Closed Keyrxng closed 8 months ago
Something as simple as ORG !== "Ubiquity" then wrap the link in backticks so it can still be read on their fork but it doesn't cause a linkback, maybe
This seems like it has potential. I very lightly worked with this codebase so I am not very confident with the best approach. Maybe @rndquu or @FernandVEYRIER know better
I agree this could be annoying with multiple forks.
We could simply restrict the sync workflow to run only for the https://github.com/ubiquity/devpool-directory repo.
Prefixing the URL with www.
seems like a simple solution that solves the problem!
However I kind of do like the idea of the bot back linking when its actually "registered" to the DevPool directory. It is an interesting way for the bot to sort of promote the DevPool Directory, but I can see how partners may be annoyed by it.
Let's do www.
prefixing then! @Keyrxng
Without a working bot I'm certain I'm unable to QA so maybe not the task for me atm and after the little oversight earlier I'm not wanting to push anything without being able to test it thoroughly so I'm going to pass on this task if that's all good
I did run the script and saw the correct outputs but cannot QA properly although the prefix does deffo work (still) see here
Just update helpers/github.ts #L71 with below was my basic approach but this will stop the real devpool linking back to UBQ issues too and I wasn't sure if that's acceptable or not
issues = issues.map((issue) => {
issue.html_url = issue.html_url.replace("https://github.com", "https://www.github.com");
return issue;
});
back linking when its actually "registered" to the DevPool directory.
I'm assuming that there will be a list of partners somewhere down the line that we could check against so that it can link back on partner repos as that is a solid way to promo the bot.
I think we can probably just merge and try. It seems pretty low stakes. Why don't you open a pull request?
Funny enough I'm having second thoughts because I noticed a link back on a repository that I didn't want added (I just updated opt.json to fix this.)
I suppose I need to fix the caching issue with work.ubq.fi so that it actually updates the view (currently it doesn't seem to update the new issues after it lands in your cache.)
Can you do me a favor? Can we enable the original behavior for UbiquiBot so that it posts the link back, and then for everybody else, do the www.
thing?
Sorry for changing the scope. I think I will feel more comfortable to change this behavior when I see partners complaining about our bot linking back.
Without a working bot I'm certain I'm unable to QA
As far as I understand you don't need the bot to QA this repo. You need to:
So because the script is being run from within an action we could grab who the user is and edit the url that way? I wasn't aware that forks had to change DEVPOOL_OWNER_NAME
so this works around that without having to update the workflow
QA here
try {
const {
data: { login },
} = await octokit.users.getAuthenticated();
return login && login === "ubiquity" ? true : false;
+ Evaluating results. Please wait...
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 4 | 30.1 |
Comment | Formatting | Relevance | Reward |
---|---|---|---|
> Something as simple as ORG !== "Ubiquity" then wrap the link i... | 2.9 | 0.77 | 2.9 |
> There is also [this](https://github.com/orgs/community/discuss... | 10.8a: count: 2 score: "2" words: 2 code: count: 2 score: "2" words: 2 | 0.88 | 10.8 |
I think we can probably just merge and try. It seems pretty low ... | 2.2 | 0.58 | 2.2 |
Funny enough I'm having second thoughts because I noticed a link... | 14.2a: count: 1 score: "1" words: 3 code: count: 1 score: "1" words: 1 | 0.74 | 14.2 |
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Specification | 1 | 45 |
Issue | Comment | 2 | 52.2 |
Comment | Formatting | Relevance | Reward |
---|---|---|---|
It's probably a good idea that forks of the dev-pool not link ba... | 45h3: count: 1 score: "1" words: 1 li: count: 3 score: "3" words: 45 code: count: 2 score: "2" words: 39 | 1 | 45 |
Without a working bot I'm certain I'm unable to QA so maybe not ... | 37a: count: 2 score: "2" words: 6 code: count: 1 score: "1" words: 0 | 0.67 | 37 |
So because the script is being run from within an action we coul... | 15.2a: count: 1 score: "1" words: 1 code: count: 2 score: "2" words: 1 | 0.72 | 15.2 |
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 2 | 19.6 |
Comment | Formatting | Relevance | Reward |
---|---|---|---|
I agree this could be annoying with multiple forks. We could ... | 6.7a: count: 3 score: "3" words: 3 | 0.64 | 6.7 |
> Without a working bot I'm certain I'm unable to QA As far a... | 12.9a: count: 3 score: "3" words: 5 li: count: 3 score: "3" words: 94 | 0.71 | 12.9 |
@Keyrxng the deadline is at 2024-02-18T07:52:24.545Z
+ Evaluating results. Please wait...
