diff --git a/.github/actions/send-ai-bot-comment/action.yml b/.github/actions/send-ai-bot-comment/action.yml new file mode 100644 index 000000000000..95ea9bdec0b7 --- /dev/null +++ b/.github/actions/send-ai-bot-comment/action.yml @@ -0,0 +1,33 @@ +name: Send Automated PR Comment +description: Sends the comment to PRs that were automatically generated +inputs: + token: + required: true + description: GitHub Token + pr-number: + required: true + description: PR number + login: + required: true + description: The login of the user + +runs: + using: composite + steps: + - name: maybe automated + uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6 + with: + actions: create-comment + token: ${{ inputs.token }} + issue-number: ${{ inputs.pr-number }} + body: | + Hello @${{ inputs.login }}. Your PR has been labeled `maybe automated` because it appears to have been fully generated by AI with no human involvement. It will be **closed automatically in 3 days** unless a real person responds. + + If you're a real person behind this contribution, please: + - Confirm you've personally reviewed and stand behind its content + - Make sure it follows our [contribution guidelines](https://github.com/vitest-dev/vitest/blob/main/CONTRIBUTING.md) and uses the correct [GitHub template](https://github.com/vitest-dev/vitest/blob/main/.github/PULL_REQUEST_TEMPLATE.md) + - Disclose any AI tools you used (e.g. Claude, Copilot, Codex) + + If you believe this was flagged by mistake, leave a comment. + + *These measures help us reduce maintenance burden and keep the team's work efficient. See our [AI contributions policy](https://github.com/vitest-dev/vitest/blob/main/CONTRIBUTING.md#ai-contributions) for more context.* diff --git a/.github/workflows/issue-labeled.yml b/.github/workflows/issue-labeled.yml index 60cf0483fc8f..1853c61d0884 100644 --- a/.github/workflows/issue-labeled.yml +++ b/.github/workflows/issue-labeled.yml @@ -57,27 +57,15 @@ jobs: *These measures help us reduce maintenance burden and keep the team's work efficient. See our [AI contributions policy](https://github.com/vitest-dev/vitest/blob/main/CONTRIBUTING.md#ai-contributions) for more context.* - issue-pr-comment: + pr-clanker-comment: runs-on: ubuntu-slim if: github.repository == 'vitest-dev/vitest' && github.event.label.name == 'maybe automated' && github.event_name == 'pull_request_target' name: Comment on Bot PR permissions: pull-requests: write # sending a comment steps: - - name: maybe automated - uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6 + - uses: ./.github/actions/send-ai-bot-comment with: - actions: create-comment token: ${{ secrets.GITHUB_TOKEN }} - issue-number: ${{ github.event.pull_request.number }} - body: | - Hello @${{ github.event.pull_request.user.login }}. Your PR has been labeled `maybe automated` because it appears to have been fully generated by AI with no human involvement. It will be **closed automatically in 3 days** unless a real person responds. - - If you're a real person behind this contribution, please: - - Confirm you've personally reviewed and stand behind its content - - Make sure it follows our [contribution guidelines](https://github.com/vitest-dev/vitest/blob/main/CONTRIBUTING.md) and uses the correct [GitHub template](https://github.com/vitest-dev/vitest/blob/main/.github/PULL_REQUEST_TEMPLATE.md) - - Disclose any AI tools you used (e.g. Claude, Copilot, Codex) - - If you believe this was flagged by mistake, leave a comment. - - *These measures help us reduce maintenance burden and keep the team's work efficient. See our [AI contributions policy](https://github.com/vitest-dev/vitest/blob/main/CONTRIBUTING.md#ai-contributions) for more context.* + pr-number: ${{ github.event.pull_request.number }} + login: ${{ github.event.pull_request.user.login }} diff --git a/.github/workflows/pr-labeled-automated.yml b/.github/workflows/pr-labeled-automated.yml index a19232c1bd75..759dbc127321 100644 --- a/.github/workflows/pr-labeled-automated.yml +++ b/.github/workflows/pr-labeled-automated.yml @@ -4,7 +4,7 @@ on: # zizmor: ignore[dangerous-triggers] # Information from the PR is used only inside builtin `contains` function, it's not passed down as untrusted code. pull_request_target: - types: [opened, edited] + types: [opened, reopened] permissions: {} @@ -13,8 +13,8 @@ concurrency: cancel-in-progress: true jobs: - label: - runs-on: ubuntu-latest + prompt-label: + runs-on: ubuntu-slim if: github.repository == 'vitest-dev/vitest' && contains(github.event.pull_request.body, '') name: Automatic Clanker Alert permissions: @@ -27,20 +27,62 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} issue-number: ${{ github.event.pull_request.number }} labels: maybe automated - - name: maybe automated (pr) + - uses: ./.github/actions/send-ai-bot-comment + with: + token: ${{ secrets.GITHUB_TOKEN }} + pr-number: ${{ github.event.pull_request.number }} + login: ${{ github.event.pull_request.user.login }} + + agentscan: + runs-on: ubuntu-slim + # run only for our repo and ignore PRs from origin that only maintainers can do + # also ignore known bots + if: | + github.repository == 'vitest-dev/vitest' && + github.event.pull_request.head.repo.full_name != github.repository && + !contains( + fromJSON('["dependabot[bot]", "github-actions[bot]"]'), + github.event.pull_request.user.login + ) + name: AgentScan Alert + permissions: + pull-requests: write # comment and label on PRs + steps: + - name: AgentScan + id: agentscan + uses: MatteoGabriele/agentscan-action@21f25b07e4dda43e6597ffb71c93f8e4c9fed812 # v1.7.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + agent-scan-comment: false + + # just put a label and send a comment if the account looks suspicious + - name: Label flagged PR + if: contains(fromJSON('["automation","suspicious"]'), steps.agentscan.outputs.classification) && !contains(steps.agentscan.outputs.community-flagged, 'true') uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6 with: - actions: create-comment + actions: add-labels token: ${{ secrets.GITHUB_TOKEN }} issue-number: ${{ github.event.pull_request.number }} - body: | - Hello @${{ github.event.pull_request.user.login }}. Your PR has been labeled `maybe automated` because it appears to have been fully generated by AI with no human involvement. It will be **closed automatically in 3 days** unless a real person responds. - - If you're a real person behind this contribution, please: - - Confirm you've personally reviewed and stand behind its content - - Make sure it follows our [contribution guidelines](https://github.com/vitest-dev/vitest/blob/main/CONTRIBUTING.md) and uses the correct [GitHub template](https://github.com/vitest-dev/vitest/blob/main/.github/PULL_REQUEST_TEMPLATE.md) - - Disclose any AI tools you used (e.g. Claude, Copilot, Codex) + labels: maybe automated + - name: Comment flagged PR + if: contains(fromJSON('["automation","suspicious"]'), steps.agentscan.outputs.classification) && !contains(steps.agentscan.outputs.community-flagged, 'true') + uses: ./.github/actions/send-ai-bot-comment + with: + token: ${{ secrets.GITHUB_TOKEN }} + pr-number: ${{ github.event.pull_request.number }} + login: ${{ github.event.pull_request.user.login }} - If you believe this was flagged by mistake, leave a comment. + # if the account is confirmed to be a bot, just close the PR + - name: Close community flagged accounts + if: steps.agentscan.outputs.community-flagged == 'true' + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + with: + script: | + const prNumber = context.payload.pull_request.number; - *These measures help us reduce maintenance burden and keep the team's work efficient. See our [AI contributions policy](https://github.com/vitest-dev/vitest/blob/main/CONTRIBUTING.md#ai-contributions) for more context.* + await github.rest.pulls.update({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: prNumber, + state: 'closed', + }); diff --git a/package.json b/package.json index b56774a0bc5d..3e83077aa37c 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/monorepo", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "private": true, "packageManager": "pnpm@11.1.2", "description": "Next generation testing framework powered by Vite", diff --git a/packages/browser-playwright/package.json b/packages/browser-playwright/package.json index e00a58269596..f7880436ce85 100644 --- a/packages/browser-playwright/package.json +++ b/packages/browser-playwright/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/browser-playwright", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Browser running for Vitest using playwright", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/browser-preview/package.json b/packages/browser-preview/package.json index d5677a709ba6..89720d697a5f 100644 --- a/packages/browser-preview/package.json +++ b/packages/browser-preview/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/browser-preview", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Browser running for Vitest using your browser of choice", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/browser-webdriverio/package.json b/packages/browser-webdriverio/package.json index 235028775407..5f14776d2e91 100644 --- a/packages/browser-webdriverio/package.json +++ b/packages/browser-webdriverio/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/browser-webdriverio", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Browser running for Vitest using webdriverio", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/browser/package.json b/packages/browser/package.json index 1e4510a34f8a..303c13a57c8f 100644 --- a/packages/browser/package.json +++ b/packages/browser/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/browser", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Browser running for Vitest", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/coverage-istanbul/package.json b/packages/coverage-istanbul/package.json index d36a10db2cdd..8e189ef7d395 100644 --- a/packages/coverage-istanbul/package.json +++ b/packages/coverage-istanbul/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/coverage-istanbul", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Istanbul coverage provider for Vitest", "author": "Anthony Fu ", "license": "MIT", diff --git a/packages/coverage-v8/package.json b/packages/coverage-v8/package.json index 6ff3d5e96673..cd683c21c7f5 100644 --- a/packages/coverage-v8/package.json +++ b/packages/coverage-v8/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/coverage-v8", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "V8 coverage provider for Vitest", "author": "Anthony Fu ", "license": "MIT", diff --git a/packages/expect/package.json b/packages/expect/package.json index 35eb0dc0e7cc..9f31e347e573 100644 --- a/packages/expect/package.json +++ b/packages/expect/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/expect", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Jest's expect matchers as a Chai plugin", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/mocker/package.json b/packages/mocker/package.json index ca0625522f51..3151cee713a5 100644 --- a/packages/mocker/package.json +++ b/packages/mocker/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/mocker", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Vitest module mocker implementation", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/pretty-format/package.json b/packages/pretty-format/package.json index 4ca5f5d5f08b..64b2c58353ce 100644 --- a/packages/pretty-format/package.json +++ b/packages/pretty-format/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/pretty-format", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Fork of pretty-format with support for ESM", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/runner/package.json b/packages/runner/package.json index ef2a7cdfc710..1f3a91a97b29 100644 --- a/packages/runner/package.json +++ b/packages/runner/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/runner", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Vitest test runner", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/snapshot/package.json b/packages/snapshot/package.json index e1ba4f3dedc3..a3b3f93f0521 100644 --- a/packages/snapshot/package.json +++ b/packages/snapshot/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/snapshot", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Vitest snapshot manager", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/spy/package.json b/packages/spy/package.json index 179f8119145f..e3588f626665 100644 --- a/packages/spy/package.json +++ b/packages/spy/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/spy", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Lightweight Jest compatible spy implementation", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/ui/package.json b/packages/ui/package.json index 6111962c66e2..29cd33e4cddb 100644 --- a/packages/ui/package.json +++ b/packages/ui/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/ui", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "UI for Vitest", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/utils/package.json b/packages/utils/package.json index 619143ab63b7..afeb1b0d5617 100644 --- a/packages/utils/package.json +++ b/packages/utils/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/utils", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Shared Vitest utility functions", "license": "MIT", "funding": "https://opencollective.com/vitest", diff --git a/packages/vitest/package.json b/packages/vitest/package.json index 9046ad698be3..fd2a35d50565 100644 --- a/packages/vitest/package.json +++ b/packages/vitest/package.json @@ -1,7 +1,7 @@ { "name": "vitest", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Next generation testing framework powered by Vite", "author": "Anthony Fu ", "license": "MIT", diff --git a/packages/web-worker/package.json b/packages/web-worker/package.json index c04786b421e7..5dd2eddb764f 100644 --- a/packages/web-worker/package.json +++ b/packages/web-worker/package.json @@ -1,7 +1,7 @@ { "name": "@vitest/web-worker", "type": "module", - "version": "5.0.0-beta.2", + "version": "5.0.0-beta.3", "description": "Web Worker support for testing in Vitest", "license": "MIT", "funding": "https://opencollective.com/vitest",