From 1bcc3d602f0bbdd1cf80dcddc4ac1ac6d0220418 Mon Sep 17 00:00:00 2001
From: Jon <jon@elastic.co>
Date: Thu, 5 Sep 2024 13:18:19 -0500
Subject: [PATCH] [workflows] Add ref and sha to codeql analyze action
 (#191882)

This workflow currently checkouts out two separate branches, but uses
the default branch as a reference when analyzing. We want the results to
split by the branch.

See https://github.com/github/codeql-action/blob/main/analyze/action.yml
for a description of supported options.
---
 .github/workflows/codeql.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index b5be27599c86b..4ccb21b941e22 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -40,9 +40,16 @@ jobs:
       run: |
         yarn kbn bootstrap --no-validate --no-vscode
 
+    - name: Set sha and branch
+      run: |
+        echo "CHECKOUT_REF=$(git symbolic-ref HEAD)" >> "$GITHUB_ENV"
+        echo "CHECKOUT_SHA=$(git rev-parse HEAD)" >> "$GITHUB_ENV"
+
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@883d8588e56d1753a8a58c1c86e88976f0c23449 # v3.26.3
       env:
         NODE_OPTIONS: "--max-old-space-size=6144"
       with:
         category: "/language:${{matrix.language}}"
+        ref: ${{ env.CHECKOUT_REF }}
+        sha: ${{ env.CHECKOUT_SHA }}