From 07251e0e45481a91066b7c621de27814f5b723d9 Mon Sep 17 00:00:00 2001
From: Jaroslav Bachorik <j.bachorik@gmail.com>
Date: Thu, 15 Feb 2024 16:04:10 +0100
Subject: [PATCH] Sanitize GH head_ref

---
 .github/workflows/ci.yml        | 3 ++-
 .github/workflows/codecheck.yml | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a72468e3..4e8f4dcb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,13 +22,14 @@ jobs:
         id: check
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          HEAD_REF: ${{ github.head_ref }}
         run: |
           if [ -z "${{ github.base_ref }}" ]; then
             prs=$(gh pr list \
                 --repo "$GITHUB_REPOSITORY" \
                 --json baseRefName,headRefName \
                 --jq '
-                    map(select(.baseRefName == "${{ github.base_ref }}" and .headRefName == "${{ github.head_ref }}"))
+                    map(select(.baseRefName == "${{ github.base_ref }}" and .headRefName == "$HEAD_REF}"))
                     | length
                 ')
             if ((prs > 0)); then
diff --git a/.github/workflows/codecheck.yml b/.github/workflows/codecheck.yml
index 63cdb51e..57a10788 100644
--- a/.github/workflows/codecheck.yml
+++ b/.github/workflows/codecheck.yml
@@ -52,6 +52,8 @@ jobs:
   cppcheck:
     if: needs.check-for-pr.outputs.skip != 'true'
     runs-on: ubuntu-latest
+    env:
+      HEAD_REF: ${{ github.head_ref }}
     steps:
       - uses: actions/checkout@v3
       - name: System setup
@@ -72,8 +74,8 @@ jobs:
           cppcheck --quiet --force --enable=all --std=c++11 --language=c++ --inline-suppr --suppressions-list=.github/scripts/cppcheck-suppressions.txt --xml --output-file=report.xml ddprof-lib/src/main/cpp/*
           xsltproc --output report.html .github/scripts/cppcheck-html.xslt report.xml
           xsltproc --output report-gh.html .github/scripts/cppcheck-gh.xslt report.xml
-          sed -i "s#target_branch#${{ github.head_ref }}#g" report.html
-          sed -i "s#target_branch#${{ github.head_ref }}#g" report-gh.html
+          sed -i "s#target_branch#${HEAD_REF}#g" report.html
+          sed -i "s#target_branch#${HEAD_REF}#g" report-gh.html
           python .github/scripts/python_utils.py cppcheck_cleanup report-gh.html >> comment.html
       - name: Upload logs
         uses: actions/upload-artifact@v3