This is an automated email from the ASF dual-hosted git repository.
choo121600 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new eda68555842 Slim .apache-steward-overrides/ to project-specific values
(#67488)
eda68555842 is described below
commit eda68555842cf1d38b72a91c2cb9b00f698856b7
Author: Jarek Potiuk <[email protected]>
AuthorDate: Mon May 25 21:08:03 2026 +0200
Slim .apache-steward-overrides/ to project-specific values (#67488)
* Slim .apache-steward-overrides/ to project-specific values
Drops content from .apache-steward-overrides/ that the
framework either already provides via default or no longer
references.
pr-management-triage-comment-templates.md goes 320 -> 196
lines. The framework documents this override file's role as
supplying "comment-body URLs, AI-attribution footer wording,
project display name" — explicitly not template bodies. The
framework ships default bodies; the skill renders them with
the URLs / wording from this override's tables.
Sections deleted (all byte-identical to framework defaults,
or referencing actions the framework removed): `draft`,
`comment-only`, `close`, `review-nudge` (author-primary +
reviewer-re-review), `reviewer-ping` (author-primary +
reviewer-re-review), `mark-ready-with-ping` (deprecated
action), `stale-draft-close` (triaged + untriaged),
`inactive-to-draft`, `stale-workflow-approval`,
`suspicious-changes`.
Kept: `request-author-confirmation` body — Airflow's
maintainer-sweep handback flow differs from the framework's
default reviewer-ping flow. Once apache/airflow-steward#286
lands (promotes this as an optional handback-mode variant),
a follow-up can drop the last project-specific body and just
configure the mode.
Also deletes .apache-steward-overrides/user.md — it was all
TODO placeholders and sits at the framework's deprecated
per-project location. Recommended location is per-user
~/.config/apache-steward/user.md (per setup-steward/adopt.md
Step 9b).
* apache-steward: bootstrap-skill update for framework 66d88e2
Per setup-steward upgrade.md Step 4b, the committed bootstrap
copy is auto-refreshed from the snapshot. The framework version
went 14d80e6 → 66d88e2 in this upgrade; the only file with a
material diff in the bootstrap is upgrade.md, which gains the
new Step 6d ("Audit framework template genericity") block from
apache/airflow-steward#280 plus the corresponding output row.
The .apache-steward.local.lock also moved to 66d88e2; that file
is gitignored and not part of this commit.
---
.../pr-management-triage-comment-templates.md | 178 ++++-----------------
.apache-steward-overrides/user.md | 59 -------
.github/skills/setup-steward/upgrade.md | 63 ++++++++
3 files changed, 90 insertions(+), 210 deletions(-)
diff --git
a/.apache-steward-overrides/pr-management-triage-comment-templates.md
b/.apache-steward-overrides/pr-management-triage-comment-templates.md
index 58c63782840..2b05f27b204 100644
--- a/.apache-steward-overrides/pr-management-triage-comment-templates.md
+++ b/.apache-steward-overrides/pr-management-triage-comment-templates.md
@@ -27,20 +27,7 @@
- [AI-attribution footer](#ai-attribution-footer)
- [Violations bullet format](#violations-bullet-format)
- [Template bodies](#template-bodies)
- - [`draft`](#draft)
- - [`comment-only`](#comment-only)
- - [`close`](#close)
- - [`review-nudge` (author-primary)](#review-nudge-author-primary)
- - [`review-nudge` (reviewer-re-review)](#review-nudge-reviewer-re-review)
- - [`reviewer-ping` (author-primary)](#reviewer-ping-author-primary)
- - [`reviewer-ping` (reviewer-re-review)](#reviewer-ping-reviewer-re-review)
- - [`mark-ready-with-ping`](#mark-ready-with-ping)
- [`request-author-confirmation`](#request-author-confirmation)
- - [`stale-draft-close` (triaged)](#stale-draft-close-triaged)
- - [`stale-draft-close` (untriaged)](#stale-draft-close-untriaged)
- - [`inactive-to-draft`](#inactive-to-draft)
- - [`stale-workflow-approval`](#stale-workflow-approval)
- - [`suspicious-changes` (no AI footer)](#suspicious-changes-no-ai-footer)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -51,10 +38,22 @@
This file is the **per-project comment-body library** for the
[`pr-management-triage`](../../.claude/skills/pr-management-triage/SKILL.md)
skill.
