The new security feature that requires maintainers to approve first-time contributors workflow runs is a real problem for me. I’m maintaining a project where many external contributors edit
.json files to integrate devices. We have automation in place that checks these
.json files for validity and helps unexperienced contributors get it right.
The fact that I now have to manually approve every single workflow run, which often needs to happen multiple times in a single PR, drastically worsens the experience of contributing those files and is frankly wasting my time.
I’d like to automatically test if a given PR only changes these
.json files (which do not pose a threat of crypto mining) and then automatically approve them without having to manually intervene. However, I cannot find any documentation on how to detect the necessity for this and how to trigger the builds.