Our integration uses check-if-a-user-is-a-collaborator to see if someone who’s made a PR into a repository has sufficient permissions to trigger an action in our integration. This endpoint is pretty nice and combined with review-a-users-permission-level seems to cover most of our use cases.
Our only issue currently is with PR made from other integrations. An example is the Greenkeeper bot. When it makes a PR, our integration checks to see if it is a collaborator and finds that it is not even though the owner of the repository reports that Greenkeeper has been installed in their organization and enabled for their repository. I guess semantically bots like that aren’t really “collaborators” in the traditional sense, but I don’t see another way to check for them. I assume we’ve missed something with the api, should we check for the permissions level of integrations in a different way? Thanks for any help!