We put Jinja2 in our config for flexibility. Users wanted one variable.
Blog post from Mergify
The experiment of integrating a full Jinja2 templating engine into Mergify's configuration files revealed that users rarely utilized its potential, primarily sticking to static strings with the occasional use of a single variable, the pull request author. Though the engine provided users with significant flexibility, the security risks associated with rendering strings from user repositories necessitated constant vigilance. Scanning 4,629 config files from 1,262 organizations showed minimal engagement with the engine's capabilities, prompting a shift towards a safer, declarative version that supports necessary features without the extensive risk. This transition involves careful deprecation of templated values, maintaining functionality while removing the engine's complexity. The findings demonstrate that while the initial open-ended approach provided valuable insights into user needs, the demand for dynamic configurations was lower than expected, thus validating a streamlined approach focused on essential, secure features.
No tracked trend matches for this post yet.