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 4 | 30.1 |
Comment | Formatting | Relevance | Reward |
---|---|---|---|
> Something as simple as ORG !== "Ubiquity" then wrap the link i... | 2.9 | 0.805 | 2.9 |
> There is also [this](https://github.com/orgs/community/discuss... | 10.8a: count: 2 score: "2" words: 2 code: count: 2 score: "2" words: 2 | 0.87 | 10.8 |
I think we can probably just merge and try. It seems pretty low ... | 2.2 | 0.59 | 2.2 |
Funny enough I'm having second thoughts because I noticed a link... | 14.2a: count: 1 score: "1" words: 3 code: count: 1 score: "1" words: 1 | 0.685 | 14.2 |
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Specification | 1 | 45 |
Issue | Task | 1.00 | 25 |
Issue | Comment | 2 | 52.2 |
Issue | Comment | 2 | 0 |
Comment | Formatting | Relevance | Reward |
---|---|---|---|
It's probably a good idea that forks of the dev-pool not link ba... | 45h3: count: 1 score: "1" words: 1 li: count: 3 score: "3" words: 45 code: count: 2 score: "2" words: 39 | 1 | 45 |
Without a working bot I'm certain I'm unable to QA so maybe not ... | 37a: count: 2 score: "2" words: 6 code: count: 1 score: "1" words: 0 | 0.665 | 37 |
So because the script is being run from within an action we coul... | 15.2a: count: 1 score: "1" words: 1 code: count: 2 score: "2" words: 1 | 0.72 | 15.2 |
Without a working bot I'm certain I'm unable to QA so maybe not ... | -a: count: 2 score: "0" words: 6 code: count: 1 score: "0" words: 0 | 0.665 | - |
So because the script is being run from within an action we coul... | -a: count: 1 score: "0" words: 1 code: count: 2 score: "0" words: 1 | 0.72 | - |
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 2 | 19.6 |
Comment | Formatting | Relevance | Reward |
---|---|---|---|
I agree this could be annoying with multiple forks. We could ... | 6.7a: count: 3 score: "3" words: 3 | 0.7 | 6.7 |
> Without a working bot I'm certain I'm unable to QA As far a... | 12.9a: count: 3 score: "3" words: 5 li: count: 3 score: "3" words: 94 | 0.75 | 12.9 |
Weird that you were not automatically assigned when you linked the pull request @Keyrxng any theories for why? As a heads up be sure to only claim the largest reward offered to you on any task otherwise the nonce will be invalidated and you left money on the table.
I tried testing but I'm not sure how to set it up. Any ideas on how to resolve this as a normal contributor? Meaning that they shouldn't be able to add their GitHub App to our repositories for their development purposes, so I don't see how it can access those resources. https://github.com/pavlovcik/devpool-directory/actions/runs/7947273267/job/21696160382#step:6:14
Regarding my bot permissions:
@BeanieMen figured it out https://github.com/BeanieMen/devpool-directory/actions/runs/7765146546/job/21179453557
Seems a bit suspicious.
