Determine and checkout the original target branch when publishing the build scans

.github/workflows/ci-report.yml

@@ -21,12 +21,23 @@ jobs:
     if: github.repository == 'hibernate/hibernate-validator' && github.event.workflow_run.conclusion != 'cancelled'
     runs-on: ubuntu-latest
     steps:
+      # Different branches might have different versions of Develocity, and we want to make sure
+      #  that we publish with the one that we built the scan with in the first place:
+      - name: Determine the Branch Reference for which the original action was triggered
+        id: determine_branch_ref
+        run: |
+          if [ -n "${{ github.event.workflow_run.pull_requests[0].base.ref }}" ]; then
+            BRANCH_REF="${{ github.event.workflow_run.pull_requests[0].base.ref }}"
+          else
+            BRANCH_REF="${{ github.event.workflow_run.head_branch }}"
+          fi
+          echo "original_branch_ref=$BRANCH_REF" >> "$GITHUB_OUTPUT"
       # Checkout target branch which has trusted code
       - name: Check out target branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
         with:
           persist-credentials: false
-          ref: ${{ github.ref }}
+          ref: ${{ steps.determine_branch_ref.outputs.original_branch_ref }}
       - name: Set up Java 21
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # 4.7.1
         with: