From ccbaca00335f87916b096ade03ccf3c829745bc8 Mon Sep 17 00:00:00 2001
From: SoftFever <softfeverever@gmail.com>
Date: Mon, 16 Mar 2026 15:52:22 +0800
Subject: [PATCH] Fix PR comment posting for fork contributors by splitting
 into two workflows

  The check_profiles workflow used gh pr comment directly, which fails for
  fork PRs due to read-only GITHUB_TOKEN. Split into artifact upload +
  workflow_run pattern so comments post with proper write permissions.
---
 .github/workflows/check_profiles.yml         | 25 ++++++-----
 .github/workflows/check_profiles_comment.yml | 46 ++++++++++++++++++++
 2 files changed, 60 insertions(+), 11 deletions(-)
 create mode 100644 .github/workflows/check_profiles_comment.yml

diff --git a/.github/workflows/check_profiles.yml b/.github/workflows/check_profiles.yml
index 9da59f43a7..68b27ba291 100644
--- a/.github/workflows/check_profiles.yml
+++ b/.github/workflows/check_profiles.yml
@@ -15,12 +15,11 @@ on:
         default: 'warning'
 
 permissions:
-  pull-requests: write
   contents: read
 
 
 jobs:
-  check_translation:
+  check_profiles:
     name: Check profiles
     runs-on: ubuntu-24.04
     steps:
@@ -62,11 +61,11 @@ jobs:
           ./OrcaSlicer_profile_validator -p ${{ github.workspace }}/resources/profiles -l 2 2>&1 | tee ${{ runner.temp }}/validate_custom.log
           exit ${PIPESTATUS[0]}
 
-      - name: Post error comment on PR
+      - name: Prepare comment artifact
         if: ${{ always() && github.event_name == 'pull_request' && (steps.extra_json_check.outcome == 'failure' || steps.validate_system.outcome == 'failure' || steps.validate_custom.outcome == 'failure') }}
-        env:
-          GH_TOKEN: ${{ github.token }}
         run: |
+          mkdir -p ${{ runner.temp }}/profile-check-results
+
           {
             echo "## :x: Profile Validation Errors"
             echo ""
@@ -100,16 +99,20 @@ jobs:
 
             echo "---"
             echo "*Please fix the above errors and push a new commit.*"
-          } > ${{ runner.temp }}/pr_comment.md
+          } > ${{ runner.temp }}/profile-check-results/pr_comment.md
 
-          gh pr comment ${{ github.event.pull_request.number }} --body-file ${{ runner.temp }}/pr_comment.md
+          echo "${{ github.event.pull_request.number }}" > ${{ runner.temp }}/profile-check-results/pr_number.txt
+
+      - name: Upload comment artifact
+        if: ${{ always() && github.event_name == 'pull_request' && (steps.extra_json_check.outcome == 'failure' || steps.validate_system.outcome == 'failure' || steps.validate_custom.outcome == 'failure') }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: profile-check-results
+          path: ${{ runner.temp }}/profile-check-results/
+          retention-days: 1
 
       - name: Fail if any check failed
         if: ${{ always() && (steps.extra_json_check.outcome == 'failure' || steps.validate_system.outcome == 'failure' || steps.validate_custom.outcome == 'failure') }}
         run: |
           echo "One or more profile checks failed. See above for details."
           exit 1
-
-
-
-
diff --git a/.github/workflows/check_profiles_comment.yml b/.github/workflows/check_profiles_comment.yml
new file mode 100644
index 0000000000..514eeed384
--- /dev/null
+++ b/.github/workflows/check_profiles_comment.yml
@@ -0,0 +1,46 @@
+name: Post profile check comment
+
+# NOTE: The workflow name in the 'workflows' filter below must match the 'name'
+# field in check_profiles.yml exactly. If that name changes, update it here too.
+on:
+  workflow_run:
+    workflows: ["Check profiles"]
+    types:
+      - completed
+
+permissions:
+  pull-requests: write
+
+jobs:
+  post_comment:
+    name: Post PR comment
+    runs-on: ubuntu-24.04
+    if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'failure' }}
+    steps:
+      - name: Download artifact
+        id: download
+        uses: actions/download-artifact@v4
+        continue-on-error: true
+        with:
+          name: profile-check-results
+          run-id: ${{ github.event.workflow_run.id }}
+          github-token: ${{ github.token }}
+
+      - name: Post comment on PR
+        if: ${{ steps.download.outcome == 'success' }}
+        env:
+          GH_TOKEN: ${{ github.token }}
+          GH_REPO: ${{ github.repository }}
+        run: |
+          if [ ! -f pr_number.txt ] || [ ! -f pr_comment.md ]; then
+            echo "No comment artifact found, skipping."
+            exit 0
+          fi
+
+          PR_NUMBER=$(cat pr_number.txt)
+          if ! [[ "$PR_NUMBER" =~ ^[0-9]+$ ]]; then
+            echo "Invalid PR number: $PR_NUMBER"
+            exit 1
+          fi
+
+          gh pr comment "$PR_NUMBER" --body-file pr_comment.md