.asf.yaml: route all notification schemes (suppress dev@ default)#9
Merged
Conversation
Without this change, ASF Infra was silently routing four GitHub event streams to `dev@airflow.apache.org` because the schemes were not explicitly populated in our `notifications:` block. The ASF asf.yaml validator at https://github.com/apache/infrastructure-asfyaml/blob/main/asfyaml/feature/notifications.py defines `VALID_NOTIFICATION_SCHEMES` with eleven schemes that apply to a public GitHub repo. Any unset scheme falls back to `dev@<project>.apache.org`. We were setting only five (`commits`, `issues`, `pullrequests`, `jobs`, `discussions`), so the four "bot event" streams were leaking to dev@: - `issues_status` — issue open/close/label-change events. - `issues_comment` — comments on issues. - `pullrequests_status` — PR state changes + CI status-check failures (the noisiest one). - `pullrequests_comment` — comments on PRs. (`commits_by_path` is an optional path-specific override, not a default-target field, so it stays unset.) This commit: - Adds explicit routes for all four leaking schemes — same target as the rest (`commits@airflow.apache.org`), per the existing Airflow PMC umbrella. - Reformats the field list with column alignment so the missing- scheme regression is hard to reintroduce silently. - Expands the comment to spell out the dev@ default behaviour, the schema link, and the rationale for the `commits@airflow.apache.org` routing (it's the standard bot-event mirror list, public-by- design, already moderated for bot-only traffic). No effect on the five schemes that were already routed correctly; the change is purely additive. Generated-by: Claude Code (Claude Opus 4.7)
6 tasks
andreahlert
referenced
this pull request
in andreahlert/magpie
May 15, 2026
- Replace SPDX with full ASF v2 license header (jbonofre) - Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre) - Extend #5 with deterministic-first execution to save tokens (potiuk) - Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer) - Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer) - Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
potiuk
referenced
this pull request
in andreahlert/magpie
May 24, 2026
- Replace SPDX with full ASF v2 license header (jbonofre) - Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre) - Extend #5 with deterministic-first execution to save tokens (potiuk) - Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer) - Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer) - Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
4 tasks
potiuk
added a commit
that referenced
this pull request
May 25, 2026
#273) Generalise the leading bracketed-tag regex in the template (and the matching example cascade in security-cve-allocate/SKILL.md) so it catches any square- or round-bracketed leading tag whose body contains the word "security" or "important", case-insensitive — e.g. (Security Issue), [ Security Vulnerability ], [IMPORTANT], (Important - please read), in addition to the existing four [Security X] forms. Add a new pattern #9 to strip trailing IDs from known external bug-bounty / disclosure trackers — (ZDRES-NNN), [HUNTR-NNN], (GHSL-YYYY-NNN) — in either bracket style. Extend the alternation per project as new reporter brands surface (SNYK-, BDSA-, etc.). Real motivating example: an airflow-s tracker whose subject was "[ Security Report ] LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token (ZDRES-223)" — the leading prefix matched the old pattern but no pattern covered the trailing (ZDRES-223). Verified the new cascade collapses this to "LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token". Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
potiuk
referenced
this pull request
in andreahlert/magpie
May 27, 2026
- Replace SPDX with full ASF v2 license header (jbonofre) - Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre) - Extend #5 with deterministic-first execution to save tokens (potiuk) - Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer) - Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer) - Standardize on US English (analyze, artifact, behavior, catalog, license, specialized)
potiuk
pushed a commit
that referenced
this pull request
Jun 2, 2026
* docs(principles): add operational principles document PRINCIPLES.md restates RFC-AI-0004's six baseline principles in their operational shape and adds the project-internal commitments the RFC deliberately defers: eval as release blocker, contributor-sentiment gating, no default telemetry, reproducibility from signed source, maintainer education shipped with the platform. 19 ordered principles. Earlier outranks later when they collide. Amendment process matches the release-vote process (>=3 binding +1, no binding -1, 72h window, no lazy consensus). Positioned as project-internal operating contract, not a competing RFC. * docs(principles): address review feedback on PRINCIPLES.md - Replace SPDX with full ASF v2 license header (jbonofre) - Clarify binding audience: contributors, committers, PMC, unmodified adopters (jbonofre) - Extend #5 with deterministic-first execution to save tokens (potiuk) - Extend #6 with explicit human sign-off for outbound human communication (RussellSpitzer) - Rework #9 around capability floor instead of "same code on all backends", add justified-and-minimized clause, add end-to-end single-machine config requirement (RussellSpitzer) - Standardize on US English (analyze, artifact, behavior, catalog, license, specialized) * docs(principles): disambiguate 'language-independent' as 'programming-language independent' (RussellSpitzer) * docs(principles): qualify P6 merge rule as 'unilaterally' to resolve auto-merge tension (justinmclean) * docs(principles): scope P3 'first-class' as adopter, clarify amendment proposal path (justinmclean) * docs(principles): add PMC adjudication path for disputed committer blocks (justinmclean) * docs(principles): scope P6 impersonation claim to messages read as maintainer-authored (justinmclean) * docs(principles): replace dangling 'same family' clause with single-principle interpretation