The MergeQueue app requests a set of permissions on your GitHub repositories that you choose to connect with MergeQueue. While MergeQueue tries to request as few permissions as it needs to function, GitHub only allows us to request fairly broad groups of permissions. We’re committed to your privacy and security, so MergeQueue only uses the subset of permissions it needs to do its job.
This permission includes read-only access to repository settings, teams, and collaborators.
MergeQueue uses this permission in order to access a repository’s branch protection rules. MergeQueue will not (and cannot) edit any settings on your GitHub organization or repository.
This permission includes access to checks on code (such as GitHub actions and other integrations like CircleCI).
MergeQueue uses this permission to examine the status checks of your commits, branches, and pull requests. MergeQueue uses this information to determine when pull requests should be allowed to merge.
This permission includes access to repository contents, commits, branches, downloads, releases, and merges.
MergeQueue uses this permission to download the MergeQueue configuration file if you’ve added it to your repository.
Additionally, MergeQueue uses write permissions to update branches that are created and managed by MergeQueue as well and to perform actions explicitly requested by users (e.g., the /aviator sync command can be used to update a branch on demand).
MergeQueue may also access temporarily source code references in order to perform certain operations that are not supported directly on GitHub (such as rebasing pull requests). These actions are not enabled by default.
This permission includes access to commit statuses.
MergeQueue uses this permission to read the status information from individual commits or branches.
This permission includes access to issues and related comments, assignees, labels, and milestones.