This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow-steward.git
The following commit(s) were added to refs/heads/main by this push:
new 4e4c5d8 fix(skills): add --limit to gh list calls flagged by
validator (#359)
4e4c5d8 is described below
commit 4e4c5d818749b1c8aa4c59493c9fea2b27fb8435
Author: eeeclipse <[email protected]>
AuthorDate: Fri May 29 03:17:27 2026 +0900
fix(skills): add --limit to gh list calls flagged by validator (#359)
Closes #349.
Why: `gh ... list` without `--limit` silently caps at 30 rows. On
a busy tracker that drops results, so a skill can miss an open
issue/PR or compute a wrong count.
- security-issue-fix: `gh pr list --search` -> --limit 100
- security-issue-triage: `gh pr list --search reviewed-by` ->
--limit 100
- security-issue-sync (selector tables): `sync <free-text>` and
`sync <label>` rows -> --limit 100
- security-issue-sync (milestone sibling count): the `--jq 'length'`
count must exceed the real number of open trackers, so --limit
1000 per the issue's guidance.
Validator: 3 gh-list-no-limit warnings -> 0 (exit 0). No behaviour
change beyond removing the silent 30-row cap.
Co-authored-by: eeeclipse <[email protected]>
---
.claude/skills/security-issue-fix/SKILL.md | 2 +-
.claude/skills/security-issue-sync/SKILL.md | 6 +++---
.claude/skills/security-issue-triage/SKILL.md | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/.claude/skills/security-issue-fix/SKILL.md
b/.claude/skills/security-issue-fix/SKILL.md
index 41b412b..35ae4a9 100644
--- a/.claude/skills/security-issue-fix/SKILL.md
+++ b/.claude/skills/security-issue-fix/SKILL.md
@@ -263,7 +263,7 @@ Run (in order, stop at the first that produces results):
touch the same area:
```bash
- gh pr list --repo <upstream> --state open --search "<keywords from issue
title or affected file paths>" --json number,title,url,author,headRefName
+ gh pr list --repo <upstream> --state open --search "<keywords from issue
title or affected file paths>" --limit 100 --json
number,title,url,author,headRefName
```
Use 2–3 distinctive keywords from the issue's description (e.g.
diff --git a/.claude/skills/security-issue-sync/SKILL.md
b/.claude/skills/security-issue-sync/SKILL.md
index a22d30d..1e75775 100644
--- a/.claude/skills/security-issue-sync/SKILL.md
+++ b/.claude/skills/security-issue-sync/SKILL.md
@@ -185,8 +185,8 @@ concurrently, which is exactly what the sync needs.
| `sync all open` | explicit open-only variant — `gh issue list --repo
<tracker> --state open --limit 100 --json number,title,labels`. No closed
trackers. Use when you want the classic open-only sweep and nothing else. |
| `sync #212`, `sync 212`, `sync #212, #214, #218`, `sync #212-#218` | the
issue number(s) verbatim — no resolution needed. Works on open and closed
trackers alike (the closed-issue sub-steps run when the tracker is closed with
`announced`). |
| `sync CVE-2026-40913` or `sync CVE-2026-40913, CVE-2026-40690` |
regex-validate each token against `^CVE-\d{4}-\d{4,7}$` first (anything that
does not match is a hard error — *never* interpolate an unvalidated free-form
string into the search arg, which is in double quotes and would expand
`$(...)`); then look up each validated CVE ID with `gh search issues
"CVE-YYYY-NNNNN" --repo <tracker> --json number,title,body --jq '.[] |
select(.body \| contains("CVE-YYYY-NNNNN")) \| .number'` [...]
- | `sync <free-text>` (e.g. `sync JWT`, `sync KubernetesExecutor`) |
title-substring match — run `gh issue list --repo <tracker> --state open
--search "<free-text> in:title" --json number,title` and surface the matches
back to the user for confirmation before dispatching (title matches are the
fuzziest selector — always confirm, never auto-dispatch). |
- | `sync <label>` (e.g. `sync announced`, `sync pr merged`) | all open
issues carrying that label — `gh issue list --repo <tracker> --state open
--label "<label>" --json number,title`. |
+ | `sync <free-text>` (e.g. `sync JWT`, `sync KubernetesExecutor`) |
title-substring match — run `gh issue list --repo <tracker> --state open
--search "<free-text> in:title" --limit 100 --json number,title` and surface
the matches back to the user for confirmation before dispatching (title matches
are the fuzziest selector — always confirm, never auto-dispatch). |
+ | `sync <label>` (e.g. `sync announced`, `sync pr merged`) | all open
issues carrying that label — `gh issue list --repo <tracker> --state open
--label "<label>" --limit 100 --json number,title`. |
| `sync announced` (as a label selector) | as above, open-only. To include
the recently-closed `announced` bucket, use `sync all` (default) or `sync
closed announced`. |
| `sync closed announced` | the recently-closed `announced` bucket by
itself — useful when you want to run the cve.org publication-check sweep
without touching open issues (for example, as a post-release cron). |
| `sync open` | alias for `sync all open`. |
@@ -2228,7 +2228,7 @@ before moving on to the next item. Use:
# The just-closed tracker is no longer in the open list, so
# `open` here counts SIBLINGS still open on the same milestone.
open=$(gh issue list --repo <tracker> --milestone "$ms" \
- --state open --json number --jq 'length')
+ --state open --limit 1000 --json number --jq 'length')
if [ "$open" -eq 0 ]; then
ms_url=$(gh api repos/<tracker>/milestones/$ms --jq '.html_url')
ms_title=$(gh api repos/<tracker>/milestones/$ms --jq '.title')
diff --git a/.claude/skills/security-issue-triage/SKILL.md
b/.claude/skills/security-issue-triage/SKILL.md
index c6698a4..449c48d 100644
--- a/.claude/skills/security-issue-triage/SKILL.md
+++ b/.claude/skills/security-issue-triage/SKILL.md
@@ -802,7 +802,7 @@ mechanically:
```bash
gh pr list --repo <upstream> --search 'reviewed-by:<handle>' \
- --json files,reviews,mergedAt -- <pointer>
+ --limit 100 --json files,reviews,mergedAt -- <pointer>
```
Iterate the roster (cached in Step 0); the roster member with
