Skip to content

ci: exempt private org members from the contribution gate#5848

Merged
avallete merged 2 commits into
developfrom
claude/workflow-pr-close-org-member-3k2wsj
Jul 9, 2026
Merged

ci: exempt private org members from the contribution gate#5848
avallete merged 2 commits into
developfrom
claude/workflow-pr-close-org-member-3k2wsj

Conversation

@avallete

@avallete avallete commented Jul 9, 2026

Copy link
Copy Markdown
Member

The contribution gate identified internal maintainers solely from the PR's author_association, which GitHub only reports as MEMBER when a user's organization membership is public. A private org member (e.g. a supabase/cli team member who keeps membership private) is reported as CONTRIBUTOR/NONE, so the gate wrongly closed their PRs as "no-linked-issue" (see #5847).

Resolve maintainer status from the author's effective repository permission (admin/write), which reflects team/org-granted access that author_association does not surface, falling back to it only when the cheap signals (bot, public internal association) are inconclusive. The permission endpoint needs just Metadata: read, already covered by the workflow's contents: read.

Claude-Session: https://claude.ai/code/session_01D41gYiFBSU7adE4ppnUUKg

The contribution gate identified internal maintainers solely from the
PR's `author_association`, which GitHub only reports as `MEMBER` when a
user's organization membership is public. A private org member (e.g. a
`supabase/cli` team member who keeps membership private) is reported as
`CONTRIBUTOR`/`NONE`, so the gate wrongly closed their PRs as
"no-linked-issue" (see #5847).

Resolve maintainer status from the author's effective repository
permission (`admin`/`write`), which reflects team/org-granted access
that `author_association` does not surface, falling back to it only when
the cheap signals (bot, public internal association) are inconclusive.
The permission endpoint needs just `Metadata: read`, already covered by
the workflow's `contents: read`.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01D41gYiFBSU7adE4ppnUUKg
@avallete avallete requested a review from a team as a code owner July 9, 2026 16:50
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Supabase CLI preview

npx --yes https://pkg.pr.new/supabase/cli/supabase@05177ef3f74813240c3f963eda4d5daacee86412

Preview package for commit 05177ef.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5ccaa314a3

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/scripts/contribution-gate.ts Outdated
The collaborator-permission endpoint returns 404 for users who are not
collaborators — the common case for the external fork contributors the
gate targets. `githubFetch` threw on any non-OK status, so the
`pull_request_target` job aborted before evaluating linked issues or
closing, leaving non-conforming external PRs open and failing the run.

Let `githubFetch` accept a set of allowed non-OK statuses and map a 404
from the permission lookup to `undefined` (external). Other failures
still throw, so a transient API error aborts the run without wrongly
closing PRs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01D41gYiFBSU7adE4ppnUUKg
@avallete avallete added this pull request to the merge queue Jul 9, 2026
Merged via the queue into develop with commit e83a6cc Jul 9, 2026
27 checks passed
@avallete avallete deleted the claude/workflow-pr-close-org-member-3k2wsj branch July 9, 2026 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants