From 6c1ff3250156c39b4d0028ee5a65a2ab84103d07 Mon Sep 17 00:00:00 2001
From: Hugo Kiyodi Oshiro <hugo.oshiro@grafana.com>
Date: Tue, 8 Jul 2025 14:52:02 +0200
Subject: [PATCH] Plugins: Improve levitate report on forks (#107252)

---
 .github/workflows/detect-breaking-changes-levitate.yml | 4 ++++
 scripts/check-breaking-changes.sh                      | 4 ++++
 scripts/levitate-parse-json-report.js                  | 5 ++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/detect-breaking-changes-levitate.yml b/.github/workflows/detect-breaking-changes-levitate.yml
index a4328970ff7..c738c18bbac 100644
--- a/.github/workflows/detect-breaking-changes-levitate.yml
+++ b/.github/workflows/detect-breaking-changes-levitate.yml
@@ -158,6 +158,7 @@ jobs:
 
       - id: 'auth'
         uses: 'google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f'
+        if: github.event.pull_request.head.repo.full_name == github.repository
         with:
           workload_identity_provider: projects/304398677251/locations/global/workloadIdentityPools/github/providers/github-provider
           service_account: github-plugins-data-levitate@grafanalabs-workload-identity.iam.gserviceaccount.com
@@ -165,6 +166,7 @@ jobs:
 
       - name: 'Set up Cloud SDK'
         uses: 'google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a'
+        if: github.event.pull_request.head.repo.full_name == github.repository
         with:
           version: '>= 363.0.0'
           project_id: 'grafanalabs-global'
@@ -175,6 +177,7 @@ jobs:
         run: ./scripts/check-breaking-changes.sh
         env:
           FORCE_COLOR: 3
+          IS_FORK: ${{ github.event.pull_request.head.repo.full_name != github.repository }} # used in check-breaking-changes.sh and levitate-parse-json-report.js
 
       - name: Persisting the check output
         run: |
@@ -199,6 +202,7 @@ jobs:
     permissions:
       contents: read
       id-token: write
+    if: github.event.pull_request.head.repo.full_name == github.repository
 
     steps:
       - id: get-secrets
diff --git a/scripts/check-breaking-changes.sh b/scripts/check-breaking-changes.sh
index 79fa3d01978..7ce7a28ea94 100755
--- a/scripts/check-breaking-changes.sh
+++ b/scripts/check-breaking-changes.sh
@@ -67,5 +67,9 @@ echo "message=$GITHUB_MESSAGE" >>"$GITHUB_OUTPUT"
 mkdir -p ./levitate
 echo "$GITHUB_LEVITATE_MARKDOWN" >./levitate/levitate.md
 
+if [[ "$IS_FORK" == "true" ]]; then
+  cat ./levitate/levitate.md
+fi
+
 # We will exit the workflow accordingly at another step
 exit 0
diff --git a/scripts/levitate-parse-json-report.js b/scripts/levitate-parse-json-report.js
index 3bc62697de0..5cf92259910 100644
--- a/scripts/levitate-parse-json-report.js
+++ b/scripts/levitate-parse-json-report.js
@@ -4,6 +4,8 @@ const printAffectedPluginsSection = require('./levitate-show-affected-plugins');
 
 const data = JSON.parse(fs.readFileSync('data.json', 'utf8'));
 
+const isFork = Boolean(process.env.IS_FORK || false);
+
 function stripAnsi(str) {
   return str.replace(/\x1b\[[0-9;]*m/g, '');
 }
@@ -30,7 +32,8 @@ if (data.changes.length > 0) {
   markdown += printSection('Changes', data.changes);
 }
 
-if (data.removals.length > 0 || data.changes.length > 0) {
+// The logic below would need access to secrets for accessing BigQuery, however that's not available on forks.
+if ((data.removals.length > 0 || data.changes.length > 0) && !isFork) {
   markdown += printAffectedPluginsSection(data);
 }