Problem
The distribution-changed detection step in .github/workflows/redhat-distro-container.yml uses git diff HEAD^ HEAD, which only compares the tip commit against its immediate parent. On a multi-commit push where distribution/ was modified in an earlier commit but not the final commit, the gate evaluates to false and the publish job is silently skipped — leaving an updated image unpublished.
This bug is pre-existing on main (introduced as a fix for an earlier jq/event-payload approach), but became more impactful in PR #252 which introduced the publish job that directly gates on needs.build-test.outputs.distribution-changed.
Raised in: #252 (comment)
Requested by: @rhdedgar
Proposed Fix
1. Fetch full history
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
- fetch-depth: 2 # Need parent commit to detect changes
+ fetch-depth: 0
2. Compare the full push range instead of just HEAD^
- name: Check if distribution directory changed
id: distribution-changed
if: github.event_name == 'push'
run: |
- if git diff --name-only HEAD^ HEAD | grep -q '^distribution/'; then
- echo "changed=true" >> "$GITHUB_OUTPUT"
- echo "distribution/ was modified in this push, will publish"
- else
- echo "changed=false" >> "$GITHUB_OUTPUT"
- echo "distribution/ was not modified in this push, skipping publish"
- fi
+ BEFORE="${{ github.event.before }}"
+ if [[ "$BEFORE" == "0000000000000000000000000000000000000000" ]]; then
+ # First push to branch — no previous SHA to compare against, treat as changed
+ echo "changed=true" >> "$GITHUB_OUTPUT"
+ echo "First push to branch, treating distribution/ as changed"
+ elif git diff --name-only "$BEFORE" "${{ github.sha }}" | grep -q '^distribution/'; then
+ echo "changed=true" >> "$GITHUB_OUTPUT"
+ echo "distribution/ was modified in this push range, will publish"
+ else
+ echo "changed=false" >> "$GITHUB_OUTPUT"
+ echo "distribution/ was not modified in this push range, skipping publish"
+ fiNotes
github.event.before is the SHA of the commit immediately before the push, covering the entire push range regardless of how many commits are included.- The all-zeros guard (
0000...0000) handles first-push-to-branch scenarios where there is no prior SHA to diff against; defaulting to changed=true is the safe choice.
fetch-depth: 0 ensures the full history is available so the diff range is always resolvable.
Problem
The
distribution-changeddetection step in.github/workflows/redhat-distro-container.ymlusesgit diff HEAD^ HEAD, which only compares the tip commit against its immediate parent. On a multi-commit push wheredistribution/was modified in an earlier commit but not the final commit, the gate evaluates tofalseand thepublishjob is silently skipped — leaving an updated image unpublished.This bug is pre-existing on
main(introduced as a fix for an earlier jq/event-payload approach), but became more impactful in PR #252 which introduced thepublishjob that directly gates onneeds.build-test.outputs.distribution-changed.Raised in: #252 (comment)
Requested by: @rhdedgar
Proposed Fix
1. Fetch full history
2. Compare the full push range instead of just
HEAD^Notes
github.event.beforeis the SHA of the commit immediately before the push, covering the entire push range regardless of how many commits are included.0000...0000) handles first-push-to-branch scenarios where there is no prior SHA to diff against; defaulting tochanged=trueis the safe choice.fetch-depth: 0ensures the full history is available so the diff range is always resolvable.