-
Notifications
You must be signed in to change notification settings - Fork 388
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Danger pattern guidance #113
Draft
superbryntendo
wants to merge
17
commits into
primer:main
Choose a base branch
from
superbryntendo:danger
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+76
−2
Draft
Changes from all commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
493a35c
beginning draft spec for save models. expecting to iterate on this co…
5685082
conflict
ee59bdc
first pass on rough draft of danger requirements
754caf1
updates language for some details based on crit earlier today as well…
1734ecc
adds link to logging documentation
fbc19e8
Copy edits
yaili 331430e
adds detail, addresses feedback, adjusts lists to support images
dc965bc
merge conflicts
cfef9c1
images not working quite yet, but the content is in a place where I'm…
655004d
changing import statement
3d964a0
changing image references again
196b389
removes githubber reference
a147ef6
Copyedits
yaili dfdf3dd
adds links and cleans up copy
d0d1dd5
merge conflicts
1d627b2
updates images and image refs
923a383
Copy edits
yaili File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
--- | ||
title: Danger patterns | ||
--- | ||
|
||
import Img1 from '../../images/danger/danger1.png' | ||
import Img2 from '../../images/danger/danger2.png' | ||
import Img3 from '../../images/danger/danger3.png' | ||
import Img4 from '../../images/danger/danger4.png' | ||
import Img5 from '../../images/danger/danger5.png' | ||
import Img6 from '../../images/danger/danger6.png' | ||
import Img7 from '../../images/danger/danger7.png' | ||
|
||
Danger patterns in GitHub cover both destructive and non-destructive changes that a user can make to existing data. These range from closing an issue and converting a pull request to a draft, to more extreme actions such as deleting a repository or account. | ||
|
||
## Destructive changes | ||
|
||
When users are making a destructive change to their GitHub account, you should make sure they have a clear understanding of what is about to happen. Many times these changes are reversible, but may have irreversible side effects (for example, when making a repository public). Other times, they're not reversible at all (deleting an organization). In both cases, ensure that you've communicated the consequences to the user clearly so they are aware of all potential negative effects. | ||
|
||
### Non-critical data | ||
|
||
There are several types of data within GitHub that need to be deleted from time to time. Many of these are non-critical and can be handled without using a `danger` visual treatment. These non-critical destructive flows include deleting a comment, issue, pull request, or discussion. | ||
|
||
### Critical data | ||
|
||
For critical destructive flows (for example: modifying user access, deleting repositories, making private data public), there are 3 basic treatments you can apply that will ensure the full effects of a change are clear to users and that we minimize loss of trust. | ||
|
||
#### Visual treatment | ||
|
||
1. Highlight all destructive flows visually. | ||
- All page sections that will trigger a destructive sequence should be highlighted with a [`red border`](https://primer.style/css/utilities/borders#border-colors) and an [`alert` octicon](https://primer.style/octicons/alert-16) to build an accessible, intuitive pattern of recognition. When users notice those details, they should know to tread carefully. Ideally, these will be centralized into a "Danger zone" section. | ||
- Any actions that will delete significant user data must use the [`danger button`](https://primer.style/css/components/buttons#danger-button) component. | ||
|
||
<img alt='Visual treatment of Danger Zone' src={Img1} /> | ||
|
||
2. Any actions that have prerequisites should remain disabled until those prerequisites have been completed. | ||
|
||
<img alt='Example image of a destructive action whose prerequisites have not been met' src={Img2} /> | ||
|
||
3. Use standard danger buttons for standard views to avoid drawing unnecessary attention to the danger flows. You want to indicate that they are dangerous without pulling the user's attention away from what their current task. | ||
|
||
<img alt='Example image of a danger zone with many "danger" buttons' src={Img3} /> | ||
|
||
|
||
#### Secondary confirmation | ||
|
||
Take users into a secondary confirmation flow (usually a [box overlay](https://primer.style/css/components/box-overlay)) to ensure they understand the full impact of the decision. | ||
|
||
1. The user should be informed of exactly which data **will** be destroyed and required to confirm that they understand it. This should be explained clearly and concisely in a bulleted list form, using the [`x` octicon](https://primer.style/octicons/x-16) to both draw attention and emphasize that it will be deleted. Don't list out data that will *not* be deleted. | ||
|
||
2. Each step in the confirmation flow enables the next step. This forces users to work through each step in sequence and adds a layer of friction that is not prohibitive, but should help minimize errors. | ||
|
||
<img alt='Example image of detailed list of data deletions' src={Img4} /> | ||
|
||
3. The user should be informed of the steps to revert the changes (if reversible) and requested to confirm again. | ||
|
||
<img alt='Example image of UI describing if or how data can be recovered' src={Img5} /> | ||
|
||
4. In cases where the data will delete a user account, an organization, or a repository, the user should be asked to enter their password before confirming. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @ashygee @vdepizzol following yesterday's conversation, we saw that there are instances where the password is requested currently, and other cases where the name of repo is requested. Should we include that case here too and explain when to do which? |
||
|
||
<img alt='Example image of password-protected confirmation step' src={Img6} /> | ||
|
||
5. On secondary confirmation modals, the button should always be red to indicate its severity. It should be disabled by default. It should be enabled when all prior confirmation steps are completed. | ||
|
||
<img alt='Example of a second-stage danger button' src={Img7} /> | ||
|
||
**Note:** All data deletion events should be logged for the support team to help in handling cases where something has gone wrong. | ||
|
||
## Non-destructive changes | ||
|
||
There are several cases where GitHub treats conversions or feature enablements as `danger` patterns. Examples include converting a pull request to a draft (no data is deleted) and enabling GitHub Pages (no data is deleted, some pages are published). These should not follow the `danger` patterns established before *unless* data is being deleted since the previously mentioned treatments are specifically reserved for deletions. | ||
|
||
In these cases, make sure users are sufficiently informed of what will happen without visually implying that data will be lost. If you're concerned that the user may not have enough context to make a decision, we should use a yellow-themed [`flash alert`](https://primer.style/css/components/box#boxes-with-flash-alerts) with an [`alert` octicon](https://primer.style/octicons/alert-16) to provide the necessary information. If an action is required, use a [`default button`](https://primer.style/css/components/buttons#default-button) or [`outline button`](https://primer.style/css/components/buttons#outline-button) instead of a `danger button`. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ashygee @vdepizzol In these images where there is a number/caption, do we want to use another style to highlight the relevant part of the image? Or keep the numbers? Figma