-It contains the concrete templates used by the Apache Airflow
-project. New adopters should copy this file into their own
-`<project-config>/pr-management-triage-comment-templates.md` and
-replace every Airflow-specific URL and wording with their
+It supplies the Apache-Airflow-specific values the framework
+needs to render its default template bodies — project-specific
+URLs, the AI-attribution footer wording, and the violations
+bullet format — plus the one body that intentionally diverges
+from the framework default
+([`request-author-confirmation`](#request-author-confirmation)).
+
+The framework's
+[`comment-templates.md`](../../.claude/skills/pr-management-triage/comment-templates.md)
+ships the default bodies for every other template; the skill
+reads this file for the URLs / wording and renders the
+framework defaults with them.
+
+New adopters should copy this file into their own
+`<project-config>/pr-management-triage-comment-templates.md`
+and replace every Airflow-specific URL and wording with their
project's equivalents.
## Project-specific URLs
@@ -165,94 +164,17 @@ doc link do the work.
## Template bodies
The framework's
[`comment-templates.md`](../../.claude/skills/pr-management-triage/comment-templates.md)
-documents the structural contract for each template (must-include
-sections, ordering, footer rules). This section contains the
-actual bodies for the Apache Airflow project.
-
-### `draft`
-
-```markdown
-@<author> Converting to **draft** — this PR doesn't yet meet our [Pull Request
quality
criteria](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-quality-criteria).
-
-<violations>
-
-<rebase_note_if_needed>
-
-See the linked criteria for how to fix each item, then mark the PR "Ready for
review". This is **not** a rejection — just an invitation to bring the PR up to
standard. No rush.
-
-<ai_attribution_footer>
-```
-
-### `comment-only`
-
-```markdown
-@<author> A few things need addressing before review — see our [Pull Request
quality
criteria](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-quality-criteria).
-
-<violations>
-
-<rebase_note_if_needed>
-
-No rush.
-
-<ai_attribution_footer>
-```
-
-### `close`
-
-```markdown
-@<author> Closing — this PR has multiple violations of our [Pull Request
quality
criteria](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#pull-request-quality-criteria).
-
-<violations>
-- :x: **Multiple flagged PRs**: <flagged_count> of your PRs are currently
flagged for quality issues. Please focus on those before opening new ones.
-
-This is **not** a rejection — you're welcome to open a new PR addressing the
issues above. No rush.
-
-<ai_attribution_footer>
-```
-
-### `review-nudge` (author-primary)
-
-```markdown
-@<author> — This PR has new commits since the last review requesting changes
from <reviewer_logins>. Could you address the outstanding review comments and
either push a fix or reply in each thread explaining why the feedback doesn't
apply? When you believe the threads are resolved, please mark them as resolved
and ping the reviewer (<reviewer_logins>) — they'll either re-review or hand
the PR back to the queue. Thanks!
-
-<ai_attribution_footer>
-```
-
-### `review-nudge` (reviewer-re-review)
-
-```markdown
-@<author> <reviewers> — This PR has new commits since the last review
requesting changes, and the diff looks like it addresses the feedback (see
<thread-links>). @<reviewers>, could you take another look when you have a
chance to confirm? Thanks!
-
-<ai_attribution_footer>
-```
-
-### `reviewer-ping` (author-primary)
-
-```markdown
-@<author> — There are <N> unresolved review thread(s) on this PR from
<reviewer_logins>. Could you either push a fix or reply in each thread
explaining why the feedback doesn't apply? When you believe the feedback is
addressed, please mark the threads as resolved and ping the reviewer
(<reviewer_logins>) for a final look. Thanks!
-
-<ai_attribution_footer>
-```
-
-### `reviewer-ping` (reviewer-re-review)
-
-```markdown
-<reviewers> — @<author> appears to have addressed your review feedback (see
the linked threads and the commits pushed since). Could you confirm and resolve
the threads if you agree? Thanks!
-
-@<author>, if any of the threads still need work on your side, please reply
in-line and push a fix.
