Conversation
There was a problem hiding this comment.
Pull request overview
This PR enhances the bot detection workflow by expanding the detection scope and improving reporting. The changes refactor user account age checking into a reusable function, add tracking for issue creators (not just PR commenters), and provide more detailed summary information including the number of accounts checked and lookup failures.
Changes:
- Refactored user account age checking into a reusable
ensureUserCreatedDate()function to eliminate code duplication - Extended detection scope to include issue creators via
listForRepoAPI, catching bot accounts that only create issues/PRs without commenting - Added tracking for accounts seen and user lookup failures, providing transparency in the detection process
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const { data: recentIssues } = await github.rest.issues.listForRepo({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| state: 'all', | ||
| since: cutoff.toISOString(), | ||
| per_page: 100, | ||
| }); |
There was a problem hiding this comment.
The new issue listing code doesn't use pagination like the PR listing does (lines 36-58). With per_page: 100, this will only check the first 100 items. In active repositories with more than 100 issues/PRs in the last 6 hours, newer accounts that only created issues beyond the first 100 would be missed.
Consider using pagination similar to the PR listing pattern to ensure all recent issues are checked.
| const { data: recentIssues } = await github.rest.issues.listForRepo({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| state: 'all', | |
| since: cutoff.toISOString(), | |
| per_page: 100, | |
| }); | |
| const recentIssues = await github.paginate( | |
| github.rest.issues.listForRepo, | |
| { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| state: 'all', | |
| since: cutoff.toISOString(), | |
| per_page: 100, | |
| } | |
| ); |
| }); | ||
|
|
||
| for (const issue of recentIssues) { | ||
| await ensureUserCreatedDate(issue.user?.login); |
There was a problem hiding this comment.
The github.rest.issues.listForRepo API returns both issues and pull requests. Since PR creators are already being checked at line 82, this code will redundantly check PR creators again. Additionally, this could cause incorrect counting in the accountsSeen metric since the same user would be processed twice (once as PR creator, once via listForRepo).
Consider filtering out pull requests by checking for the pull_request property, similar to the pattern used at line 199:
for (const issue of recentIssues) {
if (!issue.pull_request) { // Only process actual issues, not PRs
await ensureUserCreatedDate(issue.user?.login);
}
}| await ensureUserCreatedDate(issue.user?.login); | |
| // github.rest.issues.listForRepo returns both issues and PRs; skip PRs here | |
| if (!issue.pull_request && issue.user?.login) { | |
| await ensureUserCreatedDate(issue.user.login); | |
| } |
1 participant
Uh oh!
There was an error while loading. Please reload this page.