Sanitize GH head_ref

.github/workflows/ci.yml

@@ -22,13 +22,14 @@ jobs:
         id: check
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HEAD_REF: ${{ github.head_ref }}
         run: |
           if [ -z "${{ github.base_ref }}" ]; then
             prs=$(gh pr list \
                 --repo "$GITHUB_REPOSITORY" \
                 --json baseRefName,headRefName \
                 --jq '
-                    map(select(.baseRefName == "${{ github.base_ref }}" and .headRefName == "${{ github.head_ref }}"))
+                    map(select(.baseRefName == "${{ github.base_ref }}" and .headRefName == "$HEAD_REF}"))
                     | length
                 ')
             if ((prs > 0)); then

.github/workflows/codecheck.yml

@@ -52,6 +52,8 @@ jobs:
   cppcheck:
     if: needs.check-for-pr.outputs.skip != 'true'
     runs-on: ubuntu-latest
+    env:
+      HEAD_REF: ${{ github.head_ref }}
     steps:
       - uses: actions/checkout@v3
       - name: System setup
@@ -72,8 +74,8 @@ jobs:
           cppcheck --quiet --force --enable=all --std=c++11 --language=c++ --inline-suppr --suppressions-list=.github/scripts/cppcheck-suppressions.txt --xml --output-file=report.xml ddprof-lib/src/main/cpp/*
           xsltproc --output report.html .github/scripts/cppcheck-html.xslt report.xml
           xsltproc --output report-gh.html .github/scripts/cppcheck-gh.xslt report.xml
-          sed -i "s#target_branch#${{ github.head_ref }}#g" report.html
-          sed -i "s#target_branch#${{ github.head_ref }}#g" report-gh.html
+          sed -i "s#target_branch#${HEAD_REF}#g" report.html
+          sed -i "s#target_branch#${HEAD_REF}#g" report-gh.html
           python .github/scripts/python_utils.py cppcheck_cleanup report-gh.html >> comment.html
       - name: Upload logs
         uses: actions/upload-artifact@v3