-
-<ai_attribution_footer>
-```
-
-### `mark-ready-with-ping`
-
-```markdown
-@<author> — Your unresolved review thread(s) from <reviewers> appear to have
been addressed (post-review commits and/or in-thread replies on every thread,
with the latest commit pushed after the most recent thread). I've added the
`ready for maintainer review` label so the PR re-enters the maintainer review
queue.
-
-<reviewers> — could you take another look when you have a chance? If you agree
the feedback was addressed, please mark the threads as resolved so the queue
signal stays accurate. If a thread still needs work, please reply in-line —
@<author> will follow up.
-
-<ai_attribution_footer>
-```
+provides default bodies for every triage template, with
+project-specific URLs and wording resolved via the
+[Project-specific URLs](#project-specific-urls) table above
+and the [AI-attribution footer](#ai-attribution-footer)
+section. This section contains only the project-specific
+**body variants** where Apache Airflow diverges from the
+framework default.
+
+If a template name is not listed here, the skill uses the
+framework default rendered with the URLs / placeholders from
+the sections above.
### `request-author-confirmation`
@@ -272,49 +194,3 @@ If you are still working on a thread, please reply with
what is outstanding so t
<ai_attribution_footer>
```
-
-### `stale-draft-close` (triaged)
-
-```markdown
-@<author> This draft PR has been inactive for <days_since_triage> days since
the last triage comment and no response from the author. Closing to keep the
queue clean.
-
-You are welcome to reopen this PR when you resume work, or to open a new one
addressing the issues previously raised. There is no rush — take your time.
-
-<ai_attribution_footer>
-```
-
-### `stale-draft-close` (untriaged)
-
-```markdown
-@<author> This draft PR has had no activity for <weeks_since_activity> weeks.
Closing to keep the queue clean.
-
-You are welcome to reopen and continue when you're ready. If you'd like to
pick it back up, please rebase onto the current `<base>` branch first.
-
-<ai_attribution_footer>
-```
-
-### `inactive-to-draft`
-
-```markdown
-@<author> This PR has had no activity for <weeks_since_activity> weeks.
Converting to draft to signal that maintainer review is paused until you resume
work.
-
-When you're ready to continue, please rebase onto the current `<base>` branch,
address any newly-appearing CI failures, and mark the PR as "Ready for review"
again. There is no rush.
-
-<ai_attribution_footer>
-```
-
-### `stale-workflow-approval`
-
-```markdown
-@<author> This PR has been awaiting workflow approval with no activity for
<weeks_since_activity> weeks. Converting to draft so it doesn't block the
first-time-contributor review queue.
-
-When you're ready to continue, please push a new commit (which will re-request
workflow approval) and mark the PR as "Ready for review" again. There is no
rush.
-
-<ai_attribution_footer>
-```
-
-### `suspicious-changes` (no AI footer)
-
-```markdown
-This PR has been closed because of suspicious changes detected in it or in
another PR by the same author. If you believe this is in error, please contact
the Airflow maintainers on the [Airflow
Slack](https://s.apache-airflow-slack.io).
-```
diff --git a/.apache-steward-overrides/user.md
b/.apache-steward-overrides/user.md
deleted file mode 100644
index 4b20e312914..00000000000
--- a/.apache-steward-overrides/user.md
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
- -->
-
-# Per-user configuration for apache-steward
-
-This file is committed in the adopter repo and holds preferences
-that vary per developer (GitHub handle, local clone paths, optional
-tool backends). It is **not** project-specific — those facts live in
-`<project-config>/project.md`. Fill in the fields that apply to your
-setup; the skills skip any block that is missing or marked `TODO`.
-
-## `role_flags`
-
-- `pmc_member: TODO` — set to `true` if you are a PMC member of the
- adopting project. Used by `security-cve-allocate` to decide whether
- you can submit the CVE allocation form directly or need to relay
- the request to a PMC member.
-
-## `environment`
-
-- `upstream_clone: TODO` — absolute path to your local clone of the
- public `<upstream>` repo. Used by `security-issue-fix` when it
- writes changes and opens PRs. The skill validates that the clone
- has a remote pointing at your fork before proceeding.
-- `upstream_fork_remote: TODO` — name of the git remote that points
- at your personal fork (e.g. `fork`, `your-github-handle`). If
- omitted, the skill uses the first non-`origin` remote that looks
- like a fork. Explicitly setting this avoids ambiguity when you
- have multiple remotes.
