From d109dd5d333ab79c34032e0443e15643c347e966 Mon Sep 17 00:00:00 2001
From: Chuan-kai Lin <cklin@github.com>
Date: Fri, 21 Mar 2025 07:52:02 -0700
Subject: [PATCH] Detect PR branches for Default Setup

---
 src/analyze.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/analyze.ts b/src/analyze.ts
index d882beeb2..d9fd6e308 100644
--- a/src/analyze.ts
+++ b/src/analyze.ts
@@ -270,6 +270,19 @@ function getPullRequestBranches(): PullRequestBranches | undefined {
       head: pullRequest.head.label,
     };
   }
+
+  // PR analysis under Default Setup does not have the pull_request context,
+  // but it should set CODE_SCANNING_REF and CODE_SCANNING_BASE_BRANCH.
+  const codeScanningRef = process.env.CODE_SCANNING_REF;
+  const codeScanningBaseBranch = process.env.CODE_SCANNING_BASE_BRANCH;
+  if (codeScanningRef && codeScanningBaseBranch) {
+    return {
+      base: codeScanningBaseBranch,
+      // PR analysis under Default Setup analyzes the PR head commit instead of
+      // the merge commit, so we can use the provided ref directly.
+      head: codeScanningRef,
+    };
+  }
   return undefined;
 }