raulcd commented on issue #34381:
URL: https://github.com/apache/arrow/issues/34381#issuecomment-1449861058
I have tested giving all possible read permissions to the workflow and
requesting via API instead of using the default payload event using the
`secrets.GITHUB_TOKEN`. This token does not have permissions to read the
organization members and if the member is private it won't appear as MEMBER.
I've done a test adding a new token with only `read:org` permissions which
we could use to retrieve the membership. Something like the following:
```
def is_committer(self, review=False):
# We require a new connection to GitHub with a specific token to read
# membership association.
member_conn = github.Github(self._member_token)
repo = member_conn.get_repo(self.event_payload['repository']['id'],
lazy=True)
gh_obj = repo.get_pull(self.event_payload['pull_request']['number'])
if review:
gh_obj = gh_obj.get_review(self.event_payload['review']['id'])
author_association = gh_obj.raw_data['author_association']
print(f"Author Association is {author_association}")
return author_association in COMMITTER_ROLES
```
This would work but would require to set up a new secret on our repo,
something like `MEMBERSHIP_GITHUB_TOKEN`.
The only other solution I can think of is to have a list of committers and
check the author name is on the list but that would require maintaining a list
of committers.
@kou @assignUser any preference on any of the two solutions or other ideas
you think I could try?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
