fix: exempt team members from compliance cleanup

2026-05-22 19:55:11 +00:00 · 2026-05-21 16:15:45 -05:00 · 2026-05-21 16:15:45 -05:00 · 1268f8657e
commit 1268f8657e
parent 39e7ff932d
6 changed files with 56 additions and 31 deletions
--- a/.github/workflows/compliance-close.yml
+++ b/.github/workflows/compliance-close.yml
@ -34,11 +34,25 @@ jobs:

            const now = Date.now();
            const twoHours = 2 * 60 * 60 * 1000;
+            const teamAssociations = ['OWNER', 'MEMBER', 'COLLABORATOR'];

            for (const item of items) {
              const isPR = !!item.pull_request;
              const kind = isPR ? 'PR' : 'issue';

+              if (teamAssociations.includes(item.author_association)) {
+                core.info(`Skipping ${kind} #${item.number}: author association is ${item.author_association}`);
+                try {
+                  await github.rest.issues.removeLabel({
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    issue_number: item.number,
+                    name: 'needs:compliance',
+                  });
+                } catch (e) {}
+                continue;
+              }
+
              const { data: comments } = await github.rest.issues.listComments({
                owner: context.repo.owner,
                repo: context.repo.repo,
--- a/.github/workflows/duplicate-issues.yml
+++ b/.github/workflows/duplicate-issues.yml
@ -6,7 +6,7 @@ on:

 jobs:
  check-duplicates:
-    if: github.event.action == 'opened'
+    if: github.event.action == 'opened' && !contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association)
    runs-on: blacksmith-4vcpu-ubuntu-2404
    permissions:
      contents: read
@ -118,7 +118,7 @@ jobs:
          Remember: post at most ONE comment combining all findings. If everything is fine, post nothing."

  recheck-compliance:
-    if: github.event.action == 'edited' && contains(github.event.issue.labels.*.name, 'needs:compliance')
+    if: github.event.action == 'edited' && contains(github.event.issue.labels.*.name, 'needs:compliance') && !contains(fromJSON('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association)
    runs-on: blacksmith-4vcpu-ubuntu-2404
    permissions:
      contents: read
--- a/.github/workflows/pr-management.yml
+++ b/.github/workflows/pr-management.yml
@ -11,22 +11,25 @@ jobs:
      contents: read
      pull-requests: write
    steps:
-      - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-        with:
-          fetch-depth: 1
-
      - name: Check team membership
        id: team-check
        run: |
          LOGIN="${{ github.event.pull_request.user.login }}"
-          if [ "$LOGIN" = "opencode-agent[bot]" ] || grep -qxF "$LOGIN" .github/TEAM_MEMBERS; then
+          ASSOCIATION="${{ github.event.pull_request.author_association }}"
+          if [ "$LOGIN" = "opencode-agent[bot]" ] || [ "$ASSOCIATION" = "OWNER" ] || [ "$ASSOCIATION" = "MEMBER" ] || [ "$ASSOCIATION" = "COLLABORATOR" ]; then
            echo "is_team=true" >> "$GITHUB_OUTPUT"
            echo "Skipping: $LOGIN is a team member or bot"
          else
            echo "is_team=false" >> "$GITHUB_OUTPUT"
          fi

+      - name: Checkout repository
+        if: steps.team-check.outputs.is_team != 'true'
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          fetch-depth: 1
+          ref: ${{ github.event.pull_request.base.sha }}
+
      - name: Setup Bun
        if: steps.team-check.outputs.is_team != 'true'
        uses: ./.github/actions/setup-bun
--- a/.github/workflows/pr-standards.yml
+++ b/.github/workflows/pr-standards.yml
@ -28,15 +28,9 @@ jobs:

            // Check if author is a team member or bot
            if (login === 'opencode-agent[bot]') return;
-            const { data: file } = await github.rest.repos.getContent({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              path: '.github/TEAM_MEMBERS',
-              ref: 'dev'
-            });
-            const members = Buffer.from(file.content, 'base64').toString().split('\n').map(l => l.trim()).filter(Boolean);
-            if (members.includes(login)) {
-              console.log(`Skipping: ${login} is a team member`);
+            const teamAssociations = ['OWNER', 'MEMBER', 'COLLABORATOR'];
+            if (teamAssociations.includes(pr.author_association)) {
+              console.log(`Skipping: ${login} has author association ${pr.author_association}`);
              return;
            }

@ -175,15 +169,9 @@ jobs:

            // Check if author is a team member or bot
            if (login === 'opencode-agent[bot]') return;
-            const { data: file } = await github.rest.repos.getContent({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              path: '.github/TEAM_MEMBERS',
-              ref: 'dev'
-            });
-            const members = Buffer.from(file.content, 'base64').toString().split('\n').map(l => l.trim()).filter(Boolean);
-            if (members.includes(login)) {
-              console.log(`Skipping: ${login} is a team member`);
+            const teamAssociations = ['OWNER', 'MEMBER', 'COLLABORATOR'];
+            if (teamAssociations.includes(pr.author_association)) {
+              console.log(`Skipping: ${login} has author association ${pr.author_association}`);
              return;
            }