GitHub validation checks look for organization conflicts

opensource-observer / oso

Measuring the impact of open source software

https://opensource.observer

Apache License 2.0

71 stars 16 forks source link

GitHub validation checks look for organization conflicts #1200

Open ryscheng opened 10 months ago

ryscheng commented 10 months ago

Right now the validation is just simple duplicate checking.

This leaves open the following bug:

Project A claims a repo
Project B claims the org

This should be a conflict, but I don't think we check for it right now.

In an ideal world we enumerate in the logs all the repos that are conflicting and all of the repos that you can claim individually.

ccerv1 commented 8 months ago

On a related note, from contributor @DistributedDoge :

With current I don't really have a way of telling if some github url line in your dataset is github user or organization unless I ask GH API (sloow) so if I was to make a next version I would think about:

github-orgs:
    - a
    - b
github-repos:
    - c
    - d

We should implement standardized logic for determining when a repo within an org is used versus just the org. And, when it is a solo user, we should only accept a repo (or list of repus) instead of the user.

ccerv1 commented 6 months ago

Prioritizing this in light of convos with Optimism for RF4. We need a simple check to determine when a project should be added to OSS Directory. For example:

First commit is more than 90 days ago
Most recent commit in the past 30 days
At least 10 distinct days of activity

ryscheng commented 6 months ago

For the RetroPGF requirements, there's a separate issue. Let's not expand the scope of this issue https://github.com/opensource-observer/oso/issues/1175

ryscheng commented 5 months ago

I think we talked about this during a standup, but perhaps we forgot to take down some notes.

The current thinking is that we update our semantics:

No 2 projects can claim the same org
No 2 projects can claim the same repo
If project A claims a repo within an org that's claimed by Project B, then project B has every repo in that org except for the ones claimed.

In other words, each repo can still only be claimed by 1 project, but if you specify a repo specifically, that takes priority.

We have to update our pipelines to actually behave this way though

ravenac95 commented 4 months ago

I think we can close this? @ryscheng @ccerv1. My test PR from yesterday passed: https://github.com/opensource-observer/oss-directory/pull/287

ryscheng commented 4 months ago

@ravenac95 I think we still need to update the dbt pipeline to reflect these semantics

@ccerv1 younsaid you already had part of this?

ravenac95 commented 4 months ago

@ravenac95 I think we still need to update the dbt pipeline to reflect these semantics

@ryscheng Ah yeah. I think you're right. AFAIK, right now both projects would have the github artifact