Skip to content

ci: add prek/zizmor/codeql/allowlist workflows, dependabot, .asf.yaml#5

Merged
potiuk merged 2 commits into
mainfrom
add-ci-asf-yaml
Apr 29, 2026
Merged

ci: add prek/zizmor/codeql/allowlist workflows, dependabot, .asf.yaml#5
potiuk merged 2 commits into
mainfrom
add-ci-asf-yaml

Conversation

@potiuk

@potiuk potiuk commented Apr 28, 2026

Copy link
Copy Markdown
Member

Summary

Bootstraps the standard ASF / security CI surface for the framework repo. The framework had no CI of its own — .pre-commit-config.yaml defined hooks (ruff/format/mypy/pytest for the two Python projects) but nothing was actually invoking them on PRs.

Mirrors what airflow-s/airflow-s and apache/airflow run.

Files added

  • .github/workflows/pre-commit.yml — runs prek on every PR and push to main. Sets up Python and uv before invoking j178/prek-action; uv is required because the per-project hooks under tools/{vulnogram/generate-cve-json,gmail/oauth-draft}/ invoke uv run --directory ....
  • .github/workflows/zizmor.yml — GitHub Actions security analysis via zizmorcore/zizmor-action. Reads .zizmor.yml at the repo root.
  • .github/workflows/codeql.yml — weekly + per-PR CodeQL analysis for Python (the only hand-written language in this repo). Uses the security-and-quality query suite; no security-extended needed (the code is stdlib-only / single OAuth dep and does not process untrusted runtime input).
  • .github/workflows/asf-allowlist-check.yml — ASF infra's allowlist-check action, scoped to PRs that touch .github/. Catches actions that haven't been allow-listed by ASF Infra.
  • .github/dependabot.yml — weekly bumps with a 7-day cooldown for four ecosystems: github-actions (root), pre-commit (root), and uv with a directory entry per Python project (tools/vulnogram/generate-cve-json, tools/gmail/oauth-draft).
  • .zizmor.yml — empty rule overrides, so every finding surfaces initially. Add ignores here when accepting a known false positive.
  • .asf.yaml — repo metadata that ASF Infra picks up:
    • Description (replacing the current incorrect "Apache airflow") and homepage.
    • Labels (8 generic, room for ~12 more).
    • Feature flags: issues/projects/discussions on, wiki off.
    • Squash-only merge, no auto-merge, head branch deletion on merge.
    • Notification routing to airflow.apache.org lists (the framework lives under the Airflow PMC umbrella for now; revisit if/when the repo moves to apache/steward under a different PMC).
    • Deliberately no protected_branches: block — branch protection stays in the GitHub UI for now until the project's release/branching policy stabilises.

All actions are pinned to SHAs (matching the airflow-s convention); versions chosen are the latest as used by airflow-s/airflow-s / apache/airflow at the time of writing.

Test plan

  • prek passes on the new workflow files locally.
  • zizmor v1.24.1 audit of the four workflow files plus dependabot.yml: no findings.
  • The actual CI runs will fire on this PR and validate the workflows themselves end-to-end.
  • After merge, ASF Infra's asf.yaml processor will pick up the description / labels / notification config (allow ~minutes for the GitHub repo metadata to update).

🤖 Generated with Claude Code

Bootstraps the standard ASF/security CI surface for the framework
repo, mirroring what airflow-s and apache/airflow run. The framework
had no CI of its own — the .pre-commit-config.yaml hooks defined
hooks (ruff/format/mypy/pytest for the two Python projects) but
nothing was actually invoking them on PRs.

