Support dependency review

In order for dependency review to work, we need to compare the github
sha for the pull request. This can be read from the context and set it
as the GITHUB_SHA env variable when it exists.

Author: johnpangalos

package-lock.json

@@ -28,9 +28,11 @@
   "dependencies": {
     "@actions/core": "^1.10.1",
     "@actions/exec": "^1.1.0",
+    "@actions/github": "^6.0.0",
     "@actions/io": "^1.1.3"
   },
   "devDependencies": {
+    "@octokit/webhooks-types": "^7.3.1",
     "@types/node": "^17.0.30",
     "@vercel/ncc": "^0.38.1",
     "eslint-plugin-github": "^4.9.0",

package.json

@@ -1,10 +1,12 @@
 import * as cli from '@actions/exec'
 import * as core from '@actions/core'
 import * as io from '@actions/io'
+import * as github from '@actions/github'
 import * as crypto from 'crypto'
 import * as fs from 'fs'
 import * as fsPromises from 'fs/promises'
 import * as path from 'path'
+import type { PullRequestEvent } from '@octokit/webhooks-types'
 
 async function run(): Promise<void> {
   try {
@@ -48,6 +50,13 @@ async function run(): Promise<void> {
 
     const input = { ignoredModules, ignoredConfigs, onResolveFailure }
 
+    if (github.context.eventName === 'pull_request') {
+      core.info('pull request, resetting sha')
+      const payload = github.context.payload as PullRequestEvent
+      core.info(`setting sha to: ${payload.pull_request.head.sha}`)
+      process.env['GITHUB_SHA'] = payload.pull_request.head.sha
+    }
+
     process.env['GITHUB_TOKEN'] = token
     await cli.exec('sbt', ['--batch', `githubSubmitDependencyGraph ${JSON.stringify(input)}`], {
       cwd: workingDir,