chore: Allow org members to trigger E2E workflow

[chmouel]

The permission check script in the E2E workflow was updated. It now verifies if the pull request author is a public member of the openshift-pipelines organization.

This check is performed in addition to the existing checks for trusted bots and collaborators with repository write access. This allows organization members to run E2E tests on their pull requests without requiring direct write permissions on the repository.

Additionally, renovate[bot] was added to the list of trusted bots.

📝 Description of the Change

👨🏻‍ Linked Jira

🔗 Linked GitHub Issue

Fixes #

🚀 Type of Change

• 🐛 Bug fix (fix:)
• ✨ New feature (feat:)
• 💥 Breaking change (feat!:, fix!:)
• 📚 Documentation update (docs:)
• ⚙️ Chore (chore:)
• 💅 Refactor (refactor:)
• 🔧 Enhancement (enhance:)
• 📦 Dependency update (deps:)

🧪 Testing Strategy

• Unit tests
• Integration tests
• End-to-end tests
• Manual testing
• Not Applicable

🤖 AI Assistance

• I have not used any AI assistance for this PR.
• I have used AI assistance for this PR.

If you have used AI assistance, please provide the following details:

Which LLM was used?

• GitHub Copilot
• ChatGPT (OpenAI)
• Claude (Anthropic)
• Cursor
• Gemini (Google)
• Other: ____________

Extent of AI Assistance:

• Everything
• Documentation and research only
• Unit tests or E2E tests only
• Code generation (parts of the code)
• Full code generation (most of the PR)
• PR description and comments
• Commit message(s)

Important

If the majority of the code in this PR was generated by an AI, please add a Co-authored-by trailer to your commit message.
For example:

Co-authored-by: Gemini [email protected]
Co-authored-by: ChatGPT [email protected]
Co-authored-by: Claude [email protected]
Co-authored-by: Cursor [email protected]
Co-authored-by: Copilot [email protected]

**💡You can use the script ./hack/add-llm-coauthor.sh to automatically add
these co-author trailers to your commits.

✅ Submitter Checklist

• 📝 My commit messages are clear, informative, and follow the project's How to write a git commit message guide. The Gitlint linter ensures in CI it's properly validated
• ✨ I have ensured my commit message prefix (e.g., fix:, feat:) matches the "Type of Change" I selected above.
• ♽ I have run make test and make lint locally to check for and fix any
  issues. For an efficient workflow, I have considered installing
  pre-commit and running pre-commit install to
  automate these checks.
• 📖 I have added or updated documentation for any user-facing changes.
• 🧪 I have added sufficient unit tests for my code changes.
• 🎁 I have added end-to-end tests where feasible. See README for more details.
• 🔎 I have addressed any CI test flakiness or provided a clear reason to bypass it.
• If adding a provider feature, I have filled in the following and updated the provider documentation:
  • GitHub App
  • GitHub Webhook
  • Gitea/Forgejo
  • GitLab
  • Bitbucket Cloud
  • Bitbucket Data Center

Closes #2286

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[pipelines-as-code]

🔍 PR Lint Feedback

Note: This automated check helps ensure your PR follows our contribution guidelines.

⚠️ Items that need attention:

🎫 Jira reference

Add a Jira reference in the description using one of the following formats:

• https://issues.redhat.com/browse/SRVKP-<number>

If no SRVKP ticket exists yet, link a GitHub issue instead (e.g., Fixes #123).
Minor housekeeping PRs without Jira coverage can skip this after confirming with reviewers.

---

ℹ️ Next Steps

• Review and address the items above
• Push new commits to update this PR
• This comment will be automatically updated when issues are resolved

🔧 Admin Tools (click to expand)

Automated Issue/Ticket Creation:

• /issue-create - Generate a GitHub issue from this PR content using AI
• /jira-create - Create a SRVKP Jira ticket from this PR content using AI

⚠️ Important: Always review and edit generated content before finalizing tickets/issues.
The AI-generated content should be used as a starting point and may need adjustments.

These commands are available to maintainers and will post the generated content as PR comments for review.

_{🤖 This feedback was generated automatically by the PR CI system}

[Copilot]

Pull Request Overview

This PR enhances the E2E workflow permission checking system to allow public members of the openshift-pipelines organization to trigger E2E tests. The changes implement a multi-condition permission check that evaluates trusted bots, organization membership, and repository collaborator permissions in sequence.

• Restructured permission checking into three sequential conditions for better organization
• Added public organization membership check for openshift-pipelines organization
• Included renovate[bot] in the list of trusted bots

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[chmouel]

/issue-create

[pipelines-as-code]

✅ GitHub Issue Created

AI-generated issue has been created and linked to this PR

📋 Created Issue

#2286 - Enhancement: Allow organization members to trigger E2E tests on their PRs

🔗 Relationship

This pull request resolves the issue described above. The issue was automatically generated based on the PR content to represent the underlying problem being solved.

📝 Issue Content Preview

Click to view the generated issue content

Problem Description

Currently, only repository collaborators with write access can trigger E2E tests on pull requests. This limitation prevents members of the openshift-pipelines organization from being able to easily test their changes via E2E workflows on their own pull requests, even if they are members of the organization.

Current Behavior

E2E tests can only be initiated by a limited set of users, specifically those with repository write permissions or trusted bots. Organization members who do not have direct write access to the repository are unable to trigger these crucial tests on their pull requests.

Expected Behavior

We should enable members of the openshift-pipelines organization to trigger E2E tests on their pull requests. This would allow for broader participation in testing and validation of contributions without requiring direct write access to the repository. Additionally, it would be beneficial to ensure that automated bots like renovate[bot] are recognized and trusted to trigger workflows.

Additional Context

This change aims to streamline the contribution and testing process for organization members, fostering a more collaborative environment and ensuring that changes are adequately tested before merging. It specifically addresses the scenario where organization members want to validate their work through E2E testing without needing explicit repository write permissions.

---

_{🤖 Issue created automatically using /issue-create command}

[zakisk]

Suggested change

const targetOrg = 'openshift-pipelines';

const repoOwner = context.repo.owner;
repoOwner is also "openshift-pipelines"

[zakisk]

you don't need to have it hardcoded

[zakisk]

this checks for public and private both membership if you only wanna check public membership then three is another function for that checkPublicMembershipForUser.
Note: see this docs and search for function name "checkPublicMembershipForUser"

[zakisk]

or you can use getMembershipForUserInOrg func to check permission of a user in a team for an org

github.rest.teams.getMembershipForUserInOrg({
  org,
  team_slug,
  username,
});