[TEST] Add someone with contributor access #373
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The commit 31ef45e converted the maintainer check workflow from `pull_request` to `pull_request_target` -- this caused the "checkout" action to check out the base branch instead of the pull request branch and effectively made the workflow compare the mainline MAINTAINERS.yml against itself. This commit reworks the workflow such that it checks out the pull request MAINTAINERS.yml separately and compare it against the mainline MAINTAINERS.yml checked out by the "checkout" action. Note that the `requirements-actions.txt` and `check_maintainer_changes.py` files used in this workflow are checked out from the base branch (i.e. does not contain any modifications) and therefore do not pose a security risk. Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
The PyGithub `Repository.get_collaborator_permission` function invokes the
GitHub REST API `/repos/{owner}/{repo}/collaborators/{username}/permission`
and returns the value of the `permission` attribute in the response.
As per the GitHub documentation [1], the `permission` attribute "provides
the legacy base roles of admin, write, read and none, where the maintain
role is mapped to write and the triage role is mapped to read", and this
caused the users with `triage` permission level (i.e. the users in the
`contributors` team) to be incorrectly flagged by the script.
This commit updates the script to use the `get_collaborator_role_name`
function, which correctly returns the up-to-date user permission/role name,
including `maintain` and `triage`.
Note that the `get_collaborator_role_name` function is only available in
PyGithub>=2.7.0.
[1] https://docs.github.com/en/rest/collaborators/collaborators?apiVersion=2022-11-28#get-repository-permissions-for-a-user
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
PyGithub >= 2.7.0 is required for the `Repository.get_collaborator_role_name` function used by the maintainer check script. Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
stephanosio
force-pushed
the
maintainer_rubbish_2
branch
from
9cba40c to
6747c08
Compare
|
stephanosio
force-pushed
the
main
branch
2 times, most recently
from
9628039 to
61a17aa
Compare
nashif
force-pushed
the
main
branch
3 times, most recently
from
c7b57da to
18497c5
Compare
nashif
force-pushed
the
main
branch
4 times, most recently
from
ba4ea1b to
88f9291
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.