From 72e20d765be7387faeafb976f4cb4038ea13cebe Mon Sep 17 00:00:00 2001
From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Date: Fri, 7 Jun 2024 10:57:03 +0600
Subject: [PATCH] ci: use author permission check instead of
 `author_association` field for backport workflow (#6870)

---
 .github/workflows/backport.yaml | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml
index 127b10012429..9bae822e8815 100644
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@@ -5,13 +5,33 @@ on:
     types: [created]
 
 jobs:
+  check_permission:
+    name: Check comment author permissions
+    runs-on: ubuntu-latest
+    outputs:
+      is_maintainer: ${{ steps.check_permission.outputs.is_maintainer }}
+    steps:
+      - name: Check permission
+        id: check_permission
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission --jq '.permission')
+          if [ "$PERMISSION" == "admin" ] || [ "$PERMISSION" == "write" ]; then
+           echo "is_maintainer=true" >> $GITHUB_OUTPUT
+          else
+           echo "is_maintainer=false" >> $GITHUB_OUTPUT
+          fi
+  
+
   backport:
     name: Backport PR
+    needs: check_permission # run this job after checking permissions
     if: |
+      needs.check_permission.outputs.is_maintainer == 'true' &&      
       github.event.issue.pull_request &&
       github.event.issue.pull_request.merged_at != null &&
-      startsWith(github.event.comment.body, '@aqua-bot backport release/') &&
-      (github.event.comment.author_association == 'OWNER' || github.event.comment.author_association == 'MEMBER')
+      startsWith(github.event.comment.body, '@aqua-bot backport release/')
     runs-on: ubuntu-latest
 
     steps: