From 12e8aceb4c03b67400a47b67b768267d93320ea1 Mon Sep 17 00:00:00 2001
From: Ludy87 <Ludy87@users.noreply.github.com>
Date: Sat, 21 Dec 2024 23:15:24 +0100
Subject: [PATCH] [Security] Dangerous-Workflow

https://github.com/Ludy87/test_java/security/code-scanning/26
---
 .github/workflows/check_properties.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml
index 24f7f316..dfc0e276 100644
--- a/.github/workflows/check_properties.yml
+++ b/.github/workflows/check_properties.yml
@@ -31,9 +31,11 @@ jobs:
 
       - name: Checkout PR branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        env:
+          PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }}
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
-          ref: "${{ github.event.pull_request.merge_commit_sha }}"
+          ref: $PULL_REQUEST_REF
           path: pr-branch
           fetch-depth: 0