I have modified the default jupyter_releaser workflow such that a GitHub app token is used instead of a user token. However, within the prepare_environment function, a check is made through the GitHub API to see if the user is a repo admin (exact lines here). This is an issue since even though the token is setup such that all the necessary permissions are granted, this arbitrary check blocks non-admin repo members from making releases.
I tried getting around this by modifying the actions with GITHUB_ACTOR and setting the value to our bot username, but the GitHub app isn't treated as a user by the API (understandably) and so it fails.
Proposed Solution
I think the check should either change to validate the required permissions of the token, or for an easier workaround, be able to be turned off through a flag/environment variable (e.g. RH_ADMIN_CHECK=false).
Problem
I have modified the default jupyter_releaser workflow such that a GitHub app token is used instead of a user token. However, within the
prepare_environmentfunction, a check is made through the GitHub API to see if the user is a repo admin (exact lines here). This is an issue since even though the token is setup such that all the necessary permissions are granted, this arbitrary check blocks non-admin repo members from making releases.I tried getting around this by modifying the actions with
GITHUB_ACTORand setting the value to our bot username, but the GitHub app isn't treated as a user by the API (understandably) and so it fails.Proposed Solution
I think the check should either change to validate the required permissions of the token, or for an easier workaround, be able to be turned off through a flag/environment variable (e.g.
RH_ADMIN_CHECK=false).Additional context