From a430b41c283b04c7927d8bdd0cdfcc61a176c41b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 13 Nov 2025 21:40:25 +0000 Subject: [PATCH 1/3] Initial plan From 38f97b621e25f0eafe56d2b4d585775ccc69f3f6 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 13 Nov 2025 21:45:16 +0000 Subject: [PATCH 2/3] Fix PR secret scanning by using GITHUB_SHA instead of git ref resolution Co-authored-by: DariuszPorowski <3431813+DariuszPorowski@users.noreply.github.com> --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index d1ddf97..9299f7f 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -82,11 +82,11 @@ command+=$(arg '--exit-code %d' "${INPUT_EXIT_CODE}") command+=$(arg '--max-decode-depth %d' "${INPUT_MAX_DECODE_DEPTH}") command+=$(arg '--follow-symlinks' "${INPUT_FOLLOW_SYMLINKS}") -if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then +if [[ "${GITHUB_EVENT_NAME}" == "pull_request" || "${GITHUB_EVENT_NAME}" == "pull_request_target" ]]; then command+=$(arg '--source %s' "${GITHUB_WORKSPACE}") base_sha=$(git rev-parse "refs/remotes/origin/${GITHUB_BASE_REF}") - head_sha=$(git rev-list --no-merges -n 1 "refs/remotes/pull/${GITHUB_REF_NAME}") + head_sha="${GITHUB_SHA}" command+=$(arg '--log-opts "%s"' "--no-merges --first-parent ${base_sha}...${head_sha}") else command+=$(arg '--log-opts "%s"' "${INPUT_LOG_OPTS}") From 8e37582836ea78289faba2505c746e3b1863d611 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 13 Nov 2025 22:44:44 +0000 Subject: [PATCH 3/3] Fix PR commit scanning by using GITHUB_HEAD_REF instead of GITHUB_SHA Co-authored-by: DariuszPorowski <3431813+DariuszPorowski@users.noreply.github.com> --- entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/entrypoint.sh b/entrypoint.sh index 9299f7f..0f299e9 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -86,7 +86,7 @@ if [[ "${GITHUB_EVENT_NAME}" == "pull_request" || "${GITHUB_EVENT_NAME}" == "pul command+=$(arg '--source %s' "${GITHUB_WORKSPACE}") base_sha=$(git rev-parse "refs/remotes/origin/${GITHUB_BASE_REF}") - head_sha="${GITHUB_SHA}" + head_sha=$(git rev-parse "refs/remotes/origin/${GITHUB_HEAD_REF}") command+=$(arg '--log-opts "%s"' "--no-merges --first-parent ${base_sha}...${head_sha}") else command+=$(arg '--log-opts "%s"' "${INPUT_LOG_OPTS}")