Update dist/index.js and CHANGELOG for v2.11.0

Use Octokit pagination

.eslintrc.json

@@ -1,6 +1,6 @@
 {
     "plugins": ["jest", "@typescript-eslint"],
-    "extends": ["plugin:github/es6"],
+    "extends": ["plugin:github/internal"],
     "parser": "@typescript-eslint/parser",
     "parserOptions": {
       "ecmaVersion": 9,
@@ -16,13 +16,10 @@
       "@typescript-eslint/no-require-imports": "error",
       "@typescript-eslint/array-type": "error",
       "@typescript-eslint/await-thenable": "error",
-      "@typescript-eslint/ban-ts-ignore": "error",
       "camelcase": "off",
       "@typescript-eslint/camelcase": "off",
-      "@typescript-eslint/class-name-casing": "error",
       "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
       "@typescript-eslint/func-call-spacing": ["error", "never"],
-      "@typescript-eslint/generic-type-naming": ["error", "^[A-Z][A-Za-z]*$"],
       "@typescript-eslint/no-array-constructor": "error",
       "@typescript-eslint/no-empty-interface": "error",
       "@typescript-eslint/no-explicit-any": "off",
@@ -32,7 +29,6 @@
       "@typescript-eslint/no-misused-new": "error",
       "@typescript-eslint/no-namespace": "error",
       "@typescript-eslint/no-non-null-assertion": "warn",
-      "@typescript-eslint/no-object-literal-type-assertion": "error",
       "@typescript-eslint/no-unnecessary-qualifier": "error",
       "@typescript-eslint/no-unnecessary-type-assertion": "error",
       "@typescript-eslint/no-useless-constructor": "error",
@@ -40,7 +36,6 @@
       "@typescript-eslint/prefer-for-of": "warn",
       "@typescript-eslint/prefer-function-type": "warn",
       "@typescript-eslint/prefer-includes": "error",
-      "@typescript-eslint/prefer-interface": "error",
       "@typescript-eslint/prefer-string-starts-ends-with": "error",
       "@typescript-eslint/promise-function-async": ["error", { "allowAny": true }],
       "@typescript-eslint/require-array-sort-compare": "error",

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## v2.11.0
+- [Set list-files input parameter as not required](https://github.com/dorny/paths-filter/pull/157)
+- [Update Node.js](https://github.com/dorny/paths-filter/pull/161)
+- [Fix incorrect handling of Unicode characters in exec()](https://github.com/dorny/paths-filter/pull/162)
+- [Use Octokit pagination](https://github.com/dorny/paths-filter/pull/163)
+- [Updates real world links](https://github.com/dorny/paths-filter/pull/160)
+
+## v2.10.2
+- [Fix getLocalRef() returns wrong ref](https://github.com/dorny/paths-filter/pull/91)
+
+## v2.10.1
+- [Improve robustness of change detection](https://github.com/dorny/paths-filter/pull/85)
+
 ## v2.10.0
 - [Add ref input parameter](https://github.com/dorny/paths-filter/pull/82)
 - [Fix change detection in PR when pullRequest.changed_files is incorrect](https://github.com/dorny/paths-filter/pull/83)

README.md

@@ -1,46 +1,48 @@
 # Paths Changes Filter
 
-This [Github Action](https://github.com/features/actions) enables conditional execution of workflow steps and jobs,
-based on the files modified by pull request, feature branch or in pushed commits.
+[GitHub Action](https://github.com/features/actions) that enables conditional execution of workflow steps and jobs, based on the files modified by pull request, on a feature
+branch, or by the recently pushed commits.
 
-It saves time and resources especially in monorepo setups, where you can run slow tasks (e.g. integration tests or deployments) only for changed components.
-Github workflows built-in [path filters](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestpaths)
+Run slow tasks like integration tests or deployments only for changed components. It saves time and resources, especially in monorepo setups.
+GitHub workflows built-in [path filters](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestpaths)
 don't allow this because they don't work on a level of individual jobs or steps.
 
 **Real world usage examples:**
-- [sentry.io](https://sentry.io/) - [backend-test-py3.6.yml](https://github.com/getsentry/sentry/blob/ca0e43dc5602a9ab2e06d3f6397cc48fb5a78541/.github/workflows/backend-test-py3.6.yml#L32)
-- [GoogleChrome/web.dev](https://web.dev/) - [lint-and-test-workflow.yml](https://github.com/GoogleChrome/web.dev/blob/e1f0c28964e99ce6a996c1e3fd3ee1985a7a04f6/.github/workflows/lint-and-test-workflow.yml#L33)
 
