From 9a8a7e5ace3ec81a1fef08f5164ba952d5bfc843 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 25 Mar 2026 04:41:27 +0000
Subject: [PATCH] jsweep: clean check_membership.cjs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Remove redundant null guard on parseRequiredPermissions() return value
  (always returns string[], never null/undefined)
- Remove redundant null guard on parseAllowedBots() return value
  (always returns string[], never null/undefined)
- Add 2 new tests: empty and unset GH_AW_ALLOWED_BOTS skip bot check
  (24 → 26 tests)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 actions/setup/js/check_membership.cjs      |  4 +--
 actions/setup/js/check_membership.test.cjs | 30 ++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/actions/setup/js/check_membership.cjs b/actions/setup/js/check_membership.cjs
index 49103a93e6b..85427cf7082 100644
--- a/actions/setup/js/check_membership.cjs
+++ b/actions/setup/js/check_membership.cjs
@@ -41,7 +41,7 @@ async function main() {
     return;
   }
 
-  if (!requiredPermissions || requiredPermissions.length === 0) {
+  if (requiredPermissions.length === 0) {
     core.warning("❌ Configuration error: Required permissions not specified. Contact repository administrator.");
     core.setOutput("is_team_member", "false");
     core.setOutput("result", "config_error");
@@ -60,7 +60,7 @@ async function main() {
     // User doesn't have required permissions (or the permission check failed with an error).
     // Always attempt the bot allowlist fallback before giving up, so that GitHub Apps whose
     // actor is not a recognized GitHub user (e.g. "Copilot") are not silently denied.
-    if (allowedBots && allowedBots.length > 0) {
+    if (allowedBots.length > 0) {
       core.info(`Checking if actor '${actor}' is in allowed bots list: ${allowedBots.join(", ")}`);
 
       if (isAllowedBot(actor, allowedBots)) {
diff --git a/actions/setup/js/check_membership.test.cjs b/actions/setup/js/check_membership.test.cjs
index 9cd490489f5..adb04b06098 100644
--- a/actions/setup/js/check_membership.test.cjs
+++ b/actions/setup/js/check_membership.test.cjs
@@ -441,5 +441,35 @@ describe("check_membership.cjs", () => {
       expect(mockCore.setOutput).toHaveBeenCalledWith("is_team_member", "true");
       expect(mockCore.setOutput).toHaveBeenCalledWith("result", "authorized_bot");
     });
+
+    it("should skip bot check when GH_AW_ALLOWED_BOTS is empty string", async () => {
+      process.env.GH_AW_ALLOWED_BOTS = "";
+
+      mockGithub.rest.repos.getCollaboratorPermissionLevel.mockResolvedValueOnce({
+        data: { permission: "none" },
+      });
+
+      await runScript();
+
+      // Only 1 API call (the permission check) — no bot status check
+      expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).toHaveBeenCalledTimes(1);
+      expect(mockCore.setOutput).toHaveBeenCalledWith("is_team_member", "false");
+      expect(mockCore.setOutput).toHaveBeenCalledWith("result", "insufficient_permissions");
+    });
+
+    it("should skip bot check when GH_AW_ALLOWED_BOTS is not set", async () => {
+      delete process.env.GH_AW_ALLOWED_BOTS;
+
+      mockGithub.rest.repos.getCollaboratorPermissionLevel.mockResolvedValueOnce({
+        data: { permission: "none" },
+      });
+
+      await runScript();
+
+      // Only 1 API call (the permission check) — no bot status check
+      expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).toHaveBeenCalledTimes(1);
+      expect(mockCore.setOutput).toHaveBeenCalledWith("is_team_member", "false");
+      expect(mockCore.setOutput).toHaveBeenCalledWith("result", "insufficient_permissions");
+    });
   });
 });