rule (justinmclean) * docs(principles): add generated TOC * docs(principles): align P14 with upstream Skills contract A skill is always a directory with SKILL.md as entrypoint, even for one-file workflows. SKILL.md stays under 500 lines; longer reference material moves into sibling markdown linked one level deep. Matches the runtime contract documented at https://code.claude.com/docs/en/skills and https://platform.claude.com/docs/en/agents-and-tools/agent-skills/best-practices, and reflects how skills in this repo (contributor-nomination, pr-management-code-review, pr-management-mentor) are already authored. * docs(principles): make P6 merge clause explicit on subject and close auto-merge gap (justinmclean) * docs(principles): resolve disputed blocks via PMC consensus first, vote as last resort (justinmclean) * docs(principles): soften P11 reproducibility requirement Addresses review feedback that 'bytes are identical' is too strong for a project-agnostic framework. Toolchains vary in their ability to produce byte-identical output; some have known divergence sources (timestamps, file ordering, path embedding). P11 now requires byte-identical builds where achievable, and where the toolchain makes that impractical, the release process must document the divergence and provide an alternative local verification mechanism. The 'no code without reviewed PR' guard stays absolute. Refs: PR #147 review * docs(principles): move ASF license header to top of file The doctoc-generated TOC was placed above the Apache license header, which breaks tooling that expects the license notice in the first few lines of the file. Move the license block to line 1, followed by the TOC. Refs: PR #147 review * docs(principles): align amendment process and blocking rules with ASF policy Three fixes from PR #147 review by @justinmclean: 1. Amendment vote model: 'release vote' -> 'code-modification vote' The encoded rule (>=3 binding +1, any binding -1 vetoes) matches ASF consensus approval for code modifications, not majority approval for releases. 2. Veto-justification requirement: A binding -1 must now include a technical justification. Without one the veto is invalid and has no weight, matching ASF voting policy. 3. Generative tooling disclosure: P17 now requires a 'Generated-by: <tool>' token in commit messages for AI-authored contributions, per ASF Generative Tooling Guidance.
21 tasks
potiuk
pushed a commit
to justinmclean/airflow-steward
that referenced
this pull request
Jun 14, 2026
…on blocks Adds validate_validation_paths() which extracts filesystem paths from shell patterns in ## Validation code blocks (--project, --directory, bash -n, shellcheck, test -f) and checks each exists under the repo root. Shell variables ($) and placeholder tokens (<) are silently skipped. Catches stale paths after renames before they accumulate. Also fixes a stale path in mentoring-mode.md (Validation block referenced .claude/skills/good-first-issue-author/SKILL.md; the installed name is magpie-good-first-issue-author). Generated-by: Claude (Opus 4.7)
potiuk
pushed a commit
that referenced
this pull request
Jun 14, 2026
…cks (#513) Adds validate_validation_paths() which extracts filesystem paths from shell patterns in ## Validation code blocks (--project, --directory, bash -n, shellcheck, test -f) and checks each exists under the repo root. Shell variables ($) and placeholder tokens (<) are silently skipped. Catches stale paths after renames before they accumulate. Also fixes a stale path in mentoring-mode.md (Validation block referenced .claude/skills/good-first-issue-author/SKILL.md; the installed name is magpie-good-first-issue-author). Generated-by: Claude (Opus 4.7)
15 tasks
potiuk
pushed a commit
that referenced
this pull request
Jun 26, 2026
#560) Add [dependency-groups] dev = [pytest, ruff] to tools/spec-validator/pyproject.toml so that the standard monorepo invocation uv run --project tools/spec-validator --group dev pytest tools/spec-validator/tests/ works from the repo root, matching the pattern established by tools/skill-and-tool-validator (asf-coupling-lint) and documented in the module docstring. Also fix a copy-paste comment mislabelling check #9 (validation-path existence as check #8 — SPDX header validation is check #8. Generated-by: Claude (Opus 4.7) EOF )
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The repo was leaking four GitHub event streams to
dev@airflow.apache.orgbecause those schemes were unset in ournotifications:block — and ASF Infra defaults any unset scheme todev@<project>.apache.org.Root cause
Per the ASF asf.yaml validator at
apache/infrastructure-asfyaml,VALID_NOTIFICATION_SCHEMESincludes eleven schemes for a public GitHub repo:Our previous config set five (
commits,issues,pullrequests,jobs,discussions). The four GitHub-event streamsissues_status,issues_comment,pullrequests_status,pullrequests_commentwere unset, so every issue label change, every issue comment, every PR state change + CI status check failure, and every PR comment was being routed todev@airflow.apache.org.pullrequests_statusis by far the noisiest of these — it fires on every CI status-check failure across every PR.(
commits_by_pathis an optional path-specific override and is intentionally left unset;jira_optionsis for Jira-integrated repos.)For reference,
apache/airflowitself has the same five-field shape and is presumably leaking the same four streams todev@airflow.apache.org— that's a separate fix to propose there.What this PR does
commits@airflow.apache.org), the standard Airflow PMC bot-event mirror list.commits@airflow.apache.orgtarget.Diff
.asf.yaml,+33 −5. Four new field lines + comment expansion. The five existing routes are unchanged.Test plan
prekpasses (no doctoc / EOF / line-ending changes)..asf.yamlprocessor is the verifier — it will either accept the new schemes (silently good) or reject the file with a validation error (visible in the gitbox notification email toprivate@airflow.apache.org).dev@airflow.apache.orgfor an absence ofapache-airflow-stewardissue/PR notifications over the next ~week.🤖 Generated with Claude Code