The "HacktoberFest" created by DigitalOcean is resulting in an enormous number of spammy pull requests. Open source maintainers are already taxed for time, and the additional workload of filtering out these spam requests will add to their workload.
Examples:
- https://github.com/search?q=amazing+project&type=issues
- https://github.com/search?q=is%3Apr+is%3Aclosed+label%3Ainvalid+created%3A%3E%3D2020-09-30
- https://github.com/search?q=is%3Apr+is%3Aclosed+label%3Aspam+created%3A%3E%3D2020-09-30
- https://github.com/phpmyadmin/website/pulls?q=is%3Apr+is%3Aclosed
Since Github doesn't offer a way to auto-detect spam PRs, and Digital Ocean doesn't appear interested in changing incentives, it sounds like it is up to someone else to figure out a solution.
I am thinking of making a Github app/bot thing that will operate during ~October and check all new pull requests to your repo.
Most of the pull requests have similar formats, or trivial changes that are not useful. I think that an app/bot thing could detect ~70% of them with enough accuracy to auto-label as spam and then close.
The bot could also leave a comment that is essentially "Your PR looked like spam, sorry if that's not true, please take this recaptcha test to prove you are not a bot."
If there was a recaptcha, then I think the spam checking could be a little looser, so that it would flag some things as spam that weren't actually spam--if it was by a real person, they could prove it pretty easily.
Once the recaptcha test (or whatever) was passed, the PR would re-open and the spam tag would be removed.
As an app, based on my reading of the Github docs, you would need to give this app the following scopes to do the things in the proposal:
public_repo- Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations.
One other permission might be notifications, which would be used by the bot to remove notifications from
your notification center for any PR that's marked as spam.\
The permission for notifications says:
Grants:
read access to a user's notifications
mark as read access to threads
watch and unwatch access to a repository, and
read, write, and delete access to thread subscriptions.
Would you, as an open source maintainer, be interested in such a tool?