CI: refactor `pull_request_target` to `pull_request` #6

rndquu · 2024-03-19T13:52:20Z

Right now we're using pull_request_target in many places like:

In the examples mentioned above workflows always check out the development branch + open a security hole for exfiltrating of github access token with write permissions.

Check this for more info:

What should be done:

refactor all CI workflows in the https://github.com/ubiquity organization from pull_request_target to pull_request
fix related CI errors where necessary

The text was updated successfully, but these errors were encountered:

gentlementlegen · 2024-03-22T05:42:37Z

/start

ubiquibot · 2024-03-22T05:42:43Z



Deadline Fri, Mar 22, 9:42 AM UTC

Registered Wallet
0x0fC1b909ba9265A846b82CF4CE352fc3e7EeB2ED

Tips:

Use /wallet 0x0000...0000 if you want to update your registered payment wallet address.
Be sure to open a draft pull request as soon as possible to communicate updates on your progress.
Be sure to provide timely updates to us when requested, or you will be automatically unassigned from the task.

gentlementlegen · 2024-03-22T05:43:55Z

@rndquu I believe it is arbitrary that you opened this issue in the repository since it impact plenty of them. Maybe would make more sense to open it at https://github.com/ubiquity/ts-template ?

0x4007 · 2024-03-22T06:08:34Z

@rndquu I believe it is arbitrary that you opened this issue in the repository since it impact plenty of them. Maybe would make more sense to open it at https://github.com/ubiquity/ts-template ?

I think its related to deploys which technically has code spanning across the ts-template and every repository as an extension of the template. However this repository I think makes the most sense for deploys related tasks.

gitcoindev · 2024-03-22T06:59:30Z

Hi @gentlementlegen good luck! I encountered a chicken-and-egg problem for Knip reporter part here: ubiquity/keygen.ubq.fi#5 (comment) , still experimenting on that..

gitcoindev · 2024-03-22T07:03:05Z

You may want to read a few links from that thread. Basically, for branches across the same repository it does work correctly with pull_request, https://github.com/gitcoindev/keygen.ubq.fi/actions/runs/8355152504

In case of pull_request workflow opened from a forked repository , the secrets are not passed (all of the variables are None / null`) , there are ways to deal with this but I have not found the perfect solution, yet.

gitcoindev · 2024-03-22T07:07:22Z

My last version that 'almost works' is to use pull_request_workflow and a fine grained token https://github.com/korrrba/keygen.ubq.fi/actions/runs/8366591693/workflow , see tibdex/github-app-token@v2.1.0 . But perhaps I leave more investigation to you, you may discover something that works better. For the deploy workflow @rndquu was able to solve it in an elegant way, building with read only permissions and deploying with the elevated ones.

gentlementlegen · 2024-03-22T07:08:59Z

@gitcoindev Thanks not very reassuring haha. That is correct, forks are not receiving the secrets for security purposes. pull-request-target sort of solved it but uses the base branch for the workflows and introduces security issues where the secrets can be leaked. I thought of a few workarounds. Because I think we will always need to use secrets at some point, even for testing.

The main reason why we require the secrets is also to post to the current PR the results. This could eventually be disabled, and we would still notice that the workflow failed to run. But in the case of testing, if credentials are needed, we obiously cannot expose them. I thought maybe we should either:

always require to have a link to a successful build (which is what we kinda do now), it's functional but wouldn't block a pull request and we still could merge by accident
trigger the workflow but not in the PR, rather on a push to the dev branch or something similar. In that way, the workflows would get the secrets, and we would still detect a merge that broke stuff. This however could make reverts also very difficult in some scenarios.

gitcoindev · 2024-03-22T07:12:37Z

Yes I have similar conclusions. By the way in one of the articles I found a hack that allows to workaround for uses the base branch for the workflows default scenario:

      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}

When the github.event.pull_request is available, head.sha can be used to fetch the pull request workspace instead of the base branch.

gentlementlegen · 2024-03-22T07:16:33Z

Doesn't this introduce the security breach that @rndquu had been mentioning before?

0x4007 · 2024-03-22T07:19:30Z

To simplify permissions what if we just use github-actions[bot] or whatever the default is, and then focus on annotations in files view instead of comments?

gentlementlegen · 2024-03-22T07:21:33Z

To simplify permissions what if we just use github-actions[bot] or whatever the default is, and then focus on annotations in files view instead of comments?

Wouldn't solve scenarios requiring keys or credentials

gitcoindev · 2024-03-22T07:25:09Z

To simplify permissions what if we just use github-actions[bot] or whatever the default is, and then focus on annotations in files view instead of comments?

I also thought about this approach, but for the Knip case two write permissions are needed:

permissions:
  checks: write
  issues: write

If we skip comments, Checks: write is the blocking one as well. I began to wonder if there is a completely another way to tackle this like rewriting the knip-reporter to not to use checks -) I hope that @gentlementlegen can come up with a better solution.

gitcoindev · 2024-03-22T07:41:02Z

There is a quite long thread in GitHub actions repository, actions/checkout#518

Many projects struggle with that. One of the last comments mentions the similar workflow that @rndquu introduced:

actions/checkout#518 (comment)

(does not work for Knip-reporter currently though due to https://github.com/Codex-/knip-reporter/blob/main/src/main.ts#L24 and the fact that it complains about workflow_run) . Perhaps this can be solved in the knip-reporter somehow.

gentlementlegen · 2024-03-22T07:44:24Z

One solution I thought of as well, is using environments for our secrets to keep using pull_request_target but avoid production secrets leak.
https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
In the theory we should have a dev environment where everything, even if leaked, are no threat to our production elements. We could have a development and production environment, each with different secrets.

rndquu · 2024-03-22T12:54:44Z

This check is introduced because PR number is used here.

The thing is that on workflow_run (which runs in a privileged context with access to secrets) we can still fetch associated PR number this way.

We could update https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf8728aae419758f2f4b4e35fd6945/src/main.ts to work with workflow_run with (relatively) small code changes.

gentlementlegen · 2024-03-24T22:13:34Z

This check is introduced because PR number is used here.

The thing is that on workflow_run (which runs in a privileged context with access to secrets) we can still fetch associated PR number this way.

We could update https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf8728aae419758f2f4b4e35fd6945/src/main.ts to work with workflow_run with (relatively) small code changes.

This is true, but doesn't solve cases where we need credentials or any other kind of sensitive data (I think mostly about login tests). If we use environments for our secrets we can have workflows like
GITHUB_TOKEN: ${{ secrets.development.GITHUB_TOKEN }}
Where the PAT only has very restricted access, such as PR read / post only. This way, we keep secrets, can run any workflow normally and still do not expose any sensitive data.

rndquu · 2024-03-25T15:25:52Z

This all started with https://github.com/Codex-/knip-reporter, I would remove it, keep using plain yarn knip in a build workflow (which throws on knip warnings) and be done with that without refactoring https://github.com/Codex-/knip-reporter, introducing environments and other unnecessary stuff

This is true, but doesn't solve cases where we need credentials

We don't need sensitive credentials anywhere, the only ones I can think of are cloudflare credentials but they are already used safely

I think mostly about login tests

I'm sure there is a way to mock github oauth without passing sensitive credentials in a build step

gentlementlegen · 2024-03-25T16:26:20Z

It is not possible to fake the OAuth except if we also run Supabase inside the Action, and setup a whole new DB. Which would also probably require GitHub keys to set the OAuth. I would like not to have any sensitive data in the env, but we should then consider not doing any test requiring authentication, or involving any sensitive data to achieve so

gentlementlegen · 2024-07-27T02:34:13Z

Sorry for necroposting here, but I think this has been mostly resolved as we do not use pull_request_target anywhere afaik.

However, for Knip we still use the Workflow Run to trigger the workflow with the secrets. In the case of Knip, wouldn't it be enough to post the results in the summary the same way we do now for Jest? Like here for example, so we would not need the Knip reporter script.

The only Actions that should require environment variables are the ones requiring secrets for deployments and such, which are currently triggered after the Build step is complete so get access to the environment. However I think this is as dangerous as using pull_request_target. But without it we would not be able to have preview deployments with Cloudflare like we do for work.ubq.fi.

0x4007 · 2024-07-29T08:09:34Z

Sorry for necroposting here

This is expected and why I like to keep all of our work on GitHub so that we can use all conversations/issues as an archive.

wouldn't it be enough to post the results in the summary the same way we do now for Jes

Yes this is preferred so as to not clutter the conversation.

rndquu · 2024-07-30T16:50:47Z

Right now there are only 2 places left which uses pull_request_target across ubiquity and ubiquibot organizations:

gentlementlegen · 2024-07-31T03:41:28Z

@rndquu Okay these can be removed safely, I will take them of them.

