Skip to content

Add upgrade-fab-provider skill and FAB contributing doc#69729

Merged
shahar1 merged 1 commit into
apache:mainfrom
potiuk:add-upgrade-fab-provider-skill
Jul 11, 2026
Merged

Add upgrade-fab-provider skill and FAB contributing doc#69729
shahar1 merged 1 commit into
apache:mainfrom
potiuk:add-upgrade-fab-provider-skill

Conversation

@potiuk

@potiuk potiuk commented Jul 10, 2026

Copy link
Copy Markdown
Member

Adds the upgrade-fab-provider agent skill and a providers/fab/CONTRIBUTING.rst developer doc.

Upgrading the vendored Flask-AppBuilder dependency is deceptively involved — the FAB provider vendors and subclasses large parts of FAB's security manager, so a bump must be reconciled against that vendored code (enforced by test_fab_alignment.py), and the generated provider README must be re-synced. The skill captures the verified end-to-end procedure (including the gotcha that a green alignment test does not prove a security fix inside a vendored method was handled); the contributing doc points contributors at it and records past bumps.

The skill is vendor-neutral in .agents/skills/upgrade-fab-provider with .claude/ and .github/ relay symlinks, matching the repository's existing skill layout. It was authored and validated against the companion FAB 5.2.1 -> 5.2.2 bump.


Was generative AI tooling used to co-author this PR?
  • Yes — Claude Code (Opus 4.8)

Generated-by: Claude Code (Opus 4.8) following the guidelines

Upgrading the pinned Flask-AppBuilder dependency is deceptively involved:
the FAB provider vendors and subclasses large parts of FAB's security
manager, so a bump must be reconciled against that vendored code, the
alignment-test tripwire, and the generated provider README. Capturing the
verified procedure as a skill — and a matching providers/fab/CONTRIBUTING.rst
that points contributors at it and records past bumps — lets future FAB
upgrades follow the same checklist instead of rediscovering it each time.
The skill lives vendor-neutrally in .agents/skills with .claude and .github
relays, matching the repository's existing skill layout.
@potiuk potiuk force-pushed the add-upgrade-fab-provider-skill branch from e6975ff to 2cf9d1d Compare July 10, 2026 17:55

@vincbeck vincbeck left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, as we use it and encounter new cases, we'll iterate. Example: if FAB makes some modifications in models, we might need to update the models we vendor-in in providers/fab/src/airflow/providers/fab/auth_manager/models/__init__.py. But again, we could add that when that happens

@shahar1 shahar1 merged commit 621192d into apache:main Jul 11, 2026
65 checks passed
@github-actions

Copy link
Copy Markdown
Contributor

Backport successfully created: v3-3-test

Note: As of Merging PRs targeted for Airflow 3.X
the committer who merges the PR is responsible for backporting the PRs that are bug fixes (generally speaking) to the maintenance branches.

In matter of doubt please ask in #release-management Slack channel.

Status Branch Result
v3-3-test PR Link

github-actions Bot pushed a commit to aws-mwaa/upstream-to-airflow that referenced this pull request Jul 11, 2026
…pache#69729)

Upgrading the pinned Flask-AppBuilder dependency is deceptively involved:
the FAB provider vendors and subclasses large parts of FAB's security
manager, so a bump must be reconciled against that vendored code, the
alignment-test tripwire, and the generated provider README. Capturing the
verified procedure as a skill — and a matching providers/fab/CONTRIBUTING.rst
that points contributors at it and records past bumps — lets future FAB
upgrades follow the same checklist instead of rediscovering it each time.
The skill lives vendor-neutrally in .agents/skills with .claude and .github
relays, matching the repository's existing skill layout.
(cherry picked from commit 621192d)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
shahar1 pushed a commit that referenced this pull request Jul 11, 2026
…69729) (#69756)

Upgrading the pinned Flask-AppBuilder dependency is deceptively involved:
the FAB provider vendors and subclasses large parts of FAB's security
manager, so a bump must be reconciled against that vendored code, the
alignment-test tripwire, and the generated provider README. Capturing the
verified procedure as a skill — and a matching providers/fab/CONTRIBUTING.rst
that points contributors at it and records past bumps — lets future FAB
upgrades follow the same checklist instead of rediscovering it each time.
The skill lives vendor-neutrally in .agents/skills with .claude and .github
relays, matching the repository's existing skill layout.
(cherry picked from commit 621192d)

Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants