blob: 3bebbc8abac861f44fbd8c17214b34c0efa7523a [file]
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features
---
github:
description: "Agent-assisted maintainership and development framework for Apache projects — Triage, Mentoring, Drafting (agent-authored fixes with human review), and Pairing (developer-side dev-cycle) skills shipping; Agentic Autonomous (auto-merge) on the roadmap."
homepage: "https://magpie.apache.org/"
labels:
# Note that GitHub only supports <=20 labels/topics per repo! Pipeline
# will fail if you add more.
- apache
- security
- cve
- vulnerability-management
- vulnerability-disclosure
- agent-skills
- claude-code
- automation
features:
issues: true
projects: true
wiki: false
discussions: true
enabled_merge_buttons:
squash: true
merge: false
rebase: false
pull_requests:
allow_auto_merge: false
allow_update_branch: true
del_branch_on_merge: true
# External triage collaborators — GitHub IDs that get triage rights
# without being added to the apache org. ASF Infra caps this list
# at 10 entries; exceptions need a vp-infra@apache.org request.
collaborators:
# Non-ASF-members named in MISSION.md → "involved as
# collaborators on the project from day one":
- andreahlert # André Ahlert Junior
- johnslavik # Bartosz Sławecki
# The four below are listed in MISSION.md's non-ASF-members
# section but are already Apache Airflow committers, so they
# have triage rights via the apache GitHub org through their
# Airflow committer status — no `collaborators:` slot needed.
# Kept here as a record of intent; uncomment if and when their
# committer status changes.
# - choo121600 # Yeonguk Choo (Airflow committer)
# - shahar1 # Shahar Epstein (Airflow committer)
# - vincbeck # Vincent Beck (Airflow committer)
# - bugraoz93 # Buğra Öztürk (Airflow committer)
# Non-Airflow-committer ASF members from the MISSION.md PMC
# roster — added so they have triage rights from day one. The
# Airflow committers on the roster (Jarek, Elad, Pavan, Amogh)
# are not listed here; they have access via the apache GitHub
# org through their existing Airflow committer status.
- ppkarwasz # Piotr Karwasz (Log4J PMC)
- zeroshade # Matt Topol (Arrow PMC, Iceberg PMC)
- andrewmusselman # Andrew Musselman (Mahout PMC)
- justinmclean # Justin Mclean (Incubator PMC, Training PMC)
- jbonofre # Jean-Baptiste Onofré (Incubator PMC, Polaris PMC)
- paulk-asert # Paul King (Groovy PMC, Grails PMC, Incubator PMC)
- rusackas # Evan Rusackas (Superset PMC)
- russellspitzer # Russell Spitzer (Incubator PMC, Polaris PMC, Iceberg PMC)
# Disable GitHub Copilot completely on this repo. The framework's
# review workflow is human-driven (`pr-management-code-review`
# skill + maintainer review) and the agent-assisted authoring loop
# is Claude-Code-based; Copilot's per-PR comments and code-review
# ruleset duplicate / contradict both. The explicit `enabled:
# false` is required to actively remove the Copilot automatic-
# code-review ruleset if it was ever previously configured (per
# the asf.yaml `copilot_code_review` directive); this is the only
# lever asfyaml exposes for the Copilot integration today, and
# toggling it off is what "disable Copilot completely" reduces to
# in this config.
copilot_code_review:
enabled: false
# No `environments:` block by design — asfyaml's environment
# handler currently passes `prevent_self_review` as a kwarg to
# `Repository.create_environment()`, which the PyGithub version
# asfyaml ships does not accept ("Repository.create_environment()
# got an unexpected keyword argument 'prevent_self_review'"). The
# block is harmless to omit while no release workflow targets a
# deployment environment; re-add (with the `atr-release`
# protected-branches scaffold for ASF Trusted Releases) once the
# asfyaml / PyGithub interaction is fixed upstream and a release
# workflow exists that needs the environment.
# Branch protection on `main`. ASF Infra reconciles this within a
# few minutes of merge to main (asfyaml feature
# `protected_branches`). Earlier note about "configured directly in
# GitHub" was superseded by inspection — no direct-on-GitHub rule
# ever existed, so the protection now lives here next to the rest
# of the repo config.
#
# PMC FORMED — REVIEW REQUIREMENT IS A PMC DECISION
# -------------------------------------------------
# Pull-request approvals are currently NOT required. This was the
# bootstrap posture from when the framework ran under the Airflow
# PMC umbrella with a small set of committers (see MISSION.md);
# Magpie is now a Top-Level Project with its own PMC, so the PMC
# should decide whether to keep self-merge-after-CI or add a
# `required_pull_request_reviews:` section with
# `required_approving_review_count: 1` (or higher) and
# `dismiss_stale_reviews` / `require_code_owner_reviews` tuned to
# the committer / CODEOWNERS shape. Until the PMC changes it,
# status checks alone gate merges — a maintainer can self-merge
# after CI green.
protected_branches:
main:
# Required status checks. Listed contexts MUST run on every PR
# against `main` — path-filtered workflows are excluded
# (classic branch-protection has no "require only if run"
# semantics, so a path-filtered job that doesn't post a status
# would block the PR). Excluded for that reason:
# `asf-allowlist-check` (paths: `.github/**`) and
# `lint .claude/settings.json against baseline` from
# sandbox-lint (paths: `.claude/settings.json` +
# `tools/sandbox-lint/**`).
#
# CodeQL (`Analyze (python)`, `Analyze (actions)`) is NOT
# required. The framework repo is docs- and skills-heavy with
# no published runtime artefacts — the per-PR incremental
# value of CodeQL gating is low relative to the noise it
# produces on changes that do not touch real attack surface.
# The `codeql.yml` workflow still runs on every PR for
# visibility (findings surface in the Security tab), but a
# finding does not block merge. Re-introduce as a required
# gate if/when the project starts publishing runtime
# artefacts that warrant per-PR static analysis.
required_status_checks:
# `strict: false` — don't require the PR branch to be up
# to date with `main` before merging. With `strict: true`,
# every merge to `main` invalidates every other open PR and
# forces a rebase loop. False matches typical ASF practice
# for multi-contributor repos.
strict: false
contexts:
# zizmor — GitHub Actions security lint.
- "zizmor"
# Pre-commit (prek) — static checks across the repo,
# including the `lychee` link-check hook (link rot, broken
# `#anchor` fragments, dead external URLs). lychee was a
# standalone `link-check.yml` workflow with its own required
# `lychee` status; it is now a prek hook, so the `prek`
# context above is what gates link health. (Converting also
# dropped the old daily-cron rot sweep — link rot on files
# no PR touches is now only caught when a PR next edits them.)
- "prek"
# Per-project pytest matrix from tests.yml. Required via
# the single `tests-ok` umbrella job rather than the
# individual `pytest (<project>)` matrix entries — branch
# protection and rulesets both require exact-match status
# check names, so listing matrix entries here would force
# an `.asf.yaml` change on every matrix add / rename /
# removal. `tests-ok` `needs:` every matrix entry and
# fails unless all succeed, so the gate semantics are the
# same.
- "tests-ok"
# `required_pull_request_reviews:` deliberately omitted — see
# the PMC-decision note above. Re-add once the PMC settles the
# review requirement.
#
# Linear history matches `enabled_merge_buttons.squash: true`
# above — squash is the only enabled merge mode, so every
# merge results in a single commit on top of main.
required_linear_history: true
# Block merge while review threads remain unresolved. This
# bites even without an approval requirement: any reviewer
# who opens a thread blocks merge until it is resolved.
required_conversation_resolution: true
# Do NOT require signed commits. External contributors
# without configured GPG/SSH signing would be unable to
# contribute. Re-enable if/when the project adopts a
# committer-only signing policy.
required_signatures: false
notifications:
# Magpie is a Top-Level Project with its own mailing lists. All
# commit / PR / issue / discussion traffic routes to the project's
# own `commits@magpie.apache.org` list. (During the bootstrap phase
# the framework ran under the Airflow PMC umbrella and its events
# rode the Airflow PMC's lists; with TLP status Magpie now has its
# own `commits@` and the schemes below point at it.)
#
# Routing:
# - jobs → jobs@ (CI run notifications)
# - everything else → commits@
#
# ASF Infra defaults any *unset* notification field to
# `dev@<project>.apache.org`. The four `_status` / `_comment`
# schemes (`issues_status`, `issues_comment`, `pullrequests_status`,
# `pullrequests_comment`) are set explicitly to `commits@` here —
# **not** left to that default — so PR review comments, CI-status
# flips, and label / milestone changes go to the same list as the
# lifecycle events rather than landing on `dev@magpie.apache.org`.
# Per the ASF asf.yaml schema
# (https://github.com/apache/infrastructure-asfyaml/blob/main/asfyaml/feature/notifications.py
# `VALID_NOTIFICATION_SCHEMES`), if Infra adds a new scheme, set
# it explicitly in the same change to keep the `dev@` default
# suppressed.
commits: commits@magpie.apache.org
issues: commits@magpie.apache.org
issues_status: commits@magpie.apache.org
issues_comment: commits@magpie.apache.org
pullrequests: commits@magpie.apache.org
pullrequests_status: commits@magpie.apache.org
pullrequests_comment: commits@magpie.apache.org
discussions: commits@magpie.apache.org