Add condition checks to be able to check if pr author is member of an org in any way or not.

[AraHaan]

Expected Behavior

I would like the following to be possible some point in the future for rule conditions to check the author of a pr if (assuming the repository is in an open source only org):

• the user is an outside contributor to the org (is a contributor added directly to the repository itself that the pr is in) and has write access
• is a member of the org but not part of a team inside it but has write access
• is a member and part of a team and has write access.

Actual Behavior

No such information is exposed that checks those 3 cases and if any true, returns true.

Steps to Reproduce the Problem

1. Adding labels as part of a rule.
2. At the end of the CI build workflow, have Mergify run the other rule which then adds the automerge label.
3. Have the automerge label, and required status checks from branch protections manually defined in the rules to approve, comment, and then right after merge the PR.

Workarounds

Currently the only workaround is to manually duplicate the rule x # of times and then hard code specific user names into the rule conditions for each person to check for. This is not robust as any members could be added / removed at any time breaking the intended rules and poses an issue. What is really wanted is for the bot to check without hard coding them in the rules to do the same thing with a much smaller and simpler config since people can join / leave at any moment in time.

Specifications

• Pull Request URL: Mergify: configuration update Elskom/Sdk#191
• Mergify Config URL: https://github.com/Elskom/Sdk/pull/191/files

[AraHaan]

It seems possible with:

unless github.api.organization_member?('danger', github.pr_author)
  message "@#{github.pr_author} is not a contributor yet, would you like to join the Danger org?"
end

Note: the above would need to be converted to python. But it should be possible to do then with something like this:

- organization-member=OrgName

Which could then check if author of the pr is in OrgName and if so return true.

[jd]

IIUC what you want to know is if the author has write access to the repo?

What's your use case?

[AraHaan]

I want to have a rule check if they got write access to the repository so the rules can automatically add an label that controls merge so then when CI's pass it gets merged directly, while those that do not have write access would require someone with write access to review then approve and add the label themselves.

[jd]

Understaood. In practice, we do that already but we just follow your rule number 3 is a member and part of a team and has write access.

We use author=@devs to check if an author is a member of the devs team which has write access.

We could probably add a PR boolean attribute being author-has-write-access or the like. The name of the attribute is the real difficulty 😆

[AraHaan]

Why not name it write to make it nice, small, and simple?

[jd]

I'm afraid it's a bit too generic.

Maybe author-permission being a string containing something like admin, maintain, write, read or triage.

https://docs.github.com/en/graphql/reference/enums#repositorypermission

[jd]

Ultimately might be even better to have author being its own object and having author.permission. Would make it easier to add more fields.

[AraHaan]

I agree, author becoming it's own object would benefit here.