Commits
Thank you for building this! I was working on an action myself, but this
one seems to work pretty well, so I thought I would add a few things I
had in mind:
### Copy change
I have softened the text because this tool isn't foolproof and will make
errors. People shouldn't feel judged too harshly; we're simply analyzing
their events to identify potential patterns similar to automations.
### Community flags
I've added the [community
flag](https://github.com/MatteoGabriele/agentscan/blob/main/data/verified-automations-list.json)
by querying the JSON file in the AgentScan repo.
Let me know what you think 馃檹
agents workflows need permissions to write `issues` and `pull-requests`
in order to create labels
Adds a new `detect-agent` workflow that uses
[`voight-kampff-test`](https://npmx.dev/package/voight-kampff-test) to
surface GitHub activity signal on PRs.
PRs by `[bot]` accounts and likely automated regular accounts get an
`automated` label. For regular accounts, we add a comment to the PR
explaining the results.
Organization members are automatically bypassed.
Remove NPM_TOKEN from workflow secrets since we're using trusted
publishing now
Currently when cutting releases, it's attributed to both bombshell-bot
and github-actions bot, e.g.
https://github.com/bombshell-dev/clack/commit/73b88da8a34118555f27290b2b175f5c35ddef30
This is because the changesets action by default would use
github-actions bot for commits in the release PR. It's possible to
change this to the bombshell-bot so that commits are done through it
instead. ([I did this for my repo
before](https://github.com/publint/publint/commit/6826b0a8dd3a205657293fa62689cc69c4206405))
The bombshell-bot git user name and email is retrieved from
https://github.com/bombshell-dev/clack/commit/73b88da8a34118555f27290b2b175f5c35ddef30.patch.
Just a really small improvement I thought worth having.
This forces npm to be `latest` so we can get OIDC publishing.
`run` was checking `if: github.repository_owner == 'bombshell-dev'`
which is good for cron jobs and expensive workflows, but makes
contributing from a fork impossible. This should fix the issue!
Thank you for building this! I was working on an action myself, but this
one seems to work pretty well, so I thought I would add a few things I
had in mind:
### Copy change
I have softened the text because this tool isn't foolproof and will make
errors. People shouldn't feel judged too harshly; we're simply analyzing
their events to identify potential patterns similar to automations.
### Community flags
I've added the [community
flag](https://github.com/MatteoGabriele/agentscan/blob/main/data/verified-automations-list.json)
by querying the JSON file in the AgentScan repo.
Let me know what you think 馃檹
Adds a new `detect-agent` workflow that uses
[`voight-kampff-test`](https://npmx.dev/package/voight-kampff-test) to
surface GitHub activity signal on PRs.
PRs by `[bot]` accounts and likely automated regular accounts get an
`automated` label. For regular accounts, we add a comment to the PR
explaining the results.
Organization members are automatically bypassed.
Currently when cutting releases, it's attributed to both bombshell-bot
and github-actions bot, e.g.
https://github.com/bombshell-dev/clack/commit/73b88da8a34118555f27290b2b175f5c35ddef30
This is because the changesets action by default would use
github-actions bot for commits in the release PR. It's possible to
change this to the bombshell-bot so that commits are done through it
instead. ([I did this for my repo
before](https://github.com/publint/publint/commit/6826b0a8dd3a205657293fa62689cc69c4206405))
The bombshell-bot git user name and email is retrieved from
https://github.com/bombshell-dev/clack/commit/73b88da8a34118555f27290b2b175f5c35ddef30.patch.
Just a really small improvement I thought worth having.