Error after merge @Keyrxng please look into this: https://github.com/ubiquity/devpool-directory/actions/runs/7947688186/job/21697168038#step:6:11
Before merge: https://github.com/ubiquity/devpool-directory/actions/runs/7947118812/job/21695580137#step:6:11
However it still synchronized the latest test issue: https://github.com/ubiquity/devpool-directory/issues/1073
I tried testing but I'm not sure how to set it up. Any ideas on how to resolve this as a normal contributor?
I was just running the script locally with tsx when I was testing.
Seems a bit suspicious.
It's to do with the permissions that are set by the default token for the runner looking at stack overflow and a few blog posts as well as a v popular issue from 2019 covering it.
Three options available:
use PAT (Personal Access Token) configure permissions in Actions settings
You can inline the permissions into the workflow to enable it to request the JWT
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
You can inline the permissions into the workflow to enable it to request the JWT
Can you make the change?
Can you make the change?
Apparently not. So inline permissions is deprecated as the GH editor throws an unknown error.
I have tried to do a bit of debugging but having no joy myself with it so I'm not sure what your thoughts are whether it's related to your bot permissions or whether the bot is acting on behalf of the runner
Any ideas on how to resolve this as a normal contributor?
I think the best approach might be when contributing you test things by running the script locally that way it will always be the user's access token via .env and we just restrict the workflow to only run on the real dev-pool as rndquu suggested, this way forks don't link back when tested and the action runs as normal on the dev-pool repo despite failing that check
P.S: The workflow is disabled by default on forks due to the cron job anyway so it makes sense for testing to be done locally unless it's something specific to the action?
The reason why this was an issue in the first place is because people fork the repo, and enable issues + actions. So yes, contributors run it from their GitHub Actions. I've already seen at least two people spam the links.
What I was suggesting was that isn't necessary to do, the other actions run but the sync_issues needs manually activated and in the issue repo and dev-pool repo readmes we state that testing should be done via invoking the command locally, in this way they will not link back and still be able to QA logic changes
I can't speak for anyone else but I specifically went out of my way not to run the workflow (1. because of the setup 2. because it wasn't necessary) and just run the script, I'm not sure which approach is best
Because a forked instance has to change the hardcoded value to their own username/org in order for the workflow to run then the original comparison against "ubiquity" is the only other way around it I can think of if it should be ran as a workflow as part of each PR and we stop link spamming.
that isn't necessary to do
Yes I understand that but we should try and prevent random contributors from spamming all of our repositories and our partners' that's the point of this feature unless I'm misunderstanding.
Anyways, I would appreciate being able to test so that I know clearly what contributors need to do to cause this problem
if a contributor runs the action it will link spam, I'd need to change the comparison from UBQ_ORG_ID & USER_ID
to "ubiquity" & DEV_POOL_OWNER
and against whatever the hardcoded value is in order for the workflow to run without spamming.
The current implementation will not link spam if a contributor is running the script locally
@Keyrxng I just noticed they are all posting with www.
now. The way you are verifying if its the official instance seems to be invalid. I noticed because it broke the UI for work.ubq.fi. If it helps, here are the user details for the bot:
{
"login": "ubiquibot[bot]",
"id": 113181824,
"node_id": "BOT_kgDOBr8EgA",
"avatar_url": "https://avatars.githubusercontent.com/in/236521?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/ubiquibot%5Bbot%5D",
"html_url": "https://github.com/apps/ubiquibot",
"followers_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/followers",
"following_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/following{/other_user}",
"gists_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/gists{/gist_id}",
"starred_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/subscriptions",
"organizations_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/orgs",
"repos_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/repos",
"events_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/events{/privacy}",
"received_events_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/received_events",
"type": "Bot",
"site_admin": false
}
And the full context of that is pulled from it having had posted a comment on a conversation. There seems to be details around the GitHub App itself as well which could be useful:
{
"url": "https://api.github.com/repos/ubiquity/.github/issues/comments/1960728533",
"html_url": "https://github.com/ubiquity/.github/issues/98#issuecomment-1960728533",
"issue_url": "https://api.github.com/repos/ubiquity/.github/issues/98",
"id": 1960728533,
"node_id": "IC_kwDOIaGAy8503lfV",
"user": {
"login": "ubiquibot[bot]",
"id": 113181824,
"node_id": "BOT_kgDOBr8EgA",
"avatar_url": "https://avatars.githubusercontent.com/in/236521?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/ubiquibot%5Bbot%5D",
"html_url": "https://github.com/apps/ubiquibot",
"followers_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/followers",
"following_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/following{/other_user}",
"gists_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/gists{/gist_id}",
"starred_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/subscriptions",
"organizations_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/orgs",
"repos_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/repos",
"events_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/events{/privacy}",
"received_events_url": "https://api.github.com/users/ubiquibot%5Bbot%5D/received_events",
"type": "Bot",
"site_admin": false
},
"created_at": "2024-02-23T04:49:29Z",
"updated_at": "2024-02-23T04:49:29Z",
"author_association": "NONE",
"body": "\n<code>\n<table>\n\n<tr><td>Deadline</td><td>Sat, Feb 24, 4:49 AM UTC</td></tr>\n<tr>\n<td>Registered Wallet</td>\n<td>0xAe5D1F192013db889b1e2115A370aB133f359765</td>\n</tr>\n\n\n\n</table></code>\n<h6>Tips:</h6>\n <ul>\n <li>Use <code>/wallet 0x0000...0000</code> if you want to update your registered payment wallet address.</li>\n <li>Be sure to open a draft pull request as soon as possible to communicate updates on your progress.</li>\n <li>Be sure to provide timely updates to us when requested, or you will be automatically unassigned from the task.</li>\n <ul>\n<!-- Ubiquity - Assignment - start - e402d16\n{\n \"duration\": 86400,\n \"priceLabel\": {\n \"id\": 6006397901,\n \"node_id\": \"LA_kwDOIaGAy88AAAABZgJbzQ\",\n \"url\": \"https://api.github.com/repos/ubiquity/.github/labels/Price:%20400%20USD\",\n \"name\": \"Price: 400 USD\",\n \"color\": \"1f883d\",\n \"default\": false,\n \"description\": null\n }\n}\n-->",
"reactions": {
"url": "https://api.github.com/repos/ubiquity/.github/issues/comments/1960728533/reactions",
"total_count": 0,
"+1": 0,
"-1": 0,
"laugh": 0,
"hooray": 0,
"confused": 0,
"heart": 0,
"rocket": 0,
"eyes": 0
},
"performed_via_github_app": {
"id": 236521,
"slug": "ubiquibot",
"node_id": "A_kwHOBI33Lc4AA5vp",
"owner": {
"login": "ubiquity",
"id": 76412717,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjc2NDEyNzE3",
"avatar_url": "https://avatars.githubusercontent.com/u/76412717?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/ubiquity",
"html_url": "https://github.com/ubiquity",
"followers_url": "https://api.github.com/users/ubiquity/followers",
"following_url": "https://api.github.com/users/ubiquity/following{/other_user}",
"gists_url": "https://api.github.com/users/ubiquity/gists{/gist_id}",
"starred_url": "https://api.github.com/users/ubiquity/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ubiquity/subscriptions",
"organizations_url": "https://api.github.com/users/ubiquity/orgs",
"repos_url": "https://api.github.com/users/ubiquity/repos",
"events_url": "https://api.github.com/users/ubiquity/events{/privacy}",
"received_events_url": "https://api.github.com/users/ubiquity/received_events",
"type": "Organization",
"site_admin": false
},
"name": "UbiquiBot",
"description": "This bot automates functionality of the DevPool by Ubiquity DAO.",
"external_url": "https://github.com/ubiquity/ubiquibot",
"html_url": "https://github.com/apps/ubiquibot",
"created_at": "2022-09-09T11:32:39Z",
"updated_at": "2023-12-21T01:25:09Z",
"permissions": {
"actions": "write",
"contents": "write",
"issues": "write",
"members": "read",
"metadata": "read",
"pull_requests": "write"
},
"events": [
"commit_comment",
"create",
"delete",
"fork",
"gollum",
"issues",
"issue_comment",
"label",
"member",
"membership",
"merge_queue_entry",
"milestone",
"organization",
"public",
"pull_request",
"pull_request_review",
"pull_request_review_comment",
"pull_request_review_thread",
"push",
"release",
"repository",
"repository_dispatch",
"star",
"team",
"team_add",
"watch",
"workflow_dispatch",
"workflow_job",
"workflow_run"
]
}
}
236521 === performed_via_github_app.id
and
113181824 === user.id
Might work.
