Fix/code scanning workflow dispatch

[Flipmonster]

This PR improves how code scanning analyses are retrieved when triggered by workflow_dispatch events, particularly in the context of pull requests.

Changes include enhanced PR reference handling, better debug logging, and improved property access on CodeAlert objects. The changes ensure that both head and merge refs are tried in the correct order, providing better support for workflow_dispatch events in pull request contexts.

This occurs because during workflow_dispatch events, the reference handling wasn't properly considering the PR context, leading to failed analysis retrieval.

1. Enhanced PR reference handling to properly try both head and merge refs:

# Before: Only tried repository reference
analysis = self.getAnalyses(reference=self.repository.reference)

# After: Explicitly try PR-specific references
merge_ref = f'refs/pull/{self.repository.getPullRequestNumber()}/merge'
head_ref = f'refs/pull/{self.repository.getPullRequestNumber()}/head'


# Try head ref first (more accurate for workflow_dispatch)
analysis = self.getAnalyses(reference=head_ref)
if len(analysis) == 0:
    analysis = self.getAnalyses(reference=merge_ref)

2. Added proper PR head branch detection from PR info:

# Added PR head branch detection
pr_info = self.repository.getPullRequestInfo()
if pr_info and "head" in pr_info:
    self.branch = pr_info["head"].get("ref")

3. Added better debug logging:

logger.debug(f'Getting Analyses for ref: {ref}')
logger.debug(f'Repository reference: {self.repository.reference}')
logger.debug(f'Repository branch: {self.repository.branch}')
logger.debug(f'Is in PR: {self.repository.isInPullRequest()}')

4. Fixed property access on CodeAlert objects:
   • Standardized property access patterns
   • Fixed inconsistencies between dict-style and property access
   • Added proper type handling for CodeAlert properties

overview

This fix ensures that code scanning analyses are properly retrieved during workflow_dispatch events in pull requests, which is particularly important for:

• Manual re-runs of code scanning checks
• Custom workflow triggers
• Integration with other CI/CD processes

The changes maintain backward compatibility while improving the robustness of the code scanning analysis retrieval process.

Testing

The changes have been tested with:

• Regular pull request checks
• workflow_dispatch events in pull requests
• Different reference formats (head and merge)
• Various PR states and configurations

Documentation

For more information about the code scanning API endpoints being used, see:
https://docs.github.com/en/enterprise-cloud@latest/rest/code-scanning#list-code-scanning-analyses-for-a-repository

Reopening here as well since there are some other changes - After playing around with a few different setups.

[Copilot]

PR Overview

This PR improves the retrieval logic for code scanning analyses when triggered by workflow_dispatch events in pull request contexts. Key changes include enhanced PR reference handling by trying multiple refs, improved debug logging, and standardized property access on CodeAlert objects.

Reviewed Changes

File	Description
ghascompliance/checks.py	Updated logic for retrieving code scanning alerts with multiple refs and improved error/debug logging

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

ghascompliance/checks.py:105

• The refs_to_try list starts with the merge ref, but the PR description indicates that the head ref should be tried first. Consider reordering the list so that the head ref is attempted before the merge ref.

f"refs/pull/{GitHub.repository.getPullRequestNumber()}/merge",