workflows - use github.head_ref when building

[mbrousset-ledger]

Description

Currently, the workflows running in a PR context are building apps using the default sdk branch (i.e. master). This PR uses github.head_ref instead.

Changes include

• Bugfix (non-breaking change that solves an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (change that is not backwards-compatible and/or changes current functionality)
• Tests
• Documentation
• Other (for changes that might not fit in any category)

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.82%. Comparing base (7dd1b2f) to head (43c304a).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1442   +/-   ##
=======================================
  Coverage   91.82%   91.82%           
=======================================
  Files          37       37           
  Lines        4244     4244           
  Branches      521      521           
=======================================
  Hits         3897     3897           
  Misses        257      257           
  Partials       90       90           

Flag	Coverage Δ
unittests	91.82% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[mbrousset-ledger]

Tip of the source branch is now used : https://github.com/LedgerHQ/ledger-secure-sdk/actions/runs/22306803897/job/64528226863#step:4:73

[Copilot]

Pull request overview

Updates CI workflows so PR-triggered builds use the PR’s branch instead of always building against the default SDK branch (e.g., master).

Changes:

• In Rust SDK build workflow, check out the C SDK using github.head_ref during PR builds.
• In “build all C apps” workflow, prefer inputs.sdk_branch but fall back to github.head_ref for PR builds.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/build_rust_sdk.yml	Adjusts the C SDK checkout to target the PR branch ref.
.github/workflows/build_all_c_apps.yml	Adjusts SDK checkout ref selection to include PR branch ref fallback.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Using inputs.sdk_branch || github.head_ref can break PRs from forks because github.head_ref is only a branch name and may not exist in this repo. Prefer using github.event.pull_request.head.sha (or refs/pull/${{ github.event.pull_request.number }}/head) when running on pull_request, and fall back to inputs.sdk_branch (or the triggering ref) for workflow_dispatch.

Suggested change

	ref: ${{ inputs.sdk_branch || github.head_ref }}
	ref: ${{ inputs.sdk_branch != '' && inputs.sdk_branch || (github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref) }}

[Copilot]

github.head_ref is only the branch name and will not reliably resolve for PRs coming from forks (the branch doesn’t exist in the base repo). Consider checking out the PR’s exact commit instead (e.g., use github.event.pull_request.head.sha when github.event_name == 'pull_request'), and fall back to the default ref (or an input) for workflow_dispatch runs.

Suggested change

	ref: ${{ github.head_ref }}
	ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}