Use checked out SHA hash when uploading code scanning result

Author: alcaeus

.github/workflows/static-analysis.yml

@@ -34,6 +34,11 @@ jobs:
         with:
           ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
 
+      - name: "Get SHA hash of checked out ref"
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        run: |
+          echo CHECKED_OUT_SHA=$(git rev-parse HEAD) >> $GITHUB_ENV
+
       - name: "Setup"
         uses: "./.github/actions/setup"
         with:
@@ -48,3 +53,18 @@ jobs:
         with:
           sarif_file: psalm.sarif
           ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
+          sha: ${{ github.event_name == 'workflow_dispatch' && env.CHECKED_OUT_SHA || github.sha }}
+
+      - name: "Upload SARIF report"
+        if: ${{ github.event_name != 'workflow_dispatch' }}
+        uses: "github/codeql-action/upload-sarif@v3"
+        with:
+          sarif_file: psalm.sarif
+
+      - name: "Upload SARIF report"
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        uses: "github/codeql-action/upload-sarif@v3"
+        with:
+          sarif_file: psalm.sarif
+          ref: ${{ inputs.ref }}
+          sha: ${{ env.CHECKED_OUT_SHA }}