fix: workflow permissions and relevance-check bypass regressions

[Copilot]

Post-consolidation regressions: issues: write was dropped from all -fix workflows (breaking reaction updates via complete-pr-comment), check jobs became skippable on workflow_dispatch (previously always ran), and skip-relevance-check/pr-head-sha workflow_call inputs were defined but never wired.

Permissions

• Added issues: write to all 7 -fix workflows (clang-format-fix, cmake-format-fix, header-guards-fix, jsonnet-format-fix, markdown-fix, python-fix, yaml-fix) — required by the GitHub Reactions API used in complete-pr-comment
• Documented issues: write requirement in complete-pr-comment action description

workflow_dispatch bypass

Updated check job if: conditions across 11 check workflows so manual dispatch always runs:

# Before
if: always() && needs.setup.outputs.has_changes == 'true'

# After (workflows without skip-relevance-check)
if: always() && (github.event_name == 'workflow_dispatch' || needs.setup.outputs.has_changes == 'true')

# After (workflows with skip-relevance-check workflow_call input)
if: >
  always() && (
    github.event_name == 'workflow_dispatch' ||
    inputs.skip-relevance-check ||
    needs.setup.outputs.has_changes == 'true'
  )

pr-head-sha wiring

• Added head-ref input to workflow-setup/action.yaml, passed through to run-change-detection
• Seven check workflows (actionlint-check, cmake-build, cmake-format-check, header-guards-check, jsonnet-format-check, markdown-check, python-check) now forward inputs.pr-head-sha as head-ref to workflow-setup

---

📍 Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.

[Copilot]

Pull request overview

This PR fixes CI workflow regressions introduced after workflow consolidation by restoring required permissions for PR reaction updates, ensuring manual (workflow_dispatch) runs don’t get skipped by relevance checks, and wiring previously-declared workflow_call inputs into the change-detection path.

Changes:

• Restored issues: write permission to all *-fix workflows so complete-pr-comment can update comment reactions.
• Updated check-job if: conditions so workflow_dispatch runs always execute even when change detection reports no relevant changes.
• Wired pr-head-sha through workflows into workflow-setup/run-change-detection via a new head-ref input for accurate relevance checking when called via workflow_call.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/workflows/yaml-fix.yaml	Adds issues: write so fix workflow can update reactions on PR comments.
.github/workflows/yaml-check.yaml	Ensures manual dispatch runs even if relevance check finds no YAML changes.
.github/workflows/python-fix.yaml	Adds issues: write so fix workflow can update reactions on PR comments.
.github/workflows/python-check.yaml	Adds manual-dispatch bypass and wires pr-head-sha into change detection via head-ref.
.github/workflows/markdown-fix.yaml	Adds issues: write so fix workflow can update reactions on PR comments.
.github/workflows/markdown-check.yaml	Adds manual-dispatch bypass and wires pr-head-sha into change detection via head-ref.
.github/workflows/jsonnet-format-fix.yaml	Adds issues: write so fix workflow can update reactions on PR comments.
.github/workflows/jsonnet-format-check.yaml	Adds manual-dispatch bypass and wires pr-head-sha into change detection via head-ref.
.github/workflows/header-guards-fix.yaml	Adds issues: write so fix workflow can update reactions on PR comments.
.github/workflows/header-guards-check.yaml	Adds manual-dispatch bypass and wires pr-head-sha into change detection via head-ref.
.github/workflows/coverage.yaml	Ensures manual dispatch runs even if relevance check finds no relevant changes.
.github/workflows/cmake-format-fix.yaml	Adds issues: write so fix workflow can update reactions on PR comments.
.github/workflows/cmake-format-check.yaml	Adds manual-dispatch bypass and wires pr-head-sha into change detection via head-ref.
.github/workflows/cmake-build.yaml	Adds manual-dispatch/skip-relevance-check bypass and wires pr-head-sha into change detection via head-ref.
.github/workflows/clang-tidy-check.yaml	Ensures manual dispatch runs even if relevance check finds no relevant changes.
.github/workflows/clang-format-fix.yaml	Adds issues: write so fix workflow can update reactions on PR comments.
.github/workflows/clang-format-check.yaml	Ensures manual dispatch runs even if relevance check finds no relevant changes.
.github/workflows/actionlint-check.yaml	Adds manual-dispatch bypass and wires pr-head-sha into change detection via head-ref.
.github/actions/workflow-setup/action.yaml	Adds head-ref input and forwards it to run-change-detection.
.github/actions/complete-pr-comment/action.yaml	Documents the issues: write permission requirement for reaction updates.

---

You can also share your feedback on Copilot code review. Take the survey.