Gustavo Saiani feedback

[gusaiani]

Hey fellows, please reconsider your growth strategy.

It's not cool to have bot PRs trying to install your product all over the place.

If that happens again in one of the repos I maintain, I will report you.

Thank you.

[rarkins]

It's not cool to have bot PRs trying to install your product all over the place.

GitHub Apps cannot be installed into an org unless explicitly and voluntarily done so by an admin. There's no concept of us or our bot "trying to install" anything, and no "growth strategy" you speak of.

If that happens again in one of the repos I maintain, I will report you.

How about you start over by telling us some of the repos where you think you had an unsolicited PR? I'd be happy to report it to GitHub myself if there's something wicked going on, or better yet get the help of my co-maintainer @JamieMagee who's on GitHub staff.

[gusaiani]

Hi @rarkins, thank you for your reply.

Yes, my mistake: someone in my company added it and had not let the team know. By coincidence the first repo I got a PR for was homonymous with a personal repo so I mistook it for a public repo. I apologize.

As a suggestion, if your product could make it clear to the installer that I will add PRs to every repo in an organization, that might help prevent misunderstandings such as this.

[rarkins]

Have you taken a look at what it takes to install a GitHub App? First of all, here is the app page: https://github.com/apps/renovate

Here's the description right at the top:

Immediately after is this:

Once your colleague clicked Install, they then had to choose between these:

Do you really think that an app and/or GitHub has an obligation to make it more clear? Also keep in mind, only an org admin is allowed to do this, it's not like it's any random developer in a team.

[gusaiani]

@rarkins, I had not taken a look at Renovate's page.

If it helps to illustrate our case, our teammate who installed Renovate did not grasp from the instructions that the tool would instantaneously add PRs to nearly all our company's repos.

According to him, he had installed this in the past in other orgs and at the time it wasn't automated so he had control over which repos got it.

So he never thought to give anyone a heads-up of the impending PRs. And as no one saw them coming, the emotional reaction to it was of rejection across the board.

Maybe it would help the cause to have an even clearer warning stating that, upon instalation, all or nearly all of your company's repos would get bot PRs right away.

Or giving the option to open PRs per repo at the team's discretion.

Hope this adds something. Cheers!

[rarkins]

If it helps to illustrate our case, our teammate who installed Renovate did not grasp from the instructions that the tool would instantaneously add PRs to nearly all our company's repos.

He literally picked "All repositories". The tool's job is to raise PRs, and it clearly says you can expect an onboarding PR.

According to him, he had installed this in the past in other orgs and at the time it wasn't automated so he had control over which repos got it.

He's mistaken, the tool's onboarding process for both GitHub and Renovate hasn't changed in years since the app interface was launched. The control over which repos are enabled is at installation time, with the "Select repositories" option I showed in the screenshot earlier. He picked "All repositories".

So he never thought to give anyone a heads-up of the impending PRs. And as no one saw them coming, the emotional reaction to it was of rejection across the board.

OK, no problem. I've put a manual rule for the account so no future PRs are raised.

[gusaiani]

Understood, thank you 👍