doc(skills): monthly-newsletter — collect data via git, not the REST API#28
Merged
Conversation
… API The scheduled cloud routine's egress is bound to a single repo, so every api.github.com / github.com / codeload request returns 403 — including unauthenticated public reads and the org-listing endpoints gh repo list uses. Rewrite the data-collection method to use the git smart-HTTP protocol (clone, ls-remote) and raw.githubusercontent.com, which the proxy does allow: - enumerate repos from go.mod unions + known infra, validated with git ls-remote - collect commits/releases from shallow --shallow-since clones and tags - recover contributor handles from noreply emails and commit trailers (no .author.login) - document the MCP Contents-API publish path (no git push: unsigned/proxy-attributed) Signed-off-by: Frédéric BIDON <fredbi@yahoo.com> Co-Authored-By: Claude <noreply@anthropic.com>
Post-mortem fix for the June run, which led with a "security" theme (a few commits) and filtered away the month's actual centre of gravity: 367 codescan commits (61% of the month) sweeping the go-swagger issue backlog into tests after the codescan extraction. - New "Finding the month's story" section: rank repos by load-bearing commit share; the top repo(s) MUST be characterized; a repo >~15-20% of commits may never be dismissed as noise even when chore:/test:-prefixed; investigate dominant chore:/test: clusters (their (#NNN) refs reveal backlog sweeps) instead of filtering them; connect the causal chain and get the timing right. - Data collection: exclude non-load-bearing bot authors (dependabot, bot-go-openapi/go-openapi-bot, github-actions) and automated contributors/prepare-release commits from the counts that drive the narrative. Signed-off-by: Frédéric BIDON <fredbi@yahoo.com> Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates the
monthly-newsletterskill's data-collection method to match how the routine actually has to run in the scheduled cloud sandbox.Why
The routine's original method assumed the GitHub REST API (
gh api,gh repo list). In the scheduled sandbox the egress proxy binds the session to a single repository, so everyapi.github.com,github.com, andcodeload.github.comrequest returns 403 — including unauthenticated public reads and the org-listing/GraphQL endpointsgh repo listrelies on. A token doesn't change this; the block is at the network layer. (This is what caused the June run to first fail before being retried via the approach below.)What the proxy does allow — and what the skill now uses
git clone,git ls-remote,git fetch) against any public repo and the forkraw.githubusercontent.comsingle-file readsChanges to the skill
go-openapi/*module paths in a fewgo.modfiles (via raw) plus a known set of non-module infra/tooling repos, validated withgit ls-remote.--shallow-since --no-checkout --filter=blob:noneclones and their tags — no Releases/Search API.NNN+login@users.noreply.github.comemails andSigned-off-by:/Co-authored-by:trailers (git has no.author.login); omit anyone whose handle can't be derived rather than guessing.gh api …/contents/…fork path is blocked and that plaingit pushyields an unsigned, proxy-attributed commit; the working path is the in-scope MCP server creating a verified, maintainer-authored commit on aclaude/monthly-<YM>branch + same-repo PR.Verified end-to-end by the June 2026 report run (#27).
🤖 Generated with Claude Code
Generated by Claude Code