[antispam] experimenting (WIP)

Author: GuillaumeDua

.github/workflows/scripts/antispam.js

@@ -1,46 +1,78 @@
-async function when_suspicious(){
+async function when_suspicious({ github, context, failed_checks }){
 
     // might wanna use a score of confidence (how suspicious it is), then react on that
 
-    await github.rest.issues.addLabels({
-        owner,
-        repo,
-        issue_number: issueNumber,
-        labels: ["suspicious"]
-    });
+    const { owner, repo } = context.repo;
+    const issueNumber = context.payload.issue.number;
 
-    // await github.rest.issues.update({
+    // await github.rest.issues.addLabels({
     //     owner,
     //     repo,
     //     issue_number: issueNumber,
-    //     state: "closed"
+    //     labels: ["suspicious"]
     // });
     // await github.rest.issues.createComment({
     //     owner,
     //     repo,
     //     issue_number: issueNumber,
     //     body: "This issue/PR has been automatically closed as it does not meet our contribution guidelines. Please read our contribution guide before submitting."
     // });
+
+
+    const reasons = failed_checks.map(check => `- ${check.reason}`).join("\n");
+    const commentBody = `This issue/PR has been automatically flagged as [suspicious] as it might not meet contribution requirements.
+    Please read our contribution guide before submitting.
+    
+    Reason(s):
+    
+    ${reasons}
+    `;
+    
+    console.log(">>> DEBUG", commentBody);
+
+    // await github.rest.issues.createComment({
+    //   owner,
+    //   repo,
+    //   issue_number: issueNumber,
+    //   body: commentBody
+    // });
+
+
+    // TODO: if too many checks failed, then consider immediatly closing:
+
+    // await github.rest.issues.update({
+    //     owner,
+    //     repo,
+    //     issue_number: issueNumber,
+    //     state: "closed"
+    // });
+
+}
+
+class Check {
+    constructor(func, reason) {
+        this.func = func;
+        this.reason = reason;
+    }
+
+    evaluate() { return this.func(); }
 }
 
 module.exports = async ({ github, context, core }) => {
+
+    const { owner, repo } = context.repo;
     const {SHA} = process.env;
     const author = context.actor;
 
     const { data: user } = await github.rest.users.getByUsername({ username: author });
 
-    console.log(">>> module: ", {
-        user: user,
-        author: author
-    });
 
-    // check if the account was created within the last hour
-    const is_author_account_recently_created = (() => {
+    const was_author_account_recently_created = (() => {
         const createdAt = new Date(user.created_at);
         const now = new Date();
         const accountAgeInMinutes = (now - createdAt) / (1000 * 60);
 
-        console.log(">>> is_author_account_recently_created: ", {
+        console.log(">>> was_author_account_recently_created: ", {
             now: now,
             createdAt: createdAt,
             accountAgeInMinutes: accountAgeInMinutes
@@ -63,8 +95,18 @@ module.exports = async ({ github, context, core }) => {
         return events.length === 0;
     })();
 
-    is_author_account_recently_created();
-    is_author_only_contribution_on_GH();
+    const checks = [
+        new Check(() => was_author_account_recently_created,                "Account is less than an hour old"),
+        new Check(() => is_author_only_contribution_on_GH,                  "First contribution to any GitHub project"),
+        new Check(() => user.followers === 0 && user.following === 0,       "Author has no relationships"),
+        new Check(() => user.public_repos === 0 && user.public_gists === 0, "Author has no public reop/gist"),
+    ];
+
+    const failed_checks = checks.filter(check => ! check.evaluate());
+
+    const threshold = 0;
+    if (failed_checks.length <= threshold)
+        return;
 
-    // when_suspicious();
+    when_suspicious({ github, context, failed_checks});
 };