potiuk opened a new pull request, #2:
URL: https://github.com/apache/airflow-steward/pull/2
## Summary
PR 2 of 3 in the generate-cve-json refactor. PR 1 (in `airflow-s/airflow-s`)
refactored the tool to load all project-specific values from a TOML config;
this PR ports the now-project-agnostic Python implementation into the framework
so the framework ships both the SKILL.md description and the implementation.
## Files added
- `tools/vulnogram/generate-cve-json/pyproject.toml`
-
`tools/vulnogram/generate-cve-json/src/generate_cve_json/{cve_json,__init__,__main__}.py`
— config-driven implementation; resolves config from `--config` CLI flag →
`$CVE_JSON_CONFIG` env var →
`<cwd>/.apache-steward/tools/vulnogram/cve-json-config.toml` (default, when
adopter is the cwd).
-
`tools/vulnogram/generate-cve-json/tests/{__init__,conftest,test_generate_cve_json}.py`
— full 100-test suite. Conftest points at the fixture config in
`tests/fixtures/`.
- `tools/vulnogram/generate-cve-json/tests/fixtures/cve-json-config.toml` —
**TEST FIXTURE config** (clearly labeled as such). Mirrors one adopter's setup
so the existing tests' assertions pass without rewriting; **NOT** shipped as a
default for adopters.
- `tools/vulnogram/generate-cve-json/uv.lock` — uv lockfile.
## Files updated
- `.pre-commit-config.yaml` — added the four `generate-cve-json` hooks
(ruff-check, ruff-format, mypy, pytest), restored from the airflow-s pre-commit
config.
- `tools/vulnogram/generate-cve-json/SKILL.md` — preamble note clarifying
that examples in the body use Airflow's config as a running illustration; the
tool itself is config-driven and emits CVE records against any adopter's
product taxonomy.
## Test plan
- ✅ All 100 tests pass against the test-fixture config.
- ✅ All four pre-commit hooks pass (ruff-check, ruff-format, mypy, pytest)
plus the standard repo hooks.
## Known follow-ups (deliberately not in this PR)
- **SKILL.md prose polish.** The body still has substantial
Airflow-flavoured prose (`apache-airflow-providers-...` package names, provider
directory examples, etc.). The preamble note flags this; tightening passes can
rephrase example-by-example without changing the contract.
- **Synthetic test fixture.** The fixture config is Airflow-shaped because
the tests were written against that taxonomy. A future PR could replace it with
a synthetic ("Acme Project") fixture and rewrite assertions to match.
## Coordination
PR 3 (against airflow-s) will delete the local Python implementation (it
lives in the framework now via submodule) and update skill references to invoke
the framework copy. PR 3 is gated on this PR landing.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
