search

opensource-observer / oso

Measuring the impact of open source software
https://opensource.observer
Apache License 2.0
50 stars 13 forks source link

oss-directory GitHub validation for spam checks #1175

Open ryscheng opened 3 months ago

ryscheng commented 3 months ago

What is it?

Here are the current list of GitHub checks we want

green check marks

report in a comment:

ryscheng commented 3 months ago

With gitcoin for their OSS round, we devised a four point check:

was the first commit more than 90 days ago has there been a recent commit in the last 30 days have there been more than 10 days of activity in the last 90 days does the project have more than one contributor Verify that Github Repo referenced has verification funding.json

ccerv1 commented 2 months ago

FYI, I created a hacky script to do some of these checks for the BuidlBox dataset. It worked pretty well (scanned about 8K projects).

https://github.com/opensource-observer/insights/blob/main/scripts/github.py

ccerv1 commented 1 month ago

For now at least, we need to take a final version of this model and adding a field in here

ryscheng commented 1 month ago

Here are the checks we want

green check marks

report in a comment:

ryscheng commented 1 month ago

Cleaning up some reviewer UX here https://github.com/opensource-observer/oso/pull/1527

ryscheng commented 1 month ago

Pretty print the external-prs results https://github.com/opensource-observer/oso/pull/1529

ryscheng commented 3 weeks ago

Going to P2 this based on current traffic. It doesn't look like the inbound traffic to oss-directory is too onerous on the GitHub validation side.

We still want to do these spam checks when we eventually move to a world where we do user-defined projects in the OSO app. Let's make sure the core logic is in the oss-artifact-validators package so that it can be re-used between the OSO app and the external-prs GitHub app