[service] Why PRs review is so slow? #17921
Comments
|
Hi @ilya-lavrenov - thank you for opening this issue. Please accept our apologies in the delay. We have a high volume of pull requests in Conan Center, and indeed the Conan 2.0 release and the migration efforts have added an additional burden in terms of resources (both infrastructure resources and review efforts). The team has a number of responsibilities and we are doing the best we can to ensure we can provide this service. On the subject of adding new versions, these are fully automated as described here: https://github.com/conan-io/conan-center-index/blob/master/docs/bump_version.md - however if the recipe contains changes other than adding a new version, it will not be automated and will require a review from the Conan Center maintainers. - I believe that is the case with #17786 We are continuously working to improve the service and we are evaluating how to best prioritize pull request reviews - we thank you for your feedback. |
|
Hi @jcar87 Thanks for your answer. Magically, PR is merged now 😺 But it's not a single PR, I have another and plan to do more.
I understand that we are all busy, don't get me wrong. But in order to grow community, maintainers should be responsive to external contributors. If I have reaction on my PRs - I want to contribute more, it means less work for you as a recipe writer and more as a PR reviewer. If you still write a lot of code by yourself and don't react on contributions, you will write a lot of code in future as well IMO. Good example is brew package manager - they react to changes within 1 day. |
|
I have a similar problem. The PRs for several recipes that I've been following have been ready for almost a month, but they haven't been merged yet. We don't want to use our own JFrog to manage packages and would prefer to use the official Conan Center instead, but the merging process is just too slow 😅. |
|
Hi @RubenRBS @jcar87 @memsharded I have another PR where review takes a lot of time. Every two days new reviewer comes to PR and write really small comments and ask questions:
Again, if you don't react on contributions or complicate life of contributors => don't expect community grow around your solution. |
|
my 2 cents, just imho. |
|
@SSE4 fully agree with you. I'm also a maintainer of another open source project and know that each project has its own specifics. And it's impossible to get from external contributors the code with the same quality like experienced maintainers wrote it. Or it will take 100 iterations with comments to every 10 lines of code, which will likely result in abandoned PRs. So, maintainers should make a choice: not 100% ideal external contributions or no contribution, but all the code is written only by core team. Regarding minor comments I have received in my PRs:
|
|
@ilya-lavrenov yes, for point 2, specifically - new recipe doesn't need to be 100% complete. if it builds only for Windows in its first iteration - it's completely fine. if it doesn't enable/handle all the options upstream has - it's perfectly fine. if not all targets or components are modeled in for the questions asked in review - they might require quite a significant research. especially, for newcomers, who might not fully understand what is |
|
Hi all, let's try to break this down little by little to try to address most of your points: First of all, thanks for raising the issue about slow review times, we appreciate feedback on how contributors experience their CCI flow
Note that it's pretty encouraged not to depend on ConanCenter for your production code and recipes. The recommended approach is to have your own fork of ConanCenter repository where you build and store the necessary packages for your organization, ensuring you can create edits to them in a much faster way, and having better control over which packages are available at any point (You might have configuration requirements CCI does not offer, for example) and then upstreaming the changes as a separate process
It's fine for PRs to only do that if thats their scope, absolutely! We actually encourage contributors to make it clear when they have not been able to test a specific configuration, and to raise
I have to disagree with you here. You most of any other contributor is aware of how much work goes behind every review, and that ensuring that changes are good is not a trivial task most of the times, we're not here just to press the merge button based on good faith on the contributor changes
Yes! Don't only look into this as trying to simplify for simplicity shake's, this is also a question of reducing CI workload. Compilations absolutely dominate our work time for the build agents, and that we can do little about, it's the whole point of the system in the end, but what we can do is reduce tests runtimes which also get run quite a few times, so every simplification we can get there is worthwhile.
