Allow pull requests, and report correct commit oid and ref

.github/workflows/codeql.yml

@@ -1,6 +1,6 @@
 name: "CodeQL action"
 
-on: [push]
+on: [push, pull_request]
 
 jobs:
   build:
@@ -11,6 +11,16 @@ jobs:
 
     steps:
     - uses: actions/checkout@v1
+       with:
+         # Must fetch at least the immediate parents so that if this is
+         # a pull request then we can checkout the head of the pull request.
+         fetch-depth: 2
+
+    # If this run was triggered by a pull request event then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
     - uses: ./init
       with:
         languages: javascript

.github/workflows/integration-testing.yml

@@ -1,6 +1,6 @@
 name: "Integration Testing"
 
-on: [push]
+on: [push, pull_request]
 
 jobs:
   multi-language-repo_test-autodetect-languages:
@@ -16,9 +16,8 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        shopt -s dotglob
-        mv * ../action/
-        mv ../action/tests/multi-language-repo/* .
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
     - uses: ./../action/init
     - name: Build code
       shell: bash
@@ -40,9 +39,8 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        shopt -s dotglob
-        mv * ../action/
-        mv ../action/tests/multi-language-repo/* .
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
     - uses: ./../action/init
       with:
         languages: cpp,csharp,java,javascript,python
@@ -72,9 +70,8 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        shopt -s dotglob
-        mv * ../action/
-        mv ../action/tests/multi-language-repo/* .
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
     - uses: ./../action/init
       with:
         languages: go
@@ -96,9 +93,8 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        shopt -s dotglob
-        mv * ../action/
-        mv ../action/tests/multi-language-repo/* .
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
@@ -117,4 +113,4 @@ jobs:
       with:
         sarif_file: rubocop.sarif
       env:
-        TEST_MODE: true
+        TEST_MODE: true

README.md

@@ -18,6 +18,7 @@ name: "Code Scanning - Action"
 
 on:
   push:
+  pull_request:
   schedule:
     - cron: '0 0 * * 0'
 
@@ -33,6 +34,17 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
+        with:
+          # Must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head of the pull request.
+          # Only include this option if you are running this workflow on pull requests.
+          fetch-depth: 2
+
+      # If this run was triggered by a pull request event then checkout
+      # the head of the pull request instead of the merge commit.
+      # Only include this step if you are running this workflow on pull requests.
+      - run: git checkout HEAD^2
+        if: ${{ github.event_name == 'pull_request' }}
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL