Skip to content

[pull] main from calcom:main #972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pull merged 3 commits into from
Dec 30, 2025
Merged

[pull] main from calcom:main #972

pull merged 3 commits into from
Dec 30, 2025

Conversation

@pull
Copy link

@pull pull bot commented Dec 30, 2025
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

Manas-Kenge and others added 3 commits December 30, 2025 07:49
@Manas-Kenge
fix dialog (#26298)
7c1a3b0
@pedroccastro
fix(ci): verify org membership when author_association fails (#26296)
ae14e10 
* fix(ci): verify org membership via API when author_association fails

* refactor: use core team membership check instead of
    org membership
@keithwillcode @devin-ai-integration
fix(ci): use getCollaboratorPermissionLevel for trust check (#26306)
e475377 
* fix(ci): use GitHub App token for team membership check

The default GITHUB_TOKEN doesn't have org-level permissions to query
team membership via the teams.getMembershipForUserInOrg API. This causes
the API to return 404 even for valid team members, making the trust check
incorrectly fail for core team members.

This change generates a short-lived GitHub App token with org-level access
to properly verify team membership.

Co-Authored-By: keith@cal.com <keithwillcode@gmail.com>

* fix(ci): use getCollaboratorPermissionLevel for trust check

Replace the team membership check (teams.getMembershipForUserInOrg) with
getCollaboratorPermissionLevel which works with the default GITHUB_TOKEN.

This approach:
- Checks if users have write/maintain/admin access to the repo
- Works without requiring a GitHub App token with org-level permissions
- Is semantically correct: if someone can push to the repo, they're trusted

The previous approach using teams.getMembershipForUserInOrg required
org-level permissions that the default GITHUB_TOKEN doesn't have,
causing 404 errors even for valid team members.

Co-Authored-By: keith@cal.com <keithwillcode@gmail.com>

* Apply suggestion from @keithwillcode

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
@pull pull bot locked and limited conversation to collaborators Dec 30, 2025
@pull pull bot added the ⤵️ pull label Dec 30, 2025
@pull pull bot merged commit e475377 into Uncodedtech:main Dec 30, 2025
2 of 4 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Manas-Kenge @pedroccastro @keithwillcode