Mason Daugherty 3e64c255b8 chore: use repo permissions instead of org membership for maintainer override (#36191) ...

The `require_issue_link` workflow's maintainer override (reopen PR or
remove `missing-issue-link` to bypass enforcement) has never worked. It
calls `orgs.getMembershipForUser` to verify the sender is an org member,
but `GITHUB_TOKEN` is a GitHub App installation token — not an org
member — so the endpoint always returns 403. The catch block only
handled 404, so the unhandled 403 crashed the entire job, blocking even
the normal issue-link validation from running.

## Changes
- Replace `orgs.getMembershipForUser` with
`repos.getCollaboratorPermissionLevel` in `senderIsOrgMember()` — checks
if the event sender (the user who reopened the PR or removed the label)
has write/maintain/admin access on the repo, which works with
`GITHUB_TOKEN` and is a better proxy for "maintainer" than org
membership

2026-03-24 07:03:52 +00:00

..

actions/uv_setup

ci(infra): add top-level permissions and SHA-pin third-party actions [INF-0000] (#35588)

2026-03-06 07:20:05 +00:00

images

Add files via upload

2026-03-02 10:47:31 -05:00

ISSUE_TEMPLATE

ci: bypass issue-link gate for trusted contributors (#35720)

2026-03-10 12:01:07 -04:00

scripts

ci: skip excluded files when applying package labels in pr-labeler (#36114)

2026-03-19 18:14:34 -04:00

tools

chore: formatting across codebase (#32466)

2025-08-08 10:20:10 -04:00

workflows

chore: use repo permissions instead of org membership for maintainer override (#36191)

2026-03-24 07:03:52 +00:00

CODEOWNERS

chore: update PR template, CODEOWNERS (#34999)

2026-02-03 12:59:41 -05:00

dependabot.yml

chore(infra): update dependabot.yml to monthly schedule with update-type split [INF-0000] (#35587)

2026-03-05 23:18:22 -08:00

PULL_REQUEST_TEMPLATE.md

ci: bypass issue-link gate for trusted contributors (#35720)

2026-03-10 12:01:07 -04:00