CI: refactor pull_request_target to pull_request

[rndquu]

Right now we're using pull_request_target in many places like:

• https://github.com/ubiquity/ubiquibot-kernel/blob/c553d5a7866c1ef76d4f589d8095c8bb751cbd49/.github/workflows/bun-testing.yml#L4
• https://github.com/ubiquity/ts-template/blob/84d03ca4fef2d5cf1ecff4bf1333e56895685151/.github/workflows/jest-testing.yml#L4

In the examples mentioned above workflows always check out the development branch + open a security hole for exfiltrating of github access token with write permissions.

Check this for more info:

• Knip configuration for keygen keygen.ubq.fi#5 (comment)
• Secure Secrets for Generalized Continuous Deploys #1 (comment)

What should be done:

• refactor all CI workflows in the https://github.com/ubiquity organization from pull_request_target to pull_request
• fix related CI errors where necessary

[gentlementlegen]

/start

[ubiquibot]

Deadline	Fri, Mar 22, 9:42 AM UTC
Registered Wallet	0x0fC1b909ba9265A846b82CF4CE352fc3e7EeB2ED

Tips:

• Use /wallet 0x0000...0000 if you want to update your registered payment wallet address.
• Be sure to open a draft pull request as soon as possible to communicate updates on your progress.
• Be sure to provide timely updates to us when requested, or you will be automatically unassigned from the task.

[gentlementlegen]

@rndquu I believe it is arbitrary that you opened this issue in the repository since it impact plenty of them. Maybe would make more sense to open it at https://github.com/ubiquity/ts-template ?

[0x4007]

@rndquu I believe it is arbitrary that you opened this issue in the repository since it impact plenty of them. Maybe would make more sense to open it at https://github.com/ubiquity/ts-template ?

I think its related to deploys which technically has code spanning across the ts-template and every repository as an extension of the template. However this repository I think makes the most sense for deploys related tasks.

[gitcoindev]

Hi @gentlementlegen good luck! I encountered a chicken-and-egg problem for Knip reporter part here: ubiquity/keygen.ubq.fi#5 (comment) , still experimenting on that..

[gitcoindev]

You may want to read a few links from that thread. Basically, for branches across the same repository it does work correctly with pull_request, https://github.com/gitcoindev/keygen.ubq.fi/actions/runs/8355152504

In case of pull_request workflow opened from a forked repository , the secrets are not passed (all of the variables are None / null`) , there are ways to deal with this but I have not found the perfect solution, yet.

[gitcoindev]

My last version that 'almost works' is to use pull_request_workflow and a fine grained token https://github.com/korrrba/keygen.ubq.fi/actions/runs/8366591693/workflow , see tibdex/[email protected] . But perhaps I leave more investigation to you, you may discover something that works better. For the deploy workflow @rndquu was able to solve it in an elegant way, building with read only permissions and deploying with the elevated ones.

[gentlementlegen]

@gitcoindev Thanks not very reassuring haha. That is correct, forks are not receiving the secrets for security purposes. pull-request-target sort of solved it but uses the base branch for the workflows and introduces security issues where the secrets can be leaked. I thought of a few workarounds. Because I think we will always need to use secrets at some point, even for testing.

The main reason why we require the secrets is also to post to the current PR the results. This could eventually be disabled, and we would still notice that the workflow failed to run. But in the case of testing, if credentials are needed, we obiously cannot expose them. I thought maybe we should either:

• always require to have a link to a successful build (which is what we kinda do now), it's functional but wouldn't block a pull request and we still could merge by accident
• trigger the workflow but not in the PR, rather on a push to the dev branch or something similar. In that way, the workflows would get the secrets, and we would still detect a merge that broke stuff. This however could make reverts also very difficult in some scenarios.

[gitcoindev]

Yes I have similar conclusions. By the way in one of the articles I found a hack that allows to workaround for uses the base branch for the workflows default scenario:

      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}

When the github.event.pull_request is available, head.sha can be used to fetch the pull request workspace instead of the base branch.

