We have recently made a change in our automated tools workflow to add a manual approval step by a maintainer before merging tool-related PRs.
We introduced this step as a safety measure. Previously, this tool data was directly fetched from the Github API and displayed on our website under the tools section. There was no human intervention, and PRs were auto-approved by a bot. We changed this from auto-approval to manual approval by a maintainer because it is simply not safe. Someone could exploit this flow and publish anything or any text on our website. It could include abusive content. To avoid this, we introduced manual approval. The maintainer quickly checks whether everything is good before merging.
While reviewing these PRs, I found cases like #5321 where there is actually no real change, only a reordering of tools. This might be happening because of the order in which we receive responses from the API.
Hence, we should find out a way to make this flow is deterministic. If we have the same set of tools, we should find a way to make the ordering consistent so that these unnecessary diffs do not appear in PRs. This will make PR reviews quicker for maintainers.
Currently, this does not seem problematic, but when we combine reordering changes with actual updates (for example, when a new tool is introduced), it increases the PR review burden. This workflow runs on a weekly basis, hence, we should try to improve it.
We have recently made a change in our automated tools workflow to add a manual approval step by a maintainer before merging tool-related PRs.
We introduced this step as a safety measure. Previously, this tool data was directly fetched from the Github API and displayed on our website under the tools section. There was no human intervention, and PRs were auto-approved by a bot. We changed this from auto-approval to manual approval by a maintainer because it is simply not safe. Someone could exploit this flow and publish anything or any text on our website. It could include abusive content. To avoid this, we introduced manual approval. The maintainer quickly checks whether everything is good before merging.
While reviewing these PRs, I found cases like #5321 where there is actually no real change, only a reordering of tools. This might be happening because of the order in which we receive responses from the API.
Hence, we should find out a way to make this flow is deterministic. If we have the same set of tools, we should find a way to make the ordering consistent so that these unnecessary diffs do not appear in PRs. This will make PR reviews quicker for maintainers.
Currently, this does not seem problematic, but
when we combine reordering changes with actual updates(for example, when a new tool is introduced), it increases the PR review burden. This workflow runs on a weekly basis, hence, we should try to improve it.