molecule-ai/molecule-core
51
0
Fork 2
Code Issues 158 Pull Requests 164 Actions 14 Packages Projects Releases Wiki Activity

fix(gha): review-check 403 skip #1368

Open
release-manager wants to merge 1 commits from standalone/review-check-403-fix into staging
pull from: standalone/review-check-403-fix
merge into: molecule-ai:staging
Conversation 30 Commits 1 Files Changed 1
+5 -5
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/scripts/review-check.sh
+5 -5
View File
@@ -227,11 +227,11 @@ for U in $CANDIDATES; do
;;
403)
# Token owner is not in the team being probed; the API refuses to
# confirm membership. This is the RFC#324 follow-up token-scope gap.
# Fail closed — never grant approval on a 403; surface clearly.
echo "::error::team-probe for ${U} in ${TEAM} returned 403 (token owner not in ${TEAM} team — RFC#324 token-scope follow-up). Cannot confirm membership; failing closed."
# confirm membership. Skip this candidate and keep checking the rest —
# if no candidates pass the membership check the loop exits below.
echo "::warning::team-probe for ${U} in ${TEAM} returned 403 (token owner not in ${TEAM} team — RFC#324 token-scope follow-up). Skipping candidate; will keep checking."
cat "$TEAM_PROBE_TMP" >&2
exit 1
continue
;;
404)
debug "${U} not a member of ${TEAM}"
@@ -243,5 +243,5 @@ for U in $CANDIDATES; do
esac
done
echo "::error::${TEAM}-review awaiting non-author APPROVE from ${TEAM} team (candidates: $(echo "$CANDIDATES" | tr '\n' ',' | sed 's/,$//') — none are in team)"
echo "::error::${TEAM}-review no valid team-member approval found; check that reviewer is in ${TEAM} team or token owner is a ${TEAM} team member (candidates: $(echo "$CANDIDATES" | tr '\n' ',' | sed 's/,$//'))"
exit 1