-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Forks should not tag and link back to UBQ issues #15
Forks should not tag and link back to UBQ issues #15
Comments
This seems like it has potential. I very lightly worked with this codebase so I am not very confident with the best approach. Maybe @rndquu or @FernandVEYRIER know better |
I agree this could be annoying with multiple forks. We could simply restrict the sync workflow to run only for the https://github.com/ubiquity/devpool-directory repo. |
Prefixing the URL with However I kind of do like the idea of the bot back linking when its actually "registered" to the DevPool directory. It is an interesting way for the bot to sort of promote the DevPool Directory, but I can see how partners may be annoyed by it. Let's do |
Without a working bot I'm certain I'm unable to QA so maybe not the task for me atm and after the little oversight earlier I'm not wanting to push anything without being able to test it thoroughly so I'm going to pass on this task if that's all good I did run the script and saw the correct outputs but cannot QA properly although the prefix does deffo work (still) see here Just update helpers/github.ts #L71 with below was my basic approach but this will stop the real devpool linking back to UBQ issues too and I wasn't sure if that's acceptable or not issues = issues.map((issue) => {
issue.html_url = issue.html_url.replace("https://github.com", "https://www.github.com");
return issue;
});
I'm assuming that there will be a list of partners somewhere down the line that we could check against so that it can link back on partner repos as that is a solid way to promo the bot. |
I think we can probably just merge and try. It seems pretty low stakes. Why don't you open a pull request? |
Funny enough I'm having second thoughts because I noticed a link back on a repository that I didn't want added (I just updated opt.json to fix this.) I suppose I need to fix the caching issue with work.ubq.fi so that it actually updates the view (currently it doesn't seem to update the new issues after it lands in your cache.) Can you do me a favor? Can we enable the original behavior for UbiquiBot so that it posts the link back, and then for everybody else, do the Sorry for changing the scope. I think I will feel more comfortable to change this behavior when I see partners complaining about our bot linking back. |
As far as I understand you don't need the bot to QA this repo. You need to:
|
So because the script is being run from within an action we could grab who the user is and edit the url that way? I wasn't aware that forks had to change QA here try {
const {
data: { login },
} = await octokit.users.getAuthenticated();
return login && login === "ubiquity" ? true : false;
``` |
+ Evaluating results. Please wait... |
|
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 4 | 30.1 |
Conversation Incentives
Comment | Formatting | Relevance | Reward |
---|---|---|---|
> Something as simple as ORG !== "Ubiquity" then wrap the link i... | 2.9 | 0.77 | 2.9 |
> There is also [this](https://github.com/orgs/community/discuss... | 10.8a: count: 2 score: "2" words: 2 code: count: 2 score: "2" words: 2 | 0.88 | 10.8 |
I think we can probably just merge and try. It seems pretty low ... | 2.2 | 0.58 | 2.2 |
Funny enough I'm having second thoughts because I noticed a link... | 14.2a: count: 1 score: "1" words: 3 code: count: 1 score: "1" words: 1 | 0.74 | 14.2 |
[ 97.2 WXDAI ]
@Keyrxng
Contributions Overview
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Specification | 1 | 45 |
Issue | Comment | 2 | 52.2 |
Conversation Incentives
Comment | Formatting | Relevance | Reward |
---|---|---|---|
It's probably a good idea that forks of the dev-pool not link ba... | 45h3: count: 1 score: "1" words: 1 li: count: 3 score: "3" words: 45 code: count: 2 score: "2" words: 39 | 1 | 45 |
Without a working bot I'm certain I'm unable to QA so maybe not ... | 37a: count: 2 score: "2" words: 6 code: count: 1 score: "1" words: 0 | 0.67 | 37 |
So because the script is being run from within an action we coul... | 15.2a: count: 1 score: "1" words: 1 code: count: 2 score: "2" words: 1 | 0.72 | 15.2 |
[ 19.6 WXDAI ]
@rndquu
Contributions Overview
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 2 | 19.6 |
Conversation Incentives
Comment | Formatting | Relevance | Reward |
---|---|---|---|
I agree this could be annoying with multiple forks.We could ... | 6.7a: count: 3 score: "3" words: 3 | 0.64 | 6.7 |
> Without a working bot I'm certain I'm unable to QAAs far a... | 12.9a: count: 3 score: "3" words: 5 li: count: 3 score: "3" words: 94 | 0.71 | 12.9 |
@Keyrxng the deadline is at 2024-02-18T07:52:24.545Z |
+ Evaluating results. Please wait... |
|
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 4 | 30.1 |
Conversation Incentives
Comment | Formatting | Relevance | Reward |
---|---|---|---|
> Something as simple as ORG !== "Ubiquity" then wrap the link i... | 2.9 | 0.805 | 2.9 |
> There is also [this](https://github.com/orgs/community/discuss... | 10.8a: count: 2 score: "2" words: 2 code: count: 2 score: "2" words: 2 | 0.87 | 10.8 |
I think we can probably just merge and try. It seems pretty low ... | 2.2 | 0.59 | 2.2 |
Funny enough I'm having second thoughts because I noticed a link... | 14.2a: count: 1 score: "1" words: 3 code: count: 1 score: "1" words: 1 | 0.685 | 14.2 |
[ 122.2 WXDAI ]
@Keyrxng
Contributions Overview
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Specification | 1 | 45 |
Issue | Task | 1.00 | 25 |
Issue | Comment | 2 | 52.2 |
Issue | Comment | 2 | 0 |
Conversation Incentives
Comment | Formatting | Relevance | Reward |
---|---|---|---|
It's probably a good idea that forks of the dev-pool not link ba... | 45h3: count: 1 score: "1" words: 1 li: count: 3 score: "3" words: 45 code: count: 2 score: "2" words: 39 | 1 | 45 |
Without a working bot I'm certain I'm unable to QA so maybe not ... | 37a: count: 2 score: "2" words: 6 code: count: 1 score: "1" words: 0 | 0.665 | 37 |
So because the script is being run from within an action we coul... | 15.2a: count: 1 score: "1" words: 1 code: count: 2 score: "2" words: 1 | 0.72 | 15.2 |
Without a working bot I'm certain I'm unable to QA so maybe not ... | -a: count: 2 score: "0" words: 6 code: count: 1 score: "0" words: 0 | 0.665 | - |
So because the script is being run from within an action we coul... | -a: count: 1 score: "0" words: 1 code: count: 2 score: "0" words: 1 | 0.72 | - |
[ 19.6 WXDAI ]
@rndquu
Contributions Overview
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 2 | 19.6 |
Conversation Incentives
Comment | Formatting | Relevance | Reward |
---|---|---|---|
I agree this could be annoying with multiple forks.We could ... | 6.7a: count: 3 score: "3" words: 3 | 0.7 | 6.7 |
> Without a working bot I'm certain I'm unable to QAAs far a... | 12.9a: count: 3 score: "3" words: 5 li: count: 3 score: "3" words: 94 | 0.75 | 12.9 |
Weird that you were not automatically assigned when you linked the pull request @Keyrxng any theories for why? As a heads up be sure to only claim the largest reward offered to you on any task otherwise the nonce will be invalidated and you left money on the table. |
I tried testing but I'm not sure how to set it up. Any ideas on how to resolve this as a normal contributor? Meaning that they shouldn't be able to add their GitHub App to our repositories for their development purposes, so I don't see how it can access those resources. https://github.com/pavlovcik/devpool-directory/actions/runs/7947273267/job/21696160382#step:6:14 Regarding my bot permissions: @BeanieMen figured it out https://github.com/BeanieMen/devpool-directory/actions/runs/7765146546/job/21179453557 |
Seems a bit suspicious. Error after merge @Keyrxng please look into this: https://github.com/ubiquity/devpool-directory/actions/runs/7947688186/job/21697168038#step:6:11 Before merge: https://github.com/ubiquity/devpool-directory/actions/runs/7947118812/job/21695580137#step:6:11 However it still synchronized the latest test issue: ubiquity/devpool-directory#1073 |
I was just running the script locally with tsx when I was testing.
It's to do with the permissions that are set by the default token for the runner looking at stack overflow and a few blog posts as well as a v popular issue from 2019 covering it. Three options available:
You can inline the permissions into the workflow to enable it to request the JWT permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout |
Can you make the change? |
Apparently not. So inline permissions is deprecated as the GH editor throws an unknown error. I have tried to do a bit of debugging but having no joy myself with it so I'm not sure what your thoughts are whether it's related to your bot permissions or whether the bot is acting on behalf of the runner
I think the best approach might be when contributing you test things by running the script locally that way it will always be the user's access token via .env and we just restrict the workflow to only run on the real dev-pool as rndquu suggested, this way forks don't link back when tested and the action runs as normal on the dev-pool repo despite failing that check P.S: The workflow is disabled by default on forks due to the cron job anyway so it makes sense for testing to be done locally unless it's something specific to the action? |
The reason why this was an issue in the first place is because people fork the repo, and enable issues + actions. So yes, contributors run it from their GitHub Actions. I've already seen at least two people spam the links. |
What I was suggesting was that isn't necessary to do, the other actions run but the sync_issues needs manually activated and in the issue repo and dev-pool repo readmes we state that testing should be done via invoking the command locally, in this way they will not link back and still be able to QA logic changes I can't speak for anyone else but I specifically went out of my way not to run the workflow (1. because of the setup 2. because it wasn't necessary) and just run the script, I'm not sure which approach is best Because a forked instance has to change the hardcoded value to their own username/org in order for the workflow to run then the original comparison against "ubiquity" is the only other way around it I can think of if it should be ran as a workflow as part of each PR and we stop link spamming. |
Yes I understand that but we should try and prevent random contributors from spamming all of our repositories and our partners' that's the point of this feature unless I'm misunderstanding. Anyways, I would appreciate being able to test so that I know clearly what contributors need to do to cause this problem |
if a contributor runs the action it will link spam, I'd need to change the comparison from The current implementation will not link spam if a contributor is running the script locally |
@Keyrxng I just noticed they are all posting with {
"login": "ubiquibot[bot]",
"id": 113181824,
"node_id": "BOT_kgDOBr8EgA",
"avatar_url": "https://avatars.githubusercontent.com/in/236521?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/ubiquibot%5Bbot%5D",
"html_url": "https://github.com/apps/ubiquibot",
"followers_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/followers",
"following_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/following{/other_user}",
"gists_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/gists{/gist_id}",
"starred_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/subscriptions",
"organizations_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/orgs",
"repos_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/repos",
"events_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/events{/privacy}",
"received_events_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/received_events",
"type": "Bot",
"site_admin": false
} And the full context of that is pulled from it having had posted a comment on a conversation. There seems to be details around the GitHub App itself as well which could be useful: {
"url": "https://api.github.com/repos/ubiquity/.github/issues/comments/1960728533",
"html_url": "https://github.com/ubiquity/.github/issues/98#issuecomment-1960728533",
"issue_url": "https://api.github.com/repos/ubiquity/.github/issues/98",
"id": 1960728533,
"node_id": "IC_kwDOIaGAy8503lfV",
"user": {
"login": "ubiquibot[bot]",
"id": 113181824,
"node_id": "BOT_kgDOBr8EgA",
"avatar_url": "https://avatars.githubusercontent.com/in/236521?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/ubiquibot%5Bbot%5D",
"html_url": "https://github.com/apps/ubiquibot",
"followers_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/followers",
"following_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/following{/other_user}",
"gists_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/gists{/gist_id}",
"starred_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/subscriptions",
"organizations_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/orgs",
"repos_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/repos",
"events_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/events{/privacy}",
"received_events_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/received_events",
"type": "Bot",
"site_admin": false
},
"created_at": "2024-02-23T04:49:29Z",
"updated_at": "2024-02-23T04:49:29Z",
