When running the static analysis workflow from the release workflow, the github.ref and github.sha point to the release branch instead of the release tag. We have to account for this when uploading the sarif. Using inputs.ref works, but the sarif-upload action also expects a sha input when ref is given. To account for this, we get the ref for HEAD on workflow_dispatch events so the code scanning results are correctly attached to the release tag.
Same issue as with https://github.com/mongodb/mongo-php-library/pull/1346.
When running the static analysis workflow from the release workflow, the
github.ref
andgithub.sha
point to the release branch instead of the release tag. We have to account for this when uploading the sarif. Usinginputs.ref
works, but thesarif-upload
action also expects asha
input whenref
is given. To account for this, we get the ref forHEAD
onworkflow_dispatch
events so the code scanning results are correctly attached to the release tag.