From 35aa74c665d54a8c3cfb3f660771c58d43a342d5 Mon Sep 17 00:00:00 2001
From: Dongdong Tian <seisman.info@gmail.com>
Date: Sat, 1 Nov 2025 00:42:49 +0800
Subject: [PATCH 1/2] CI: Add more permissions to the Greetings workflow to fix
 the resource issue

---
 .github/workflows/welcome.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/welcome.yml b/.github/workflows/welcome.yml
index 80557d18e9a..2bdb42f670c 100644
--- a/.github/workflows/welcome.yml
+++ b/.github/workflows/welcome.yml
@@ -13,6 +13,8 @@ on:
 permissions:
   issues: write
   pull-requests: write
+  id-token: write
+  contents: read
 
 jobs:
   greeting:

From aae7d87036bc5a39ca4821636a4b8e55cf5ce5dc Mon Sep 17 00:00:00 2001
From: Dongdong Tian <seisman.info@gmail.com>
Date: Sun, 2 Nov 2025 10:59:44 +0800
Subject: [PATCH 2/2] Only run in issues and PRs from forks

---
 .github/workflows/welcome.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/welcome.yml b/.github/workflows/welcome.yml
index 2bdb42f670c..ae9724d953d 100644
--- a/.github/workflows/welcome.yml
+++ b/.github/workflows/welcome.yml
@@ -1,4 +1,6 @@
 # Greet first-time contributors.
+#
+# It runs in issues and pull requests from forks.
 
 name: Greet First-Time Contributors
 
@@ -19,6 +21,7 @@ permissions:
 jobs:
   greeting:
     name: Greet First-Time Contributors
+    if: github.event_name == 'issues' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository)
     runs-on: ubuntu-latest
 
     steps: