The GitHub Actions job "link-check" on airflow-steward.git/feat-security-genericization-pr4-cve-tool has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 4db07e6e0d584d233b71bf6bb05045b0352b042d / Jarek Potiuk <[email protected]> feat(security): CVE-authority sub-tool extract (PR4/5) Fourth of 5 PRs converting the security skill family from Airflow/ASF-coupled to a generic framework with ASF as the default-configured option. This is the biggest skill-side PR. The previous commit on this branch (ca47278) did the mechanical rename tools/vulnogram/ -> tools/cve-tool-vulnogram/. This commit does the substantive content lift: 4 skills + 2 docs rewritten to read the cve_authority config block + speak in tool-agnostic state verbs. Byte-equivalent for the airflow-s adopter: cve_authority.tool: vulnogram (the ASF default) resolves <cve-tool> to cve-tool-vulnogram, the Vulnogram-native DRAFT/REVIEW/READY/PUBLIC states are preserved as named-example asides, every Vulnogram CLI (vulnogram-api-setup, vulnogram-api-check, vulnogram-api-record-update, vulnogram-api-record-fetch) is still named where the operator's command-line invocation fires. Per-target lifts: - security-cve-allocate (+222/-137) — frontmatter description speaks of governance.cve_allocation_gate + the configured <cve-tool> allocation URL; preamble declares <cve-tool> placeholder. Body: intro paragraph reads cve_authority.allocate_url; PMC-only golden rule becomes governance.cve_allocation_gate + governance.roster_url; Step 0 preflight uses generic governance-authorisation; Step 2 / Step 3 / Step 4 / Step 7 read cve_authority.* knobs and reference the contract in <cve-tool>/README.md. Rollup template uses <record-url>/<source-tab-url> tokens substituted from cve_authority.record_url_template / cve_authority.source_tab_url_template. - security-issue-sync Steps 5b/5c (+139/-91) — the largest single section. Step 5b reframes the push as the contract's push_update(cve_id, fields, state_transition=None) method; replaces DRAFT/REVIEW/READY/PUBLIC with generic verbs (allocated / review-ready / publish-ready / public), Vulnogram-native tokens kept as named-example asides; publish() method called via cve_authority.publication_propagation; post-push state verification via fetch_current_state(cve_id). Step 5c generalises the variant-template table to tools/<cve-tool>/... paths and replaces OAuth-push branch labels with push_update succeeded / failed terminology. - security-issue-invalidate Step 0 (+29/-1) — hard-stop check on CVE state lifts from Vulnogram DRAFT/REVIEW/REJECTED to generic state verbs (allocated / review-ready); the separate retract flow reference becomes the adapter's retract() method per <cve-tool>/README.md. - security-issue-deduplicate (+54/-6) — dedup-when-both-have-CVE branch speaks in state verbs; merge-of-credits flow references <cve-tool>'s push_update() per the contract; regenerate-CVE-JSON step mentions adapter storage. - docs/security/process.md Steps 12-14 (+96/-53) — allocate / update / publish steps reference cve_authority.* knobs + <cve-tool> methods + state verbs; Vulnogram URLs kept as named-example asides. - docs/security/roles.md (+50/-27) — role descriptions lift Vulnogram-specific OAuth + state-machine references to cve_authority knobs + generic state verbs; PMC -> governance-authorisation under governance.cve_allocation_gate. Aggregate: 6 files, +590/-315 lines. Validator clean (5 advisory soft warnings, none hard, all on files outside PR4 scope). 218 tests green. The generic surface (push_update, fetch_current_state, publish, retract, allocate) is the contract layer in tools/cve-tool/README.md (landed in PR1 #381). The Vulnogram adapter is now an implementation of that contract, named where the operator's command-line tool actually fires; the skill body speaks contract. Out of scope (PR5): - docs/security/threat-model.md, forwarder-routing-policy.md, how-to-fix-a-security-issue.md, new-members-onboarding.md - Final scrub: any remaining literal @potiuk / @raboof / Apache Airflow / airflow | providers | chart in skill bodies and templates Generated-by: Claude Code (Opus 4.7) Report URL: https://github.com/apache/airflow-steward/actions/runs/26691738948 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