Because reviews are dismissed after every new change (after all, you don't want to approve a recipe only for it to get broken/a bad faith commit later on and for it to still get merged), and the amount of PRs that we receive means that unless we get a direct notification once the PR is ready again after a positive review, we might miss it and not re-review it until we notice it again, or someone else from the team does. Also note that there are actually two kind of reviewers in CCI. Community reviewers (If any of you are reading this, thank you for your contributions), which help us a lot by also double checking PRs and finding issues (And others contribute actual recipes quite a lot!), but whose reviews are not actually taken into account by the Automatic merge bot to understand when a PR is ready for merge, and the core team members, for which you need at least 2 of for a PR to be mergeable. You can find the list of users that are at any moment part of any of those groups here. It's true that this difference is not well communicated to the contributors and we'll look into ways to have it more clearly explained to the users so there's less future confusion about it :)
We do! The team has great insight into lots of things, but the value of independent reviews is, as I mentioned, to be able to catch things that someone else might have not, so trusting that the last person did their job is in my opinion dangerous! (Even if I trust them a lot, which we (The next responses except the ending paragraph are written alongside @jcar87)
I would clarify that you have received review comments, which is our job as reviewers. From our maintainers point of view, it is our job to ensure that recipes and any contribution in the repository is vetted before being merged. This is, to my knowledge, the case with similar C++ packaging repositories where the recipes are open source. Please understand that most of those comments are coming from a place of actually wanting to understand what's going on with the specific recipe, not out of spite to nitpick in small things!
We appreciate this a lot, and we are actively working on ways and processes to be able to reduce the delay time for reviews (But again, never at the cost of actual recipe quality!). I can't speak for everyone else, but for me personally, when I request changes for a recipe that seem minor is not because those changes need to be there, but because my review was not a complete one and I don't want it to get merged without me having a chance to go back and finish that, but I don't want to also leave those messages in limbo. It's true that we can communicate our intentions better, and it's a point we're trying to improve upon :)
Conan Center has been evolving since the first day, and so do the conventions used in the recipes. We are aiming towards simplifying the logic of the recipes in the long term - without burdening our contributors with ensuring all recipes are up-to-date with the most recent conventions. The pull request you are alluding to is a new recipe - what we expect for those, at a minimum, is that it follows the current template in the documentation. We typically won't ask - and certainly will not block - for these sort of changes in PRs against existing recipes. Having said that, as I explained in the PR, we're actively investigating ways for contributors to have less friction with issues like this in the future, and we appreciate your input in the matter
This is an interesting take - you are saying the first person "I" several times. Conan Center is a service that we provide to the C++ community at large - not to any particular individual. And as reviewers, it helps not only ourselves but future contributors to have minimal traceability and reasoning behind some decisions that deviate from the defaults. You are asking that reviewers accept your changes according to your needs, what we ask as reviewers is to assume that this will be used by more users, and to try and provide value not just to you, but to everyone that may use this recipe in the future. Note that we're not asking to implement those features, as you say future contributors can do this.
If a PR contributor cannot answer questions about the recipe they are themselves authoring, and the decisions they have taken to do so - then that only delays reviews because we don't have enough information to make a call.
Some recipes do not work if the share folder is removed, this has happened several times. So we want to double check, especially considering how intentionally minimal the logic in the test package are. If you expect the reviewers to check out the branch, modify it to stop removing the share folder, build it locally, test - then I wouldn't be surprised if the reviews take longer. A simple couple lines in the PR description: "share folder is removed because it only contains manpages files" or something of the sort, is all we need. Ultimately we ask PR authors to explain and justify what they intend to have merged in the repository. All in all, please understand that we know CCI wouldn't be where it's today with over 1700 libraries available without its contributors, but our priority is to ensure quality over quantity, and we understand that that alongside our resources for reviewing can generate friction, so we appreciate civil discussions about how can better improve in our goals :) Happy to talk things further |
|
@RubenRBS I really appreciate you for your position and thank you for spending time writing this answer. Hope, other experienced maintainers also will find time to provide their opinion. But I cannot say that I agree with you and see your answer as rather a justification why things work this (read slow) way. Let me comment partially your answers:
I would say it contradicts the whole principles of open source:
I really wondered to hear advices to create and maintain forks from people working in open-source.
Looks like you misunderstand your jobs as "code-reviewer". You think of a contributor as a pupil, while maintainer is a teacher. But we are not in school. Your goal is not to check the correctness of every line of code in recipe, your goal is to check that recipe complies with Conan interfaces. E.g. main methods (requirements, package_info, configure, etc) / fields are used right and the content of these methods does things that seem to be true. No more.
Almost nobody uses template from documentations, people just find recipe which is similar to what they want to have, and adjust this copied recipe to new library / tool specifics.
Don't take my words out of context. I can answer the questions, but I want maintainer to think before asking such questions, because a lot of answers are already on the table. If maintainer does not know what is
Why do you want to double check? Why don't you trust you contributors and
Again, you are interpreting the words wrong. "I" means not me specifically, but the use case(s) I want to enable. Definitely, these use case(s) can be a part of all use cases which this library (read recipe) can handle. And as we agreed earlier (I hope you have agreed with @SSE4 and me), that it's OK to enable subset of use cases taking into account that recipe is written in the scalable, maintainable way (and for my case this is 100% true).
Correct would be "I want accept my changes representing my use case(s)". All other use cases can be enabled in separate PRs.
Why tests are needed then? To be continued in next answer..
No! If tests are written the way they test not only include headers / library linkage, they can check more mistakes. Having 15 lines of test code instead of 10 does not mean that CI will take significantly more time to validate the recipe. I hope, every recipe author understands that they should run all the product tests as a part of
Write it in contribution guidelines. If I would know, that it speed-up code review, I would write this info.
This is not right. @SSE4's approve is kept even after new pushes.
Just subscribe to notifications properly via github notification center:
Right, compilation, but not the tests. Tests are usually about seconds, which is definitely not critical. But they value they bring is hard to overestimate.
I suppose you need to think about starting to trust
In my review only 1 issue has been found during review. All others are just recommendations, which spent my and your time. I suppose you overestimate the value of code-review and turn it into bureaucracy. We are not talking about surgery on human brain, we are talking about just python scripts which are 100-200 lines of code averagely. In general, from your answers I have a perception, that you have a lot of enthusiasm (maybe you are new to open source ?) and strive to perform your job excellently and this is great, but I would do it in a different way. IMO excellent job does not mean you have to write a lot of comments to PRs annoying to contributors and showing them that you have your own opinion, it rather means:
Thanks, |
|
I can't comment on every point of your response right now (And will let @jcar87 answer to the points he has written), but let me touch on some of them so you can also see where we're coming from:
My suggestion for @jiaoew1991 was from an enterprise perspective (As that's what I've assumed they find themselves into with that "we", sorry if I misread you!). For them, Conan Center Index is not a valid solution in most cases. This is something we have been recomending for a long time for them, as it's the best approach in those cases. Now, it's true that open source projects don't have that background, but that's another topic althogether.
This whole paragraph is (respectfully, please remember thruought our converstations that this is in no way a personal attack on you!) wrong. It has nothing to do with us teaching people how to write code, far from it. Specfically,
But it is! If we can't assure that recipes are good, then why would anyone ever use them? For all they know they would just all be broken. Checking recipe correctness and soundness is the whole point of the review process.
I actually agree with you here, but I think that the solution goes the other way around too. Teach people to read the documentation, and make the templates more visible, explaining the users that describing and documenting their decisions in the recipes will make things much easier. BUT, I agree that there's also work to be done in improving what's already there, taking into consideration existing tradeoffs (Ever noticed how for example zlib's topics are still "bad"? We don't want to create a new recipe revision for no reason for one of the most popular recipes out there)
Again I agree that having more involved test packages can be a viable approach if given the right circumstances and it's something we have looked at in the past, and might do so again as a team to address concerns like this
I'm interested to see where this point of view comes from. Noone is qualifying you nor your PR. Having a review that wants to know the reasoning behind a certain line is 1) the whole point of reviews as I have previously said, and 2) totally normal in any other repository, why would CCI be any different? (I know I do when I review changes from contributors at compiler-explorer and never in 7 years have I had this feedback from users)
Yes! As I have said, we're actively working on overhauling the contributor experience, and one of the points is to bring new guidelines to it to better reflect our views
Please don't attack our skillset to properly do our job. All my coworkers are extremelly knowledgeable people, and if they are asking a question about something, it's totally something in their right to do, however trivial the question seems to be
Please don't be so condescending to us either, doesn't feel good to be treated like this :(
Sorry that this is your experience, but yes sometimes PRs are stuck in review until some of us actually can allocate the time to go thru it, and even then yours can get missed, because there are lots after/before it that deserve a review just as much
It's not about a matter of trust, but accountability. Community contributors are doing this out of their good heart and good will, but are in no way responsible for the repercussions that their reviews and actions in the repo might have. On the other hand, we're JFrog full time employees and have a responsibility to ensure that no breach of trust happens with any user that uses CCI. Community reviews are super useful because they are also extremelly knowledgeable, and the extra checks for recipes are invaluable, but in the end the we have the final work on PR mergeability.
Been doing open source work for almost a decade now, but hey! thanks for noticing my enthusiasm! It's great to see that people notice that I've kept it after all this time, and great to see that my strive for doing good at whatever I'm set out to do is also visible :)
As I said, general CCI contribution flows is something we're actively working on, yes
No, this is not going to happen. Multiple reviews from core contributors will still be required
Now imagine how it would look like if at least 2 other people didn't have the chance to go over the changes too
I agree! Having better internal guidelines is a possible course of action regarding this, and we'll make sure to at least discuss it internally
But it can. There are docs on how to call the exact same hooks that CCI's CI will call.
This is something that already exists, the stale bot removes old stale PRs for which there has been no activity in X months |
|
@RubenRBS thanks for reading my answer.
I'm totally OK with it :) I understand that different opinions / experiences may result in hot discussions and to contunie:
Don't have a goal, sorry for that 😢
Don't assume that recipe is written by ChatGPT or contributors ententionally wrote wrong code to check whether they can pass code-review and merge non-working / vulnerable code. The recipes are written by people, tested locally and then Conan's CI is validating those recipes on multiple configurations with both build and tests correctness.
Sorry, but how else can you explain that PR with 3 lines of change (from original message) was reviewed 3 weeks? Even if you are full time employee and it's your job (I understand that code review is not number one in list of your responsibilities, but growing community is extremely important to sell JFrog solutions, IMO).
They still have a chance. Even the PR is merged, comments still can be provided and submitted as a separate PR. In our practice we are even merging semi-working solution and then do extra work on top of it by our core team. This is because our project is significantly more complex and external contributors cannot even write complete solution without significant deep diving, because they don't know all specifics. And we encourage people for any attempt to help for the project (even via GitHub issue).
For me it's a clear analogue with school where teachers assess your homework (you have submitted PR). And then you need to perform work for your previous mistakes (apply code-review). But sometimes, when a teacher is extremely pedantic (which maybe treated as he / she wants to abuse pupils to show the power), his / her comments are not connected with reality (like cases we are trying to minimize). E.g. teacher puts 4/5 points just because you have written "Answer: 5" instead of "Answer: 5 apples"
Why is not this integrated into |
|
👋 I really appreciate the discussion and both sides have very good points. However everything on the internet comes across as rude, and I know for a fact that is not the intent. @ilya-lavrenov if you would like to to discuss this please email me christopherm@jfrog.com and we can setup a zoom and I can help answer your questions. I was a conan user, CCI contributor before I joined the team and I've been with this project since it was 3 months old so I've watched it. It gives me a unique perspective :) Thats an open offer to anyone one. |
|
Let me mention there a 3 year old PR of PCL library. Maybe this will give it a magical boost, who knows. We use unmodified recipe from this PR in production for two years and it works on Windows and Linux just OK. And nothing can be done without conan team attention because there is a problem with "infrastructure". There are also two PRs for LLVM which died because of "infrastructure" problem. |
|
BTW, also has found a link https://www.reddit.com/r/cpp/comments/ucoyjs/conanex_conan_extended/ with comments like:
Which highlights the problem exits (and not solved) for a while. |
|
Six months have gone by, but nothing has changed actually. One of the many examples: #20795. This recipe blocks a huge amount of others and was completed more than a month ago, but no member with approval rights even considered it despite numerous pings! I think you should trust your contributors: if somebody has, say, 5 recipes approved, the next ones should be merged automatically once CI becomes green. If you care about the repo quality, IMHO the real show-stopper is constant conflicts between recipes. It is officially recommended to fork CCI and maintain your own clone for any serious use (including all the build infrastructure that one should create from scratch)! I'm afraid this is a prohibitive barrier for many potential Conan users. What I would like to see is periodic CCI releases (half a year like Ubuntu would be OK) with ALL recipes non-conflicting. With appropriate support from Conan, allowing one to choose the necessary release. This can be done with something like server-side lock files that list recipe revisions in the repo for the specified release. |
What is your problem/feature request?
Hi,
Who are CCI maintainers so people can ask them for review? All my PRs are reviewed with very slow speed and I don't know what to do with it.
Can you create a group of maintainers which is auto assigned to review? There are several strategies on GitHub and people from maintainers group can be assigned one by one to have a balance.
PR #17786 is created more than two weeks ago and it's green since the beginning, but nobody performs review and I have to ask people (I believe in a good community I don't have to do it). But nobody cares, nobody review the PR. Why? Do you think people create PRs just to have a fun? No, they create PRs, because they want to use merged changes in their products. But if I blocked with my changes for weeks, I don't want to use Conan and prefer to use vcpkg, where review is performed faster.
From Conan contribution guide:
It's definitely not a truth.
I understand that everyone is busy, etc, but it's not acceptable when PRs with version bump take weeks to be merged. Can you create automatic at least for such cases?
The text was updated successfully, but these errors were encountered: