Use checked out SHA hash when uploading code scanning result

Author: alcaeus

.github/workflows/static-analysis.yml

@@ -34,6 +34,11 @@ jobs:
         with:
           ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
 
+      - name: "Get SHA hash of checked out ref"
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        run: |
+          echo CHECKED_OUT_SHA=$(git rev-parse HEAD) >> $GITHUB_ENV
+
       - name: "Setup"
         uses: "./.github/actions/setup"
         with:
@@ -44,7 +49,15 @@ jobs:
         run: "vendor/bin/psalm --show-info=false --stats --output-format=github --threads=$(nproc) --report=psalm.sarif"
 
       - name: "Upload SARIF report"
+        if: ${{ github.event_name != 'workflow_dispatch' }}
         uses: "github/codeql-action/upload-sarif@v3"
         with:
           sarif_file: psalm.sarif
-          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.ref }}
+
+      - name: "Upload SARIF report"
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        uses: "github/codeql-action/upload-sarif@v3"
+        with:
+          sarif_file: psalm.sarif
+          ref: ${{ inputs.ref }}
+          sha: ${{ env.CHECKED_OUT_SHA }}