RFC: Untrusted pull request roles based on author's association

taskcluster / taskcluster-rfcs

Taskcluster team planning

Mozilla Public License 2.0

11 stars 20 forks source link

RFC: Untrusted pull request roles based on author's association #175

Closed ahal closed 2 years ago

ahal commented 2 years ago

Rendered

Issue: #173

ahal commented 2 years ago

I like this proposal very much! I know the mobile teams would be pleased to let untrusted contributors run a subset of the jobs anyway.

The tiny nit I'd like to talk about is the name mixed. If someone new to TC reads a .taskcluster.yml file, they have no way to guess what this policy does without reading the docs. How about something like public_restricted or non_collarborators_restricted?

Good call, I like public_restricted. More bikeshedding here welcome if anyone has other ideas.

ahal commented 2 years ago

Here's an example implementation of this RFC: https://github.com/taskcluster/taskcluster/pull/5569

(Got a little ahead of myself, but happy to change it if things come up here).

petemoore commented 2 years ago

This will be landed on Friday this week during the Taskcluster Community meeting, unless there are any matters which come up that block it. Therefore please submit any final comments or raise objections before then.

ahal commented 2 years ago

Latest push doesn't change the content, I had just put the wrong RFC number in it (didn't realize it was supposed to match the PR, nor that there was a script to generate it).

ahal commented 2 years ago

I think it might good if new pushes didn't invalidate the reviews here :). The author can probably use their best judgement if a new change warrants a new review and re-request explicitly if it does.