From 40839b4433f3f56a7abf33f930e52d208a255381 Mon Sep 17 00:00:00 2001
From: Andreas Braun <andreas.braun@mongodb.com>
Date: Mon, 17 Jun 2024 09:46:54 +0200
Subject: [PATCH] Upload code scanning results to correct ref when releasing

---
 .github/workflows/static-analysis.yml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index 240c0aa5b..d6f539e60 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -29,6 +29,11 @@ jobs:
         with:
           ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
 
+      - name: "Get SHA hash of checked out ref"
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        run: |
+          echo CHECKED_OUT_SHA=$(git rev-parse HEAD) >> $GITHUB_ENV
+
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
@@ -58,12 +63,21 @@ jobs:
 
       - name: Run PHPStan
         run: ./vendor/bin/phpstan analyse --no-interaction --no-progress --ansi --error-format=sarif > phpstan.sarif
+        continue-on-error: true
 
       - name: "Upload SARIF report"
-        if: always()
+        if: ${{ github.event_name != 'workflow_dispatch' }}
+        uses: "github/codeql-action/upload-sarif@v3"
+        with:
+          sarif_file: psalm.sarif
+
+      - name: "Upload SARIF report"
+        if: ${{ github.event_name == 'workflow_dispatch' }}
         uses: "github/codeql-action/upload-sarif@v3"
         with:
-          sarif_file: phpstan.sarif
+          sarif_file: psalm.sarif
+          ref: ${{ inputs.ref }}
+          sha: ${{ env.CHECKED_OUT_SHA }}
 
       - name: Save cache PHPStan results
         id: phpstan-cache-save