ci: add prek/zizmor/codeql/allowlist workflows, dependabot, .asf.yaml#5
Merged
Conversation
Bootstraps the standard ASF/security CI surface for the framework
repo, mirroring what airflow-s and apache/airflow run. The framework
had no CI of its own — the .pre-commit-config.yaml hooks defined
hooks (ruff/format/mypy/pytest for the two Python projects) but
nothing was actually invoking them on PRs.
Files added:
- .github/workflows/pre-commit.yml — runs `prek` on every PR and
push to main. Sets up Python and uv before invoking
`j178/prek-action`; uv is required because the per-project hooks
under tools/{vulnogram/generate-cve-json,gmail/oauth-draft}/
invoke `uv run --directory ...`.
- .github/workflows/zizmor.yml — GitHub Actions security analysis
via zizmorcore/zizmor-action. Reads .zizmor.yml at the repo root.
- .github/workflows/codeql.yml — weekly + per-PR CodeQL analysis
for Python (the only hand-written language in this repo). Uses
the `security-and-quality` query suite; no security-extended
needed (the code is stdlib-only / single OAuth dep and does not
process untrusted runtime input).
- .github/workflows/asf-allowlist-check.yml — ASF infra's
allowlist-check action, scoped to PRs that touch .github/.
Catches actions that haven't been allow-listed by ASF Infra.
- .github/dependabot.yml — weekly bumps with a 7-day cooldown for
four ecosystems: github-actions (root), pre-commit (root), and
uv with a directory entry per Python project
(tools/vulnogram/generate-cve-json, tools/gmail/oauth-draft).
- .zizmor.yml — empty rule overrides, so every finding surfaces
initially. Add ignores here when accepting a known false
positive.
- .asf.yaml — repo metadata that ASF Infra picks up: description
(replacing the current incorrect "Apache airflow"), homepage,
labels, feature flags (issues/projects/discussions on, wiki off),
squash-only merge, no auto-merge, head branch deletion on merge,
and notification routing to airflow.apache.org lists (the
framework lives under the Airflow PMC umbrella for now).
Deliberately **no `protected_branches:` block** — branch
protection stays in GitHub UI for now until the project's
release/branching policy stabilises.
All actions are pinned to SHAs (matching the airflow-s convention);
versions chosen are the latest as used by airflow-s/airflow at the
time of writing.
Test plan:
- `prek` passes on the new workflow files (yaml-lint, doctoc skip,
end-of-file-fixer all green).
- `zizmor` v1.24.1 audit of the four workflow files plus
dependabot.yml: no findings.
- The actual CI runs will fire on the PR and validate the workflows
themselves end-to-end.
Generated-by: Claude Code (Claude Opus 4.7)
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
…own)
Replaces the `j178/prek-action` step in the pre-commit workflow with
a `uv sync --group dev` + `uv run prek` invocation, and adds a root
`pyproject.toml` so the framework's dependency-resolution settings
have a place to live.
Why the swap:
- `uv tool install` does not honor `[tool.uv]` settings from a
pyproject.toml in cwd, so the `exclude-newer` cooldown below would
not have applied to a `uv tool install prek` invocation.
- `uv sync --group dev` does — prek is now a declared dev
dependency of the framework root, the resolution honors the
`exclude-newer` cooldown, and the resolved version is locked in
the root `uv.lock` for reproducibility across CI runs.
Root `pyproject.toml`:
- `[project]` block declares the framework root as a (non-package)
uv-managed project. `[tool.uv] package = false` keeps uv from
trying to build a wheel from the framework root.
- `[dependency-groups] dev = ["prek>=0.3.5"]` — lower bound mirrors
`minimum_prek_version` in `.pre-commit-config.yaml`; upper bound
is enforced implicitly by the cooldown below, so the resolved
version is "the most recent prek that is at least 7 days old"
(currently 0.3.10, released 2026-04-21).
- `[tool.uv] required-version = ">=0.11.8"` pins the minimum uv
version (latest at time of writing).
- `[tool.uv] exclude-newer = "7 days"` — relative cooldown, applied
uniformly across all uv resolutions (including the per-project
resolutions for the two Python projects under `tools/`, which uv
re-resolved as a side-effect of the root settings).
- `[tool.uv] exclude-newer-package = { uv = "1 day" }` — per-package
override for `uv` itself, since the latest uv (0.11.8, released
2026-04-27) is within the 7-day window. The TODO comment marks
2026-05-05 as the date when this override becomes redundant and
can be dropped.
Workflow change:
- Drop the `actions/setup-python` step. uv brings its own Python
via `uv sync` and the per-project hooks already use `uv run
--directory ...` for their Python needs.
- Drop the `j178/prek-action` step. Replaced with `uv sync
--group dev` (resolves prek through the root pyproject.toml's
cooldown settings) followed by `uv run prek run --all-files
--show-diff-on-failure --color=always`.
Per-tool lockfile updates (`tools/gmail/oauth-draft/uv.lock`,
`tools/vulnogram/generate-cve-json/uv.lock`):
These re-resolved as a side-effect of the new root `[tool.uv]
exclude-newer` setting being inherited by the subprojects. The
version downgrades (e.g. cryptography 47.0.0 → 46.0.7, certifi
2026.4.22 → 2026.2.25) are within stable releases and all 122 tests
+ 8 lint/type-check hooks pass against the new resolution.
Generated-by: Claude Code (Claude Opus 4.7)
6 tasks
andreahlert
referenced
this pull request
in andreahlert/magpie
May 15, 2026
- Replace SPDX with full ASF v2 license header (jbonofre) - Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre) - Extend #5 with deterministic-first execution to save tokens (potiuk) - Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer) - Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer) - Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
potiuk
referenced
this pull request
in andreahlert/magpie
May 24, 2026
- Replace SPDX with full ASF v2 license header (jbonofre) - Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre) - Extend #5 with deterministic-first execution to save tokens (potiuk) - Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer) - Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer) - Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
3 tasks
potiuk
added a commit
that referenced
this pull request
May 25, 2026
…reporter contact (#278) When a tracker has no direct way to reach the original reporter -- ASF-security-relay reports, read-only GitHub Private Reporting, AI scan markdown imports, anonymous tips -- the skills now route reporter-facing communication through the forwarder (the security- team member or relay service that delivered the report). In that *via-forwarder mode*, only important lifecycle milestones are relayed. Regular workflow chatter and credit-acceptance confirmation messages are suppressed so the forwarder isn't pinged with low-signal updates that would burn their goodwill. - New `docs/security/forwarder-routing-policy.md`: single source of truth. Defines four ways via-forwarder mode is detected (ASF-relay sender, read-only GHSA, -from-md imports, explicit `<!-- apache-steward: routing-mode via-forwarder -->` marker). Milestones that DO relay: report-accepted-as-valid, report-assessed-as-invalid, advisory-sent, additional-information requests. Each milestone carries a short body template referencing the external identifier (GHSA ID, HackerOne URL) rather than re-stating the technical detail. - *CVE allocated* is intentionally handled OUTSIDE the policy: Vulnogram typically emits its own allocation notification, and the team owes the reporter (or forwarder) a single short notification here regardless of routing mode -- no recipient swap, no suppression. - Negative space is the *credit-acceptance confirmation* class: follow-up "please confirm we will credit you as X" chase-ups and the standalone bot/AI credit-clarification draft. The credit *question* itself (initial one-line ask folded into a milestone draft) is NOT suppressed -- the forwarder might know or might relay it. The distinction: a question is cheap and one-shot; a confirmation demands a reply the forwarder can't supply. - `security-issue-import` Step 7 ASF-relay branch: re-framed as the canonical via-forwarder receipt-of-confirmation. Folds the credit question in as a single best-effort line; no standalone credit-acceptance confirmation drafts. - `security-issue-sync` reporter-draft section: applies the policy to decide direct vs forwarder vs suppress, with a "skipped reporter draft" recap line for non-milestone events. - `security-issue-invalidate` Step 5d: re-framed as the *Report assessed as invalid* milestone; explicit direct vs forwarder recipient selection. - `security-cve-allocate` Step 4 #5: re-framed as out-of-scope per the policy. Same draft body in both modes; the credit *question* is folded in (allowed by the question-vs-confirmation distinction), the standalone re-confirmation is suppressed in via-forwarder mode. - `tools/vulnogram/bot-credits-policy.md`: defers to the new policy. The standalone bot/AI credit-clarification draft (a credit-acceptance confirmation by nature) is suppressed in via-forwarder mode; the bot detection itself still runs. - `docs/security/README.md` deep-doc index + `roles.md` *Shared conventions -> Keeping the reporter informed*: link to the policy. Generated-by: Claude Code (Opus 4.7)
potiuk
referenced
this pull request
in andreahlert/magpie
May 27, 2026
- Replace SPDX with full ASF v2 license header (jbonofre) - Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre) - Extend #5 with deterministic-first execution to save tokens (potiuk) - Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer) - Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer) - Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
potiuk
pushed a commit
that referenced
this pull request
Jun 2, 2026
