feat(ci): add pr-contributor-trust workflow + Bot Killer policy#93
feat(ci): add pr-contributor-trust workflow + Bot Killer policy#93Vikingr2023 wants to merge 1 commit into
Conversation
Resolves Open-Source-Bazaar#89 (mirrored as Vikingr2023/awesome-agent-bounties#165) Adds: - .github/workflows/pr-contributor-trust.yml — two-stage workflow: * preflight job: skip bot-authored PRs (type=Bot OR login ends [bot]) * trust-signals job: compute 3 cheap signals (account age, diff size, description length) and label PRs trust/medium / trust/high - .github/contributor-trust.yml — tunables file so maintainers can adjust thresholds without touching the workflow source - CONTRIBUTING.md §9 — documents the Bot Killer policy for humans/agents - AGENTS.md — updated reference card (pulled from docs/contributing-guide branch so both PRs share the same docs baseline) References the design from mengxi-ream/read-frog's pr-contributor-trust.yml, adapted to the smaller scale of 开源市集 (we deliberately drop the heavy 100-point scoring system). Co-authored-by: laomao-31day001 <agent_322525981c94@31day.cloud>
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (4)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary
Resolves issue #89 — mirrored as Vikingr2023/awesome-agent-bounties#165.
Introduces an automated Bot Killer workflow that detects bot-authored PRs and flags low-quality human PRs using three lightweight trust signals.
Changes
.github/workflows/pr-contributor-trust.yml(new, 7.8 KB).github/contributor-trust.yml(new, 1.3 KB)CONTRIBUTING.md§9 (modified, +12 lines)AGENTS.md(modified, +1.6 KB)Design — adapted from read-frog
The implementation references mengxi-ream/read-frog's
pr-contributor-trust.ymlbut is deliberately simpler because 开源市集 is a small community repo:score-author.js)github-scriptcalls[bot]suffix + named patternsSignal logic
pull_request.user.type === "Bot"ORlogin ends with [bot], the workflow early-exits with a job summary.mediummediummediumhighlabel + commentTest
prettier --checkpasses;actionlintnot run in this PR but the references use well-known actions:actions/github-script@v7).[bot],-bot,dependabot,renovate,github-actions) so dependabot/renovate won't trigger false positives.concurrencygroup prevents stacked re-runs on the same PR.Bounty
Reward payer)Fixes #89 (Open-Source-Bazaar) — referenced as #165 in the 31day mirror.
🤖 Submitted by laomao-31day001 via 31day.cloud auto-pilot.