From ac799fb6b99153cb892df834263dbbc5f9563c7e Mon Sep 17 00:00:00 2001
From: marko-bekhta <marko.prykladna@gmail.com>
Date: Fri, 22 Aug 2025 16:15:10 +0200
Subject: [PATCH] Change how the base branch is determined for the ci-report
 workflow

Signed-off-by: marko-bekhta <marko.prykladna@gmail.com>

# Conflicts:
#	.github/workflows/ci-report.yml
---
 .github/workflows/ci-report.yml | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci-report.yml b/.github/workflows/ci-report.yml
index a12926050..09c455518 100644
--- a/.github/workflows/ci-report.yml
+++ b/.github/workflows/ci-report.yml
@@ -28,20 +28,33 @@ jobs:
       #  that we publish with the one that we built the scan with in the first place:
       - name: Determine the Branch Reference for which the original action was triggered
         id: determine_branch_ref
+        env:
+          GH_TOKEN: ${{ github.token }}
         run: |
-          echo '${{ toJSON(github.event.workflow_run.pull_requests) }}'
-          echo '${{ toJSON(github.event.workflow_run.event) }}'
-          if [ -n "${{ github.event.workflow_run.pull_requests[0].base.ref }}" ]; then
-            BRANCH_REF="${{ github.event.workflow_run.pull_requests[0].base.ref }}"
+          if [ "${{ github.event.workflow_run.event }}" == "pull_request" ]; then
+            echo "::notice::Triggering workflow was executed for a pull request"
+
+            FORK_OWNER="${{ github.event.workflow_run.head_repository.owner.login }}"
+            BRANCH_NAME="${{ github.event.workflow_run.head_branch }}"
+            if [ "${{ github.event.workflow_run.head_repository.owner.login }}" != "${{ github.event.workflow_run.repository.owner.login }}" ]; then
+              BRANCH_NAME="$FORK_OWNER:$BRANCH_NAME"
+            fi
+            TARGET_BRANCH=$(gh pr view "$BRANCH_NAME" --repo ${{ github.event.workflow_run.repository.full_name }} --json baseRefName -q .baseRefName)
+
+            echo "::notice::PR found. Target branch is: $TARGET_BRANCH"
+            echo "original_branch_ref=$TARGET_BRANCH" >> "$GITHUB_OUTPUT"
           else
-            BRANCH_REF="${{ github.event.workflow_run.head_branch }}"
+            echo "::notice::Triggering workflow was executed for a push event? Using the head_branch value."
+            echo "original_branch_ref=${{ github.event.workflow_run.head_branch }}" >> "$GITHUB_OUTPUT"
           fi
-          echo "original_branch_ref=$BRANCH_REF" >> "$GITHUB_OUTPUT"
       # Checkout target branch which has trusted code
       - name: Check out target branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
         with:
           persist-credentials: false
+          # By default, a workflow that is triggered with on workflow_run would run on the main (default) branch.
+          #  Different branches might have different versions of Develocity, and we want to make sure
+          #  that we publish with the one that we built the scan with in the first place.
           ref: ${{ steps.determine_branch_ref.outputs.original_branch_ref }}
       - name: Set up Java 21
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # 4.7.1