-
-## `tools`
-
-### `ponymail`
-
-- `enabled: false` — set to `true` if you have registered the
- PonyMail MCP in your Claude Code `mcpServers` block. When enabled
- and authenticated, the security skills use PonyMail as the primary
- read backend for mailing-list archive queries; Gmail remains the
- fallback for just-arrived inbound mail and the only backend for
- draft composition.
-- `private_lists: []` — list of private mailing-list addresses that
- PonyMail should query (e.g. `["security@<project>.apache.org"]`).
- Only used when `enabled: true`.
diff --git a/.github/skills/setup-steward/upgrade.md
b/.github/skills/setup-steward/upgrade.md
index 2544645fb71..93d630b2e1d 100644
--- a/.github/skills/setup-steward/upgrade.md
+++ b/.github/skills/setup-steward/upgrade.md
@@ -470,6 +470,63 @@ upgrade — secure-agent setup is independent of framework
upgrade). The recap row in Step 8's output goes under a new
`Sandbox allowlist:` section.
+## Step 6d — Audit framework template genericity
+
+A defensive hygiene pass over the framework's
+`<snapshot-dir>/projects/_template/` directory. Templates
+are meant to be **project-agnostic scaffolds** that adopters
+copy and customise — they should contain placeholders
+(`<Project Name>`, `<github-org>/<team-slug>`, etc.),
+generic examples, and no hardcoded project identity.
+
+In practice the framework's `_template/` files have at
+times been seeded from one specific adopter's data
+(originally the project the framework grew out of) and
+not always generalised back. This step surfaces the
+residue so it can be filed as an issue against
+`apache/airflow-steward` and fixed upstream.
+
+For each file under `<snapshot-dir>/projects/_template/`,
+scan for adopter-specific signals:
+
+- **Hardcoded project names in titles or prose** — H1
+ headings, doc body text, calibration sentences. A
+ genuine template starts with `# TODO: <Project Name> —
+ ...` or uses a `<PROJECT>` placeholder; if a concrete
+ name appears there instead, that is the residue.
+- **Hardcoded URLs** pointing at a specific adopter —
+ `github.com/<org>/<repo>/...` paths in body text,
+ mailing-list addresses tied to a specific TLD,
+ project-specific chat URLs. Template URLs should be
+ `<placeholder>` or annotated "Example: …".
+- **Hardcoded org / team identifiers** — committer-team
+ slugs (e.g. `<org>/<team>-committers`), real maintainer
+ handles, project-specific issue-tracker keys. Same
+ rule: placeholder, or marked as an example.
+- **Project-specific calibration prose** — references
+ to contributor counts, specific issue numbers,
+ incident postmortems, or other particulars an
+ arbitrary adopter wouldn't share.
+
+Surface the findings as a `Framework templates:` block in
+the upgrade summary (see [Step 8 output](#output-to-the-user))
+— one ⚠ row per file with a short summary of what looks
+adopter-specific. **Do not modify the snapshot** (it is
+read-only per
+[`SKILL.md` Golden rule 1](SKILL.md#golden-rules)). The
+recap is purely advisory; the operator decides whether to
+open a tracking issue / PR against
+`apache/airflow-steward`.
+
+The check is intentionally heuristic — false positives are
+acceptable because the cost is one line in the summary, not
+a blocked upgrade. False negatives are also acceptable; the
+operator's read of the upgrade summary is the real signal.
+**Never attempt to auto-fix.**
+
+If every template scans clean, surface the section as
+`✓ all framework templates look generic`.
+
## Step 7 — Update `<local-lock>`
Write the new local lock with the values captured in Step
@@ -538,6 +595,12 @@ Overrides:
⚠ <list of overrides flagged for re-anchoring> (open the
file and update against the new framework structure)
+Framework templates (projects/_template/):
+ ✓ all templates look generic OR
+ ⚠ <_template/foo.md> (e.g. H1 title hardcoded to a specific
project name)
+ ⚠ <_template/bar.md> (e.g. `committers_team` set to a concrete
org/team without placeholder)
+ → file an issue against apache/airflow-steward to upstream a fix
+
Recommended follow-ups:
- Run /setup-isolated-setup-update if the secure-setup blast
radius (settings.json, agent-isolation/, pinned-versions.toml)
