Best practices on workflow approval

Question

Best practices on workflow approval

IAlibay opened this issue 2 years ago · 3 comments

Due to security reasons github by default enforces approval to run workflows for first time contributors.

This is in many cases unavoidable, however we struggle with the fact that this can act as an additional barrier to new contributors who may not understand the various fine details of how actions can be abused.

I'm not sure if we're the only ones seeing this - if it's more widespread it may be good to have some kind of information on what interaction limits exist, which flavour of the settings would be advised, and what to consider when using a given interaction limit?

Answer 1 · 2022-09-21T17:07:10.000Z

Many people aren't aware that this setting can be changed to "require approval for first time contributors who are new to GitHub". It has to be done per-repository.

Answer 2 · 2022-09-21T17:08:52.000Z

I think some interaction limits can now be set at the organization level? https://docs.github.com/en/communities/moderating-comments-and-conversations/limiting-interactions-in-your-organization

Note / edit: I say think because I stumbled upon this about a week ago and I've yet to read the thing properly 😓

Answer 3 · 2022-09-21T17:16:38.000Z

I think that's more about making things more limited than the default, e.g., for when your community gets unexpected attention from many outside trolls and other unhelpful people, whereas for this you'd want to lessen the default limits because they introduce a barrier to new contributors.