Skip to content

Commit 58e3dff

Browse files
shnizzedyshnizzedy
authored
πŸ”’οΈπŸ‘½οΈπŸ‘·βž– Remove tj-actions/changed-files dependency (#2197)
2 parents 0a0066f + 340f613 commit 58e3dff

File tree

3 files changed

+9
-13
lines changed

3 files changed

+9
-13
lines changed

β€Ž.github/workflows/on_push.ymlβ€Ž

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -35,51 +35,42 @@ jobs:
3535
uses: actions/checkout@v4
3636
with:
3737
fetch-depth: 2
38-
- name: Get changed files since last commit
39-
uses: tj-actions/[email protected]
40-
id: changed-files
41-
with:
42-
since_last_remote_commit: "true"
43-
files: .github/Dockerfiles/*
44-
json: "true"
4538
- name: Determine stages to rebuild
4639
env:
4740
MESSAGE: ${{ github.event.head_commit.message }}
4841
id: rebuild
4942
run: |
5043
# initialize phase arrays
5144
declare -a PHASE_ONE PHASE_TWO PHASE_THREE REBUILD_PHASE_ONE REBUILD_PHASE_TWO REBUILD_PHASE_THREE
52-
# turn JSON array into BASH array
53-
CHANGED_FILES=( $(echo ${{ steps.changed-files.outputs.all_changed_files }} | sed -e 's/\[//g' -e 's/\]//g' -e 's/\,/ /g') )
5445
# loop through stages to maybe rebuild
5546
for STAGE in $(cat ${GITHUB_WORKSPACE}/.github/stage_requirements/phase_one.txt)
5647
do
5748
PHASE_ONE+=($STAGE)
5849
# check commit message for [rebuild STAGE] or if STAGE has changed
59-
if [[ "${MESSAGE}" == *"[rebuild ${STAGE}]"* ]] || [[ " ${CHANGED_FILES[*]} " =~ " ${STAGE} " ]]
50+
if [[ "${MESSAGE}" == *"[rebuild ${STAGE}]"* ]]
6051
then
6152
REBUILD_PHASE_ONE+=($STAGE)
6253
fi
6354
done
6455
for STAGE in $(cat ${GITHUB_WORKSPACE}/.github/stage_requirements/phase_two.txt)
6556
do
6657
PHASE_TWO+=($STAGE)
67-
if [[ "${MESSAGE}" == *"[rebuild ${STAGE}]"* ]] || [[ " ${CHANGED_FILES[*]} " =~ " ${STAGE} " ]]
58+
if [[ "${MESSAGE}" == *"[rebuild ${STAGE}]"* ]]
6859
then
6960
REBUILD_PHASE_TWO+=($STAGE)
7061
fi
7162
done
7263
for STAGE in $(cat ${GITHUB_WORKSPACE}/.github/stage_requirements/phase_three.txt)
7364
do
7465
PHASE_THREE+=($STAGE)
75-
if [[ "${MESSAGE}" == *"[rebuild ${STAGE}]"* ]] || [[ "${MESSAGE}" == *"[rebuild base-${STAGE}]"* ]] || [[ " ${CHANGED_FILES[*]} " =~ " ${STAGE} " ]]
66+
if [[ "${MESSAGE}" == *"[rebuild ${STAGE}]"* ]] || [[ "${MESSAGE}" == *"[rebuild base-${STAGE}]"* ]]
7667
then
7768
REBUILD_PHASE_THREE+=($STAGE)
7869
fi
7970
done
8071
# add base stages based on their dependencies
8172
BASES=("${PHASE_THREE[@]}" standard)
82-
if [[ "${MESSAGE}" == *"[rebuild standard]"* ]] || [[ "${MESSAGE}" == *"[rebuild base-standard]"* ]] || [[ " ${CHANGED_FILES[*]} " =~ " standard " ]]
73+
if [[ "${MESSAGE}" == *"[rebuild standard]"* ]] || [[ "${MESSAGE}" == *"[rebuild base-standard]"* ]]
8374
then
8475
REBUILD_PHASE_THREE+=(standard)
8576
fi

β€ŽCHANGELOG.mdβ€Ž

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
127127
- `wxpython`
128128
- `yamlordereddictloader`
129129

130+
#### Removed CI dependency
131+
132+
- `tj-actions/changed-files` ([CVE-2023-51664](https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised))
133+
130134
### Upgraded dependencies
131135

132136
- `AFNI` 21.1.00 'Domitian' β†’ 23.3.09 'Septimius Severus'

β€ŽCONTRIBUTING.mdβ€Ž

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,3 +80,4 @@ We have 3 types of staging Dockerfiles: operating system, software dependency, a
8080
* To change a dependency in a C-PAC image, update the stage images at the top of the relevant `.github/Dockerfiles/C-PAC.develop-*.Dockerfile`.
8181
* If a Dockerfile does not yet exist for the added dependency, create a Dockerfile for the new dependency and add the filename (without extension) to [`jobs.stages.strategy.matrix.Dockerfile` in `.github/workflows/build_stages.yml`](https://github.com/FCP-INDI/C-PAC/blob/4e18916384e52c3dc9610aea3eed537c19d480e3/.github/workflows/build_stages.yml#L77-L97)
8282
* If no Dockerfiles use the removed dependency, remove the Dockerfile for the dependency and remove the filename from [`jobs.stages.strategy.matrix.Dockerfile` in `.github/workflows/build_stages.yml`](https://github.com/FCP-INDI/C-PAC/blob/4e18916384e52c3dc9610aea3eed537c19d480e3/.github/workflows/build_stages.yml#L77-L97)
83+
* When making changes to a Dockerfile, include the line `[rebuild {filename}]` where `filename` is the name of the Dockerfile without the extension (e.g., `[rebuild Ubuntu.jammy-non-free]`).

0 commit comments

Comments
Β (0)