From ff94ef3e10ff939ee757bc08dec3955ca1803b97 Mon Sep 17 00:00:00 2001
From: Karl Rister <krister@redhat.com>
Date: Wed, 20 May 2026 10:14:29 -0500
Subject: [PATCH 1/2] fix: add permissions and broader event types to
 fork-check workflow

The fork-check workflow needs issues:write and pull-requests:write
permissions to comment on and close fork PRs. Without these, the
GITHUB_TOKEN for pull_request_target events from forks only has
read permissions, causing the API calls to fail with 403.

Also add synchronize and edited event types so the workflow triggers
on existing fork PRs when commits are pushed or the PR is edited,
not just on initial open/reopen.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/fork-check.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/fork-check.yaml b/.github/workflows/fork-check.yaml
index 2934d35..261f072 100644
--- a/.github/workflows/fork-check.yaml
+++ b/.github/workflows/fork-check.yaml
@@ -2,7 +2,11 @@ name: fork-check
 
 on:
   pull_request_target:
-    types: [opened, reopened]
+    types: [opened, reopened, synchronize, edited]
+
+permissions:
+  issues: write
+  pull-requests: write
 
 jobs:
   block-fork-pr:

From f8c90986ee8e4232d7c3c903dd5a1185d0efda23 Mon Sep 17 00:00:00 2001
From: Karl Rister <krister@redhat.com>
Date: Wed, 20 May 2026 10:14:29 -0500
Subject: [PATCH 2/2] fix: use only_modified instead of only_changed in CI
 workflows

The tj-actions/changed-files only_changed output does not include
deleted files, causing CI to be skipped when a PR only deletes
non-doc files. Switch to only_modified which correctly includes
deletions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/crucible-ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/crucible-ci.yaml b/.github/workflows/crucible-ci.yaml
index eb47588..eb4a04a 100644
--- a/.github/workflows/crucible-ci.yaml
+++ b/.github/workflows/crucible-ci.yaml
@@ -13,7 +13,7 @@ jobs:
   changes:
     runs-on: ubuntu-latest
     outputs:
-      only-docs: ${{ steps.filter.outputs.only_changed }}
+      only-docs: ${{ steps.filter.outputs.only_modified }}
     steps:
       - uses: actions/checkout@v4
       - id: filter