[gentlementlegen]

Doesn't this introduce the security breach that @rndquu had been mentioning before?

[0x4007]

To simplify permissions what if we just use github-actions[bot] or whatever the default is, and then focus on annotations in files view instead of comments?

[gentlementlegen]

To simplify permissions what if we just use github-actions[bot] or whatever the default is, and then focus on annotations in files view instead of comments?

Wouldn't solve scenarios requiring keys or credentials

[gitcoindev]

To simplify permissions what if we just use github-actions[bot] or whatever the default is, and then focus on annotations in files view instead of comments?

I also thought about this approach, but for the Knip case two write permissions are needed:

permissions:
  checks: write
  issues: write

If we skip comments, Checks: write is the blocking one as well. I began to wonder if there is a completely another way to tackle this like rewriting the knip-reporter to not to use checks -) I hope that @gentlementlegen can come up with a better solution.

[gitcoindev]

There is a quite long thread in GitHub actions repository, actions/checkout#518

Many projects struggle with that. One of the last comments mentions the similar workflow that @rndquu introduced:

actions/checkout#518 (comment)

(does not work for Knip-reporter currently though due to https://github.com/Codex-/knip-reporter/blob/main/src/main.ts#L24 and the fact that it complains about workflow_run) . Perhaps this can be solved in the knip-reporter somehow.

[gentlementlegen]

One solution I thought of as well, is using environments for our secrets to keep using pull_request_target but avoid production secrets leak.
https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
In the theory we should have a dev environment where everything, even if leaked, are no threat to our production elements. We could have a development and production environment, each with different secrets.

[rndquu]

This check is introduced because PR number is used here.

The thing is that on workflow_run (which runs in a privileged context with access to secrets) we can still fetch associated PR number this way.

We could update https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf8728aae419758f2f4b4e35fd6945/src/main.ts to work with workflow_run with (relatively) small code changes.

[gentlementlegen]

This check is introduced because PR number is used here.

The thing is that on workflow_run (which runs in a privileged context with access to secrets) we can still fetch associated PR number this way.

We could update https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf8728aae419758f2f4b4e35fd6945/src/main.ts to work with workflow_run with (relatively) small code changes.

This is true, but doesn't solve cases where we need credentials or any other kind of sensitive data (I think mostly about login tests). If we use environments for our secrets we can have workflows like
GITHUB_TOKEN: ${{ secrets.development.GITHUB_TOKEN }}
Where the PAT only has very restricted access, such as PR read / post only. This way, we keep secrets, can run any workflow normally and still do not expose any sensitive data.

[rndquu]

This all started with https://github.com/Codex-/knip-reporter, I would remove it, keep using plain yarn knip in a build workflow (which throws on knip warnings) and be done with that without refactoring https://github.com/Codex-/knip-reporter, introducing environments and other unnecessary stuff

This is true, but doesn't solve cases where we need credentials

We don't need sensitive credentials anywhere, the only ones I can think of are cloudflare credentials but they are already used safely

I think mostly about login tests

I'm sure there is a way to mock github oauth without passing sensitive credentials in a build step

[gentlementlegen]

It is not possible to fake the OAuth except if we also run Supabase inside the Action, and setup a whole new DB. Which would also probably require GitHub keys to set the OAuth. I would like not to have any sensitive data in the env, but we should then consider not doing any test requiring authentication, or involving any sensitive data to achieve so

[gentlementlegen]

Sorry for necroposting here, but I think this has been mostly resolved as we do not use pull_request_target anywhere afaik.

However, for Knip we still use the Workflow Run to trigger the workflow with the secrets. In the case of Knip, wouldn't it be enough to post the results in the summary the same way we do now for Jest? Like here for example, so we would not need the Knip reporter script.

