diff options
| -rw-r--r-- | .fossier.db | bin | 0 -> 1576960 bytes | |||
| -rw-r--r-- | .fossier.db-wal | 0 | ||||
| -rw-r--r-- | .github/workflows/fossier-scan.yml | 51 | ||||
| -rw-r--r-- | .github/workflows/fossier.yml | 26 | ||||
| -rw-r--r-- | VOUCHED.td | 7 | ||||
| -rw-r--r-- | fossier.toml | 17 |
6 files changed, 101 insertions, 0 deletions
diff --git a/.fossier.db b/.fossier.db Binary files differnew file mode 100644 index 00000000..216c685e --- /dev/null +++ b/.fossier.db diff --git a/.fossier.db-wal b/.fossier.db-wal new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/.fossier.db-wal diff --git a/.github/workflows/fossier-scan.yml b/.github/workflows/fossier-scan.yml new file mode 100644 index 00000000..784ab36c --- /dev/null +++ b/.github/workflows/fossier-scan.yml @@ -0,0 +1,51 @@ +name: Fossier Scan All PRs + +on: + workflow_dispatch: + inputs: + dry-run: + description: "Dry run - evaluate but don't take actions" + type: boolean + default: false + +permissions: + contents: read + pull-requests: write + issues: write + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up uv + uses: astral-sh/setup-uv@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + + - name: Install fossier + run: uv pip install --system . + + - name: Restore DB cache + uses: actions/cache@v4 + with: + path: .fossier.db + key: fossier-db-${{ github.repository }} + restore-keys: | + fossier-db-${{ github.repository }} + + - name: Scan open PRs + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + FLAGS="--format table" + if [ "${{ inputs.dry-run }}" = "true" ]; then + FLAGS="$FLAGS --dry-run" + else + FLAGS="$FLAGS --execute" + fi + fossier scan $FLAGS diff --git a/.github/workflows/fossier.yml b/.github/workflows/fossier.yml new file mode 100644 index 00000000..ff60125b --- /dev/null +++ b/.github/workflows/fossier.yml @@ -0,0 +1,26 @@ +name: Fossier PR Check +on: + pull_request_target: + types: [opened, synchronize] + +permissions: + pull-requests: write + issues: write + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: PThorpe92/fossier@main + id: fossier + with: + contact-url: "https://discord.gg/Fq8bJSKPHh" + github-token: ${{ secrets.GITHUB_TOKEN }} + # Optional: connect to the global spam registry + # registry-api-key: ${{ secrets.FOSSIER_REGISTRY_API_KEY }} + + - name: Handle result + if: steps.fossier.outputs.outcome == 'deny' + run: echo "PR denied with score ${{ steps.fossier.outputs.score }}" diff --git a/VOUCHED.td b/VOUCHED.td new file mode 100644 index 00000000..1afc3fd9 --- /dev/null +++ b/VOUCHED.td @@ -0,0 +1,7 @@ +# VOUCHED.td: trust declarations +# Lines starting with + vouch for a user +# Lines starting with - denounce a user (reason required) +# +# Examples: +# + trusteduser +# - spammer Known SEO link spam diff --git a/fossier.toml b/fossier.toml new file mode 100644 index 00000000..45ad0bcd --- /dev/null +++ b/fossier.toml @@ -0,0 +1,17 @@ +[repo] +owner = "atuinsh" +name = "atuin" + +[thresholds] +allow_score = 70.0 +deny_score = 40.0 +min_confidence = 0.5 + +[actions.deny] +close_pr = true +comment = true +label = "fossier:spam-likely" + +[actions.review] +comment = true +label = "fossier:needs-review" |