From 57fdbc29b4f9304f4db4130d3101a97439ece7d9 Mon Sep 17 00:00:00 2001
From: Jacek <jacek@clerk.dev>
Date: Fri, 20 Mar 2026 15:47:40 -0500
Subject: [PATCH 1/3] ci(e2e): add org membership check to e2e-staging workflow

---
 .github/workflows/e2e-staging.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/.github/workflows/e2e-staging.yml b/.github/workflows/e2e-staging.yml
index f6b233bb20c..99fa311648e 100644
--- a/.github/workflows/e2e-staging.yml
+++ b/.github/workflows/e2e-staging.yml
@@ -37,8 +37,33 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  permissions-check:
+    name: Check Permissions
+    runs-on: 'blacksmith-8vcpu-ubuntu-2204'
+    steps:
+      - name: Check org membership
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const org = context.repo.owner;
+            const username = context.actor;
+
+            try {
+              const { status } = await github.rest.orgs.checkMembershipForUser({
+                org,
+                username,
+              });
+
+              if (status !== 204) {
+                core.setFailed(`User '${username}' is not a member of the '${org}' organization.`);
+              }
+            } catch (error) {
+              core.setFailed(`User '${username}' is not a member of the '${org}' organization.`);
+            }
+
   validate-instances:
     name: Validate Staging Instances
+    needs: [permissions-check]
     runs-on: 'blacksmith-8vcpu-ubuntu-2204'
     steps:
       - name: Checkout Repo
@@ -56,6 +81,7 @@ jobs:
 
   integration-tests:
     name: Integration Tests (${{ matrix.test-name }}, ${{ matrix.test-project }})
+    needs: [permissions-check]
     runs-on: 'blacksmith-8vcpu-ubuntu-2204'
     defaults:
       run:

From f8c6e71da7502a4ce122e92da3850eab765ae1a1 Mon Sep 17 00:00:00 2001
From: Jacek <jacek@clerk.dev>
Date: Fri, 20 Mar 2026 15:48:52 -0500
Subject: [PATCH 2/3] ci: add empty changeset

---
 .changeset/e2e-staging-permissions-check.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .changeset/e2e-staging-permissions-check.md

diff --git a/.changeset/e2e-staging-permissions-check.md b/.changeset/e2e-staging-permissions-check.md
new file mode 100644
index 00000000000..a845151cc84
--- /dev/null
+++ b/.changeset/e2e-staging-permissions-check.md
@@ -0,0 +1,2 @@
+---
+---

From 0380e3c6e99d585c6f2979e516f52e7ee9c232ff Mon Sep 17 00:00:00 2001
From: Jacek <jacek@clerk.dev>
Date: Fri, 20 Mar 2026 16:20:43 -0500
Subject: [PATCH 3/3] fix: use triggering_actor and improve error handling in
 permissions check

---
 .github/workflows/e2e-staging.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e-staging.yml b/.github/workflows/e2e-staging.yml
index 99fa311648e..f2967cd05b2 100644
--- a/.github/workflows/e2e-staging.yml
+++ b/.github/workflows/e2e-staging.yml
@@ -46,7 +46,7 @@ jobs:
         with:
           script: |
             const org = context.repo.owner;
-            const username = context.actor;
+            const username = process.env.GITHUB_TRIGGERING_ACTOR || context.actor;
 
             try {
               const { status } = await github.rest.orgs.checkMembershipForUser({
@@ -58,7 +58,13 @@ jobs:
                 core.setFailed(`User '${username}' is not a member of the '${org}' organization.`);
               }
             } catch (error) {
-              core.setFailed(`User '${username}' is not a member of the '${org}' organization.`);
+              if (error?.status === 404) {
+                core.setFailed(`User '${username}' is not a member of the '${org}' organization.`);
+              } else {
+                core.setFailed(
+                  `Org membership check failed for '${username}' in '${org}' (status: ${error?.status ?? 'unknown'}): ${error?.message ?? 'unknown error'}`
+                );
+              }
             }
 
   validate-instances: