From 6fce672270f2f6b74119207473a9d8da1631f92b Mon Sep 17 00:00:00 2001
From: Mahe Tardy <mahe.tardy@gmail.com>
Date: Tue, 19 Nov 2024 10:48:54 -0700
Subject: [PATCH] workflow: pass only the git diff files for digestcheck

This will partially prevent this workflow to spot issues in outdated or
wrong multi-arch SHA256 that haven't been touched in the PR and should
be updated elsewhere. It will not be perfect as it's as precise as files
and not lines so it might still spot issues that were not changed by
this PR but I don't want to spend too much rewriting this script that
has the very nice property to dump file name and file lines using the
grep output. It seems it would require more change to use the git diff
-U0 output instead.

Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
---
 .github/workflows/digestcheck.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/digestcheck.yaml b/.github/workflows/digestcheck.yaml
index d4f475b8bfe..bc676d0f2d1 100644
--- a/.github/workflows/digestcheck.yaml
+++ b/.github/workflows/digestcheck.yaml
@@ -15,6 +15,8 @@ jobs:
     steps:
     - name: Checkout code
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      with:
+        fetch-depth: 0   # because we also need the main branch
 
     - name: Install crane
       env:
@@ -26,4 +28,5 @@ jobs:
     - name: Check digests
       env:
         TERM: xterm-color
-      run: ./contrib/digestcheck.sh ${{ github.workspace }}
+        BASE_REF: ${{ github.base_ref }}
+      run: git diff --name-only origin/$BASE_REF | xargs ./contrib/digestcheck.sh