Skip to content

fix(checkpoints): GH-08/09 .yml form templates + GH-19/20 reusable workflow#63

Merged
CybotTM merged 2 commits into
mainfrom
fix/skill-batch-2026-04
Apr 24, 2026
Merged

fix(checkpoints): GH-08/09 .yml form templates + GH-19/20 reusable workflow#63
CybotTM merged 2 commits into
mainfrom
fix/skill-batch-2026-04

Conversation

@CybotTM

@CybotTM CybotTM commented Apr 24, 2026

Copy link
Copy Markdown
Member

Skill batch fix series — see commit messages for per-checkpoint rationale and verification against netresearch/t3x-nr-llm. Part of the 2026-04 unification sweep to eliminate skill drift across the Netresearch TYPO3 portfolio.

…kflow

**GH-8 / GH-9** issue templates: accept the modern `.yml` form
templates (structured fields, validation, required inputs) in addition
to the legacy `.md` files. The `.yml` form is the recommended
Netresearch standard.

**GH-19 / GH-20** CodeQL / OpenSSF Scorecard: same fix pattern as
ER-19/20 from PR #55 — accept either a dedicated workflow file OR a
job in another workflow that calls the canonical action
(github/codeql-action, ossf/scorecard-action) or delegates to the
netresearch reusable workflow.

Verified against netresearch/t3x-nr-llm — all four pass with the
project's modern setup (.yml templates + reusable-workflow CodeQL/
Scorecard jobs in ci.yml).

Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de>
Copilot AI review requested due to automatic review settings April 24, 2026 13:39
@github-actions

github-actions Bot commented Apr 24, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the checkpoints.yaml file to support modern .yml issue templates alongside legacy .md files and transitions CodeQL and OpenSSF Scorecard checks from simple file existence to regex-based pattern matching within workflow files. The review feedback suggests using shell command chains for multi-file existence checks to align with existing repository patterns and recommends refining regex patterns to target unique path strings instead of the uses: prefix to improve robustness against formatting variations.

Comment thread skills/github-project/checkpoints.yaml
Comment thread skills/github-project/checkpoints.yaml
Comment thread skills/github-project/checkpoints.yaml
Comment thread skills/github-project/checkpoints.yaml

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the github-project skill’s mechanical checkpoints to better align with Netresearch’s preferred GitHub configuration patterns (issue form templates and reusable workflows), reducing drift across repos.

Changes:

  • Allow issue templates to be satisfied by either modern .yml issue forms or legacy .md templates (with .yml preferred).
  • Change CodeQL and OpenSSF Scorecard checks from “file exists” to workflow content detection (supports dedicated workflows or jobs delegating to reusable workflows).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread skills/github-project/checkpoints.yaml
Comment thread skills/github-project/checkpoints.yaml
Comment thread skills/github-project/checkpoints.yaml
Comment thread skills/github-project/checkpoints.yaml
Signed-off-by: Sebastian Mendel <sebastian.mendel@netresearch.de>
@CybotTM CybotTM merged commit 186a789 into main Apr 24, 2026
11 checks passed
@CybotTM CybotTM deleted the fix/skill-batch-2026-04 branch April 24, 2026 15:31
@CybotTM CybotTM mentioned this pull request May 15, 2026
CybotTM added a commit that referenced this pull request May 15, 2026
## Release v2.14.0

Minor release. `.claude-plugin/plugin.json` and
`skills/github-project/SKILL.md` frontmatter `metadata.version` were
already synced to `2.14.0` on `main` via
[#74](#74) —
this PR is the empty release marker that closes the v2.13.1 → v2.14.0
window and triggers the signed-tag release.

### Highlights since v2.13.1

- **`agentic-workflows` reference** documenting `gh-aw` and `awf`
workflow-as-prompt tooling for autonomous GitHub Actions — new patterns
for running AI agents on PRs/issues without bespoke wiring
([#75](#75)).
- **AI reviewer pushback patterns** — handling Copilot/Sourcery review
comments that disagree with the codebase intent, including when to defer
and when to push back
([#66](#66),
[#74](#74)).
- **PR-merge / branch-protection / CodeQL gotchas** documented, plus
auto-detection of allowed merge strategy in the `--delete-branch`
snippet so the recipe doesn't break on repos with merge-commit-only
policies
([#69](#69),
[#71](#71),
[#72](#72)).
- **GraphQL `Repository.mergeQueue`** for queue detection — replaces a
brittle REST probe
([#70](#70)).
- **Assessment checkpoints overhaul**: new GH-34/GH-35/GH-36,
follow_uses delegation for CodeQL/Scorecard, org_provides for
community-health files, broader licence/Dependabot/workflow targets,
plus reusable-workflow-pitfalls reference. Multiple false-positive
findings demoted to `info` to reduce assessment noise
([#56](#56),
[#57](#57),
[#58](#58),
[#59](#59),
[#60](#60),
[#61](#61),
[#62](#62),
[#63](#63),
[#64](#64),
[#65](#65),
[#73](#73)).
- **npm distribution** — the skill now also ships via
`@netresearch/agent-skill-coordinator`
([#54](#54),
[#55](#55)).
- **Release pipeline hardening** — dropped the deprecated `with: bump:`
block + `workflow_dispatch.bump` input so releases happen exclusively
via locally-signed tags, plus SLSA-provenance permissions on the caller
([#52](#52),
[#53](#53)).

### Release plan

After merge: tag main with a signed annotated tag, push, the
`skill-repo-skill` reusable workflow publishes archives + SHA256SUMS
with cosign + SLSA attestation, then narrative notes get applied via `gh
release edit ... --notes-file`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants