Scientific Python - SPEC 5 — CI Best Practices

Description

Recommend that CI running against PRs be expected to pass–if it fails, it should be important
Schedule regular runs of CI against nightlies/pre-releases
- Good for other checks that don’t need to run on every PR
- Could use for pins
- Can use labels to trigger additional runs of “exotic” jobs
- Can open an issue on failure rather than hiding in a UI somewhere–helps give notifications
- Generate a badge for the workflow, that can be collected into a dashboard
GitHub actions security concerns
- Need to trust action creators
- Pin to hash vs. version/tag?

Authors:	Jarrod Millman <millman@berkeley.edu>, Marta Iborra <martaiborra24@gmail.com>, Ryan May <rmay@ucar.edu>, Brigitta Sipőcz <brigitta.sipocz@gmail.com>
Discussion:	https://discuss.scientific-python.org/t/spec-5-ci-best-practices/507
History:	https://github.com/scientific-python/specs/commits/main/spec-0005/index.md
Endorsed by:

WARNING:	Draft document.