0x4007 · 2024-08-19T07:15:45Z

What should be done:

refactor all CI workflows in the https://github.com/ubiquity organization from pull_request_target to pull_request

fix related CI errors where necessary

This can probably be automated with a script locally:

Recursive clone all repos
sed find and replace all yml files for pull_request_target

sed 's/pull_request_target/pull_request/g' in.yml > in.yml
git commit -m "chore: pull_request_target to pull_request 
resolves https://github.com/ubiquity/cloudflare-deploy-action/issues/6"
git push

gentlementlegen · 2024-08-19T07:51:16Z

@0x4007 Didn't you open an issue about synching the templates? This should also solve that.

0x4007 · 2024-08-19T08:05:50Z

@0x4007 Didn't you open an issue about synching the templates? This should also solve that.

ubiquity/ts-template#54

ubiquibot · 2024-08-19T14:30:43Z

+ Evaluating results. Please wait...

ubiquityos · 2024-08-19T14:30:52Z

! Failed to run comment evaluation. SyntaxError: Unexpected end of JSON input

ubiquibot · 2024-08-19T14:32:01Z

[ 26.9 WXDAI ]

@0x4007

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	5	26.9

Conversation Incentives

Comment	Formatting	Relevance	Reward
> @rndquu I believe it is arbitrary that you opened this issu...	3.7	0.4	3.7
To simplify permissions what if we just use `github-actions[...	3.7 code: count: 1 score: "1" words: 3	0.61	3.7
> Sorry for necroposting here This is expected and why I l...	3.7	0.62	3.7
> What should be done: > > * refactor all CI workflo...	15 li: count: 4 score: "4" words: 44 code: count: 6 score: "6" words: 5	0.66	15
> @0x4007 Didn't you open an issue about synching the templat...	0.8	0.67	0.8

[ 183.3 WXDAI ]

@gentlementlegen

Contributions Overview

View	Contribution	Count	Reward
Issue	Task	1	100
Issue	Comment	10	0
Issue	Comment	10	83.3

Conversation Incentives

Comment	Formatting	Relevance	Reward
@rndquu I believe it is arbitrary that you opened this issue in ...	-	0.38	-
@gitcoindev Thanks not very reassuring haha. That is correct, fo...	- li: count: 2 score: "0" words: 83 code: count: 1 score: "0" words: 3	0.55	-
Doesn't this introduce the security breach that @rndquu had been...	-	0.56	-
> To simplify permissions what if we just use `github-act...	- code: count: 1 score: "0" words: 3	0.63	-
One solution I thought of as well, is using environments for our...	- code: count: 3 score: "0" words: 3	0.61	-
> [This](https://github.com/Codex-/knip-reporter/blob/1d32edf...	- a: count: 3 score: "0" words: 3 code: count: 3 score: "0" words: 6	0.72	-
It is not possible to fake the OAuth except if we also run Supab...	-	0.64	-
Sorry for necroposting here, but I think this has been mostly re...	- a: count: 2 score: "0" words: 6 code: count: 5 score: "0" words: 7	0.6	-
@rndquu Okay these can be removed safely, I will take them of th...	-	0.67	-
@0x4007 Didn't you open an issue about synching the templates? T...	-	0.61	-
@rndquu I believe it is arbitrary that you opened this issue in ...	3.5	0.38	3.5
@gitcoindev Thanks not very reassuring haha. That is correct, fo...	23.3 li: count: 2 score: "2" words: 83 code: count: 1 score: "1" words: 3	0.55	23.3
Doesn't this introduce the security breach that @rndquu had been...	1.3	0.56	1.3
> To simplify permissions what if we just use `github-act...	1.8 code: count: 1 score: "1" words: 3	0.63	1.8
One solution I thought of as well, is using environments for our...	9.9 code: count: 3 score: "3" words: 3	0.61	9.9
> [This](https://github.com/Codex-/knip-reporter/blob/1d32edf...	13.3 a: count: 3 score: "3" words: 3 code: count: 3 score: "3" words: 6	0.72	13.3
It is not possible to fake the OAuth except if we also run Supab...	6.5	0.64	6.5
Sorry for necroposting here, but I think this has been mostly re...	20.8 a: count: 2 score: "2" words: 6 code: count: 5 score: "5" words: 7	0.6	20.8
@rndquu Okay these can be removed safely, I will take them of th...	1.3	0.67	1.3
@0x4007 Didn't you open an issue about synching the templates? T...	1.6	0.61	1.6

[ 49.4 WXDAI ]

