Skip to content

Commit e87e00f

Browse files
azure-sdkscbedd
andauthored
a token minted for a single org cannot touch the other. we cannot actually create the pullrequest with maintainer_can_modify unless the token has at least collaborator on BOTH repos. so this is just a gap identified by the token (#46721)
Co-authored-by: Scott Beddall <scbedd@microsoft.com>
1 parent 43164f0 commit e87e00f

2 files changed

Lines changed: 8 additions & 1 deletion

File tree

eng/common/pipelines/templates/steps/create-pull-request.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,5 +70,6 @@ steps:
7070
-UserReviewers "${{ parameters.GHReviewers }}"
7171
-TeamReviewers "${{ parameters.GHTeamReviewers }}"
7272
-Assignees "${{ parameters.GHAssignees }}"
73+
-MaintainerCanModify $${{ eq(parameters.PROwner, parameters.RepoOwner) }}
7374
-CloseAfterOpenForTesting $${{ coalesce(parameters.CloseAfterOpenForTesting, 'false') }}
7475
-OpenAsDraft $${{ parameters.OpenAsDraft }}

eng/common/scripts/Submit-PullRequest.ps1

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,10 @@ List of github teams to add as reviewers
2929
.PARAMETER Assignees
3030
Users to assign to the PR after opening. Users should be a comma-separated list
3131
with no preceding `@` symbol (e.g. "user1,usertwo,user3")
32+
.PARAMETER MaintainerCanModify
33+
Whether to allow maintainers of the base repo to push to the PR branch.
34+
Set to false for cross-fork PRs where the token lacks permission to grant
35+
collaborator access on the fork.
3236
.PARAMETER CloseAfterOpenForTesting
3337
Close the PR after opening to save on CI resources and prevent alerts to code
3438
owners, assignees, requested reviewers, or others.
@@ -73,6 +77,8 @@ param(
7377

7478
[boolean]$OpenAsDraft=$false,
7579

80+
[boolean]$MaintainerCanModify=$true,
81+
7682
[boolean]$AddBuildSummary=($null -ne $env:SYSTEM_TEAMPROJECTID)
7783
)
7884

@@ -114,7 +120,7 @@ else {
114120
-Head "${PROwner}:${PRBranch}" `
115121
-Base $BaseBranch `
116122
-Body $PRBody `
117-
-Maintainer_Can_Modify $true `
123+
-Maintainer_Can_Modify $MaintainerCanModify `
118124
-Draft:$OpenAsDraft `
119125
-AuthToken $AuthToken
120126

0 commit comments

Comments
 (0)