The only Actions that should require environment variables are the ones requiring secrets for deployments and such, which are currently triggered after the Build step is complete so get access to the environment. However I think this is as dangerous as using pull_request_target. But without it we would not be able to have preview deployments with Cloudflare like we do for work.ubq.fi.

[0x4007]

Sorry for necroposting here

This is expected and why I like to keep all of our work on GitHub so that we can use all conversations/issues as an archive.

wouldn't it be enough to post the results in the summary the same way we do now for Jes

Yes this is preferred so as to not clutter the conversation.

[rndquu]

Right now there are only 2 places left which uses pull_request_target across ubiquity and ubiquibot organizations:

• https://github.com/ubiquity/onboard.ubq.fi/blob/902ff2b5c4116044f12fa266a0ab3e44315c0fcb/.github/workflows/knip.yml#L4
• https://github.com/ubiquity/onboard.ubq.fi/blob/902ff2b5c4116044f12fa266a0ab3e44315c0fcb/.github/workflows/cypress-testing.yml#L4

[gentlementlegen]

@rndquu Okay these can be removed safely, I will take them of them.

[0x4007]

What should be done:

• refactor all CI workflows in the https://github.com/ubiquity organization from pull_request_target to pull_request
• fix related CI errors where necessary

This can probably be automated with a script locally:

1. Recursive clone all repos
2. sed find and replace all yml files for pull_request_target

sed 's/pull_request_target/pull_request/g' in.yml > in.yml
git commit -m "chore: pull_request_target to pull_request 
resolves https://github.com/ubiquity/cloudflare-deploy-action/issues/6"
git push

[gentlementlegen]

@0x4007 Didn't you open an issue about synching the templates? This should also solve that.

[0x4007]

@0x4007 Didn't you open an issue about synching the templates? This should also solve that.

ubiquity/ts-template#54

[ubiquibot]

+ Evaluating results. Please wait...

[ubiquityos]

! Failed to run comment evaluation. SyntaxError: Unexpected end of JSON input

[ubiquibot]

[ 26.9 WXDAI ]

@0x4007

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	5	26.9

Conversation Incentives

Comment	Formatting	Relevance	Reward
> @rndquu I believe it is arbitrary that you opened this issu...	3.7	0.4	3.7
To simplify permissions what if we just use `github-actions[...	3.7 code: count: 1 score: "1" words: 3	0.61	3.7
> Sorry for necroposting here This is expected and why I l...	3.7	0.62	3.7
> What should be done: > > * refactor all CI workflo...	15 li: count: 4 score: "4" words: 44 code: count: 6 score: "6" words: 5	0.66	15
> @0x4007 Didn't you open an issue about synching the templat...	0.8	0.67	0.8

[ 183.3 WXDAI ]

@gentlementlegen

Contributions Overview

View	Contribution	Count	Reward
Issue	Task	1	100
Issue	Comment	10	0
Issue	Comment	10	83.3

Conversation Incentives

Comment	Formatting	Relevance	Reward
@rndquu I believe it is arbitrary that you opened this issue in ...	-	0.38	-
@gitcoindev Thanks not very reassuring haha. That is correct, fo...	- li: count: 2 score: "0" words: 83 code: count: 1 score: "0" words: 3	0.55	-
Doesn't this introduce the security breach that @rndquu had been...	-	0.56	-
> To simplify permissions what if we just use `github-act...	- code: count: 1 score: "0" words: 3	0.63	-
One solution I thought of as well, is using environments for our...	- code: count: 3 score: "0" words: 3	0.61	-
> [This](https://github.com/Codex-/knip-reporter/blob/1d32edf...	- a: count: 3 score: "0" words: 3 code: count: 3 score: "0" words: 6	0.72	-
It is not possible to fake the OAuth except if we also run Supab...	-	0.64	-
Sorry for necroposting here, but I think this has been mostly re...	- a: count: 2 score: "0" words: 6 code: count: 5 score: "0" words: 7	0.6	-
@rndquu Okay these can be removed safely, I will take them of th...	-	0.67	-
@0x4007 Didn't you open an issue about synching the templates? T...	-	0.61	-
@rndquu I believe it is arbitrary that you opened this issue in ...	3.5	0.38	3.5
@gitcoindev Thanks not very reassuring haha. That is correct, fo...	23.3 li: count: 2 score: "2" words: 83 code: count: 1 score: "1" words: 3	0.55	23.3
Doesn't this introduce the security breach that @rndquu had been...	1.3	0.56	1.3
> To simplify permissions what if we just use `github-act...	1.8 code: count: 1 score: "1" words: 3	0.63	1.8
One solution I thought of as well, is using environments for our...	9.9 code: count: 3 score: "3" words: 3	0.61	9.9
> [This](https://github.com/Codex-/knip-reporter/blob/1d32edf...	13.3 a: count: 3 score: "3" words: 3 code: count: 3 score: "3" words: 6	0.72	13.3
It is not possible to fake the OAuth except if we also run Supab...	6.5	0.64	6.5
Sorry for necroposting here, but I think this has been mostly re...	20.8 a: count: 2 score: "2" words: 6 code: count: 5 score: "5" words: 7	0.6	20.8
@rndquu Okay these can be removed safely, I will take them of th...	1.3	0.67	1.3
@0x4007 Didn't you open an issue about synching the templates? T...	1.6	0.61	1.6

[ 49.4 WXDAI ]

@gitcoindev

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	49.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Hi @gentlementlegen good luck! I encountered a chicken-and-egg p...	3	0.76	3
You may want to read a few links from that thread. Basically, fo...	10.2 code: count: 3 score: "3" words: 3	0.7	10.2
My last version that 'almost works' is to use pull_request_workf...	7.4	0.6	7.4
Yes I have similar conclusions. By the way in one of the article...	9.7 code: count: 3 score: "3" words: 10	0.56	9.7
> To simplify permissions what if we just use `github-act...	9.8 code: count: 3 score: "3" words: 5	0.67	9.8
There is a quite long thread in GitHub actions repository, https...	9.3 code: count: 1 score: "1" words: 1	0.67	9.3

[ 83.2 WXDAI ]

@rndquu

Contributions Overview

View	Contribution	Count	Reward
Issue	Specification	1	32.8
Issue	Comment	3	50.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Right now we're using `pull_request_target` in many plac...	32.8 li: count: 6 score: "6" words: 74 code: count: 4 score: "4" words: 4	1	32.8
[This](https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf...	16.6 a: count: 3 score: "3" words: 3 code: count: 2 score: "2" words: 2	0.78	16.6
This all started with https://github.com/Codex-/knip-reporter, I...	19.8 a: count: 1 score: "1" words: 1 code: count: 1 score: "1" words: 2	0.63	19.8
Right now there are only 2 places left which uses `pull_requ...	14 li: count: 2 score: "2" words: 29 code: count: 3 score: "3" words: 3	0.71	14

[0x4007]

! Failed to run comment evaluation. SyntaxError: Unexpected end of JSON input

I think I'll need to add funds to the old bot as well because the new bot is unreliable. It broke twice tonight already

[ubiquibot]

@gentlementlegen the deadline is at 2024-08-20T05:59:43.452Z

[ubiquibot]

+ Evaluating results. Please wait...

[ubiquityos]

[ 100 WXDAI ]

@gentlementlegen

Contributions Overview

View	Contribution	Count	Reward
Issue	Task	1	100
Issue	Comment	10	0
Review	Comment	1	0

Conversation Incentives

Comment	Formatting	Relevance	Reward
@rndquu I believe it is arbitrary that you opened this issue in …	0 content: p: count: 31 score: 1 wordValue: 0 formattingMultiplier: 0	0.2	-
@gitcoindev Thanks not very reassuring haha. That is correct, fo…	0 content: p: count: 118 score: 1 code: count: 1 score: 1 ul: count: 81 score: 0 li: count: 81 score: 1 wordValue: 0 formattingMultiplier: 0	0.8	-
Doesn't this introduce the security breach that @rndquu had been…	0 content: p: count: 12 score: 1 wordValue: 0 formattingMultiplier: 0	0.5	-
Wouldn't solve scenarios requiring keys or credentials	0 content: p: count: 7 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
One solution I thought of as well, is using environments for our…	0 content: p: count: 56 score: 1 code: count: 3 score: 1 wordValue: 0 formattingMultiplier: 0	0.7	-
This is true, but doesn't solve cases where we need credentials …	0 content: p: count: 73 score: 1 code: count: 4 score: 1 wordValue: 0 formattingMultiplier: 0	0.6	-
It is not possible to fake the OAuth except if we also run Supab…	0 content: p: count: 65 score: 1 wordValue: 0 formattingMultiplier: 0	0.3	-
Sorry for necroposting here, but I think this has been mostly re…	0 content: p: count: 135 score: 1 code: count: 5 score: 1 a: count: 6 score: 1 wordValue: 0 formattingMultiplier: 0	0.6	-
@rndquu Okay these can be removed safely, I will take them of th…	0 content: p: count: 13 score: 1 wordValue: 0 formattingMultiplier: 0	0.3	-
@0x4007 Didn't you open an issue about synching the templates? T…	0 content: p: count: 15 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
Resolves https://github.com/ubiquity/cloudflare-deploy-action/is…	0 content: p: count: 3 score: 1 ul: count: 18 score: 0 li: count: 18 score: 1 wordValue: 0 formattingMultiplier: 0	0.2	-

[ 7.3 WXDAI ]

@0x4007

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	7.3

Conversation Incentives

Comment	Formatting	Relevance	Reward
I think its related to deploys which technically has code spanni…	3.6 content: p: count: 36 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.3	1.08
To simplify permissions what if we just use `github-actions[…	2.6 content: p: count: 25 score: 1 code: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.6	1.56
This is expected and why I like to keep all of our work on GitHu…	3.6 content: p: count: 36 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.2	0.72
This can probably be automated with a script locally: 1. Recur…	4.1 content: p: count: 9 score: 1 ol: count: 13 score: 0 li: count: 13 score: 1 code: count: 19 score: 1 pre: count: 16 score: 0 wordValue: 0.1 formattingMultiplier: 1	0.9	3.69
https://github.com/ubiquity/ts-template/issues/54	0.1 content: p: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.01
I think I'll need to add funds to the old bot as well because th…	2.4 content: p: count: 24 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.24

[ 6.1475 WXDAI ]

@gitcoindev

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	6.1475

Conversation Incentives

Comment	Formatting	Relevance	Reward
Hi @gentlementlegen good luck! I encountered a chicken-and-egg p…	0.5 content: p: count: 20 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.2	0.1
You may want to read a few links from that thread. Basically, fo…	1.725 content: p: count: 66 score: 1 code: count: 3 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.9	1.5525
My last version that 'almost works' is to use pull_request_workf…	1.5 content: p: count: 60 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.7	1.05
Yes I have similar conclusions. By the way in one of the article…	1.725 content: p: count: 51 score: 1 code: count: 18 score: 1 pre: count: 10 score: 0 wordValue: 0.1 formattingMultiplier: 0.25	0.8	1.38
I also thought about this approach, but for the Knip case two wr…	1.75 content: p: count: 63 score: 1 pre: count: 5 score: 0 code: count: 7 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.6	1.05
There is a quite long thread in GitHub actions repository, https…	1.45 content: p: count: 57 score: 1 code: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.7	1.015

[ 38.4 WXDAI ]

