| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| # https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features |
| --- |
| github: |
| description: "Agent-assisted maintainership and development framework for Apache projects — Triage, Mentoring, Drafting (agent-authored fixes with human review), and Pairing (developer-side dev-cycle) skills shipping; Agentic Autonomous (auto-merge) on the roadmap." |
| homepage: "https://magpie.apache.org/" |
| labels: |
| # Note that GitHub only supports <=20 labels/topics per repo! Pipeline |
| # will fail if you add more. |
| - apache |
| - security |
| - cve |
| - vulnerability-management |
| - vulnerability-disclosure |
| - agent-skills |
| - claude-code |
| - automation |
| features: |
| issues: true |
| projects: true |
| wiki: false |
| discussions: true |
| |
| enabled_merge_buttons: |
| squash: true |
| merge: false |
| rebase: false |
| |
| pull_requests: |
| allow_auto_merge: false |
| allow_update_branch: true |
| del_branch_on_merge: true |
| |
| # External triage collaborators — GitHub IDs that get triage rights |
| # without being added to the apache org. ASF Infra caps this list |
| # at 10 entries; exceptions need a vp-infra@apache.org request. |
| collaborators: |
| # Non-ASF-members named in MISSION.md → "involved as |
| # collaborators on the project from day one": |
| - andreahlert # André Ahlert Junior |
| - johnslavik # Bartosz Sławecki |
| # The four below are listed in MISSION.md's non-ASF-members |
| # section but are already Apache Airflow committers, so they |
| # have triage rights via the apache GitHub org through their |
| # Airflow committer status — no `collaborators:` slot needed. |
| # Kept here as a record of intent; uncomment if and when their |
| # committer status changes. |
| # - choo121600 # Yeonguk Choo (Airflow committer) |
| # - shahar1 # Shahar Epstein (Airflow committer) |
| # - vincbeck # Vincent Beck (Airflow committer) |
| # - bugraoz93 # Buğra Öztürk (Airflow committer) |
| # Non-Airflow-committer ASF members from the MISSION.md PMC |
| # roster — added so they have triage rights from day one. The |
| # Airflow committers on the roster (Jarek, Elad, Pavan, Amogh) |
| # are not listed here; they have access via the apache GitHub |
| # org through their existing Airflow committer status. |
| - ppkarwasz # Piotr Karwasz (Log4J PMC) |
| - zeroshade # Matt Topol (Arrow PMC, Iceberg PMC) |
| - andrewmusselman # Andrew Musselman (Mahout PMC) |
| - justinmclean # Justin Mclean (Incubator PMC, Training PMC) |
| - jbonofre # Jean-Baptiste Onofré (Incubator PMC, Polaris PMC) |
| - paulk-asert # Paul King (Groovy PMC, Grails PMC, Incubator PMC) |
| - rusackas # Evan Rusackas (Superset PMC) |
| - russellspitzer # Russell Spitzer (Incubator PMC, Polaris PMC, Iceberg PMC) |
| |
| # Disable GitHub Copilot completely on this repo. The framework's |
| # review workflow is human-driven (`pr-management-code-review` |
| # skill + maintainer review) and the agent-assisted authoring loop |
| # is Claude-Code-based; Copilot's per-PR comments and code-review |
| # ruleset duplicate / contradict both. The explicit `enabled: |
| # false` is required to actively remove the Copilot automatic- |
| # code-review ruleset if it was ever previously configured (per |
| # the asf.yaml `copilot_code_review` directive); this is the only |
| # lever asfyaml exposes for the Copilot integration today, and |
| # toggling it off is what "disable Copilot completely" reduces to |
| # in this config. |
| copilot_code_review: |
| enabled: false |
| |
| # No `environments:` block by design — asfyaml's environment |
| # handler currently passes `prevent_self_review` as a kwarg to |
| # `Repository.create_environment()`, which the PyGithub version |
| # asfyaml ships does not accept ("Repository.create_environment() |
| # got an unexpected keyword argument 'prevent_self_review'"). The |
| # block is harmless to omit while no release workflow targets a |
| # deployment environment; re-add (with the `atr-release` |
| # protected-branches scaffold for ASF Trusted Releases) once the |
| # asfyaml / PyGithub interaction is fixed upstream and a release |
| # workflow exists that needs the environment. |
| |
| # Branch protection on `main`. ASF Infra reconciles this within a |
| # few minutes of merge to main (asfyaml feature |
| # `protected_branches`). Earlier note about "configured directly in |
| # GitHub" was superseded by inspection — no direct-on-GitHub rule |
| # ever existed, so the protection now lives here next to the rest |
| # of the repo config. |
| # |
| # PMC FORMED — REVIEW REQUIREMENT IS A PMC DECISION |
| # ------------------------------------------------- |
| # Pull-request approvals are currently NOT required. This was the |
| # bootstrap posture from when the framework ran under the Airflow |
| # PMC umbrella with a small set of committers (see MISSION.md); |
| # Magpie is now a Top-Level Project with its own PMC, so the PMC |
| # should decide whether to keep self-merge-after-CI or add a |
| # `required_pull_request_reviews:` section with |
| # `required_approving_review_count: 1` (or higher) and |
| # `dismiss_stale_reviews` / `require_code_owner_reviews` tuned to |
| # the committer / CODEOWNERS shape. Until the PMC changes it, |
| # status checks alone gate merges — a maintainer can self-merge |
| # after CI green. |
| protected_branches: |
| main: |
| # Required status checks. Listed contexts MUST run on every PR |
| # against `main` — path-filtered workflows are excluded |
| # (classic branch-protection has no "require only if run" |
| # semantics, so a path-filtered job that doesn't post a status |
| # would block the PR). Excluded for that reason: |
| # `asf-allowlist-check` (paths: `.github/**`) and |
| # `lint .claude/settings.json against baseline` from |
| # sandbox-lint (paths: `.claude/settings.json` + |
| # `tools/sandbox-lint/**`). |
| # |
| # CodeQL (`Analyze (python)`, `Analyze (actions)`) is NOT |
| # required. The framework repo is docs- and skills-heavy with |
| # no published runtime artefacts — the per-PR incremental |
| # value of CodeQL gating is low relative to the noise it |
| # produces on changes that do not touch real attack surface. |
| # The `codeql.yml` workflow still runs on every PR for |
| # visibility (findings surface in the Security tab), but a |
| # finding does not block merge. Re-introduce as a required |
| # gate if/when the project starts publishing runtime |
| # artefacts that warrant per-PR static analysis. |
| required_status_checks: |
| # `strict: false` — don't require the PR branch to be up |
| # to date with `main` before merging. With `strict: true`, |
| # every merge to `main` invalidates every other open PR and |
| # forces a rebase loop. False matches typical ASF practice |
| # for multi-contributor repos. |
| strict: false |
| contexts: |
| # zizmor — GitHub Actions security lint. |
| - "zizmor" |
| # Pre-commit (prek) — static checks across the repo, |
| # including the `lychee` link-check hook (link rot, broken |
| # `#anchor` fragments, dead external URLs). lychee was a |
| # standalone `link-check.yml` workflow with its own required |
| # `lychee` status; it is now a prek hook, so the `prek` |
| # context above is what gates link health. (Converting also |
| # dropped the old daily-cron rot sweep — link rot on files |
| # no PR touches is now only caught when a PR next edits them.) |
| - "prek" |
| # Per-project pytest matrix from tests.yml. Required via |
| # the single `tests-ok` umbrella job rather than the |
| # individual `pytest (<project>)` matrix entries — branch |
| # protection and rulesets both require exact-match status |
| # check names, so listing matrix entries here would force |
| # an `.asf.yaml` change on every matrix add / rename / |
| # removal. `tests-ok` `needs:` every matrix entry and |
| # fails unless all succeed, so the gate semantics are the |
| # same. |
| - "tests-ok" |
| # `required_pull_request_reviews:` deliberately omitted — see |
| # the PMC-decision note above. Re-add once the PMC settles the |
| # review requirement. |
| # |
| # Linear history matches `enabled_merge_buttons.squash: true` |
| # above — squash is the only enabled merge mode, so every |
| # merge results in a single commit on top of main. |
| required_linear_history: true |
| # Block merge while review threads remain unresolved. This |
| # bites even without an approval requirement: any reviewer |
| # who opens a thread blocks merge until it is resolved. |
| required_conversation_resolution: true |
| # Do NOT require signed commits. External contributors |
| # without configured GPG/SSH signing would be unable to |
| # contribute. Re-enable if/when the project adopts a |
| # committer-only signing policy. |
| required_signatures: false |
| |
| notifications: |
| # Magpie is a Top-Level Project with its own mailing lists. All |
| # commit / PR / issue / discussion traffic routes to the project's |
| # own `commits@magpie.apache.org` list. (During the bootstrap phase |
| # the framework ran under the Airflow PMC umbrella and its events |
| # rode the Airflow PMC's lists; with TLP status Magpie now has its |
| # own `commits@` and the schemes below point at it.) |
| # |
| # Routing: |
| # - jobs → jobs@ (CI run notifications) |
| # - everything else → commits@ |
| # |
| # ASF Infra defaults any *unset* notification field to |
| # `dev@<project>.apache.org`. The four `_status` / `_comment` |
| # schemes (`issues_status`, `issues_comment`, `pullrequests_status`, |
| # `pullrequests_comment`) are set explicitly to `commits@` here — |
| # **not** left to that default — so PR review comments, CI-status |
| # flips, and label / milestone changes go to the same list as the |
| # lifecycle events rather than landing on `dev@magpie.apache.org`. |
| # Per the ASF asf.yaml schema |
| # (https://github.com/apache/infrastructure-asfyaml/blob/main/asfyaml/feature/notifications.py |
| # `VALID_NOTIFICATION_SCHEMES`), if Infra adds a new scheme, set |
| # it explicitly in the same change to keep the `dev@` default |
| # suppressed. |
| commits: commits@magpie.apache.org |
| issues: commits@magpie.apache.org |
| issues_status: commits@magpie.apache.org |
| issues_comment: commits@magpie.apache.org |
| pullrequests: commits@magpie.apache.org |
| pullrequests_status: commits@magpie.apache.org |
| pullrequests_comment: commits@magpie.apache.org |
| discussions: commits@magpie.apache.org |