anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-23 06:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: skip permission check for GitHub App bot users

Browse Source 
GitHub Apps (users ending with [bot]) now bypass permission checks
as they have their own authorization mechanism.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Yuku Kotani
2025-06-03 23:39:27 +09:00
parent 93df09fd88
commit 529716dcad
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/github/validation/permissions.ts
View File

@@ -17,6 +17,12 @@ export async function checkWritePermissions(
try { try {
core.info(`Checking permissions for actor: ${actor}`); core.info(`Checking permissions for actor: ${actor}`);
// Check if the actor is a GitHub App (bot user)
if (actor.endsWith("[bot]")) {
core.info(`Actor is a GitHub App: ${actor}`);
return true;
}
// Check permissions directly using the permission endpoint // Check permissions directly using the permission endpoint
const response = await octokit.repos.getCollaboratorPermissionLevel({ const response = await octokit.repos.getCollaboratorPermissionLevel({
owner: repository.owner, owner: repository.owner,

10
test/permissions.test.ts
View File

@@ -124,6 +124,16 @@ describe("checkWritePermissions", () => {
); );
}); });
test("should return true for bot user", async () => {
const mockOctokit = createMockOctokit("none");
const context = createContext();
context.actor = "test-bot[bot]";
const result = await checkWritePermissions(mockOctokit, context);
expect(result).toBe(true);
});
test("should throw error when permission check fails", async () => { test("should throw error when permission check fails", async () => {
const error = new Error("API error"); const error = new Error("API error");
const mockOctokit = { const mockOctokit = {