* docs(principles): add operational principles document PRINCIPLES.md restates RFC-AI-0004's six baseline principles in their operational shape and adds the project-internal commitments the RFC deliberately defers: eval as release blocker, contributor-sentiment gating, no default telemetry, reproducibility from signed source, maintainer education shipped with the platform. 19 ordered principles. Earlier outranks later when they collide. Amendment process matches the release-vote process (>=3 binding +1, no binding -1, 72h window, no lazy consensus). Positioned as project-internal operating contract, not a competing RFC. * docs(principles): address review feedback on PRINCIPLES.md - Replace SPDX with full ASF v2 license header (jbonofre) - Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre) - Extend #5 with deterministic-first execution to save tokens (potiuk) - Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer) - Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer) - Standardize on US English (analyze, artifact, behavior, catalog, license, specialized) * docs(principles): disambiguate 'language-independent' as 'programming-language independent' (RussellSpitzer) * docs(principles): qualify P6 merge rule as 'unilaterally' to resolve auto-merge tension (justinmclean) * docs(principles): scope P3 'first-class' as adopter, clarify amendment proposal path (justinmclean) * docs(principles): add PMC adjudication path for disputed committer blocks (justinmclean) * docs(principles): scope P6 impersonation claim to messages read as maintainer-authored (justinmclean) * docs(principles): replace dangling 'same family' clause with single-principle interpretation rule (justinmclean) * docs(principles): add generated TOC * docs(principles): align P14 with upstream Skills contract A skill is always a directory with SKILL.md as entrypoint, even for one-file workflows. SKILL.md stays under 500 lines; longer reference material moves into sibling markdown linked one level deep. Matches the runtime contract documented at https://code.claude.com/docs/en/skills and https://platform.claude.com/docs/en/agents-and-tools/agent-skills/best-practices, and reflects how skills in this repo (contributor-nomination, pr-management-code-review, pr-management-mentor) are already authored. * docs(principles): make P6 merge clause explicit on subject and close auto-merge gap (justinmclean) * docs(principles): resolve disputed blocks via PMC consensus first, vote as last resort (justinmclean) * docs(principles): soften P11 reproducibility requirement Addresses review feedback that 'bytes are identical' is too strong for a project-agnostic framework. Toolchains vary in their ability to produce byte-identical output; some have known divergence sources (timestamps, file ordering, path embedding). P11 now requires byte-identical builds where achievable, and where the toolchain makes that impractical, the release process must document the divergence and provide an alternative local verification mechanism. The 'no code without reviewed PR' guard stays absolute. Refs: PR #147 review * docs(principles): move ASF license header to top of file The doctoc-generated TOC was placed above the Apache license header, which breaks tooling that expects the license notice in the first few lines of the file. Move the license block to line 1, followed by the TOC. Refs: PR #147 review * docs(principles): align amendment process and blocking rules with ASF policy Three fixes from PR #147 review by @justinmclean: 1. Amendment vote model: 'release vote' -> 'code-modification vote' The encoded rule (>=3 binding +1, any binding -1 vetoes) matches ASF consensus approval for code modifications, not majority approval for releases. 2. Veto-justification requirement: A binding -1 must now include a technical justification. Without one the veto is invalid and has no weight, matching ASF voting policy. 3. Generative tooling disclosure: P17 now requires a 'Generated-by: <tool>' token in commit messages for AI-authored contributions, per ASF Generative Tooling Guidance.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bootstraps the standard ASF / security CI surface for the framework repo. The framework had no CI of its own —
.pre-commit-config.yamldefined hooks (ruff/format/mypy/pytest for the two Python projects) but nothing was actually invoking them on PRs.Mirrors what
airflow-s/airflow-sandapache/airflowrun.Files added
.github/workflows/pre-commit.yml— runsprekon every PR and push tomain. Sets up Python anduvbefore invokingj178/prek-action;uvis required because the per-project hooks undertools/{vulnogram/generate-cve-json,gmail/oauth-draft}/invokeuv run --directory .....github/workflows/zizmor.yml— GitHub Actions security analysis viazizmorcore/zizmor-action. Reads.zizmor.ymlat the repo root..github/workflows/codeql.yml— weekly + per-PR CodeQL analysis for Python (the only hand-written language in this repo). Uses thesecurity-and-qualityquery suite; nosecurity-extendedneeded (the code is stdlib-only / single OAuth dep and does not process untrusted runtime input)..github/workflows/asf-allowlist-check.yml— ASF infra'sallowlist-checkaction, scoped to PRs that touch.github/. Catches actions that haven't been allow-listed by ASF Infra..github/dependabot.yml— weekly bumps with a 7-day cooldown for four ecosystems:github-actions(root),pre-commit(root), anduvwith a directory entry per Python project (tools/vulnogram/generate-cve-json,tools/gmail/oauth-draft)..zizmor.yml— empty rule overrides, so every finding surfaces initially. Add ignores here when accepting a known false positive..asf.yaml— repo metadata that ASF Infra picks up:airflow.apache.orglists (the framework lives under the Airflow PMC umbrella for now; revisit if/when the repo moves toapache/stewardunder a different PMC).protected_branches:block — branch protection stays in the GitHub UI for now until the project's release/branching policy stabilises.All actions are pinned to SHAs (matching the airflow-s convention); versions chosen are the latest as used by
airflow-s/airflow-s/apache/airflowat the time of writing.Test plan
prekpasses on the new workflow files locally.zizmorv1.24.1 audit of the four workflow files plusdependabot.yml: no findings.🤖 Generated with Claude Code