Stats
Actions
Tags
From sonarcloud-security-updating
Create GitHub issues in NASA-PDS repositories using organizational templates (bug reports, I&T bug reports, feature requests, tasks, vulnerabilities, release themes). Use when user requests to create, file, or submit PDS issues.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sonarcloud-security-updating:creating-pds-issuesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill creates GitHub issues in NASA-PDS repositories using the official organizational templates. It ensures consistent issue formatting while keeping content clear and concise.
resources/templates/-bug_report.ymlresources/templates/-feature_request.ymlresources/templates/-vulnerability-issue.ymlresources/templates/config.ymlresources/templates/i-t-bug-report.ymlresources/templates/release-theme.ymlresources/templates/task.ymlscripts/README.mdscripts/attach-sub-issue.mjsscripts/cache-templates.mjsscripts/create-issue.mjsscripts/detect-repo.mjsThis skill creates GitHub issues in NASA-PDS repositories using the official organizational templates. It ensures consistent issue formatting while keeping content clear and concise.
gh) must be installed and authenticatedBefore gathering other information, determine if this is a sub-issue request.
Keywords that indicate a sub-issue relationship:
If a sub-issue relationship is detected:
Parent Issue Identification:
The parent can be specified as:
https://github.com/NASA-PDS/repo/issues/123#123 (current repo) or NASA-PDS/repo#123 (cross-repo)If the parent is ambiguous, search for it:
# Search for potential parent issues by title
gh issue list --repo NASA-PDS/<repo> --search "theme OR epic" --label "theme,Epic" --limit 10
Then confirm with the user which parent issue to use.
Detect Current Repository (if applicable):
If the user is running this skill from within a cloned git repository, automatically detect the repository name:
# Check if in a git repo - try origin first, then upstream
git remote get-url origin 2>/dev/null || git remote get-url upstream 2>/dev/null
If the remote URL matches NASA-PDS/<repo-name>, use that as the default repository.
Edge Cases:
origin first, then fall back to upstream or other NASA-PDS remotesupstream remote pointing to NASA-PDSDetermine Issue Type:
Ask the user what type of issue to create using the AskUserQuestion tool with these options:
Gather Template-Specific Information:
Then gather the required information based on the template type:
For Bug Reports:
<system feature> <is not/does not> <expected behaviour>For I&T Bug Reports:
<system feature> <is not/does not> <expected behaviour>For Feature Requests:
As a <role>, I want to <accomplish>For Tasks:
For Vulnerabilities:
<system feature> <is not/does not> <expected behaviour>For Release Themes:
Use the cached templates in resources/templates/ directory. If templates are not cached, run the caching script first:
cd creating-pds-issues
node scripts/cache-templates.mjs
Fill templates with these guidelines:
Content Style:
Security and Privacy - CRITICAL:
/Users/john/secrets/api-keys.txt → /path/to/file.txt)192.168.1.100 → 10.0.0.1)prod-server-01.internal.nasa.gov → server.example.com)Required Field Examples:
Bug description (good):
When validating a PDS4 label with nested tables, the validator throws a NullPointerException
on line 342 of TableValidator.java. This occurs with labels containing 3+ nested table
definitions.
Bug description (too verbose):
I was working on my project late last night and I noticed that when I tried to validate
my carefully crafted PDS4 label that I had been working on for several days, the system
unexpectedly threw an error. I had been following all the documentation...
[continues for several paragraphs]
Expected behavior (good):
Validator should successfully validate labels with nested tables or provide a clear
error message about nesting limitations.
Reproduction steps (good):
1. Create PDS4 label with 3 nested <Table_Delimited> elements
2. Run: validate my-label.xml
3. Observe NullPointerException in output
Feature motivation (good):
...so that I can validate labels in CI/CD pipelines without manual intervention,
reducing deployment time from hours to minutes.
Sanitization Examples:
Before (UNSAFE - contains sensitive info):
When I run the validator on /Users/alice.johnson/Documents/NASA/mission-data/secret-project/labels/experiment-123.xml
using the API key sk-1234567890abcdef, it fails to connect to the database at
postgresql://admin:P@[email protected]:5432/pds_prod
After (SAFE - sanitized):
When running the validator on a PDS4 label file with the API configured, it fails to
connect to the PostgreSQL database with a connection timeout error.
Before (UNSAFE - contains internal paths):
The error log at /home/ops/pds-services/logs/validator-2024-11-13-prod.log shows:
ERROR: Connection refused by host pds-db-primary-01.jpl.nasa.gov
After (SAFE - sanitized):
The error log shows:
ERROR: Connection refused by database host
Use GitHub CLI to create the issue with appropriate labels and metadata.
IMPORTANT: Always use --body-file to avoid shell quoting errors. Never pass the body inline with --body — markdown content with single quotes, backticks, or special characters will break the shell command.
Always write the body using the Write tool (not a bash heredoc or cat command) to /tmp/pds_issue_body.md. Using the Write tool bypasses shell parsing entirely and avoids heredoc delimiter collisions or unmatched quote errors.
Then reference it with --body-file /tmp/pds_issue_body.md in all gh issue create calls below.
Default Assignee:
By default, issues requiring triage are assigned to jordanpadams. Users can override this by setting the PDS_ISSUE_ASSIGNEE environment variable or by using the --assignee flag.
Bug Report:
gh issue create \
--repo NASA-PDS/<repo-name> \
--title "<title>" \
--body-file /tmp/pds_issue_body.md \
--label "bug,needs:triage" \
--assignee "${PDS_ISSUE_ASSIGNEE:-jordanpadams}"
I&T Bug Report:
gh issue create \
--repo NASA-PDS/<repo-name> \
--title "<title>" \
--body-file /tmp/pds_issue_body.md \
--label "B15.1,bug,needs:triage" \
--assignee "${PDS_ISSUE_ASSIGNEE:-jordanpadams}"
Feature Request:
gh issue create \
--repo NASA-PDS/<repo-name> \
--title "<title>" \
--body-file /tmp/pds_issue_body.md \
--label "needs:triage,requirement" \
--assignee "${PDS_ISSUE_ASSIGNEE:-jordanpadams}"
Task:
gh issue create \
--repo NASA-PDS/<repo-name> \
--title "<title>" \
--body-file /tmp/pds_issue_body.md \
--label "task,i&t.skip"
Vulnerability:
gh issue create \
--repo NASA-PDS/<repo-name> \
--title "<title>" \
--body-file /tmp/pds_issue_body.md \
--label "security,bug,needs:triage" \
--assignee "${PDS_ISSUE_ASSIGNEE:-jordanpadams}"
Release Theme:
gh issue create \
--repo NASA-PDS/<repo-name> \
--title "<title>" \
--body-file /tmp/pds_issue_body.md \
--label "theme,Epic,i&t.skip"
Template Body Format:
The body should mirror the YAML template structure but in markdown. For example, a bug report body:
## Checked for duplicates
Yes - I've already checked
## 🐛 Describe the bug
[Bug description here]
## 🕵️ Expected behavior
[Expected behavior here]
## 📜 To Reproduce
1. [Step 1]
2. [Step 2]
3. [Step 3]
## 🖥 Environment Info
- Version of this software: vX.Y.Z
- Operating System: [OS details]
## 📚 Version of Software Used
[Version details]
## 🩺 Test Data / Additional context
[Context or N/A]
## 🦄 Related requirements
N/A
---
## For Internal Dev Team To Complete
## ⚙️ Engineering Details
[To be filled by engineering team]
## 🎉 Integration & Test
[To be filled by engineering team]
If this issue should be a sub-issue of a parent (theme, epic, or other issue), attach it using GitHub's GraphQL API.