@gitcoindev

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	49.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Hi @gentlementlegen good luck! I encountered a chicken-and-egg p...	3	0.76	3
You may want to read a few links from that thread. Basically, fo...	10.2 code: count: 3 score: "3" words: 3	0.7	10.2
My last version that 'almost works' is to use pull_request_workf...	7.4	0.6	7.4
Yes I have similar conclusions. By the way in one of the article...	9.7 code: count: 3 score: "3" words: 10	0.56	9.7
> To simplify permissions what if we just use `github-act...	9.8 code: count: 3 score: "3" words: 5	0.67	9.8
There is a quite long thread in GitHub actions repository, https...	9.3 code: count: 1 score: "1" words: 1	0.67	9.3

[ 83.2 WXDAI ]

@rndquu

Contributions Overview

View	Contribution	Count	Reward
Issue	Specification	1	32.8
Issue	Comment	3	50.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Right now we're using `pull_request_target` in many plac...	32.8 li: count: 6 score: "6" words: 74 code: count: 4 score: "4" words: 4	1	32.8
[This](https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf...	16.6 a: count: 3 score: "3" words: 3 code: count: 2 score: "2" words: 2	0.78	16.6
This all started with https://github.com/Codex-/knip-reporter, I...	19.8 a: count: 1 score: "1" words: 1 code: count: 1 score: "1" words: 2	0.63	19.8
Right now there are only 2 places left which uses `pull_requ...	14 li: count: 2 score: "2" words: 29 code: count: 3 score: "3" words: 3	0.71	14

0x4007 · 2024-08-19T21:36:29Z

! Failed to run comment evaluation. SyntaxError: Unexpected end of JSON input

I think I'll need to add funds to the old bot as well because the new bot is unreliable. It broke twice tonight already

ubiquibot · 2024-08-20T01:59:43Z

@gentlementlegen the deadline is at 2024-08-20T05:59:43.452Z

ubiquibot · 2024-08-20T02:02:48Z

+ Evaluating results. Please wait...

ubiquityos · 2024-08-20T02:02:57Z

[ 100 WXDAI ]

@gentlementlegen

Contributions Overview

View	Contribution	Count	Reward
Issue	Task	1	100
Issue	Comment	10	0
Review	Comment	1	0

Conversation Incentives

Comment	Formatting	Relevance	Reward
@rndquu I believe it is arbitrary that you opened this issue in …	0 content: p: count: 31 score: 1 wordValue: 0 formattingMultiplier: 0	0.2	-
@gitcoindev Thanks not very reassuring haha. That is correct, fo…	0 content: p: count: 118 score: 1 code: count: 1 score: 1 ul: count: 81 score: 0 li: count: 81 score: 1 wordValue: 0 formattingMultiplier: 0	0.8	-
Doesn't this introduce the security breach that @rndquu had been…	0 content: p: count: 12 score: 1 wordValue: 0 formattingMultiplier: 0	0.5	-
Wouldn't solve scenarios requiring keys or credentials	0 content: p: count: 7 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
One solution I thought of as well, is using environments for our…	0 content: p: count: 56 score: 1 code: count: 3 score: 1 wordValue: 0 formattingMultiplier: 0	0.7	-
This is true, but doesn't solve cases where we need credentials …	0 content: p: count: 73 score: 1 code: count: 4 score: 1 wordValue: 0 formattingMultiplier: 0	0.6	-
It is not possible to fake the OAuth except if we also run Supab…	0 content: p: count: 65 score: 1 wordValue: 0 formattingMultiplier: 0	0.3	-
Sorry for necroposting here, but I think this has been mostly re…	0 content: p: count: 135 score: 1 code: count: 5 score: 1 a: count: 6 score: 1 wordValue: 0 formattingMultiplier: 0	0.6	-
@rndquu Okay these can be removed safely, I will take them of th…	0 content: p: count: 13 score: 1 wordValue: 0 formattingMultiplier: 0	0.3	-
@0x4007 Didn't you open an issue about synching the templates? T…	0 content: p: count: 15 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
Resolves https://github.com/ubiquity/cloudflare-deploy-action/is…	0 content: p: count: 3 score: 1 ul: count: 18 score: 0 li: count: 18 score: 1 wordValue: 0 formattingMultiplier: 0	0.2	-

[ 7.3 WXDAI ]

@0x4007

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	7.3

Conversation Incentives

Comment	Formatting	Relevance	Reward
I think its related to deploys which technically has code spanni…	3.6 content: p: count: 36 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.3	1.08
To simplify permissions what if we just use `github-actions[…	2.6 content: p: count: 25 score: 1 code: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.6	1.56
This is expected and why I like to keep all of our work on GitHu…	3.6 content: p: count: 36 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.2	0.72
This can probably be automated with a script locally: 1. Recur…	4.1 content: p: count: 9 score: 1 ol: count: 13 score: 0 li: count: 13 score: 1 code: count: 19 score: 1 pre: count: 16 score: 0 wordValue: 0.1 formattingMultiplier: 1	0.9	3.69
https://github.com/ubiquity/ts-template/issues/54	0.1 content: p: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.01
I think I'll need to add funds to the old bot as well because th…	2.4 content: p: count: 24 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.24

[ 6.1475 WXDAI ]

@gitcoindev

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	6.1475

Conversation Incentives

Comment	Formatting	Relevance	Reward
Hi @gentlementlegen good luck! I encountered a chicken-and-egg p…	0.5 content: p: count: 20 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.2	0.1
You may want to read a few links from that thread. Basically, fo…	1.725 content: p: count: 66 score: 1 code: count: 3 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.9	1.5525
My last version that 'almost works' is to use pull_request_workf…	1.5 content: p: count: 60 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.7	1.05
Yes I have similar conclusions. By the way in one of the article…	1.725 content: p: count: 51 score: 1 code: count: 18 score: 1 pre: count: 10 score: 0 wordValue: 0.1 formattingMultiplier: 0.25	0.8	1.38
I also thought about this approach, but for the Knip case two wr…	1.75 content: p: count: 63 score: 1 pre: count: 5 score: 0 code: count: 7 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.6	1.05
There is a quite long thread in GitHub actions repository, https…	1.45 content: p: count: 57 score: 1 code: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.7	1.015

[ 38.4 WXDAI ]

@rndquu

Contributions Overview

View	Contribution	Count	Reward
Issue	Specification	1	21
Issue	Comment	3	17.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Right now we're using `pull_request_target` in many plac…	21 content: p: count: 9 score: 1 code: count: 4 score: 1 ul: count: 57 score: 0 li: count: 57 score: 1 wordValue: 0.1 formattingMultiplier: 3	1	21
[This](https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf…	10.6 content: p: count: 48 score: 1 a: count: 3 score: 1 code: count: 2 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.8	8.48
This all started with https://github.com/Codex-/knip-reporter, I…	16 content: p: count: 77 score: 1 code: count: 2 score: 1 a: count: 1 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.4	6.4
Right now there are only 2 places left which uses `pull_requ…	4.2 content: p: count: 16 score: 1 code: count: 3 score: 1 ul: count: 2 score: 0 li: count: 2 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.6	2.52

ubiquibot · 2024-08-20T02:05:14Z

[ 30.4 WXDAI ]

@0x4007

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	30.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
> @rndquu I believe it is arbitrary that you opened this issu...	3.7	0.455	3.7
To simplify permissions what if we just use `github-actions[...	3.7 code: count: 1 score: "1" words: 3	0.5	3.7
> Sorry for necroposting here This is expected and why I l...	3.7	0.6	3.7
> What should be done: > > * refactor all CI workflo...	15 li: count: 4 score: "4" words: 44 code: count: 6 score: "6" words: 5	0.625	15
> @0x4007 Didn't you open an issue about synching the templat...	0.8	0.61	0.8
> ```diff > ! Failed to run comment evaluation...	3.5 code: count: 1 score: "1" words: 0	0.645	3.5

[ 183.3 WXDAI ]

@gentlementlegen

Contributions Overview

View	Contribution	Count	Reward
Issue	Task	1	100
Issue	Comment	10	0
Issue	Comment	10	83.3

