feat: Add workflow to check PR fork permissions (#68165)

.github/pr-fork-permission-warning.md

@@ -0,0 +1,44 @@
+## ⚠️ PR Configuration Issue Detected
+
+Hi @{{ .pr_author }}, thank you for your contribution from **{{ .repo_name }}**!
+
+We've detected an issue with your PR configuration that is a barrier to effective and efficient review. To streamline your PR review and acceptance, Airbyte maintainers require the ability to push commits directly to your PR branch to apply formatting fixes, dependency updates, security patches, and other minor changes.
+
+Specific details of the issue detected in your PR:
+
+{{ if eq .is_org_fork "true" }}
+### 🏢 Organization Fork Detected
+
+We have detected that your PR is from an **organization fork** rather than a personal fork. GitHub does not allow maintainers to commit directly to branches in organization forks. [Learn more about allowing changes to a pull request branch created from a fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork).
+
+**How to Fix:**
+1. Fork the Airbyte repository under your personal GitHub account (not your organization).
+2. Push your branch to your personal fork.
+3. Create a new PR from your personal fork.
+
+This will allow Airbyte maintainers to push any necessary fixes directly to your branch, significantly speeding up the review process.
+{{ end }}
+
+{{ if eq .missing_maintainer_edit "true" }}
+### 🔒 Maintainer Edits Not Allowed
+
+We have detected that your PR does not have the "Allow edits from maintainers" option enabled. This prevents us from pushing fixes directly to your branch.
+
+**How to Fix:**
+1. On your PR page, look for the sidebar on the right.
+2. Find the checkbox labeled "Allow edits from maintainers".
+3. Check the box to enable maintainer edits.
+4. Close and reopen your PR to rerun this check. (No need to recreate the PR.)
+
+After completing these steps, you should see a green checkmark (✅) on the "**PR Permissions Check**" PR check below. This signifies that maintainers will be able to push necessary fixes directly to your branch, enabling a more efficient review process.
+
+{{ end }}
+
+### Need Help?
+
+If you have questions or need assistance, please:
+- Ask in the PR comments.
+- Join our [Slack community](https://airbytehq.slack.com/).
+- Review our [Contributing Guide](https://docs.airbyte.com/platform/contributing-to-airbyte).
+
+Thank you for your understanding and for contributing to Airbyte! 🙏

.github/workflows/check-pr-fork-permissions.yml

@@ -0,0 +1,80 @@
+name: Community PR Permission Check
+
+# This workflow checks if a PR is from an organization fork or doesn't allow maintainer edits.
+# These conditions prevent maintainers from pushing fixes directly to the PR branch.
+# If either condition is detected, it posts a comment asking the contributor to fix the issue.
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  check-fork-permissions:
+    name: PR Permissions Check
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-24.04
+    # Only run for PRs from forks (not internal PRs)
+    if: github.event.pull_request.head.repo.fork == true
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          ref: master
+          repository: airbytehq/airbyte
+
+      - name: Examine PR Fork Permissions
+        id: check
+        run: |
+          # Get PR details from GitHub context
+          IS_ORG_FORK="false"
+          MISSING_MAINTAINER_EDIT="false"
+
+          OWNER_TYPE="${{ github.event.pull_request.head.repo.owner.type }}"
+          MAINTAINER_CAN_MODIFY="${{ github.event.pull_request.maintainer_can_modify }}"
+
+          echo "Owner type: $OWNER_TYPE"
+          echo "Maintainer can modify: $MAINTAINER_CAN_MODIFY"
+
+          # Check if fork is from an organization
+          if [ "$OWNER_TYPE" = "Organization" ]; then
+            IS_ORG_FORK="true"
+            echo "✗ PR is from an organization fork"
+          elif [ "$MAINTAINER_CAN_MODIFY" = "false" ]; then
+            MISSING_MAINTAINER_EDIT="true"
+            echo "✗ PR does not allow maintainer edits"
+          else
+            echo "✓ PR allows maintainer edits and is from a personal fork"
+          fi
+
+          # Set outputs
+          echo "is_org_fork=$IS_ORG_FORK" >> $GITHUB_OUTPUT
+          echo "missing_maintainer_edit=$MISSING_MAINTAINER_EDIT" >> $GITHUB_OUTPUT
+
+      - name: Render Comment Template
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        id: template
+        uses: chuhlomin/render-template@f828bb5c72a3e3af89cb79808cea490166c6f1ce # v1.4
+        with:
+          template: .github/pr-fork-permission-warning.md
+          vars: |
+            is_org_fork: ${{ steps.check.outputs.is_org_fork }}
+            missing_maintainer_edit: ${{ steps.check.outputs.missing_maintainer_edit }}
+            repo_name: ${{ github.event.pull_request.head.repo.full_name }}
+            pr_author: ${{ github.event.pull_request.user.login }}
+
+      - name: Post Comment to PR (Issues Detected)
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: ${{ steps.template.outputs.result }}
+
+      - name: Check Failure (Issues Detected)
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        run: |
+          echo "❌ PR has fork permission issues that need to be resolved"
+          exit 1

.github/workflows/community-pr-permissions-check.yml

@@ -0,0 +1,80 @@
+name: Community PR Permission Check
+
+# This workflow checks if a PR is from an organization fork or doesn't allow maintainer edits.
+# These conditions prevent maintainers from pushing fixes directly to the PR branch.
+# If either condition is detected, it posts a comment asking the contributor to fix the issue.
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  check-fork-permissions:
+    name: PR Permissions Check
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-24.04
+    # Only run for PRs from forks (not internal PRs)
+    if: github.event.pull_request.head.repo.fork == true
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        with:
+          ref: master
+          repository: airbytehq/airbyte
+
+      - name: Examine PR Fork Permissions
+        id: check
+        run: |
+          # Get PR details from GitHub context
+          IS_ORG_FORK="false"
+          MISSING_MAINTAINER_EDIT="false"
+
+          OWNER_TYPE="${{ github.event.pull_request.head.repo.owner.type }}"
+          MAINTAINER_CAN_MODIFY="${{ github.event.pull_request.maintainer_can_modify }}"
+
+          echo "Owner type: $OWNER_TYPE"
+          echo "Maintainer can modify: $MAINTAINER_CAN_MODIFY"
+
+          # Check if fork is from an organization
+          if [ "$OWNER_TYPE" = "Organization" ]; then
+            IS_ORG_FORK="true"
+            echo "✗ PR is from an organization fork"
+          elif [ "$MAINTAINER_CAN_MODIFY" = "false" ]; then
+            MISSING_MAINTAINER_EDIT="true"
+            echo "✗ PR does not allow maintainer edits"
+          else
+            echo "✓ PR allows maintainer edits and is from a personal fork"
+          fi
+
+          # Set outputs
+          echo "is_org_fork=$IS_ORG_FORK" >> $GITHUB_OUTPUT
+          echo "missing_maintainer_edit=$MISSING_MAINTAINER_EDIT" >> $GITHUB_OUTPUT
+
+      - name: Render Comment Template
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        id: template
+        uses: chuhlomin/render-template@f828bb5c72a3e3af89cb79808cea490166c6f1ce # v1.4
+        with:
+          template: .github/pr-fork-permission-warning.md
+          vars: |
+            is_org_fork: ${{ steps.check.outputs.is_org_fork }}
+            missing_maintainer_edit: ${{ steps.check.outputs.missing_maintainer_edit }}
+            repo_name: ${{ github.event.pull_request.head.repo.full_name }}
+            pr_author: ${{ github.event.pull_request.user.login }}
+
+      - name: Post Comment to PR (Issues Detected)
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        with:
+          issue-number: ${{ github.event.pull_request.number }}
+          body: ${{ steps.template.outputs.result }}
+
+      - name: Check Failure (Issues Detected)
+        if: steps.check.outputs.is_org_fork == 'true' || steps.check.outputs.missing_maintainer_edit == 'true'
+        run: |
+          echo "❌ PR has fork permission issues that need to be resolved"
+          exit 1