'Check Github Organization Settings PRs' check fails for PRs from forks #342
Description
PRs on WG charters, contributors.yml and cloudfoundry.yml trigger a github action workflow 'Check Github Organization Settings PRs'.
The workflow generate the resulting cloudfoundry org configuration and triggers a dry-run of peribolos.
The validation workflow succeeds for PRs created from a branch of the community repo (by users with write access to the community repo). E.g. #336, #334, #322
The validation workflow fails for PRs created from forks of the community repo (by users that don't have write access to the community repo). E.g. #338, #340, #329
It fails with am 'Unauthorized" error when reading org invitations:
/usr/bin/docker run --name gcriok8sprowperibolos_fdcd37 --label 4cd98f --workdir /github/workspace --rm -e pythonLocation -e LD_LIBRARY_PATH -e INPUT_ENTRYPOINT -e INPUT_ARGS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_RUN_ATTEMPT -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_REF_NAME -e GITHUB_REF_PROTECTED -e GITHUB_REF_TYPE -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e GITHUB_STEP_SUMMARY -e RUNNER_OS -e RUNNER_ARCH -e RUNNER_NAME -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true --entrypoint "/ko-app/peribolos" --network github_network_31d50477b9b54aac909b51edcb0fff1f -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/community/community":"/github/workspace" gcr.io/k8s-prow/peribolos --confirm=false --github-endpoint http://ghproxy:8888 --required-admins=thelinuxfoundation --min-admins=5 --github-token-path=token --require-self=false --config-path=cloudfoundry.out.yml --fix-org --fix-org-members --fix-repos --fix-teams --fix-team-members --fix-team-repos
{"client":"github","component":"peribolos","file":"k8s.io/test-infra/prow/github/client.go:[9](https://github.com/cloudfoundry/community/runs/7277256357?check_suite_focus=true#step:9:10)[10](https://github.com/cloudfoundry/community/runs/7277256357?check_suite_focus=true#step:9:11)","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"Throttle(300, 100, *)","severity":"info","time":"2022-07-11T06:41:23Z"}
{"client":"github","component":"peribolos","file":"k8s.io/test-infra/prow/github/client.go:910","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"GetOrg(cloudfoundry)","severity":"info","time":"2022-07-11T06:41:23Z"}
{"client":"github","component":"peribolos","file":"k8s.io/test-infra/prow/github/client.go:910","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"EditOrg(cloudfoundry, {cloudfoundry 621746 ap@cloudfoundry.org cf-dev@lists.cloudfoundry.org Worldwide Cloud Foundry Cloud Foundry Foundation active projects true true none false})","severity":"info","time":"2022-07-[11](https://github.com/cloudfoundry/community/runs/7277256357?check_suite_focus=true#step:9:12)T06:41:23Z"}
{"client":"github","component":"peribolos","file":"k8s.io/test-infra/prow/github/client.go:910","func":"k8s.io/test-infra/prow/github.(*client).log","level":"info","msg":"ListOrgInvitations(cloudfoundry)","severity":"info","time":"2022-07-11T06:41:23Z"}
{"component":"peribolos","file":"k8s.io/test-infra/prow/cmd/peribolos/main.go:193","func":"main.main","level":"fatal","msg":"Configuration failed: failed to list cloudfoundry invitations: return code not 2XX: 401 Unauthorized","severity":"fatal","time":"2022-07-11T06:41:23Z"}
Expected Behavior
PRs (with valid content) from forks of the community repo created by users without elevated access to the community repo (Members and Contributors) get successfully validated by 'Check Github Organization Settings PRs' workflow.