From 996d41c01e5866019196f9d036dfdcdefddf62cd Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sun, 25 Jan 2026 14:57:08 +0000
Subject: [PATCH 1/2] jsweep: clean check_permissions.cjs with destructuring

---
 actions/setup/js/check_permissions.cjs | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/actions/setup/js/check_permissions.cjs b/actions/setup/js/check_permissions.cjs
index b625a90e702..5ba831db3f7 100644
--- a/actions/setup/js/check_permissions.cjs
+++ b/actions/setup/js/check_permissions.cjs
@@ -4,7 +4,8 @@
 const { parseRequiredPermissions, checkRepositoryPermission } = require("./check_permissions_utils.cjs");
 
 async function main() {
-  const { eventName } = context;
+  const { eventName, actor, repo } = context;
+  const { owner, repo: repoName } = repo;
 
   // skip check for safe events
   // workflow_run is intentionally excluded due to HIGH security risks:
@@ -21,8 +22,6 @@ async function main() {
     return;
   }
 
-  const actor = context.actor;
-  const { owner, repo } = context.repo;
   const requiredPermissions = parseRequiredPermissions();
 
   if (!requiredPermissions || requiredPermissions.length === 0) {
@@ -32,7 +31,7 @@ async function main() {
   }
 
   // Check if the actor has the required repository permissions
-  const result = await checkRepositoryPermission(actor, owner, repo, requiredPermissions);
+  const result = await checkRepositoryPermission(actor, owner, repoName, requiredPermissions);
 
   if (result.error) {
     core.setFailed(`Repository permission check failed: ${result.error}`);

From fb2dda77998c7411d73e07e80f9c8c14291a355f Mon Sep 17 00:00:00 2001
From: Copilot <198982749+Copilot@users.noreply.github.com>
Date: Sun, 25 Jan 2026 10:25:34 -0800
Subject: [PATCH 2/2] Add tests for context destructuring in
 check_permissions.cjs (#11786)

---
 actions/setup/js/check_permissions.test.cjs | 38 +++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/actions/setup/js/check_permissions.test.cjs b/actions/setup/js/check_permissions.test.cjs
index 306ee9ed58c..39d0eb1cfe2 100644
--- a/actions/setup/js/check_permissions.test.cjs
+++ b/actions/setup/js/check_permissions.test.cjs
@@ -159,5 +159,43 @@ const mockCore = {
           await eval(`(async () => { ${checkPermissionsScript}; await main(); })()`),
           expect(mockCore.info).toHaveBeenCalledWith("✅ Event schedule does not require validation"),
           expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).not.toHaveBeenCalled());
+      }),
+      it("should correctly extract owner and repo from context.repo", async () => {
+        ((process.env.GH_AW_REQUIRED_ROLES = "admin"),
+          (global.context.eventName = "issues"),
+          (global.context.repo = { owner: "custom-owner", repo: "custom-repo" }),
+          mockGithub.rest.repos.getCollaboratorPermissionLevel.mockResolvedValue({ data: { permission: "admin" } }),
+          await eval(`(async () => { ${checkPermissionsScript}; await main(); })()`),
+          expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).toHaveBeenCalledWith({ owner: "custom-owner", repo: "custom-repo", username: "testuser" }),
+          expect(mockCore.info).toHaveBeenCalledWith("Checking if user 'testuser' has required permissions for custom-owner/custom-repo"));
+      }),
+      it("should handle context with different repo names correctly", async () => {
+        ((process.env.GH_AW_REQUIRED_ROLES = "write"),
+          (global.context.eventName = "pull_request"),
+          (global.context.actor = "contributor"),
+          (global.context.repo = { owner: "org-name", repo: "project-name" }),
+          mockGithub.rest.repos.getCollaboratorPermissionLevel.mockResolvedValue({ data: { permission: "write" } }),
+          await eval(`(async () => { ${checkPermissionsScript}; await main(); })()`),
+          expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).toHaveBeenCalledWith({ owner: "org-name", repo: "project-name", username: "contributor" }),
+          expect(mockCore.info).toHaveBeenCalledWith("✅ User has write access to repository"));
+      }),
+      it("should correctly destructure context properties in safe event", async () => {
+        ((process.env.GH_AW_REQUIRED_ROLES = "admin"),
+          (global.context.eventName = "workflow_dispatch"),
+          (global.context.actor = "dispatch-user"),
+          (global.context.repo = { owner: "test-org", repo: "test-repo" }),
+          await eval(`(async () => { ${checkPermissionsScript}; await main(); })()`),
+          expect(mockCore.info).toHaveBeenCalledWith("✅ Event workflow_dispatch does not require validation"),
+          expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).not.toHaveBeenCalled());
+      }),
+      it("should handle repo names with hyphens and underscores", async () => {
+        ((process.env.GH_AW_REQUIRED_ROLES = "maintainer"),
+          (global.context.eventName = "push"),
+          (global.context.actor = "test-user"),
+          (global.context.repo = { owner: "my-org", repo: "my_test-repo" }),
+          mockGithub.rest.repos.getCollaboratorPermissionLevel.mockResolvedValue({ data: { permission: "maintain" } }),
+          await eval(`(async () => { ${checkPermissionsScript}; await main(); })()`),
+          expect(mockGithub.rest.repos.getCollaboratorPermissionLevel).toHaveBeenCalledWith({ owner: "my-org", repo: "my_test-repo", username: "test-user" }),
+          expect(mockCore.info).toHaveBeenCalledWith("✅ User has maintain access to repository"));
       }));
   }));