-
Couldn't load subscription status.
- Fork 50
Setup github action to aggregate info for account-recovery requests #4389
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unless I'm wrong there is no api I can use to directly query a pypi user to determine the packages they maintain. Manually parsing the html to find it is not the most stable solution, but is working for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know what your policy would call for here. This code considers repos to be owned by the user if they are directly owned, or if they belong to an organization that the github user is an admin for.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a notice like this is important so that people understand that the github action isn't actually able to recover anybody's account for them.
max-sixty
commented
Jul 13, 2024
(excellent idea @djwooten!)
Uh oh!
There was an error while loading. Please reload this page.
I recently opened an issue to recover my pypi account, but I understand that there are very limited resources to deal with a large volume of support requests.
I wanted to help by setting up a github action that can aggregate relevant info from public sources for account-recovery issues.
Specifically - my account only maintains one package synergy, and the source code repository for that package is owned by my github account: https://github.com/djwooten/synergy. It seems to me that requests like this could be easy to triage, since it's clear that I'm the owner for all of the packages my PyPI account manages.
So I set up an action that
b) Also, if the github user does own all of the repositories for packages maintained by the pypi user, it adds an additional label
fasttrack.You can see an example of this working in an issue on my fork.
I ran the code on all 462 current open issues with the
account-recoverytag:A few example tables are
Issue 4386
pypi_user: cgote
gh_user: gotec
This would get the
fasttracklabel since all ofcgote's packages point to repos owned bygotec, who issued the support request.Issue 3117
pypi_user: KohnoseLami
github_user: KohnoseLami
which shows that the github user owns the repo for Twitter-Frontend-API, and is a member of the organization where the source code for PayPayPay is hosted. This wouldn't count amongst the 88 showing direct ownership, since they are only a member of that org, not an admin of it.
Issue 4359
pypi_user: lcampagn
gh_user: campagnola
The last two package URLs cannot be associated to the github user
campagnola.Issue 4321
pypi_user: evindunn
gh_user: evindunn
This user actually does have a github repo at https://github.com/evindunn/jinplate, but because it is not specified at the PyPI package for
jinplate, it doesn't count as being owned.