Sentry's Dependencies

This repo contains a pipeline for finding sponsorable dependencies in our key repos (these ones). The purpose is to inform the allocation of our annual open source funding budget.

→ 💸 Fundable Dependencies ← Go check 'em out!

Building

The code here is a gnarly mashup of scripts for zsh, python3, and node. You'll also need gh ... and probably some other stuff? curl, maybe? Good luck!

1. bootstrap - set up ecosystem runtimes
2. clone - clone repos in repo-list into repos/
3. find-deps-files - find dependency files across ecosystems, listings end up at ./eco/*/deps-files
4. extract-deps-from-files - extracted deps (direct deps only) end up in ./eco/*/deps.json, format is {"dep": ["file1", "file2"]} where dep is an ecosystem-specific identifier, and file* are paths to package manifest files (relative to ./repos/ours) in which the dep is mentioned
5. dereference-github - iterate over eco/*/deps.json and write github.json (if there are bugs upstream you can get garbage in here; fix upstream and rerun)
6. get-github-details - iterate over github.json and output additional info (funding links, stars) to gh/{org}-{repo}.json
7. make-deps-csv - iterate over github.json, pull details from gh/{org}-{repo}.json, and output deps.csv
8. make-fundable-html - iterate over deps.csv, pull details from github.json (I know, I know), and output fundable.html
9. Then copy/paste from Raw in the Sheet and manually clean it up into submissions.csv.
   1. lowercase URLs
   2. attempt to dereference any non-GHS/OC URLs (committers?)
   3. filter out otherwise ineligible projects/maintainers
   4. communicate with employees who proposed ineligible projects
   5. convert all OC urls to GHS if possible (dedupe)
10. Manually update platforms.csv.
11. Manually update prev.csv.
12. collate - fold deps.csv, submissions.csv, platforms.csv, and prev.csv together (using github.json, too) into details.csv.