opensource-observer
oss-directory GitHub validation for spam checks
What is it?
Here are the current list of GitHub checks we want
green check marks
- was the first commit more than 90 days ago
- more than >20 days commits activity
report in a comment:
- (did this PR originate from an owner of the GitHub org?)
- (report date of first commit)
- (report days of activity)
- (report last commit)
- (report which license for each repo)
- (report num distinct contributors)
With gitcoin for their OSS round, we devised a four point check:
was the first commit more than 90 days ago has there been a recent commit in the last 30 days have there been more than 10 days of activity in the last 90 days does the project have more than one contributor Verify that Github Repo referenced has verification funding.json
FYI, I created a hacky script to do some of these checks for the BuidlBox dataset. It worked pretty well (scanned about 8K projects).
https://github.com/opensource-observer/insights/blob/main/scripts/github.py
Here are the checks we want
green check marks
- was the first commit more than 90 days ago
- more than >20 days commits activity
report in a comment:
- (did this PR originate from an owner of the GitHub org?)
- (report date of first commit)
- (report days of activity)
- (report last commit)
- (report which license for each repo)
- (report num distinct contributors)
Cleaning up some reviewer UX here https://github.com/opensource-observer/oso/pull/1527
Pretty print the external-prs results https://github.com/opensource-observer/oso/pull/1529
Going to P2 this based on current traffic. It doesn't look like the inbound traffic to oss-directory is too onerous on the GitHub validation side.
We still want to do these spam checks when we eventually move to a world where we do user-defined projects in the OSO app. Let's make sure the core logic is in the oss-artifact-validators package so that it can be re-used between the OSO app and the external-prs GitHub app