search

renovatebot / renovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io
https://mend.io/renovate
GNU Affero General Public License v3.0
17.1k stars 2.22k forks source link

Transfer Renovate's `togithub.com` redirect domain to GitHub #29370

Closed HonkingGoose closed 2 weeks ago

HonkingGoose commented 3 months ago

Describe the proposed change(s).

Renovate's togithub.com redirect domain got blocked by GitHub's Umbrella protection system. This block is now reverted, so the redirect works properly again. But maybe having the domain controlled by GitHub officially is better.

@rarkins said:

I would be happy to transfer togithub.com to GitHub naturally - the community would benefit by being able to link to GitHub endpoints without triggering backlinks

I suspect something like https://to.github.com/ would be better long term, with a 301 permanent redirect from togithub.com to to.github.com. Alternatively having GitHub unblock togithub.com it is suitable :)

@gr2m offered to contact somebody from GitHub about transferring the domain to GitHub, and will ping us when they hear something.

Related discussion:

HonkingGoose commented 3 months ago

@gr2m can you post a comment on this issue, so I can assign it to you? Seeing as you're doing the first step of contacting someone internally at GitHub.

I can only assign people that have commented on the issue, or are part of the Renovate team. So that's why I need you to comment. :upside_down_face:

gr2m commented 3 months ago

sure 👋

Can you explain why something like togithub.com is even needed? Why not just link directly to the correct github.com link?

rarkins commented 3 months ago

Direct links cause "backlink spam". The worst is when release notes include a username. That person could wake up to hundreds or thousands of GitHub notifications. But even merged PRs could get pages of annoying back links from every public repository which gets an upgrade PR referencing it

HonkingGoose commented 3 months ago

I'll assign both of you to the issue, because we need @gr2m for the making-contact-phase, and @rarkins later for the transfer.

gr2m commented 3 months ago

The worst is when release notes include a username. That person could wake up to hundreds or thousands of GitHub notifications

I don't think that happens if you escape them, which I think you already do? @gr2m -> [@gr2m](https://github.com/gr2m) (example). I just tried if the same works with links to avoid backlinks, but that didn't work. It seems not to matter what is used as label, the backlink shows up if the link is a valid issue URL

I only know the togithub.com redirect URLs from the package link, like here: https://github.com/semantic-release/semantic-release/pull/3326, where it just links to the repository

screenshot

This could be linked directly to the repository, right?

From what you are saying is that you replace all github.com links with the togithub.com domain?

rarkins commented 3 months ago

We replace all to be careful. Otherwise you can't escape them enough without breaking the links

rarkins commented 3 months ago

We also don't want the task of playing "catch up" every time there's some new way we discover to accidentally backlink and someone gets spammed for a while. This approach has been successful for years now!

gr2m commented 3 months ago

The problem is notification and backlink spam, right? Using togithub.com is a solution to that, but maybe there is something else that GitHub can do. I'll think about it and see if I find folks within GitHub to talk about it

rarkins commented 3 months ago

That's exactly right

HonkingGoose commented 3 months ago

The problem is notification and backlink spam, right? Using togithub.com is a solution to that, but maybe there is something else that GitHub can do.

What if as GitHub app creator you could select a backlink mode?

By default, GitHub would not show backlinks, to prevent bot/app creators from accidentally spamming a repository/users with links. The new default would be a breaking change compared to the current default behavior!

Currently GitHub will link back for every reference to an Issue or PR.

If you do want the app/bot to backlink to Issues, PRs, you can opt-in with a special toggle. This toggle should have clear text explaining the behavior you'll get, and ask again if you're sure! Like how GitHub asks you to be really sure and confirm again for "potentially dangerous/difficult to revert actions" like transferring repo ownership, making a private repo public and so on.

If GitHub wants to keep the current behavior as default, that's fine also. The main thing is to give app/bot creators a choice. And to give creators peace of mind they're not accidentally spamming users.

Valexaa commented 3 months ago

This kinda thing about connecting to Github really stress me out

HonkingGoose commented 2 weeks ago

@oliviertassinari said: ^1

Dependabot uses redirect.github.com maybe a better option.

I'll let the maintainers decide which is best:

If we decide to use the official redirect domain, we probably should ask for permission from GitHub first? That's because Renovate creates a lot of redirect links, and has a lot of users.

rarkins commented 2 weeks ago

We should use redirect.github.com

rarkins commented 2 weeks ago

@HonkingGoose maybe let's open a new issue and supersede/close this one