fix: replace tj-actions/changed-file by step-security/changed-files #11644
Conversation
`tj-action/changed-files` is compromised I have replaced with the best alternative.
github-actions
bot
added
the
GitHub Actions
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #11644 +/- ##
==========================================
- Coverage 49.88% 49.86% -0.03%
==========================================
Files 83 83
Lines 22984 22990 +6
Branches 5508 5511 +3
==========================================
- Hits 11466 11463 -3
- Misses 10121 10125 +4
- Partials 1397 1402 +5 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
stephanegigandet
changed the title
|
I think we might be able to use the The tricky part is that this repository uses GitHub Actions required status checks. However: I think it may be possible to have an inverted workflow that has |
|
Malte he knew it that was compromised and he was the first-one who updated me. |
|
@JagjeevanAK do you think we could implement the required functionality without That would be more complicated than what I've tested so far, so I'm not sure. |
|
I believe you are not seeing the broader picture yet. While we can certainly test just for docs, but our main goal is to avoid rebuilding the Docker container each time. To achieve this, we need to monitor which files have been modified. I've been experimenting with this on another branch/ different pull request. |
|
Understood. Would the GitHub Actions |
|
@jayaddison path filter is only to decide whether to run or not the action, not to be able to decide which step to run. Also we need to do boolean operations with changed files, which is not possible with path. |
github-project-automation
bot
moved this from Needs review
to Done
in Product Opener Weekly Review
Thanks @alexgarel. I had considered relocating individual jobs into separate workflow files to achieve some of the choice diagram aspect -- but that would not work for individual steps within jobs -- so OK, this makes sense. The boolean conditions part remains less clear to me, so I'll keep thinking about that. However, I certainly recognize that there are more advanced use-cases and conditions that could be solved by using scripts. |
|
@JagjeevanAK If/when you have time, could you let me know the reasons/bugs that made I know my questions probably seem very repetitive; I'm trying to understand why it made sense to make the change, mainly because I think we got lucky avoiding the compromise, and also because to me, |
|
Hey @jayaddison, there is nothing called repetitive —we are all learning day by day. The reason behind shifting from |
|
@jayaddison the beauty of open source is you can always try for yourself. If you want to test a different implementation yourself, go for it. That's the best way to learn |
|
Thanks @JagjeevanAK @github-throwaway. I'd like to test it, and am willing to; I'm not sure what behaviour(s) to check for, though (I have begun searching through the |
I'll add any additional relevant notes in #11630, because that seems to be the more relevant location. I have one or two ideas to examine and test. |
…-files (openfoodfacts#11644)" This reverts commit 04214c7.
In openfoodfacts#11624 the original plan was to add some negative matching blobs using `paths-filter`, but that did not function as intended. As a result of that, we switched to use `tj-actions/paths-filter` instead, in pull requests openfoodfacts#11630 and openfoodfacts#11644. The reason `changed-files` did not work as expected is/was the lack of dorny/paths-filter#224 - a feature only available from v3.0.2 onwards. This changeset enables support for the `predicate-quantifier` setting and configures it for the negative-blob matches on the `code` fileset.
🤖 I have created a release *beep* *boop* --- ## [2.62.0](v2.61.0...v2.62.0) (2025-03-27) ### Features * Add 'Contact Us' in producers_resources_list ([#11529](#11529)) ([8dda322](8dda322)) * Add 'delete' button in edit mode for mods ([#11544](#11544)) ([fcf3593](fcf3593)) * cosmetic categories translations ([4290d56](4290d56)) * cosmetic categories translations ([#11554](#11554)) ([4290d56](4290d56)) * integrate `robotoff-question` from off-webcomponents ([#11545](#11545)) ([2f6708a](2f6708a)) * Several tags_and_languages script improvements ([#11549](#11549)) ([b732d82](b732d82)) * tags_and_languages_script_improvements ([#11652](#11652)) ([f676bde](f676bde)) * taxonomize brands with a language less xx: taxonomy ([#11606](#11606)) ([a16dda3](a16dda3)) * update code to get assets images from @openfoodfacts/openfoodfacts-webcomponents ([#11677](#11677)) ([f465093](f465093)) * update to add nutrients ([#11581](#11581)) ([61d78c5](61d78c5)) * whitelist IP blocks for rate limiting ([#11542](#11542)) ([e2613e2](e2613e2)) ### Bug Fixes * Added a GNU grep dependency check to Makefile ([#11534](#11534)) ([d363915](d363915)) * Added CORS Support to `/cgi/product_image_unselect.pl` and `/cgi/product_image_crop.pl` ([#11603](#11603)) ([e98515a](e98515a)) * added skip tests while docs updations ([#11555](#11555)) ([433d5e6](433d5e6)) * agena3000 + equadis SVG logos ([#11541](#11541)) ([042fff6](042fff6)) * allow all logged in users to change product_type ([#11597](#11597)) ([3433ebf](3433ebf)) * barcode overflow in product content ([#11592](#11592)) ([cbcc12b](cbcc12b)) * CORS headers for image upload API ([#11656](#11656)) ([3338f56](3338f56)) * data quality label threshold source of vitamins and minerals ([#11536](#11536)) ([51d9b27](51d9b27)) * fixed the issue of pull_request.yml file ([#11617](#11617)) ([8a31b55](8a31b55)) * Makefile improvements for better DX ([#11502](#11502)) ([2a9498d](2a9498d)) * Missing Template Error: Update ecoscore_details.tt.html to environmental_score_details.tt.html ([#11591](#11591)) ([3a19b36](3a19b36)) * no_cache + no_off_query ([#11593](#11593)) ([e091d2a](e091d2a)) * remove duplicates in taxonomies 2 ([#11566](#11566)) ([14bd0db](14bd0db)) * remove the ugly bg color for the Folksonomy Engine ([9c6e448](9c6e448)) * remove the ugly bg color for the Folksonomy Engine ([#11609](#11609)) ([9c6e448](9c6e448)) * replace tj-actions/changed-file by step-security/changed-files ([#11644](#11644)) ([04214c7](04214c7)) * require user identification in API v2 WRITE requests ([#11596](#11596)) ([d0250a4](d0250a4)) * spacing between numbers in pagination ([#11595](#11595)) ([b1465c6](b1465c6)) * style ui and fix bugs ([#11582](#11582)) ([6da4cf9](6da4cf9)) * TaxonomiesEnhancer division by zero ([#11607](#11607)) ([beb59db](beb59db)) * Twitter Url and logo updates ([#11605](#11605)) ([a77eac8](a77eac8)) * Update bug_report.md ([#11585](#11585)) ([c9e205b](c9e205b)) * update Systeme U import to use pro platform ([#11584](#11584)) ([5e3b801](5e3b801)) * update tests to fix import_systemeu.t test ([#11636](#11636)) ([058f454](058f454)) * Update-link-user-guide-pro ([#11497](#11497)) ([3c5ec4a](3c5ec4a)) * Use off_query parameter to not clash with existing database parameter ([#11533](#11533)) ([7feb0a5](7feb0a5)) * wrap long username in cards ([#11590](#11590)) ([a012a18](a012a18)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
…11644) `tj-action/changed-files` is compromised and I have replaced it with the best alternative of it.
🤖 I have created a release *beep* *boop* --- ## [2.62.0](v2.61.0...v2.62.0) (2025-03-27) ### Features * Add 'Contact Us' in producers_resources_list ([#11529](#11529)) ([8dda322](8dda322)) * Add 'delete' button in edit mode for mods ([#11544](#11544)) ([fcf3593](fcf3593)) * cosmetic categories translations ([4290d56](4290d56)) * cosmetic categories translations ([#11554](#11554)) ([4290d56](4290d56)) * integrate `robotoff-question` from off-webcomponents ([#11545](#11545)) ([2f6708a](2f6708a)) * Several tags_and_languages script improvements ([#11549](#11549)) ([b732d82](b732d82)) * tags_and_languages_script_improvements ([#11652](#11652)) ([f676bde](f676bde)) * taxonomize brands with a language less xx: taxonomy ([#11606](#11606)) ([a16dda3](a16dda3)) * update code to get assets images from @openfoodfacts/openfoodfacts-webcomponents ([#11677](#11677)) ([f465093](f465093)) * update to add nutrients ([#11581](#11581)) ([61d78c5](61d78c5)) * whitelist IP blocks for rate limiting ([#11542](#11542)) ([e2613e2](e2613e2)) ### Bug Fixes * Added a GNU grep dependency check to Makefile ([#11534](#11534)) ([d363915](d363915)) * Added CORS Support to `/cgi/product_image_unselect.pl` and `/cgi/product_image_crop.pl` ([#11603](#11603)) ([e98515a](e98515a)) * added skip tests while docs updations ([#11555](#11555)) ([433d5e6](433d5e6)) * agena3000 + equadis SVG logos ([#11541](#11541)) ([042fff6](042fff6)) * allow all logged in users to change product_type ([#11597](#11597)) ([3433ebf](3433ebf)) * barcode overflow in product content ([#11592](#11592)) ([cbcc12b](cbcc12b)) * CORS headers for image upload API ([#11656](#11656)) ([3338f56](3338f56)) * data quality label threshold source of vitamins and minerals ([#11536](#11536)) ([51d9b27](51d9b27)) * fixed the issue of pull_request.yml file ([#11617](#11617)) ([8a31b55](8a31b55)) * Makefile improvements for better DX ([#11502](#11502)) ([2a9498d](2a9498d)) * Missing Template Error: Update ecoscore_details.tt.html to environmental_score_details.tt.html ([#11591](#11591)) ([3a19b36](3a19b36)) * no_cache + no_off_query ([#11593](#11593)) ([e091d2a](e091d2a)) * remove duplicates in taxonomies 2 ([#11566](#11566)) ([14bd0db](14bd0db)) * remove the ugly bg color for the Folksonomy Engine ([9c6e448](9c6e448)) * remove the ugly bg color for the Folksonomy Engine ([#11609](#11609)) ([9c6e448](9c6e448)) * replace tj-actions/changed-file by step-security/changed-files ([#11644](#11644)) ([04214c7](04214c7)) * require user identification in API v2 WRITE requests ([#11596](#11596)) ([d0250a4](d0250a4)) * spacing between numbers in pagination ([#11595](#11595)) ([b1465c6](b1465c6)) * style ui and fix bugs ([#11582](#11582)) ([6da4cf9](6da4cf9)) * TaxonomiesEnhancer division by zero ([#11607](#11607)) ([beb59db](beb59db)) * Twitter Url and logo updates ([#11605](#11605)) ([a77eac8](a77eac8)) * Update bug_report.md ([#11585](#11585)) ([c9e205b](c9e205b)) * update Systeme U import to use pro platform ([#11584](#11584)) ([5e3b801](5e3b801)) * update tests to fix import_systemeu.t test ([#11636](#11636)) ([058f454](058f454)) * Update-link-user-guide-pro ([#11497](#11497)) ([3c5ec4a](3c5ec4a)) * Use off_query parameter to not clash with existing database parameter ([#11533](#11533)) ([7feb0a5](7feb0a5)) * wrap long username in cards ([#11590](#11590)) ([a012a18](a012a18)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
…-files (openfoodfacts#11644)" This reverts commit 04214c7. Conflicts: .github/workflows/pull_request.yml
In openfoodfacts#11624 the original plan was to add some negative matching blobs using `paths-filter`, but that did not function as intended. As a result of that, we switched to use `tj-actions/paths-filter` instead, in pull requests openfoodfacts#11630 and openfoodfacts#11644. The reason `changed-files` did not work as expected is/was the lack of dorny/paths-filter#224 - a feature only available from v3.0.2 onwards. This changeset enables support for the `predicate-quantifier` setting and configures it for the negative-blob matches on the `code` fileset.
In #11624 the original plan was to add some negative matching blobs using `paths-filter`, but that did not function as intended. As a result of that, we switched to use `tj-actions/paths-filter` instead, in pull requests #11630 and #11644. The reason `changed-files` did not work as expected is/was the lack of dorny/paths-filter#224 - a feature only available from v3.0.2 onwards. This changeset enables support for the `predicate-quantifier` setting and configures it for the negative-blob matches on the `code` fileset.
…/changed-files (openfoodfacts#11644)"" This reverts commit 0d819a0.
tj-action/changed-filesis compromised and I have replaced it with the best alternative of it.