions-policy.html I have > > > > confirmed > > > > that: > > > > - GitHub does not pass repository secrets to runners on fork PRs > > > > (regardless of whether the workflow file references > `secrets.*`). > > > > GITHUB_TOKEN is provided but with read-only permissions on fork > > > > PRs. > > > > - Workflows that intentionally need write privileges in PR > context > > > > (auto-assign, lint-pr, pr-labeler) use `pull_request_target`, > > > > which runs in the base-branch context and is unaffected by the > > > > approval-policy setting. > > > > - Workflows that touch sensitive secrets (build-and-push-images, > > > > create-release-candidate, direct-backport-push) are gated on > > > > `workflow_dispatch` / `push` and are not reachable from fork > PRs > > > > at all. > > > > > > > > *Precedent:* Several ASF projects have made this switch via Infra > Jira, > > > > including Apache ShardingSphere and Apache Druid. > > > > - Apache ShardingSphere — > > > > https://issues.apache.org/jira/browse/INFRA-24389 > > > > - Apache Druid — > > > > https://issues.apache.org/jira/browse/INFRA-24657 > > > > > > > > Please share your thoughts. If no-one objects within three days, I’ll > > > > assume lazy consensus and open a ticket to INFRA. > > > > > > > > Best regards, > > > > Yicong Huang > > > > > > > > > >