Step 1: Get the Parent Issue Node ID
# Extract repo and issue number from parent reference
# For URL: https://github.com/NASA-PDS/repo/issues/123 → repo=repo, number=123
# For reference: NASA-PDS/repo#123 → repo=repo, number=123
# For local: #123 → use current repo, number=123
gh api graphql -f query='
query {
repository(owner: "NASA-PDS", name: "<parent-repo>") {
issue(number: <parent-number>) {
id
title
}
}
}
'
Step 2: Get the Child Issue Node ID
After creating the issue (from Section 3), extract the issue number from the returned URL and get its node ID:
# The gh issue create command returns: https://github.com/NASA-PDS/repo/issues/456
# Extract number 456 from the URL
gh api graphql -f query='
query {
repository(owner: "NASA-PDS", name: "<child-repo>") {
issue(number: <child-number>) {
id
}
}
}
'
Step 3: Add Sub-Issue Relationship
gh api graphql -f query='
mutation {
addSubIssue(input: {
issueId: "<PARENT_NODE_ID>",
subIssueId: "<CHILD_NODE_ID>"
}) {
issue {
id
title
}
subIssue {
id
title
}
}
}
'
Combined Script Approach:
For convenience, you can chain these operations:
# 1. Create the issue and capture the URL (body already written to /tmp/pds_issue_body.md)
ISSUE_URL=$(gh issue create \
--repo NASA-PDS/<repo> \
--title "<title>" \
--body-file /tmp/pds_issue_body.md \
--label "<labels>" 2>&1)
# 2. Extract issue number from URL
CHILD_NUMBER=$(echo "$ISSUE_URL" | grep -oE '[0-9]+$')
# 3. Get parent node ID
PARENT_ID=$(gh api graphql -f query='
query {
repository(owner: "NASA-PDS", name: "<parent-repo>") {
issue(number: <parent-number>) { id }
}
}
' --jq '.data.repository.issue.id')
# 4. Get child node ID
CHILD_ID=$(gh api graphql -f query="
query {
repository(owner: \"NASA-PDS\", name: \"<child-repo>\") {
issue(number: $CHILD_NUMBER) { id }
}
}
" --jq '.data.repository.issue.id')
# 5. Attach sub-issue to parent
gh api graphql -f query="
mutation {
addSubIssue(input: {
issueId: \"$PARENT_ID\",
subIssueId: \"$CHILD_ID\"
}) {
issue { title }
subIssue { title }
}
}
"
Cross-Repository Sub-Issues:
Sub-issues can span repositories. For example, a task in pds-registry can be a sub-issue of a theme in pds-swg. The parent and child repositories do not need to match.
Error Handling:
After creating the issue:
PDS_ISSUE_ASSIGNEE environment variable)gh repo view NASA-PDS/<repo-name>Templates are cached locally in resources/templates/ to avoid repeated GitHub API calls. The caching script should:
resources/templates/Cache templates on first use or if cache is older than 7 days.
Forcing Cache Refresh:
If templates have been updated in NASA-PDS/.github and you need to refresh immediately:
# Option 1: Delete cache directory and re-run caching script
rm -rf creating-pds-issues/resources/templates/
cd creating-pds-issues
node scripts/cache-templates.mjs
# Option 2: Delete timestamp file to trigger automatic refresh
rm creating-pds-issues/resources/templates/.cache-timestamp
# Next skill invocation will automatically refresh templates
# Option 3: Set environment variable to force refresh
FORCE_TEMPLATE_REFRESH=true node scripts/cache-templates.mjs
gh auth logingh repo list NASA-PDS --limit 100User: "Create a bug report for pds-registry about validation errors" → Ask which template, gather bug details, create issue
User: "File a feature request for the API to support batch operations" → Ask which repo, gather user story details, create issue
User: "I need to create a security vulnerability issue for validate" → Use vulnerability template, gather security details, create issue
Sub-Issue Examples:
User: "Create a child task for theme #45 about implementing the new API endpoint" → Detect sub-issue request, gather task details, create issue, attach to #45 as sub-issue
User: "Add a sub-task under NASA-PDS/pds-swg#123 for updating the documentation" → Detect cross-repo sub-issue, gather task details, create issue, attach to parent in pds-swg
User: "Create a task for the registry modernization epic" → Search for "registry modernization" epic, confirm with user, gather task details, create and attach
User: "File a bug as part of the B17 theme issue" → Search for B17 theme, create bug report, attach as sub-issue to the theme
Provides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.
npx claudepluginhub riverma/pds-agent-marketplace --plugin creating-pds-issues