[Github] Switch back to tj-actions/changed-files #158335
Conversation
We were using the step security fork after the tj-actions/changed-files supply chain attack given Github disabled the repo and all our actions were failing during that time. Switch away from the fork back to the main repository to avoid an extra level of indirection until we can probably just stop using this action/roll our own.
|
@llvm/pr-subscribers-github-workflow Author: Aiden Grossman (boomanaiden154) ChangesWe were using the step security fork after the tj-actions/changed-files supply chain attack given Github disabled the repo and all our actions were failing during that time. Switch away from the fork back to the main repository to avoid an extra level of indirection until we can probably just stop using this action/roll our own. Full diff: https://github.com/llvm/llvm-project/pull/158335.diff 2 Files Affected:
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index b627803f61b27..8cdd39c164cca 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -60,7 +60,7 @@ jobs:
fetch-depth: 2
- name: Get subprojects that have doc changes
id: docs-changed-subprojects
- uses: step-security/changed-files@3dbe17c78367e7d60f00d78ae6781a35be47b4a1 # v45.0.1
+ uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
with:
skip_initial_fetch: true
base_sha: 'HEAD~1'
diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml
index 9341eaf3ce7c2..9396bf019e1ac 100644
--- a/.github/workflows/pr-code-format.yml
+++ b/.github/workflows/pr-code-format.yml
@@ -25,7 +25,7 @@ jobs:
- name: Get changed files
id: changed-files
- uses: step-security/changed-files@3dbe17c78367e7d60f00d78ae6781a35be47b4a1 # v45.0.1
+ uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
with:
separator: ","
skip_initial_fetch: true
|
We're not relying on a fork that we don't control for this. The development cadence of the fork is relatively slow (eg new release a month after upstream) and something I'd rather not rely on in the interim before we hopefully create our own action that does something similar. |
We were using the step security fork after the tj-actions/changed-files supply chain attack given Github disabled the repo and all our actions were failing during that time. Switch away from the fork back to the main repository to avoid an extra level of indirection until we can probably just stop using this action/roll our own.