"author_association": "NONE",
"body": "\n<code>\n<table>\n\n<tr><td>Deadline</td><td>Sat, Feb 24, 4:49 AM UTC</td></tr>\n<tr>\n<td>Registered Wallet</td>\n<td>0xAe5D1F192013db889b1e2115A370aB133f359765</td>\n</tr>\n\n\n\n</table></code>\n<h6>Tips:</h6>\n <ul>\n <li>Use <code>/wallet 0x0000...0000</code> if you want to update your registered payment wallet address.</li>\n <li>Be sure to open a draft pull request as soon as possible to communicate updates on your progress.</li>\n <li>Be sure to provide timely updates to us when requested, or you will be automatically unassigned from the task.</li>\n <ul>\n<!-- Ubiquity - Assignment - start - e402d16\n{\n \"duration\": 86400,\n \"priceLabel\": {\n \"id\": 6006397901,\n \"node_id\": \"LA_kwDOIaGAy88AAAABZgJbzQ\",\n \"url\": \"https://api.github.com/repos/ubiquity/.github/labels/Price:%20400%20USD\",\n \"name\": \"Price: 400 USD\",\n \"color\": \"1f883d\",\n \"default\": false,\n \"description\": null\n }\n}\n-->",
"reactions": {
"url": "https://api.github.com/repos/ubiquity/.github/issues/comments/1960728533/reactions",
"total_count": 0,
"+1": 0,
"-1": 0,
"laugh": 0,
"hooray": 0,
"confused": 0,
"heart": 0,
"rocket": 0,
"eyes": 0
},
"performed_via_github_app": {
"id": 236521,
"slug": "ubiquibot",
"node_id": "A_kwHOBI33Lc4AA5vp",
"owner": {
"login": "ubiquity",
"id": 76412717,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjc2NDEyNzE3",
"avatar_url": "https://avatars.githubusercontent.com/u/76412717?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/ubiquity",
"html_url": "https://github.com/ubiquity",
"followers_url": "https://api.github.com/users/ubiquity/followers",
"following_url": "https://api.github.com/users/ubiquity/following{/other_user}",
"gists_url": "https://api.github.com/users/ubiquity/gists{/gist_id}",
"starred_url": "https://api.github.com/users/ubiquity/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ubiquity/subscriptions",
"organizations_url": "https://api.github.com/users/ubiquity/orgs",
"repos_url": "https://api.github.com/users/ubiquity/repos",
"events_url": "https://api.github.com/users/ubiquity/events{/privacy}",
"received_events_url": "https://api.github.com/users/ubiquity/received_events",
"type": "Organization",
"site_admin": false
},
"name": "UbiquiBot",
"description": "This bot automates functionality of the DevPool by Ubiquity DAO.",
"external_url": "https://github.com/ubiquity/ubiquibot",
"html_url": "https://github.com/apps/ubiquibot",
"created_at": "2022-09-09T11:32:39Z",
"updated_at": "2023-12-21T01:25:09Z",
"permissions": {
"actions": "write",
"contents": "write",
"issues": "write",
"members": "read",
"metadata": "read",
"pull_requests": "write"
},
"events": [
"commit_comment",
"create",
"delete",
"fork",
"gollum",
"issues",
"issue_comment",
"label",
"member",
"membership",
"merge_queue_entry",
"milestone",
"organization",
"public",
"pull_request",
"pull_request_review",
"pull_request_review_comment",
"pull_request_review_thread",
"push",
"release",
"repository",
"repository_dispatch",
"star",
"team",
"team_add",
"watch",
"workflow_dispatch",
"workflow_job",
"workflow_run"
]
}
} 236521 === performed_via_github_app.id and 113181824 === user.id Might work. |
we are comparing against the hardcoded |
That doesn't make sense to me. The ID should always be readable. |
You were experiencing errors in the action runs relating to |
So whats the next step? Do you know how to fix it? |
yeah sorry I replied to this question on another comment. Just need to pass in the |
Can you open a pull request? |
+ Evaluating results. Please wait... |
lol @Keyrxng you are lucky there is a bug with the comment incentive calculation. Normally you would have only gotten paid for the specification. |
266 for an issue worth 25, damn |
Damn indeed, if you want to invalidate and do a manual I'm cool with that @pavlovcik |
Unfortunately payouts are designed to be only once per task per contributor, or else there are incentives to ship bad code. |
I'm happy to send some back to the funding address not a problem? Or is this really my lucky day lmao 😂 |
I've already claimed the first payout of 97.2 (pretty sure that's for this task I don't remembeer any other 97.2 payouts) and there are three separate permits, the one of 122.2 I didn't claim and haven't yet claimed the most recent one |
It's probably a good idea that forks of the dev-pool not link back to UBQ issues so that it prevents issues being spammed with comments like:
@[korrrba-bot](https://github.com/apps/korrrba-bot) korrrba-bot bot mentioned this issue [on Nov 6, 2023](https://github.com/ubiquity/audit.ubq.fi/issues/4) https://github.com/korrrba/devpool-directory/issues/16
The example shows three links and I could fetch more examples but you get the gist. I was scanning to see what other bounties I'd be able to take on and while atm it's not so bad you can see how it might snowball as the hunter base grows and may potentially confuse first timers but it would keep things cleaner regardless.
I'm not 100% on how to implement this exactly with all the moving parts at the minute so rfc from core team
Objective
www.
so that the GitHub UI does not "link back"The text was updated successfully, but these errors were encountered: