feat(rust): add mergify_core::auth with gh and git-config fallbacks

[jd]

Centralizes the --token / --api-url / --repository resolvers
into one module so every ported command (config simulate,
ci scopes-send, the queue commands that follow in this stack)
shares the same fallback behavior:

• resolve_token: explicit → MERGIFY_TOKEN → GITHUB_TOKEN
  → gh auth token (subprocess; missing-binary or non-zero-exit
  is treated as "no token from gh", same as Python's
  CommandError catch in utils.get_default_token).

• resolve_repository: explicit → GITHUB_REPOSITORY →
  git config --get remote.origin.url parsed via parse_slug
  (handles HTTPS and SSH shapes, strips .git and trailing
  slashes).

• resolve_api_url: explicit → MERGIFY_API_URL →
  default https://api.mergify.com.

The gh and git fallbacks are best-effort: missing binaries
or non-zero exits propagate as "fall through to the next source"
rather than surfacing errors. Mirrors the Python implementation.

mergify-config::simulate and mergify-ci::scopes_send are
refactored in this same commit to use the new module — their
local copies of the resolvers (which were missing the gh / git
fallbacks) are removed. The duplicate tests that lived in those
modules are dropped; the env-precedence and slug-parsing coverage
now lives once in mergify_core::auth::tests.

13 new tests in mergify_core::auth::tests: env-var precedence
for token/api-url/repository, default API URL, error message
mentions gh client, slug parsing for HTTPS / SSH / dot-git /
trailing-slash / empty-owner / path-without-repo. The
subprocess-fallback paths themselves aren't unit-tested (they
shell out to real binaries); the
resolve_token_error_message_mentions_gh test exercises the
"PATH points to a directory with no gh" case to confirm the
fallback degrades cleanly.

The queue ports later in the stack consume this module from the
start — there's no transition period where they ship with a
private auth resolver.

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

Depends-On: #1357

[jd]

This pull request is part of a Mergify stack:

#	Pull Request	Link
1	docs(port): add port review checklist for HTTP/test/UX parity pitfalls	#1357
2	feat(rust): add mergify_core::auth with gh and git-config fallbacks	#1364	👈
3	feat(rust): port queue pause and unpause to native Rust	#1352
4	feat(rust): port ci git-refs and ci queue-info to native Rust	#1353
5	feat(rust): port queue status to native Rust	#1359
6	test: derive native queue commands from the binary, not a hardcoded list	#1366

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 ⛓️ Depends-On Requirements

Wonderful, this rule succeeded.

Requirement based on the presence of Depends-On in the body of the pull request

• depends-on = Mergifyio/mergify-cli#1357 [⛓️ docs(port): add port review checklist for HTTP/test/UX parity pitfalls #1357]

🟢 🤖 Continuous Integration

Wonderful, this rule succeeded.

• all of:
  • check-success=ci-gate

🟢 👀 Review Requirements

Wonderful, this rule succeeded.

• any of:
  • #approved-reviews-by>=2
  • author = dependabot[bot]
  • author = mergify-ci-bot
  • author = renovate[bot]

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:

🟢 🔎 Reviews

Wonderful, this rule succeeded.

• #changes-requested-reviews-by = 0
• #review-requested = 0
• #review-threads-unresolved = 0

🟢 📕 PR description

Wonderful, this rule succeeded.

• body ~= (?ms:.{48,})

[jd]

Revision history

#	Type	Changes	Reason	Date
1	initial	f5aaca2		2026-05-05 19:59 UTC
2	content	f5aaca2 → 98a9a67		2026-05-05 19:59 UTC
3	rebase	98a9a67 → 458b512		2026-05-06 10:57 UTC

[mergify]

Merge Queue Status

• ✅ Entered queue — 2026-05-06 12:32 UTC · Rule: default
• ✅ Checks passed · on draft merge queue: embarking main (c30b79b), #1373 and #1364 together #1377
• ✅ Merged — 2026-05-06 12:49 UTC · at 458b512938e5c7977ada88aa0669505b6312164e · squash

This pull request spent 16 minutes 25 seconds in the queue, including 13 minutes 20 seconds running CI.

Required conditions to merge

• depends-on = Mergifyio/mergify-cli#1357 [⛓️ docs(port): add port review checklist for HTTP/test/UX parity pitfalls #1357]
  • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
• all of [🛡 Merge Protections rule Enforce conventional commit]:
  • title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:
    • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
• all of [🛡 Merge Protections rule 👀 Review Requirements]:
  • any of:
    • #approved-reviews-by>=2
      • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
    • author = dependabot[bot]
      • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
    • author = mergify-ci-bot
      • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
    • author = renovate[bot]
      • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
• all of [🛡 Merge Protections rule 📕 PR description]:
  • body ~= (?ms:.{48,})
    • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
• all of [🛡 Merge Protections rule 🔎 Reviews]:
  • #changes-requested-reviews-by = 0
    • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
  • #review-requested = 0
    • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
  • #review-threads-unresolved = 0
    • feat(rust): add mergify_core::auth with gh and git-config fallbacks #1364
• all of [🛡 Merge Protections rule 🤖 Continuous Integration]:
  • all of:
    • check-success=ci-gate