@rndquu

Contributions Overview

View	Contribution	Count	Reward
Issue	Specification	1	21
Issue	Comment	3	17.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Right now we're using `pull_request_target` in many plac…	21 content: p: count: 9 score: 1 code: count: 4 score: 1 ul: count: 57 score: 0 li: count: 57 score: 1 wordValue: 0.1 formattingMultiplier: 3	1	21
[This](https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf…	10.6 content: p: count: 48 score: 1 a: count: 3 score: 1 code: count: 2 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.8	8.48
This all started with https://github.com/Codex-/knip-reporter, I…	16 content: p: count: 77 score: 1 code: count: 2 score: 1 a: count: 1 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.4	6.4
Right now there are only 2 places left which uses `pull_requ…	4.2 content: p: count: 16 score: 1 code: count: 3 score: 1 ul: count: 2 score: 0 li: count: 2 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.6	2.52

[ubiquibot]

[ 30.4 WXDAI ]

@0x4007

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	30.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
> @rndquu I believe it is arbitrary that you opened this issu...	3.7	0.455	3.7
To simplify permissions what if we just use `github-actions[...	3.7 code: count: 1 score: "1" words: 3	0.5	3.7
> Sorry for necroposting here This is expected and why I l...	3.7	0.6	3.7
> What should be done: > > * refactor all CI workflo...	15 li: count: 4 score: "4" words: 44 code: count: 6 score: "6" words: 5	0.625	15
> @0x4007 Didn't you open an issue about synching the templat...	0.8	0.61	0.8
> ```diff > ! Failed to run comment evaluation...	3.5 code: count: 1 score: "1" words: 0	0.645	3.5

[ 183.3 WXDAI ]

@gentlementlegen

Contributions Overview

View	Contribution	Count	Reward
Issue	Task	1	100
Issue	Comment	10	0
Issue	Comment	10	83.3

Conversation Incentives

Comment	Formatting	Relevance	Reward
@rndquu I believe it is arbitrary that you opened this issue in ...	-	0.43	-
@gitcoindev Thanks not very reassuring haha. That is correct, fo...	- li: count: 2 score: "0" words: 83 code: count: 1 score: "0" words: 3	0.67	-
Doesn't this introduce the security breach that @rndquu had been...	-	0.505	-
> To simplify permissions what if we just use `github-act...	- code: count: 1 score: "0" words: 3	0.595	-
One solution I thought of as well, is using environments for our...	- code: count: 3 score: "0" words: 3	0.615	-
> [This](https://github.com/Codex-/knip-reporter/blob/1d32edf...	- a: count: 3 score: "0" words: 3 code: count: 3 score: "0" words: 6	0.63	-
It is not possible to fake the OAuth except if we also run Supab...	-	0.595	-
Sorry for necroposting here, but I think this has been mostly re...	- a: count: 2 score: "0" words: 6 code: count: 5 score: "0" words: 7	0.615	-
@rndquu Okay these can be removed safely, I will take them of th...	-	0.675	-
@0x4007 Didn't you open an issue about synching the templates? T...	-	0.655	-
@rndquu I believe it is arbitrary that you opened this issue in ...	3.5	0.43	3.5
@gitcoindev Thanks not very reassuring haha. That is correct, fo...	23.3 li: count: 2 score: "2" words: 83 code: count: 1 score: "1" words: 3	0.67	23.3
Doesn't this introduce the security breach that @rndquu had been...	1.3	0.505	1.3
> To simplify permissions what if we just use `github-act...	1.8 code: count: 1 score: "1" words: 3	0.595	1.8
One solution I thought of as well, is using environments for our...	9.9 code: count: 3 score: "3" words: 3	0.615	9.9
> [This](https://github.com/Codex-/knip-reporter/blob/1d32edf...	13.3 a: count: 3 score: "3" words: 3 code: count: 3 score: "3" words: 6	0.63	13.3
It is not possible to fake the OAuth except if we also run Supab...	6.5	0.595	6.5
Sorry for necroposting here, but I think this has been mostly re...	20.8 a: count: 2 score: "2" words: 6 code: count: 5 score: "5" words: 7	0.615	20.8
@rndquu Okay these can be removed safely, I will take them of th...	1.3	0.675	1.3
@0x4007 Didn't you open an issue about synching the templates? T...	1.6	0.655	1.6

[ 49.4 WXDAI ]

@gitcoindev

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	49.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Hi @gentlementlegen good luck! I encountered a chicken-and-egg p...	3	0.73	3
You may want to read a few links from that thread. Basically, fo...	10.2 code: count: 3 score: "3" words: 3	0.68	10.2
My last version that 'almost works' is to use pull_request_workf...	7.4	0.525	7.4
Yes I have similar conclusions. By the way in one of the article...	9.7 code: count: 3 score: "3" words: 10	0.49	9.7
> To simplify permissions what if we just use `github-act...	9.8 code: count: 3 score: "3" words: 5	0.635	9.8
There is a quite long thread in GitHub actions repository, https...	9.3 code: count: 1 score: "1" words: 1	0.58	9.3

[ 83.2 WXDAI ]

@rndquu

Contributions Overview

View	Contribution	Count	Reward
Issue	Specification	1	32.8
Issue	Comment	3	50.4

Conversation Incentives

Comment	Formatting	Relevance	Reward
Right now we're using `pull_request_target` in many plac...	32.8 li: count: 6 score: "6" words: 74 code: count: 4 score: "4" words: 4	1	32.8
[This](https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf...	16.6 a: count: 3 score: "3" words: 3 code: count: 2 score: "2" words: 2	0.645	16.6
This all started with https://github.com/Codex-/knip-reporter, I...	19.8 a: count: 1 score: "1" words: 1 code: count: 1 score: "1" words: 2	0.605	19.8
Right now there are only 2 places left which uses `pull_requ...	14 li: count: 2 score: "2" words: 29 code: count: 3 score: "3" words: 3	0.565	14

[gentlementlegen]

@0x4007 This was run again with the max_length fixed, see PR ubiquity-os-marketplace/conversation-rewards#87

[0x4007]

I think we should boost the conversation rewards.

[ubiquityos]

[ 100 WXDAI ]

@gentlementlegen

Contributions Overview

View	Contribution	Count	Reward
Issue	Task	1	100
Issue	Comment	11	0
Review	Comment	1	0

Conversation Incentives

Comment	Formatting	Relevance	Reward
@rndquu I believe it is arbitrary that you opened this issue in …	0 content: p: count: 31 score: 1 wordValue: 0 formattingMultiplier: 0	0.2	-
@gitcoindev Thanks not very reassuring haha. That is correct, fo…	0 content: p: count: 118 score: 1 code: count: 1 score: 1 ul: count: 81 score: 0 li: count: 81 score: 1 wordValue: 0 formattingMultiplier: 0	0.9	-
Doesn't this introduce the security breach that @rndquu had been…	0 content: p: count: 12 score: 1 wordValue: 0 formattingMultiplier: 0	0.4	-
Wouldn't solve scenarios requiring keys or credentials	0 content: p: count: 7 score: 1 wordValue: 0 formattingMultiplier: 0	0.3	-
One solution I thought of as well, is using environments for our…	0 content: p: count: 56 score: 1 code: count: 3 score: 1 wordValue: 0 formattingMultiplier: 0	0.8	-
This is true, but doesn't solve cases where we need credentials …	0 content: p: count: 73 score: 1 code: count: 4 score: 1 wordValue: 0 formattingMultiplier: 0	0.7	-
It is not possible to fake the OAuth except if we also run Supab…	0 content: p: count: 65 score: 1 wordValue: 0 formattingMultiplier: 0	0.5	-
Sorry for necroposting here, but I think this has been mostly re…	0 content: p: count: 135 score: 1 code: count: 5 score: 1 a: count: 6 score: 1 wordValue: 0 formattingMultiplier: 0	0.6	-
@rndquu Okay these can be removed safely, I will take them of th…	0 content: p: count: 13 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
@0x4007 Didn't you open an issue about synching the templates? T…	0 content: p: count: 15 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
@0x4007 This was run again with the `max_length` fixed, …	0 content: p: count: 12 score: 1 code: count: 1 score: 1 wordValue: 0 formattingMultiplier: 0	0.1	-
Resolves https://github.com/ubiquity/cloudflare-deploy-action/is…	0 content: p: count: 3 score: 1 ul: count: 18 score: 0 li: count: 18 score: 1 wordValue: 0 formattingMultiplier: 0	0.2	-

[ 6.49 WXDAI ]

@0x4007

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	7	6.49

Conversation Incentives

Comment	Formatting	Relevance	Reward
I think its related to deploys which technically has code spanni…	3.6 content: p: count: 36 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.3	1.08
To simplify permissions what if we just use `github-actions[…	2.6 content: p: count: 25 score: 1 code: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.4	1.04
This is expected and why I like to keep all of our work on GitHu…	3.6 content: p: count: 36 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.36
This can probably be automated with a script locally: 1. Recur…	4.1 content: p: count: 9 score: 1 ol: count: 13 score: 0 li: count: 13 score: 1 code: count: 19 score: 1 pre: count: 16 score: 0 wordValue: 0.1 formattingMultiplier: 1	0.9	3.69
https://github.com/ubiquity/ts-template/issues/54	0.1 content: p: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 1	-	-
I think I'll need to add funds to the old bot as well because th…	2.4 content: p: count: 24 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.24
I think we should boost the conversation rewards.	0.8 content: p: count: 8 score: 1 wordValue: 0.1 formattingMultiplier: 1	0.1	0.08

[ 6.2725 WXDAI ]

@gitcoindev

Contributions Overview

View	Contribution	Count	Reward
Issue	Comment	6	6.2725

Conversation Incentives

Comment	Formatting	Relevance	Reward
Hi @gentlementlegen good luck! I encountered a chicken-and-egg p…	0.5 content: p: count: 20 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.4	0.2
You may want to read a few links from that thread. Basically, fo…	1.725 content: p: count: 66 score: 1 code: count: 3 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.8	1.38
My last version that 'almost works' is to use pull_request_workf…	1.5 content: p: count: 60 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.6	0.9
Yes I have similar conclusions. By the way in one of the article…	1.725 content: p: count: 51 score: 1 code: count: 18 score: 1 pre: count: 10 score: 0 wordValue: 0.1 formattingMultiplier: 0.25	0.9	1.5525
I also thought about this approach, but for the Knip case two wr…	1.75 content: p: count: 63 score: 1 pre: count: 5 score: 0 code: count: 7 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.7	1.225
There is a quite long thread in GitHub actions repository, https…	1.45 content: p: count: 57 score: 1 code: count: 1 score: 1 wordValue: 0.1 formattingMultiplier: 0.25	0.7	1.015

[ 37.22 WXDAI ]

@rndquu

Contributions Overview

View	Contribution	Count	Reward
Issue	Specification	1	21
Issue	Comment	3	16.22

Conversation Incentives

Comment	Formatting	Relevance	Reward
Right now we're using `pull_request_target` in many plac…	21 content: p: count: 9 score: 1 code: count: 4 score: 1 ul: count: 57 score: 0 li: count: 57 score: 1 wordValue: 0.1 formattingMultiplier: 3	1	21
[This](https://github.com/Codex-/knip-reporter/blob/1d32edf5aecf…	10.6 content: p: count: 48 score: 1 a: count: 3 score: 1 code: count: 2 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.8	8.48
This all started with https://github.com/Codex-/knip-reporter, I…	16 content: p: count: 77 score: 1 code: count: 2 score: 1 a: count: 1 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.3	4.8
Right now there are only 2 places left which uses `pull_requ…	4.2 content: p: count: 16 score: 1 code: count: 3 score: 1 ul: count: 2 score: 0 li: count: 2 score: 1 wordValue: 0.2 formattingMultiplier: 1	0.7	2.94