workflows/bot: fix permission in test workflow (#457575)

.github/workflows/test.yml

@@ -66,6 +66,9 @@ jobs:
               '.github/workflows/pull-request-target.yml',
               '.github/workflows/reviewers.yml',
               '.github/workflows/test.yml',
+              'ci/github-script/bot.js',
+              'ci/github-script/merge.js',
+              'ci/github-script/withRateLimit.js',
             ].includes(file))) core.setOutput('pr', true)
 
   merge-group:

ci/github-script/merge.js

@@ -6,13 +6,21 @@ async function runChecklist({ github, context, pull_request, maintainers }) {
   const pull_number = pull_request.number
 
   if (!committers) {
-    committers = github
+    if (context.eventName === 'pull_request') {
-      .paginate(github.rest.teams.listMembersInOrg, {
+      // We have no chance of getting a token in the pull_request context with the right
-        org: context.repo.owner,
+      // permissions to access the members endpoint below. Thus, we're pretending to have
-        team_slug: 'nixpkgs-committers',
+      // no committers. This is OK; because this is only for the Test workflow, not for
-        per_page: 100,
+      // real use.
-      })
+      committers = new Set()
-      .then((members) => new Set(members.map(({ id }) => id)))
+    } else {
+      committers = github
+        .paginate(github.rest.teams.listMembersInOrg, {
+          org: context.repo.owner,
+          team_slug: 'nixpkgs-committers',
+          per_page: 100,
+        })
+        .then((members) => new Set(members.map(({ id }) => id)))
+    }
   }
 
   const files = await github.paginate(github.rest.pulls.listFiles, {