Files added:

- .github/workflows/pre-commit.yml — runs `prek` on every PR and
  push to main. Sets up Python and uv before invoking
  `j178/prek-action`; uv is required because the per-project hooks
  under tools/{vulnogram/generate-cve-json,gmail/oauth-draft}/
  invoke `uv run --directory ...`.
- .github/workflows/zizmor.yml — GitHub Actions security analysis
  via zizmorcore/zizmor-action. Reads .zizmor.yml at the repo root.
- .github/workflows/codeql.yml — weekly + per-PR CodeQL analysis
  for Python (the only hand-written language in this repo). Uses
  the `security-and-quality` query suite; no security-extended
  needed (the code is stdlib-only / single OAuth dep and does not
  process untrusted runtime input).
- .github/workflows/asf-allowlist-check.yml — ASF infra's
  allowlist-check action, scoped to PRs that touch .github/.
  Catches actions that haven't been allow-listed by ASF Infra.
- .github/dependabot.yml — weekly bumps with a 7-day cooldown for
  four ecosystems: github-actions (root), pre-commit (root), and
  uv with a directory entry per Python project
  (tools/vulnogram/generate-cve-json, tools/gmail/oauth-draft).
- .zizmor.yml — empty rule overrides, so every finding surfaces
  initially. Add ignores here when accepting a known false
  positive.
- .asf.yaml — repo metadata that ASF Infra picks up: description
  (replacing the current incorrect "Apache airflow"), homepage,
  labels, feature flags (issues/projects/discussions on, wiki off),
  squash-only merge, no auto-merge, head branch deletion on merge,
  and notification routing to airflow.apache.org lists (the
  framework lives under the Airflow PMC umbrella for now).

  Deliberately **no `protected_branches:` block** — branch
  protection stays in GitHub UI for now until the project's
  release/branching policy stabilises.

All actions are pinned to SHAs (matching the airflow-s convention);
versions chosen are the latest as used by airflow-s/airflow at the
time of writing.

Test plan:

- `prek` passes on the new workflow files (yaml-lint, doctoc skip,
  end-of-file-fixer all green).
- `zizmor` v1.24.1 audit of the four workflow files plus
  dependabot.yml: no findings.
- The actual CI runs will fire on the PR and validate the workflows
  themselves end-to-end.

Generated-by: Claude Code (Claude Opus 4.7)
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

…own)

Replaces the `j178/prek-action` step in the pre-commit workflow with
a `uv sync --group dev` + `uv run prek` invocation, and adds a root
`pyproject.toml` so the framework's dependency-resolution settings
have a place to live.

Why the swap:

- `uv tool install` does not honor `[tool.uv]` settings from a
  pyproject.toml in cwd, so the `exclude-newer` cooldown below would
  not have applied to a `uv tool install prek` invocation.
- `uv sync --group dev` does — prek is now a declared dev
  dependency of the framework root, the resolution honors the
  `exclude-newer` cooldown, and the resolved version is locked in
  the root `uv.lock` for reproducibility across CI runs.

Root `pyproject.toml`:

- `[project]` block declares the framework root as a (non-package)
  uv-managed project. `[tool.uv] package = false` keeps uv from
  trying to build a wheel from the framework root.
- `[dependency-groups] dev = ["prek>=0.3.5"]` — lower bound mirrors
  `minimum_prek_version` in `.pre-commit-config.yaml`; upper bound
  is enforced implicitly by the cooldown below, so the resolved
  version is "the most recent prek that is at least 7 days old"
  (currently 0.3.10, released 2026-04-21).
- `[tool.uv] required-version = ">=0.11.8"` pins the minimum uv
  version (latest at time of writing).
- `[tool.uv] exclude-newer = "7 days"` — relative cooldown, applied
  uniformly across all uv resolutions (including the per-project
  resolutions for the two Python projects under `tools/`, which uv
  re-resolved as a side-effect of the root settings).
- `[tool.uv] exclude-newer-package = { uv = "1 day" }` — per-package
  override for `uv` itself, since the latest uv (0.11.8, released
  2026-04-27) is within the 7-day window. The TODO comment marks
  2026-05-05 as the date when this override becomes redundant and
  can be dropped.

Workflow change:

- Drop the `actions/setup-python` step. uv brings its own Python
  via `uv sync` and the per-project hooks already use `uv run
  --directory ...` for their Python needs.
- Drop the `j178/prek-action` step. Replaced with `uv sync
  --group dev` (resolves prek through the root pyproject.toml's
  cooldown settings) followed by `uv run prek run --all-files
  --show-diff-on-failure --color=always`.

Per-tool lockfile updates (`tools/gmail/oauth-draft/uv.lock`,
`tools/vulnogram/generate-cve-json/uv.lock`):

These re-resolved as a side-effect of the new root `[tool.uv]
exclude-newer` setting being inherited by the subprojects. The
version downgrades (e.g. cryptography 47.0.0 → 46.0.7, certifi
2026.4.22 → 2026.2.25) are within stable releases and all 122 tests
+ 8 lint/type-check hooks pass against the new resolution.

Generated-by: Claude Code (Claude Opus 4.7)
@potiuk potiuk merged commit 9093baa into main Apr 29, 2026
5 checks passed
@andreahlert andreahlert added the mode:platform Substrate / infra — not a mode (sandbox, CI, validators) label May 7, 2026
andreahlert referenced this pull request in andreahlert/magpie May 15, 2026
- Replace SPDX with full ASF v2 license header (jbonofre)
- Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre)
- Extend #5 with deterministic-first execution to save tokens (potiuk)
- Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer)
- Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer)
- Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
potiuk referenced this pull request in andreahlert/magpie May 24, 2026
- Replace SPDX with full ASF v2 license header (jbonofre)
- Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre)
- Extend #5 with deterministic-first execution to save tokens (potiuk)
- Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer)
- Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer)
- Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
potiuk added a commit that referenced this pull request May 25, 2026
…reporter contact (#278)

When a tracker has no direct way to reach the original reporter --
ASF-security-relay reports, read-only GitHub Private Reporting, AI
scan markdown imports, anonymous tips -- the skills now route
reporter-facing communication through the forwarder (the security-
team member or relay service that delivered the report). In that
*via-forwarder mode*, only important lifecycle milestones are
relayed. Regular workflow chatter and credit-acceptance confirmation
messages are suppressed so the forwarder isn't pinged with
low-signal updates that would burn their goodwill.

- New `docs/security/forwarder-routing-policy.md`: single source of
  truth. Defines four ways via-forwarder mode is detected (ASF-relay
  sender, read-only GHSA, -from-md imports, explicit
  `<!-- apache-steward: routing-mode via-forwarder -->` marker).
  Milestones that DO relay: report-accepted-as-valid,
  report-assessed-as-invalid, advisory-sent, additional-information
  requests. Each milestone carries a short body template referencing
  the external identifier (GHSA ID, HackerOne URL) rather than
  re-stating the technical detail.
- *CVE allocated* is intentionally handled OUTSIDE the policy:
  Vulnogram typically emits its own allocation notification, and the
  team owes the reporter (or forwarder) a single short notification
  here regardless of routing mode -- no recipient swap, no
  suppression.
- Negative space is the *credit-acceptance confirmation* class:
  follow-up "please confirm we will credit you as X" chase-ups and
  the standalone bot/AI credit-clarification draft. The credit
  *question* itself (initial one-line ask folded into a milestone
  draft) is NOT suppressed -- the forwarder might know or might
  relay it. The distinction: a question is cheap and one-shot;
  a confirmation demands a reply the forwarder can't supply.
- `security-issue-import` Step 7 ASF-relay branch: re-framed as the
  canonical via-forwarder receipt-of-confirmation. Folds the
  credit question in as a single best-effort line; no standalone
  credit-acceptance confirmation drafts.
- `security-issue-sync` reporter-draft section: applies the policy
  to decide direct vs forwarder vs suppress, with a "skipped
  reporter draft" recap line for non-milestone events.
- `security-issue-invalidate` Step 5d: re-framed as the *Report
  assessed as invalid* milestone; explicit direct vs forwarder
  recipient selection.
- `security-cve-allocate` Step 4 #5: re-framed as out-of-scope per
  the policy. Same draft body in both modes; the credit *question*
  is folded in (allowed by the question-vs-confirmation
  distinction), the standalone re-confirmation is suppressed in
  via-forwarder mode.
- `tools/vulnogram/bot-credits-policy.md`: defers to the new
  policy. The standalone bot/AI credit-clarification draft (a
  credit-acceptance confirmation by nature) is suppressed in
  via-forwarder mode; the bot detection itself still runs.
- `docs/security/README.md` deep-doc index + `roles.md` *Shared
  conventions -> Keeping the reporter informed*: link to the
  policy.

