Host UK CIC mission: aggregate free tier compute to benefit OSS commons Added: - CONTRIBUTING.md: 5-minute contributor onboarding guide - scripts/contribute.sh: One-command setup for new contributors - Updated free-tier-services.md: Mission context, economics explained The model: - 100 contributors × free tiers = enterprise-scale compute - core monitor aggregates findings from all sources - Tasks routed to Host UK packages AND unfunded OSS projects - LLMs learned from OSS, we give back Who pays: Microsoft, Google, Groq (marketing budgets) Who benefits: Open source commons Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
159 lines
7.2 KiB
Markdown
159 lines
7.2 KiB
Markdown
# Free Tier Services Integration
|
|
|
|
> **Host UK CIC** is a UK Community Interest Company. Our assets are legally locked for community benefit - we can't extract value for shareholders. This page documents how we aggregate free compute to benefit the open source commons.
|
|
|
|
## The Model
|
|
|
|
```
|
|
┌─────────────────────────────────────────────────────────────────┐
|
|
│ 100 CONTRIBUTORS │
|
|
│ │
|
|
│ Each contributes their FREE tier allowances: │
|
|
│ • GitHub Actions: 2000 min/month │
|
|
│ • Gemini: 1500 req/day │
|
|
│ • Groq: 14,400 req/day │
|
|
│ • Copilot: Free for OSS │
|
|
│ │
|
|
│ Total daily capacity: │
|
|
│ • 150,000 Gemini requests │
|
|
│ • 1,440,000 Groq requests │
|
|
│ • 6,666 GitHub Actions hours │
|
|
│ • Unlimited security scans │
|
|
└─────────────────────────────────────────────────────────────────┘
|
|
│
|
|
▼
|
|
┌─────────────────────────────────────────────────────────────────┐
|
|
│ core monitor │
|
|
│ │
|
|
│ Aggregates findings → Creates tasks → Routes to agents │
|
|
└─────────────────────────────────────────────────────────────────┘
|
|
│
|
|
┌───────────────┴───────────────┐
|
|
▼ ▼
|
|
┌─────────────────────────┐ ┌─────────────────────────────────┐
|
|
│ HOST UK PACKAGES │ │ UNFUNDED OSS PROJECTS │
|
|
│ │ │ │
|
|
│ Our tools, modules │ │ Popular packages with no │
|
|
│ │ │ security budget - we find │
|
|
│ │ │ and fix vulns, submit PRs │
|
|
└─────────────────────────┘ └─────────────────────────────────┘
|
|
```
|
|
|
|
**The LLMs learned from open source. We're giving back.**
|
|
|
|
---
|
|
|
|
## AI/LLM APIs (Contributor Keys)
|
|
|
|
| Service | Free Tier | Speed | Best For |
|
|
|---------|-----------|-------|----------|
|
|
| **Groq** | 14,400 req/day | ⚡ Fastest | Quick triage, bulk analysis |
|
|
| **Gemini 2.0** | 1500 req/day | Fast | Code review, deep analysis |
|
|
| **Mistral** | 1M tokens/month | Fast | Code generation |
|
|
| **Cohere** | 1000 req/month | Medium | Classification, embeddings |
|
|
| **Cloudflare AI** | 10K neurons/day | Edge | Low latency |
|
|
| **Together.ai** | $5 credit | Fast | Multi-model |
|
|
| **Fireworks.ai** | 600 req/min | ⚡ Fast | High throughput |
|
|
| **Cerebras** | Free tier | ⚡⚡ Fastest | Bulk inference |
|
|
|
|
### Setup (2 minutes)
|
|
|
|
```bash
|
|
# In your fork
|
|
gh secret set GEMINI_API_KEY # https://aistudio.google.com/apikey
|
|
gh secret set GROQ_API_KEY # https://console.groq.com/keys
|
|
gh secret set MISTRAL_API_KEY # https://console.mistral.ai/
|
|
```
|
|
|
|
---
|
|
|
|
## Security Scanners (No Keys Needed)
|
|
|
|
All free, unlimited, run automatically:
|
|
|
|
| Scanner | Finds | Output |
|
|
|---------|-------|--------|
|
|
| **Semgrep** | SAST vulns, code patterns | SARIF → GitHub Security |
|
|
| **Trivy** | Container vulns, IaC issues | SARIF → GitHub Security |
|
|
| **Gitleaks** | Leaked secrets, API keys | SARIF → GitHub Security |
|
|
| **OSV-Scanner** | Known CVEs (Google DB) | SARIF → GitHub Security |
|
|
| **Checkov** | IaC misconfigs | SARIF → GitHub Security |
|
|
| **CodeQL** | Deep semantic analysis | Native GitHub |
|
|
| **Dependabot** | Outdated deps | Native GitHub |
|
|
|
|
---
|
|
|
|
## Code Analysis Apps (Free for Public Repos)
|
|
|
|
Install these on your fork for extra coverage:
|
|
|
|
| App | Install | Provides |
|
|
|-----|---------|----------|
|
|
| **Snyk** | [Install](https://github.com/apps/snyk-io) | Deps + code vulns |
|
|
| **SonarCloud** | [Install](https://github.com/apps/sonarcloud) | Code quality |
|
|
| **CodeClimate** | [Install](https://github.com/apps/codeclimate) | Maintainability |
|
|
| **DeepSource** | [Install](https://github.com/apps/deepsource-io) | Autofix suggestions |
|
|
| **Codacy** | [Install](https://github.com/apps/codacy-production) | Multi-language |
|
|
| **Socket.dev** | [Install](https://github.com/apps/socket-security) | Supply chain |
|
|
| **GitGuardian** | [Install](https://github.com/apps/gitguardian) | Secret detection |
|
|
| **Aikido** | [Install](https://github.com/apps/aikido-security) | Full security suite |
|
|
| **Trunk.io** | [Install](https://github.com/apps/trunk-io) | Meta-linter (50+ tools) |
|
|
|
|
---
|
|
|
|
## AI Code Assistants (Free Tiers)
|
|
|
|
| Service | Free Access | Trigger |
|
|
|---------|-------------|---------|
|
|
| **Jules/Copilot** | OSS maintainers, students | `@jules fix this bug` |
|
|
| **Codeium** | Free forever | IDE extension |
|
|
| **Cody** | Free tier | IDE extension |
|
|
| **Amazon Q** | Free tier | IDE/CLI |
|
|
| **Continue.dev** | Free, open source | IDE extension |
|
|
|
|
---
|
|
|
|
## CI/CD Free Tiers
|
|
|
|
| Service | Free Allowance | Notes |
|
|
|---------|----------------|-------|
|
|
| **GitHub Actions** | 2000 min/month | Per user, public repos |
|
|
| **CircleCI** | 6000 min/month | Good for heavy builds |
|
|
| **GitLab CI** | 400 min/month | Alternative to GH |
|
|
| **Semaphore** | 1300 min/month | Fast builds |
|
|
| **Buildkite** | Free for OSS | Self-hosted option |
|
|
|
|
---
|
|
|
|
## Who Pays For All This?
|
|
|
|
| Provider | Why Free? |
|
|
|----------|-----------|
|
|
| **Microsoft** | GitHub market dominance, AI training data |
|
|
| **Google** | Gemini adoption, developer mindshare |
|
|
| **Groq** | Hardware showcase, market entry |
|
|
| **Others** | Developer ecosystem, future enterprise sales |
|
|
|
|
**They need OSS developers. We need compute. Fair trade.**
|
|
|
|
---
|
|
|
|
## Joining the Network
|
|
|
|
```bash
|
|
# Fork and setup (5 minutes)
|
|
gh repo fork host-uk/core-devops --clone
|
|
cd core-devops
|
|
./scripts/contribute.sh
|
|
```
|
|
|
|
Your unused free tier becomes part of a collective resource that:
|
|
1. Secures Host UK packages
|
|
2. Fixes vulnerabilities in unfunded OSS
|
|
3. Gives back to the projects that trained the AIs
|
|
|
|
**Cost: $0. Impact: Massive.**
|
|
|
|
---
|
|
|
|
*Host UK CIC - Ethical infrastructure for the open source commons*
|