Conversation Incentives

Comment	Formatting	Relevance	Reward
@rndquu I believe it is arbitrary that you opened this issue in ...	-	0.43	-
@gitcoindev Thanks not very reassuring haha. That is correct, fo...	- li: count: 2 score: "0" words: 83 code: count: 1 score: "0" words: 3	0.67	-
Doesn't this introduce the security breach that @rndquu had been...	-	0.505	-
> To simplify permissions what if we just use `github-act...	- code: count: 1 score: "0" words: 3	0.595	-
One solution I thought of as well, is using environments for our...	- code: count: 3 score: "0" words: 3	0.615	-
> [This](https://github.com/Codex-/knip-reporter/blob/1d32edf...	- a: count: 3 score: "0" words: 3 code: count: 3 score: "0" words: 6	0.63	-
It is not possible to fake the OAuth except if we also run Supab...	-	0.595	-
Sorry for necroposting here, but I think this has been mostly re...	- a: count: 2 score: "0" words: 6 code: count: 5 score: "0" words: 7	0.615	-
@rndquu Okay these can be removed safely, I will take them of th...	-	0.675	-
@0x4007 Didn't you open an issue about synching the templates? T...	-	0.655	-
@rndquu I believe it is arbitrary that you opened this issue in ...	3.5	0.43	3.5
@gitcoindev Thanks not very reassuring haha. That is correct, fo...	23.3 li: count: 2 score: "2" words: 83 code: count: 1 score: "1" words: 3	0.67	23.3
Doesn't this introduce the security breach that @rndquu had been...	1.3	0.505	1.3
> To simplify permissions what if we just use `github-act...	1.8 code: count: 1 score: "1" words: 3	0.595	1.8
One solution I thought of as well, is using environments for our...	9.9 code: count: 3 score: "3" words: 3	0.615	9.9
> [This](https://github.com/Codex-/knip-reporter/blob/1d32edf...	13.3 a: count: 3 score: "3" words: 3 code: count: 3 score: "3" words: 6	0.63	13.3
It is not possible to fake the OAuth except if we also run Supab...	6.5	0.595	6.5
Sorry for necroposting here, but I think this has been mostly re...	20.8 a: count: 2 score: "2" words: 6 code: count: 5 score: "5" words: 7	0.615	20.8
@rndquu Okay these can be removed safely, I will take them of th...	1.3	0.675	1.3
@0x4007 Didn't you open an issue about synching the templates? T...	1.6	0.655	1.6

[ 49.4 WXDAI ]

@gitcoindev

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	49.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Hi @gentlementlegen good luck! I encountered a chicken-and-egg p...	3	0.73	3
You may want to read a few links from that thread. Basically, fo...	10.2 code: count: 3 score: "3" words: 3	0.68	10.2
My last version that 'almost works' is to use pull_request_workf...	7.4	0.525	7.4
Yes I have similar conclusions. By the way in one of the article...	9.7 code: count: 3 score: "3" words: 10	0.49	9.7
> To simplify permissions what if we just use `github-act...	9.8 code: count: 3 score: "3" words: 5	0.635	9.8
There is a quite long thread in GitHub actions repository, https...	9.3 code: count: 1 score: "1" words: 1	0.58	9.3

[ 83.2 WXDAI ]

@rndquu

Contributions Overview

View	Contribution	Count	Reward
Issue	Specification	1	32.8
Issue	Comment	3	50.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Right now we're using `pull_request_target` in many plac...	32.8 li: count: 6 score: "6" words: 74 code: count: 4 score: "4" words: 4	1	32.8
[This](https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf...	16.6 a: count: 3 score: "3" words: 3 code: count: 2 score: "2" words: 2	0.645	16.6
This all started with https://github.com/Codex-/knip-reporter, I...	19.8 a: count: 1 score: "1" words: 1 code: count: 1 score: "1" words: 2	0.605	19.8
Right now there are only 2 places left which uses `pull_requ...	14 li: count: 2 score: "2" words: 29 code: count: 3 score: "3" words: 3	0.565	14

gentlementlegen · 2024-08-20T02:06:11Z

@0x4007 This was run again with the max_length fixed, see PR ubiquity-os-marketplace/text-conversation-rewards#87

0x4007 · 2024-08-20T04:13:55Z

I think we should boost the conversation rewards.

ubiquityos · 2024-08-20T15:16:31Z

[ 100 WXDAI ]

@gentlementlegen

Contributions Overview

View	Contribution	Count	Reward
Issue	Task	1	100
Issue	Comment	11	0
Review	Comment	1	0

Conversation Incentives

Comment	Formatting	Relevance	Reward
@rndquu I believe it is arbitrary that you opened this issue in …	0 content: p: count: 31 score: 1 wordValue: 0 formattingMultiplier: 0	0.2	-
@gitcoindev Thanks not very reassuring haha. That is correct, fo…	0 content: p: count: 118 score: 1 code: count: 1 score: 1 ul: count: 81 score: 0 li: count: 81 score: 1 wordValue: 0 formattingMultiplier: 0	0.9	-
Doesn't this introduce the security breach that @rndquu had been…	0 content: p: count: 12 score: 1 wordValue: 0 formattingMultiplier: 0	0.4	-
Wouldn't solve scenarios requiring keys or credentials	0 content: p: count: 7 score: 1 wordValue: 0 formattingMultiplier: 0	0.3	-
One solution I thought of as well, is using environments for our…	0 content: p: count: 56 score: 1 code: count: 3 score: 1 wordValue: 0 formattingMultiplier: 0	0.8	-
This is true, but doesn't solve cases where we need credentials …	0 content: p: count: 73 score: 1 code: count: 4 score: 1 wordValue: 0 formattingMultiplier: 0	0.7	-
It is not possible to fake the OAuth except if we also run Supab…	0 content: p: count: 65 score: 1 wordValue: 0 formattingMultiplier: 0	0.5	-
Sorry for necroposting here, but I think this has been mostly re…	0 content: p: count: 135 score: 1 code: count: 5 score: 1 a: count: 6 score: 1 wordValue: 0 formattingMultiplier: 0	0.6	-
@rndquu Okay these can be removed safely, I will take them of th…	0 content: p: count: 13 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
@0x4007 Didn't you open an issue about synching the templates? T…	0 content: p: count: 15 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
@0x4007 This was run again with the `max_length` fixed, …	0 content: p: count: 12 score: 1 code: count: 1 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
Resolves https://github.com/ubiquity/cloudflare-deploy-action/is…	0 content: p: count: 3 score: 1 ul: count: 18 score: 0 li: count: 18 score: 1 wordValue: 0 formattingMultiplier: 0	0.2	-

[ 6.49 WXDAI ]

@0x4007

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	7	6.49

Conversation Incentives

Comment	Formatting	Relevance	Reward
I think its related to deploys which technically has code spanni…	3.6 content: p: count: 36 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.3	1.08
To simplify permissions what if we just use `github-actions[…	2.6 content: p: count: 25 score: 1 code: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.4	1.04
This is expected and why I like to keep all of our work on GitHu…	3.6 content: p: count: 36 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.36
This can probably be automated with a script locally: 1. Recur…	4.1 content: p: count: 9 score: 1 ol: count: 13 score: 0 li: count: 13 score: 1 code: count: 19 score: 1 pre: count: 16 score: 0 wordValue: 0.1 formattingMultiplier: 1	0.9	3.69
https://github.com/ubiquity/ts-template/issues/54	0.1 content: p: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 1	-	-
I think I'll need to add funds to the old bot as well because th…	2.4 content: p: count: 24 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.24
I think we should boost the conversation rewards.	0.8 content: p: count: 8 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.08

[ 6.2725 WXDAI ]

@gitcoindev

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	6.2725

Conversation Incentives

Comment	Formatting	Relevance	Reward
Hi @gentlementlegen good luck! I encountered a chicken-and-egg p…	0.5 content: p: count: 20 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.4	0.2
You may want to read a few links from that thread. Basically, fo…	1.725 content: p: count: 66 score: 1 code: count: 3 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.8	1.38
My last version that 'almost works' is to use pull_request_workf…	1.5 content: p: count: 60 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.6	0.9
Yes I have similar conclusions. By the way in one of the article…	1.725 content: p: count: 51 score: 1 code: count: 18 score: 1 pre: count: 10 score: 0 wordValue: 0.1 formattingMultiplier: 0.25	0.9	1.5525
I also thought about this approach, but for the Knip case two wr…	1.75 content: p: count: 63 score: 1 pre: count: 5 score: 0 code: count: 7 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.7	1.225
There is a quite long thread in GitHub actions repository, https…	1.45 content: p: count: 57 score: 1 code: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.7	1.015

[ 37.22 WXDAI ]

@rndquu

Contributions Overview

View	Contribution	Count	Reward
Issue	Specification	1	21
Issue	Comment	3	16.22

Conversation Incentives

Comment	Formatting	Relevance	Reward
Right now we're using `pull_request_target` in many plac…	21 content: p: count: 9 score: 1 code: count: 4 score: 1 ul: count: 57 score: 0 li: count: 57 score: 1 wordValue: 0.1 formattingMultiplier: 3	1	21
[This](https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf…	10.6 content: p: count: 48 score: 1 a: count: 3 score: 1 code: count: 2 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.8	8.48
This all started with https://github.com/Codex-/knip-reporter, I…	16 content: p: count: 77 score: 1 code: count: 2 score: 1 a: count: 1 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.3	4.8
Right now there are only 2 places left which uses `pull_requ…	4.2 content: p: count: 16 score: 1 code: count: 3 score: 1 ul: count: 2 score: 0 li: count: 2 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.7	2.94

rndquu added Time: <4 Hours Priority: 1 (Normal) labels Mar 19, 2024

ubiquibot bot added the Price: 100 USD label Mar 19, 2024

ubiquibot bot mentioned this issue Mar 19, 2024

CI: refactor pull_request_target to pull_request ubiquity/devpool-directory#1147

Closed

ubiquibot bot assigned gentlementlegen Mar 22, 2024

gentlementlegen mentioned this issue May 23, 2024

CI: refactor knip to run on pull_request event ubiquity/ts-template#42

Closed

gentlementlegen mentioned this issue Aug 19, 2024

fix: pull request action ubiquity/onboard.ubq.fi#23

Merged

gentlementlegen closed this as completed in ubiquity/onboard.ubq.fi#23 Aug 19, 2024

gentlementlegen mentioned this issue Aug 19, 2024

Unexpected end of JSON input error ubiquity-os-marketplace/text-conversation-rewards#84

Closed

0x4007 mentioned this issue Aug 19, 2024

Unexpected end of JSON input ubiquity-os-marketplace/text-conversation-rewards#85

Closed

gentlementlegen reopened this Aug 20, 2024

gentlementlegen closed this as completed Aug 20, 2024

ubiquibot bot unassigned gentlementlegen Aug 20, 2024

gentlementlegen self-assigned this Aug 20, 2024

ubiquity deleted a comment from ubiquibot bot Aug 20, 2024

ubiquity deleted a comment from ubiquityos bot Aug 20, 2024

gentlementlegen reopened this Aug 20, 2024

gentlementlegen closed this as completed Aug 20, 2024

gentlementlegen mentioned this issue Aug 20, 2024

fix: increased max_tokens to avoid truncating responses ubiquity-os-marketplace/text-conversation-rewards#87

Merged

gentlementlegen reopened this Aug 20, 2024

gentlementlegen closed this as completed Aug 20, 2024

CI: refactor pull_request_target to pull_request #6

CI: refactor pull_request_target to pull_request #6

Comments

rndquu commented Mar 19, 2024

gentlementlegen commented Mar 22, 2024

ubiquibot bot commented Mar 22, 2024

Tips:

gentlementlegen commented Mar 22, 2024

0x4007 commented Mar 22, 2024

gitcoindev commented Mar 22, 2024

gitcoindev commented Mar 22, 2024

gitcoindev commented Mar 22, 2024

gentlementlegen commented Mar 22, 2024

gitcoindev commented Mar 22, 2024

gentlementlegen commented Mar 22, 2024

0x4007 commented Mar 22, 2024

gentlementlegen commented Mar 22, 2024

gitcoindev commented Mar 22, 2024

gitcoindev commented Mar 22, 2024

gentlementlegen commented Mar 22, 2024

rndquu commented Mar 22, 2024

gentlementlegen commented Mar 24, 2024

rndquu commented Mar 25, 2024

gentlementlegen commented Mar 25, 2024

gentlementlegen commented Jul 27, 2024

0x4007 commented Jul 29, 2024 • edited Loading

rndquu commented Jul 30, 2024

gentlementlegen commented Jul 31, 2024

0x4007 commented Aug 19, 2024 • edited Loading

gentlementlegen commented Aug 19, 2024

0x4007 commented Aug 19, 2024

ubiquibot bot commented Aug 19, 2024

ubiquityos bot commented Aug 19, 2024 • edited Loading

ubiquibot bot commented Aug 19, 2024

Contributions Overview

Conversation Incentives

> Sorry for necroposting here This is expected and why I l...

Contributions Overview

Conversation Incentives

Contributions Overview

Conversation Incentives

Contributions Overview

Conversation Incentives

0x4007 commented Aug 19, 2024

ubiquibot bot commented Aug 20, 2024

ubiquibot bot commented Aug 20, 2024

ubiquityos bot commented Aug 20, 2024 • edited Loading

Contributions Overview

Conversation Incentives

Contributions Overview

Conversation Incentives

Contributions Overview

Conversation Incentives

Contributions Overview

Conversation Incentives

ubiquibot bot commented Aug 20, 2024

Contributions Overview

Conversation Incentives

> Sorry for necroposting here This is expected and why I l...

CI: refactor `pull_request_target` to `pull_request` #6

CI: refactor `pull_request_target` to `pull_request` #6

0x4007 commented Jul 29, 2024 •

edited

Loading

0x4007 commented Aug 19, 2024 •

edited

Loading

ubiquityos bot commented Aug 19, 2024 •

edited

Loading

> Sorry for necroposting here
This is expected and why I l...

ubiquityos bot commented Aug 20, 2024 •

edited

Loading

> Sorry for necroposting here
This is expected and why I l...