Generated-by: Claude Code (Opus 4.7)
potiuk referenced this pull request in andreahlert/magpie May 27, 2026
- Replace SPDX with full ASF v2 license header (jbonofre)
- Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre)
- Extend #5 with deterministic-first execution to save tokens (potiuk)
- Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer)
- Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer)
- Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
potiuk pushed a commit that referenced this pull request Jun 2, 2026
* docs(principles): add operational principles document

PRINCIPLES.md restates RFC-AI-0004's six baseline principles in their
operational shape and adds the project-internal commitments the RFC
deliberately defers: eval as release blocker, contributor-sentiment
gating, no default telemetry, reproducibility from signed source,
maintainer education shipped with the platform.

19 ordered principles. Earlier outranks later when they collide.
Amendment process matches the release-vote process (>=3 binding +1,
no binding -1, 72h window, no lazy consensus).

Positioned as project-internal operating contract, not a competing RFC.

* docs(principles): address review feedback on PRINCIPLES.md

- Replace SPDX with full ASF v2 license header (jbonofre)
- Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre)
- Extend #5 with deterministic-first execution to save tokens (potiuk)
- Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer)
- Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer)
- Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)

* docs(principles): disambiguate 'language-independent' as 'programming-language independent' (RussellSpitzer)

* docs(principles): qualify P6 merge rule as 'unilaterally' to resolve auto-merge tension (justinmclean)

* docs(principles): scope P3 'first-class' as adopter, clarify amendment proposal path (justinmclean)

* docs(principles): add PMC adjudication path for disputed committer blocks (justinmclean)

* docs(principles): scope P6 impersonation claim to messages read as maintainer-authored (justinmclean)

* docs(principles): replace dangling 'same family' clause with single-principle interpretation rule (justinmclean)

* docs(principles): add generated TOC

* docs(principles): align P14 with upstream Skills contract

A skill is always a directory with SKILL.md as entrypoint, even
for one-file workflows. SKILL.md stays under 500 lines; longer
reference material moves into sibling markdown linked one level
deep. Matches the runtime contract documented at
https://code.claude.com/docs/en/skills and
https://platform.claude.com/docs/en/agents-and-tools/agent-skills/best-practices,
and reflects how skills in this repo (contributor-nomination,
pr-management-code-review, pr-management-mentor) are already
authored.

* docs(principles): make P6 merge clause explicit on subject and close auto-merge gap (justinmclean)

* docs(principles): resolve disputed blocks via PMC consensus first, vote as last resort (justinmclean)

* docs(principles): soften P11 reproducibility requirement

Addresses review feedback that 'bytes are identical' is too strong
for a project-agnostic framework. Toolchains vary in their ability
to produce byte-identical output; some have known divergence sources
(timestamps, file ordering, path embedding).

P11 now requires byte-identical builds where achievable, and where
the toolchain makes that impractical, the release process must
document the divergence and provide an alternative local verification
mechanism. The 'no code without reviewed PR' guard stays absolute.

Refs: PR #147 review

* docs(principles): move ASF license header to top of file

The doctoc-generated TOC was placed above the Apache license header,
which breaks tooling that expects the license notice in the first
few lines of the file. Move the license block to line 1, followed
by the TOC.

Refs: PR #147 review

* docs(principles): align amendment process and blocking rules with ASF policy

Three fixes from PR #147 review by @justinmclean:

1. Amendment vote model: 'release vote' -> 'code-modification vote'
   The encoded rule (>=3 binding +1, any binding -1 vetoes) matches
   ASF consensus approval for code modifications, not majority
   approval for releases.

2. Veto-justification requirement: A binding -1 must now include a
   technical justification. Without one the veto is invalid and has
   no weight, matching ASF voting policy.

3. Generative tooling disclosure: P17 now requires a
   'Generated-by: <tool>' token in commit messages for AI-authored
   contributions, per ASF Generative Tooling Guidance.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

mode:platform Substrate / infra — not a mode (sandbox, CI, validators)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants