GitHub 因为不良的临时贡献者禁止了我们(开源软件)组织的所有持续集成。
几周前,GitHub决定禁用我们开源组织(lightningdevkit)所有的GitHub Actions(包括自托管的运行器)访问权限,原因不明。由于我们中有些人恰好在一家拥有大型GitHub企业账户的公司工作,我们试图通过公司代表进行上报,他们告诉我们,问题似乎是一些非组织成员的临时贡献者因使用Actions进行加密挖矿而被标记。由于该组织在技术上并不在我们的企业账户下,我们不得不等待几周才能得到关于解禁的回复……结果却被告知我们“似乎参与了违反”GitHub服务条款的活动。他们列举了一些违反服务条款的活动示例,而我们并没有做过这些,显然该组织在持续集成中也没有进行任何形式的挖矿。
由于我们已经有很多理由考虑离开GitHub(停机、由于客户端JavaScript的大幅增加而导致的网站速度持续变慢、过去十年没有新功能、当PR评论超过50条后无法加载、贡献者被禁用(没有进行加密挖矿)导致潜在有用的PR被搁置、支持响应缓慢等等),这更像是对其他人的警告,而不是寻求帮助的尝试。
当然,GitHub目前正面临大量AI代理账户涌入,导致垃圾邮件和其他无用内容激增,因此我对那边的工作人员表示同情。但这并不意味着我们必须使用他们提供的(历史上优秀的)免费产品,我们也可以选择不使用。
对于那些不知情的人来说,codeberg/self-hosted forgejo可以导入整个GitHub仓库,包括历史问题、PR、评论等。
查看原文
A few weeks ago, Github decided to disable all Github Actions (including self-hosted runners) access for our open source org (lightningdevkit) for some unknown reason. As some of us happen to work for a company with a large Github corporate account, we tried to escalate through our corporate reps, who informed us that the issue appeared to be some drive-by contributors who weren't org members being flagged for using Actions to do crypto-mining. As the org isn't technically in our corporate account, we then had to wait a few weeks to get a response back on getting unbanned...only to be told that we "appeared to have been taking part in activity which goes against" Github's ToS. They then listed some examples of ToS-violating activities, none of which we've done, and the org itself obviously wasn't running any kind of mining in CI.<p>As we'd already had plenty of reasons to move off of GitHub (downtime, a website that has gotten consistently slower due to massive increases in client-side JS without new features over the past decade, PRs that won't load once they get past 50 comments, contributors getting banned (without crypt-mining) leading to potentially-useful PRs getting black-holed, slow support, etc, etc), this is more of a warning for others than any kind of attempt to get help.<p>Of course Github is struggling these days with an influx in AI Agent accounts driving a huge increase in spam and other garbage, so I sympathize a lot with the folks over there. But none of that means we have to use the (historically excellent) free product they're offering, we can also...not.<p>For those who weren't aware, codeberg/self-hosted forgejo can import entire github repos including historical issues and PRs, comments, etc.