fix: improve PR reference handling for workflow_dispatch events

[Flipmonster]

This PR improves how code scanning analyses are retrieved when triggered by workflow_dispatch events, particularly in the context of pull requests.

Changes include enhanced PR reference handling, better debug logging, and improved property access on CodeAlert objects. The changes ensure that both head and merge refs are tried in the correct order, providing better support for workflow_dispatch events in pull request contexts.

This occurs because during workflow_dispatch events, the reference handling wasn't properly considering the PR context, leading to failed analysis retrieval.

1. Enhanced PR reference handling to properly try both head and merge refs:

# Before: Only tried repository reference
analysis = self.getAnalyses(reference=self.repository.reference)

# After: Explicitly try PR-specific references
head_ref = f'refs/pull/{self.repository.getPullRequestNumber()}/head'
merge_ref = f'refs/pull/{self.repository.getPullRequestNumber()}/merge'

# Try head ref first (more accurate for workflow_dispatch)
analysis = self.getAnalyses(reference=head_ref)
if len(analysis) == 0:
    analysis = self.getAnalyses(reference=merge_ref)

2. Added proper PR head branch detection from PR info:

# Added PR head branch detection
pr_info = self.repository.getPullRequestInfo()
if pr_info and "head" in pr_info:
    self.branch = pr_info["head"].get("ref")

3. Added better debug logging:

logger.debug(f'Getting Analyses for ref: {ref}')
logger.debug(f'Repository reference: {self.repository.reference}')
logger.debug(f'Repository branch: {self.repository.branch}')
logger.debug(f'Is in PR: {self.repository.isInPullRequest()}')

4. Fixed property access on CodeAlert objects:
   • Standardized property access patterns
   • Fixed inconsistencies between dict-style and property access
   • Added proper type handling for CodeAlert properties

overview

This fix ensures that code scanning analyses are properly retrieved during workflow_dispatch events in pull requests, which is particularly important for:

• Manual re-runs of code scanning checks
• Custom workflow triggers
• Integration with other CI/CD processes

The changes maintain backward compatibility while improving the robustness of the code scanning analysis retrieval process.

Testing

The changes have been tested with:

• Regular pull request checks
• workflow_dispatch events in pull requests
• Different reference formats (head and merge)
• Various PR states and configurations

Documentation

For more information about the code scanning API endpoints being used, see:
https://docs.github.com/en/enterprise-cloud@latest/rest/code-scanning#list-code-scanning-analyses-for-a-repository
advanced-security/policy-as-code#121

[GeekMasher]

@Flipmonster Can you please update the tests and make sure they pass. I think its because we are now request data from the GitHub API when creating a Repository instance now.