@@ -235,7 +235,7 @@ jobs:
235235 with :
236236 role-to-assume : ${{ secrets.AWS_ROLE_TO_ASSUME }}
237237 aws-region : us-east-1
238- role-session-name : security- scan-${{ matrix.target }}-${{matrix.branch}}
238+ role-session-name : scan-${{ matrix.target }}-${{matrix.branch}}
239239
240240 - name : Publish Scan Invoked metric
241241 run : |
@@ -248,7 +248,9 @@ jobs:
248248name : Checkout branch
249249 uses : actions/checkout@v4
250250 with :
251- ref : ${{ matrix.branch }}
251+ # For fork-origin PRs, we can't directly use matrix.branch as the branch does not exist in the
252+ # Code Editor repo. The branch only exists in the fork.
253+ ref : ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || matrix.branch }}
252254 submodules : recursive
253255
254256 - name : Update security scan script from main
@@ -440,7 +442,7 @@ jobs:
440442 with :
441443 role-to-assume : ${{ secrets.AWS_ROLE_TO_ASSUME }}
442444 aws-region : us-east-1
443- role-session-name : security- scan-global-dependencies-${{matrix.branch}}
445+ role-session-name : scan-global-dependencies-${{matrix.branch}}
444446
445447 - name : Publish Scan Invoked metric
446448 run : |
@@ -453,7 +455,9 @@ jobs:
453455name : Checkout branch
454456 uses : actions/checkout@v4
455457 with :
456- ref : ${{ matrix.branch }}
458+ # For fork-origin PRs, we can't directly use matrix.branch as the branch does not exist in the
459+ # Code Editor repo. The branch only exists in the fork.
460+ ref : ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || matrix.branch }}
457461 submodules : recursive
458462
459463 - name : Update security scan script from main
0 commit comments