DRAFT: bridge upstream v1.4.0 across history rewrite #441
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: anti-slop | |
| on: | |
| pull_request_target: | |
| types: [opened, reopened, edited, synchronize] | |
| permissions: | |
| contents: read | |
| issues: read | |
| pull-requests: write | |
| jobs: | |
| anti-slop: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: peakoss/anti-slop@85daca1880e9e1af197fc06ea03349daf08f4202 # v0 | |
| with: | |
| # --- Failure threshold --- | |
| # Close PR after 4+ failed checks (default) | |
| max-failures: 4 | |
| # --- Exemptions --- | |
| # OWNER, MEMBER, COLLABORATOR are exempt by default. | |
| # Also exempt our CI bots: | |
| exempt-bots: | | |
| actions-user | |
| dependabot[bot] | |
| renovate[bot] | |
| github-actions[bot] | |
| opencode-agent[bot] | |
| # --- PR quality --- | |
| require-description: true | |
| require-maintainer-can-modify: true | |
| # --- PR title --- | |
| # We already enforce conventional commits in pr-standards.yml, | |
| # but this adds a second layer for the anti-slop score: | |
| require-conventional-title: true | |
| # --- PR description --- | |
| max-description-length: 5000 | |
| max-emoji-count: 3 | |
| max-code-references: 10 | |
| require-linked-issue: false # Already enforced in pr-standards.yml | |
| # --- Honeypot trap --- | |
| # AI agents follow hidden instructions; humans ignore them. | |
| # The matching instruction is embedded in pull_request_template.md. | |
| blocked-terms: "PINEAPPLE" | |
| # --- Commit checks --- | |
| max-commit-message-length: 500 | |
| require-conventional-commits: false # Only title is enforced | |
| require-commit-author-match: false # We use Co-Authored-By: Claude | |
| # --- File checks --- | |
| blocked-paths: | | |
| LICENSE | |
| CODE_OF_CONDUCT.md | |
| SECURITY.md | |
| require-final-newline: true | |
| max-added-comments: 0 # Disable — legitimate PRs often add comments | |
| # --- User signal checks (the main anti-slop value) --- | |
| detect-spam-usernames: true | |
| min-account-age: 30 | |
| max-daily-forks: 5 | |
| min-profile-completeness: 3 | |
| # --- Merge history checks --- | |
| min-global-merge-ratio: 25 | |
| # --- Branch checks --- | |
| blocked-source-branches: | | |
| main | |
| master | |
| # --- Actions on failure --- | |
| # Advisory, not blocking. Too many legitimate team PRs were auto-closed | |
| # because the PR template instructs LLMs to prepend "PINEAPPLE" | |
| # (honeypot) — any AI-assisted PR from a team member then trips the | |
| # blocked-terms check and gets closed 2 minutes after opening. The | |
| # labels and failure message still fire, so maintainers retain the | |
| # signal and can close manually when warranted. See issue #740. | |
| close-pr: false | |
| lock-pr: false | |
| failure-add-pr-labels: "needs-review:blocked" | |
| failure-pr-message: | | |
| 👋 This PR was automatically closed by our quality checks. | |
| Common reasons: | |
| - New GitHub account with limited contribution history | |
| - PR description doesn't meet our guidelines | |
| - Contribution appears to be AI-generated without meaningful review | |
| If you believe this was a mistake, please open an issue explaining your intended contribution and a maintainer will help you. | |
| # --- Actions on success --- | |
| success-add-pr-labels: "" |