CI: Skip 'required reviewers' check on forks (no org team check perms)

[aaronsteers]

This was cherry-picked from the PR:

• [Do not merge] - test workflows without elevated perms #36367

This skips membership checks when on a fork, where don't have permissions to do so.

(Set to auto-merge on approval.)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment

Name	Status	Preview	Updated (UTC)
airbyte-docs	⬜️ Ignored (Inspect)		Mar 21, 2024 9:27pm

[alafanechere]

I think it'd be cleaner to discard the use of ${{ secrets.OCTAVIA_4_ROOT_ACCESS}} and replace it with ${{ GITHUB_TOKEN}}
We shall give the token the right set of read permissions.
GITHUB_TOKEN for runs on fork do have read permissions, so they likely be able to read:org.

[aaronsteers]

I think it'd be cleaner to discard the use of ${{ secrets.OCTAVIA_4_ROOT_ACCESS}} and replace it with ${{ GITHUB_TOKEN}} We shall give the token the right set of read permissions. GITHUB_TOKEN for runs on fork do have read permissions, so they likely be able to read:org.

Circling back after a while...

@alafanechere - docs seems to suggest that GITHUB_TOKEN won't be enough.

https://github.com/tspascoal/get-user-teams-membership?tab=readme-ov-file#requirements

In order to use this action you need to use a [personal access token] with read:org scope (so the builtin in GITHUB_TOKEN is not enough)

Can we accept this PR as a step in the right direction, and continue to iterate from here? My understanding is that my proposed update is actually in line with the intended logic of the condition that is being replaced.

[natikgadzhi]

LGTM to me

[aaronsteers]

@alafanechere - This is currently blocked on your review. Wdyt of continuing with this increment and then we can continue to tune in future iterations?