diff --git a/.github/workflows/ai-slop.yml b/.github/workflows/ai-slop.yml new file mode 100644 index 000000000..3ae03090a --- /dev/null +++ b/.github/workflows/ai-slop.yml @@ -0,0 +1,43 @@ +name: Mark as AI Slop + +on: + pull_request: + types: [labeled] + +jobs: + handle-ai-slop: + if: github.event.label.name == 'ai-slop' + runs-on: ubuntu-latest + permissions: + pull-requests: write + steps: + - name: Rename title and clear body + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + with: + script: | + const pr = context.payload.pull_request.number; + const repo = { owner: context.repo.owner, repo: context.repo.repo }; + + await github.rest.pulls.update({ + ...repo, + pull_number: pr, + title: "[🚨⚠️AI Slop⚠️🚨] WARNING: THIS GUY CREATED AI SLOP, DO NOT TRUST!", + body: "" + }); + + const comments = [ + "🚨 AI-generated code submitted without review puts the entire project at risk.", + "⚠️ Blindly pasting AI output without understanding it is not a contribution — it's a liability.", + "🤖 AI slop wastes maintainers' time reviewing code that was never understood by the submitter.", + "💀 Submitting unreviewed AI-generated code can introduce subtle bugs that are very hard to detect.", + "🔍 Real open-source contribution requires understanding every line you submit — no shortcuts.", + "🛑 AI slop undermines the trust and quality standards this project has worked hard to maintain.", + "📉 Code you don't understand cannot be properly tested, debugged, or maintained by you later.", + "🧠 A good developer uses AI as a tool to assist thinking, not as a replacement for it.", + "⛔ This pull request has been flagged as AI slop and its author may face a permanent ban.", + "🏆 Respect the community: read the AGENTS.md, understand the code, and test before submitting." + ]; + + for (const body of comments) { + await github.rest.issues.createComment({ ...repo, issue_number: pr, body }); + } diff --git a/.github/workflows/auto-test.yml b/.github/workflows/auto-test.yml index 1b7d4b154..4f076fb13 100644 --- a/.github/workflows/auto-test.yml +++ b/.github/workflows/auto-test.yml @@ -32,13 +32,13 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: { persist-credentials: false } -# Tempoary disable until we understand TanStack npm supply-chain compromise -# - name: Cache/Restore node_modules -# uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 -# id: node-modules-cache -# with: -# path: node_modules -# key: node-modules-${{ runner.os }}-node${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }} + # Tempoary disable until we understand TanStack npm supply-chain compromise + # - name: Cache/Restore node_modules + # uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + # id: node-modules-cache + # with: + # path: node_modules + # key: node-modules-${{ runner.os }}-node${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }} - name: Use Node.js ${{ matrix.node }} uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 @@ -97,13 +97,13 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: { persist-credentials: false } -# Tempoary disable until we understand TanStack npm supply-chain compromise -# - name: Cache/Restore node_modules -# uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 -# id: node-modules-cache -# with: -# path: node_modules -# key: node-modules-${{ runner.os }}-node${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }} + # Tempoary disable until we understand TanStack npm supply-chain compromise + # - name: Cache/Restore node_modules + # uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + # id: node-modules-cache + # with: + # path: node_modules + # key: node-modules-${{ runner.os }}-node${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }} - name: Use Node.js 20 uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 @@ -123,13 +123,13 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: { persist-credentials: false } -# Tempoary disable until we understand TanStack npm supply-chain compromise -# - name: Cache/Restore node_modules -# uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 -# id: node-modules-cache -# with: -# path: node_modules -# key: node-modules-${{ runner.os }}-node${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }} + # Tempoary disable until we understand TanStack npm supply-chain compromise + # - name: Cache/Restore node_modules + # uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + # id: node-modules-cache + # with: + # path: node_modules + # key: node-modules-${{ runner.os }}-node${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }} - name: Setup Node.js uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml index 82abe97e7..08ac0a8de 100644 --- a/.github/workflows/autofix.yml +++ b/.github/workflows/autofix.yml @@ -15,13 +15,13 @@ jobs: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: { persist-credentials: false } -# Tempoary disable until we understand TanStack npm supply-chain compromise -# - name: Cache/Restore node_modules -# uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 -# id: node-modules-cache -# with: -# path: node_modules -# key: node-modules-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} + # Tempoary disable until we understand TanStack npm supply-chain compromise + # - name: Cache/Restore node_modules + # uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + # id: node-modules-cache + # with: + # path: node_modules + # key: node-modules-${{ runner.os }}-${{ hashFiles('**/package-lock.json') }} - name: Setup Node.js uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index b8a5f2fad..9de49db0e 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -46,13 +46,13 @@ jobs: with: node-version: 20 -# Tempoary disable until we understand TanStack npm supply-chain compromise -# - name: Cache/Restore node_modules -# uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 -# id: node-modules-cache -# with: -# path: node_modules -# key: node-modules-${{ runner.os }}-node20-${{ hashFiles('**/package-lock.json') }} + # Tempoary disable until we understand TanStack npm supply-chain compromise + # - name: Cache/Restore node_modules + # uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + # id: node-modules-cache + # with: + # path: node_modules + # key: node-modules-${{ runner.os }}-node20-${{ hashFiles('**/package-lock.json') }} - name: Install dependencies run: npm clean-install --no-fund