we are comparing against the hardcoded DEVPOOL_OWNER
, the current dev branch just needs to pass in the hardcoded value into the checkIfForked()
function. We were not able to rely on the ID at the time due to permission issues that are sside stepped with the username comparison
We were not able to rely on the ID at the time due to permission issues that are sside stepped with the username comparison
That doesn't make sense to me. The ID should always be readable.
You were experiencing errors in the action runs relating to Resource inaccessible
something or other and I wasn't able to debug that, so the getAuthenticatedUser()
call was failing when being run in the action did it's job if invoking the script locally (as I tested that way), I was of the belief that we were moving past the permissions debugging and settling for the username comparison
So whats the next step? Do you know how to fix it?
So whats the next step? Do you know how to fix it?
yeah sorry I replied to this question on another comment. Just need to pass in the DEVPOOL_OWNER
into the checkIfForked()
function, I forgot to pass in the var after changing it from the reliance on the underlying access token. It's just missing it's arg, my mistake
So whats the next step? Do you know how to fix it?
yeah sorry I replied to this question on another comment. Just need to pass in the
DEVPOOL_OWNER
into thecheckIfForked()
function, I forgot to pass in the var after changing it from the reliance on the underlying access token. It's just missing it's arg, my mistake
Can you open a pull request?
+ Evaluating results. Please wait...
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 14 | 152.3 |
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Specification | 1 | 45 |
Issue | Task | 1 | 25 |
Issue | Comment | 9 | 196 |
Issue | Comment | 9 | 0 |
View | Contribution | Count | Reward |
---|---|---|---|
Issue | Comment | 2 | 19.6 |
Comment | Formatting | Relevance | Reward |
---|---|---|---|
I agree this could be annoying with multiple forks. We could ... | 6.7a: count: 3 score: "3" words: 3 | - | 6.7 |
> Without a working bot I'm certain I'm unable to QA As far a... | 12.9a: count: 3 score: "3" words: 5 li: count: 3 score: "3" words: 94 | - | 12.9 |
lol @Keyrxng you are lucky there is a bug with the comment incentive calculation. Normally you would have only gotten paid for the specification.
266 for an issue worth 25, damn
Damn indeed, if you want to invalidate and do a manual I'm cool with that @pavlovcik
Unfortunately payouts are designed to be only once per task per contributor, or else there are incentives to ship bad code.
I'm happy to send some back to the funding address not a problem? Or is this really my lucky day lmao 😂
It's probably a good idea that forks of the dev-pool not link back to UBQ issues so that it prevents issues being spammed with comments like:
@[korrrba-bot](https://github.com/apps/korrrba-bot) korrrba-bot bot mentioned this issue [on Nov 6, 2023](https://github.com/ubiquity/audit.ubq.fi/issues/4) https://github.com/korrrba/devpool-directory/issues/16
The example shows three links and I could fetch more examples but you get the gist. I was scanning to see what other bounties I'd be able to take on and while atm it's not so bad you can see how it might snowball as the hunter base grows and may potentially confuse first timers but it would keep things cleaner regardless.
I'm not 100% on how to implement this exactly with all the moving parts at the minute so rfc from core team
Objective
www.
so that the GitHub UI does not "link back"