feat: Add workflow to check PR fork permissions (#68165)

.github/pr-fork-permission-warning.md

@@ -0,0 +1,44 @@
+## ⚠️ PR Configuration Issue Detected
+
+Hi @{{ .pr_author }}, thank you for your contribution from **{{ .repo_name }}**!
+
+We've detected an issue with your PR configuration that is a barrier to effective and efficient review. To streamline your PR review and acceptance, Airbyte maintainers require the ability to push commits directly to your PR branch to apply formatting fixes, dependency updates, security patches, and other minor changes.
+
+Specific details of the issue detected in your PR:
+
+{{ if eq .is_org_fork "true" }}
+### 🏢 Organization Fork Detected
+
+We have detected that your PR is from an **organization fork** rather than a personal fork. GitHub does not allow maintainers to commit directly to branches in organization forks. [Learn more about allowing changes to a pull request branch created from a fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork).
+
+**How to Fix:**
+1. Fork the Airbyte repository under your personal GitHub account (not your organization).
+2. Push your branch to your personal fork.
+3. Create a new PR from your personal fork.
+
+This will allow Airbyte maintainers to push any necessary fixes directly to your branch, significantly speeding up the review process.
+{{ end }}
+
+{{ if eq .missing_maintainer_edit "true" }}
+### 🔒 Maintainer Edits Not Allowed
+
+We have detected that your PR does not have the "Allow edits from maintainers" option enabled. This prevents us from pushing fixes directly to your branch.
+
+**How to Fix:**
+1. On your PR page, look for the sidebar on the right.
+2. Find the checkbox labeled "Allow edits from maintainers".
+3. Check the box to enable maintainer edits.
+4. Close and reopen your PR to rerun this check. (No need to recreate the PR.)
+
+After completing these steps, you should see a green checkmark (✅) on the "**PR Permissions Check**" PR check below. This signifies that maintainers will be able to push necessary fixes directly to your branch, enabling a more efficient review process.
+
+{{ end }}
+
+### Need Help?
+
+If you have questions or need assistance, please:
+- Ask in the PR comments.
+- Join our [Slack community](https://airbytehq.slack.com/).
+- Review our [Contributing Guide](https://docs.airbyte.com/platform/contributing-to-airbyte).
+
+Thank you for your understanding and for contributing to Airbyte! 🙏

.github/workflows/check-pr-fork-permissions.yml

@@ -0,0 +1,80 @@
+name: Community PR Permission Check
+
+# This workflow checks if a PR is from an organization fork or doesn't allow maintainer edits.
+# These conditions prevent maintainers from pushing fixes directly to the PR branch.
+# If either condition is detected, it posts a comment asking the contributor to fix the issue.
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  check-fork-permissions:
+    name: PR Permissions Check
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-24.04
+    # Only run for PRs from forks (not internal PRs)
+    if: github.event.pull_request.head.repo.fork == true
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          ref: master
+          repository: airbytehq/airbyte
+
+      - name: Examine PR Fork Permissions
+        id: check
+        run: |
+          # Get PR details from GitHub context
+          IS_ORG_FORK="false"
+          MISSING_MAINTAINER_EDIT="false"
+
+          OWNER_TYPE="${{ github.event.pull_request.head.repo.owner.type }}"
+          MAINTAINER_CAN_MODIFY="${{ github.event.pull_request.maintainer_can_modify }}"
+
+          echo "Owner type: $OWNER_TYPE"
+          echo "Maintainer can modify: $MAINTAINER_CAN_MODIFY"
+
+          # Check if fork is from an organization
+          if [ "$OWNER_TYPE" = "Organization" ]; then
+            IS_ORG_FORK="true"
+            echo "✗ PR is from an organization fork"
+          elif [ "$MAINTAINER_CAN_MODIFY" = "false" ]; then
+            MISSING_MAINTAINER_EDIT="true"
+            echo "✗ PR does not allow maintainer edits"
+          else
+            echo "✓ PR allows maintainer edits and is from a personal fork"
+          fi
+
+          # Set outputs
+          echo "is_org_fork=$IS_ORG_FORK" >> $GITHUB_OUTPUT
+          echo "missing_maintainer_edit=$MISSING_MAINTAINER_EDIT" >> $GITHUB_OUTPUT
+
+      - name: Render Comment Template
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        id: template
+        uses: chuhlomin/render-template@f828bb5c72a3e3af89cb79808cea490166c6f1ce # v1.4
+        with:
+          template: .github/pr-fork-permission-warning.md
+          vars: |
+            is_org_fork: ${{ steps.check.outputs.is_org_fork }}
+            missing_maintainer_edit: ${{ steps.check.outputs.missing_maintainer_edit }}
+            repo_name: ${{ github.event.pull_request.head.repo.full_name }}
+            pr_author: ${{ github.event.pull_request.user.login }}
+
+      - name: Post Comment to PR (Issues Detected)
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: ${{ steps.template.outputs.result }}
+
+      - name: Check Failure (Issues Detected)
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        run: |
+          echo "❌ PR has fork permission issues that need to be resolved"
+          exit 1

.github/workflows/community-pr-permissions-check.yml

@@ -0,0 +1,80 @@
+name: Community PR Permission Check
+
+# This workflow checks if a PR is from an organization fork or doesn't allow maintainer edits.
+# These conditions prevent maintainers from pushing fixes directly to the PR branch.
+# If either condition is detected, it posts a comment asking the contributor to fix the issue.
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  check-fork-permissions:
+    name: PR Permissions Check
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-24.04
+    # Only run for PRs from forks (not internal PRs)
+    if: github.event.pull_request.head.repo.fork == true
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          ref: master
+          repository: airbytehq/airbyte
+
+      - name: Examine PR Fork Permissions
+        id: check
+        run: |
+          # Get PR details from GitHub context
+          IS_ORG_FORK="false"
+          MISSING_MAINTAINER_EDIT="false"
+
+          OWNER_TYPE="${{ github.event.pull_request.head.repo.owner.type }}"
+          MAINTAINER_CAN_MODIFY="${{ github.event.pull_request.maintainer_can_modify }}"
+
+          echo "Owner type: $OWNER_TYPE"
+          echo "Maintainer can modify: $MAINTAINER_CAN_MODIFY"
+
+          # Check if fork is from an organization
+          if [ "$OWNER_TYPE" = "Organization" ]; then
+            IS_ORG_FORK="true"
+            echo "✗ PR is from an organization fork"
+          elif [ "$MAINTAINER_CAN_MODIFY" = "false" ]; then
+            MISSING_MAINTAINER_EDIT="true"
+            echo "✗ PR does not allow maintainer edits"
+          else
+            echo "✓ PR allows maintainer edits and is from a personal fork"
+          fi
+
+          # Set outputs
+          echo "is_org_fork=$IS_ORG_FORK" >> $GITHUB_OUTPUT
+          echo "missing_maintainer_edit=$MISSING_MAINTAINER_EDIT" >> $GITHUB_OUTPUT
+
+      - name: Render Comment Template
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        id: template
+        uses: chuhlomin/render-template@f828bb5c72a3e3af89cb79808cea490166c6f1ce # v1.4
+        with:
+          template: .github/pr-fork-permission-warning.md
+          vars: |
+            is_org_fork: ${{ steps.check.outputs.is_org_fork }}
+            missing_maintainer_edit: ${{ steps.check.outputs.missing_maintainer_edit }}
+            repo_name: ${{ github.event.pull_request.head.repo.full_name }}
+            pr_author: ${{ github.event.pull_request.user.login }}
+
+      - name: Post Comment to PR (Issues Detected)
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: ${{ steps.template.outputs.result }}
+
+      - name: Check Failure (Issues Detected)
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        run: |
+          echo "❌ PR has fork permission issues that need to be resolved"
+          exit 1

README.md

@@ -52,6 +52,14 @@ For videos and blogs on data engineering and building your data stack, check out
 
 If you've found a problem with Airbyte, please open a [GitHub issue](https://github.com/airbytehq/airbyte/issues/new/choose). To contribute to Airbyte and see our Code of Conduct, please see the [contributing guide](https://docs.airbyte.com/contributing-to-airbyte/). We have a list of [good first issues](https://github.com/airbytehq/airbyte/labels/contributor-program) that contain bugs that have a relatively limited scope. This is a great place to get started, gain experience, and get familiar with our contribution process.
 
+#### PR Permission Requirements
+
+When submitting a pull request, please ensure that Airbyte maintainers have write access to your branch. This allows us to apply formatting fixes and dependency updates directly, significantly speeding up the review and approval process.
+
+To enable write access on your PR from Airbyte maintainers, please check the "Allow edits from maintainers" box when submitting from your PR. You must also create your PR from a fork in your **personal GitHub account** rather than an organization account, or else you will not see this option. The requirement to create from your personal fork is based on GitHub's additional security restrictions for PRs created from organization forks. For more information about the GitHub security model, please see the [GitHub documentation page regarding PRs from forks](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork).
+
+For more details on contribution requirements, please see our [contribution workflow documentation](https://docs.airbyte.com/platform/contributing-to-airbyte#standard-contribution-workflow).
+
 ### Security
 
 Airbyte takes security issues very seriously. **Please do not file GitHub issues or post on our public forum for security vulnerabilities**. Email `security@airbyte.io` if you believe you have uncovered a vulnerability. In the message, try to provide a description of the issue and ideally a way of reproducing it. The security team will get back to you as soon as possible.

docs/platform/contributing-to-airbyte/README.md

@@ -49,14 +49,19 @@ We are actively working on improving usability, speed (through asynchronous load
 
 You can check the status of your contribution in this [Github Project](https://github.com/orgs/airbytehq/projects/108/views/4). It will provide you what Sprint your contribution was assigned and when you can expect a review.
 
+### Pull Request permission requirements
+
+When submitting a pull request, please ensure that Airbyte maintainers have write access to your branch. This allows us to apply formatting fixes, security-related patches, and dependency updates directly, which significantly speeds up the review and approval process.
+
+To enable write access on your PR from Airbyte maintainers, please check the "Allow edits from maintainers" box when submitting from your PR. You must also create your PR from a fork in your **personal GitHub account** rather than an organization account, or else you will not see this option. The requirement to create from your personal fork is based on GitHub's additional security restrictions for PRs created from organization forks. For more information about the GitHub security model, please see the [GitHub documentation page regarding PRs from forks](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork).
+
+For more details on contribution requirements, please see our [contribution workflow documentation](https://docs.airbyte.com/platform/contributing-to-airbyte#standard-contribution-workflow).
+
 :::warning
-Do not submit a pull request using the master branch from your forked repository.
-The team will not be able to run integration tests and your pull request will be closed.
+Do not submit a pull request using the default branch of your forked repository. This will block Airbyte maintainers from pushing changes to your branch.
 :::
 
-:::tip
-It is generally preferrable to submit pull requests from a personal fork instead of an organization fork. This is because GitHub does not allow maintainers to commit directly to branches in organization forks. If you submit from a personal fork, Airbyte maintainers can apply suggested fixes directly, which can significantly speed up the review and approval process.
-:::
+## Connector contributions
 
 Guidelines for connector contributions included in the [Connector Development Guide](../connector-development/README.md):