Skip to content

ci: exempt private org members from PR contribution check#4580

Merged
mmabrouk merged 1 commit into
mainfrom
ci/pr-contribution-allowlist
Jun 8, 2026
Merged

ci: exempt private org members from PR contribution check#4580
mmabrouk merged 1 commit into
mainfrom
ci/pr-contribution-allowlist

Conversation

@mmabrouk

@mmabrouk mmabrouk commented Jun 8, 2026

Copy link
Copy Markdown
Member

Summary

Follow-up to #4579. While testing that bot in dry-run against real PRs, it flagged a PR by ashrafchowdury (a core team member) as external and would have closed it.

Root cause: author_association only reports MEMBER for public org members. Arda, Ashraf, and other teammates have private org membership, which this workflow's GITHUB_TOKEN cannot see, so it received CONTRIBUTOR and treated them as external.

Fix: add an explicit allowlist of internal GitHub handles, checked alongside author_association. Public members stay auto-covered by the association; private-member teammates are covered by the allowlist. A comment explains why the list exists and when to add to it.

The workflow is currently disabled on main (I disabled it after finding this). Re-enable it once this merges.

Testing

Verified locally

  • YAML parses.
  • git diff origin/main shows only the allowlist delta.
  • The four dry-run cases from ci: auto-close incomplete external PRs #4579 are unaffected (template + demo detection unchanged). I will re-run the dispatch matrix after this merges, including a member PR with force_external=false to confirm the exemption now skips it.

Added or updated tests

N/A. CI workflow.

QA follow-up

After merge: re-enable the workflow, then dispatch 13 - check PR contribution (dry_run=true) against a member's PR to confirm internal, skipping, and against an external non-compliant PR to confirm it still flags.

Demo

N/A. Touches only .github/**.

Checklist

  • I have included a video or screen recording for UI changes, or marked Demo as N/A
  • Relevant tests pass locally
  • Relevant linting and formatting pass locally
  • I have signed the CLA, or I will sign it when the bot prompts me

@mmabrouk
ci: exempt private org members from PR contribution check
5712d01 
author_association only reports MEMBER for *public* org members, so this
workflow's GITHUB_TOKEN saw private members (Arda, Ashraf, and others) as
CONTRIBUTOR and would have auto-closed their PRs. Add an explicit allowlist
of internal handles alongside the association check so private-member
teammates are exempt too.
@dosubot dosubot Bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Jun 8, 2026
@vercel

vercel Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agenta-documentation Ready Ready Preview, Comment Jun 8, 2026 11:15am

Request Review

@dosubot dosubot Bot added the ci/cd label Jun 8, 2026
@mmabrouk mmabrouk enabled auto-merge June 8, 2026 11:15
@coderabbitai

coderabbitai Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 2924a24e-78d2-4ebc-95d2-6596bb940e5e

📥 Commits

Reviewing files that changed from the base of the PR and between a81e5c9 and 5712d01.

📒 Files selected for processing (1)
  • .github/workflows/13-check-pr-contribution.yml
📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Enhanced internal contributor detection in the PR contribution-check workflow by combining an explicit allowlist of internal GitHub logins with GitHub's author association metadata.

Walkthrough

The PR enhances the contribution-check workflow's internal contributor detection. A new lowercase allowlist of internal GitHub logins is introduced and combined with author_association checks into a computed isInternal flag. The early-return logic for exempting internal and bot authors now uses this broadened detection method, addressing cases where GitHub's metadata may be incomplete.

Changes

Internal Contributor Detection

Layer / File(s) Summary
Internal contributor allowlist and detection logic
.github/workflows/13-check-pr-contribution.yml		 An ALLOWLIST constant of lowercase internal GitHub logins is added (lines 54–66); a new isInternal computed value checks both INTERNAL author association and the allowlist (lines 116–122); the early-return logic for internal/bot authors uses the broadened detection (lines 123–125).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

  • Agenta-AI/agenta#4579: Also modifies the PR contribution-check workflow's author-exemption logic, with overlapping author-association and internal-contributor handling.
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: adding an exemption for private org members from the PR contribution check by introducing an internal GitHub handles allowlist.
Description check ✅ Passed The description is clearly related to the changeset, explaining the root cause, the fix, testing performed, and post-merge actions for the PR contribution workflow update.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/pr-contribution-allowlist

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mmabrouk mmabrouk merged commit 1c2402c into main Jun 8, 2026
8 checks passed
@dosubot dosubot Bot added the lgtm This PR has been approved by a maintainer label Jun 8, 2026
@mmabrouk mmabrouk mentioned this pull request Jun 8, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashrafchowdury ashrafchowdury ashrafchowdury approved these changes

@bekossy bekossy bekossy approved these changes

Assignees

No one assigned

Labels

ci/cd lgtm This PR has been approved by a maintainer size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mmabrouk @ashrafchowdury @bekossy