+- [sentry.io](https://sentry.io/) - [backend.yml](https://github.com/getsentry/sentry/blob/2ebe01feab863d89aa7564e6d243b6d80c230ddc/.github/workflows/backend.yml#L36)
+- [GoogleChrome/web.dev](https://web.dev/) - [lint-workflow.yml](https://github.com/GoogleChrome/web.dev/blob/3a57b721e7df6fc52172f676ca68d16153bda6a3/.github/workflows/lint-workflow.yml#L26)
+
+## Supported workflows
 
-## Supported workflows:
 - **Pull requests:**
   - Workflow triggered by **[pull_request](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request)**
     or **[pull_request_target](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target)** event
   - Changes are detected against the pull request base branch
-  - Uses Github REST API to fetch list of modified files
+  - Uses GitHub REST API to fetch a list of modified files
 - **Feature branches:**
   - Workflow triggered by **[push](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#push)**
   or any other **[event](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows)**
   - The `base` input parameter must not be the same as the branch that triggered the workflow
-  - Changes are detected against the merge-base with configured base branch or default branch
+  - Changes are detected against the merge-base with the configured base branch or the default branch
   - Uses git commands to detect changes - repository must be already [checked out](https://github.com/actions/checkout)
-- **Master, Release or other long-lived branches:**
+- **Master, Release, or other long-lived branches:**
   - Workflow triggered by **[push](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#push)** event
-  when `base` input parameter is same as the branch that triggered the workflow:
+  when `base` input parameter is the same as the branch that triggered the workflow:
     - Changes are detected against the most recent commit on the same branch before the push
   - Workflow triggered by any other **[event](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows)**
   when `base` input parameter is commit SHA:
     - Changes are detected against the provided `base` commit
   - Workflow triggered by any other **[event](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows)**
-  when `base` input parameter is same as the branch that triggered the workflow:
-    - Changes are detected from last commit
+  when `base` input parameter is the same as the branch that triggered the workflow:
+    - Changes are detected from the last commit
   - Uses git commands to detect changes - repository must be already [checked out](https://github.com/actions/checkout)
 - **Local changes**
   - Workflow triggered by any event when `base` input parameter is set to `HEAD`
-  - Changes are detected against current HEAD
+  - Changes are detected against the current HEAD
   - Untracked files are ignored
 
 ## Example
+
 ```yaml
 - uses: dorny/paths-filter@v2
   id: changes
@@ -50,59 +52,59 @@ don't allow this because they don't work on a level of individual jobs or steps.
         - 'src/**'
 
   # run only if some file in 'src' folder was changed
-  if: steps.changes.outputs.src == 'true'
+- if: steps.changes.outputs.src == 'true'
   run: ...
 ```
+
 For more scenarios see [examples](#examples) section.
 
-## Notes:
+## Notes
+
 - Paths expressions are evaluated using [picomatch](https://github.com/micromatch/picomatch) library.
-  Documentation for path expression format can be found on project github page.
+  Documentation for path expression format can be found on the project GitHub page.
 - Picomatch [dot](https://github.com/micromatch/picomatch#options) option is set to true.
-  Globbing will match also paths where file or folder name starts with a dot.
-- It's recommended to quote your path expressions with `'` or `"`. Otherwise you will get an error if it starts with `*`.
+  Globbing will also match paths where file or folder name starts with a dot.
+- It's recommended to quote your path expressions with `'` or `"`. Otherwise, you will get an error if it starts with `*`.
 - Local execution with [act](https://github.com/nektos/act) works only with alternative runner image. Default runner doesn't have `git` binary.
   - Use: `act -P ubuntu-latest=nektos/act-environments-ubuntu:18.04`
 
+## What's New
 
-# What's New
 - Add `ref` input parameter
 - Add `list-files: csv` format
 - Configure matrix job to run for each folder with changes using `changes` output
 - Improved listing of matching files with `list-files: shell` and `list-files: escape` options
 - Paths expressions are now evaluated using [picomatch](https://github.com/micromatch/picomatch) library
 
-For more information see [CHANGELOG](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
+For more information, see [CHANGELOG](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
 
-# Usage
+## Usage
 
 ```yaml
 - uses: dorny/paths-filter@v2
   with:
     # Defines filters applied to detected changed files.
-    # Each filter has a name and list of rules.
+    # Each filter has a name and a list of rules.
     # Rule is a glob expression - paths of all changed
     # files are matched against it.
     # Rule can optionally specify if the file
-    # should be added, modified or deleted.
-    # For each filter there will be corresponding output variable to
+    # should be added, modified, or deleted.
+    # For each filter, there will be a corresponding output variable to
     # indicate if there's a changed file matching any of the rules.
-    # Optionally there can be a second output variable
+    # Optionally, there can be a second output variable
     # set to list of all files matching the filter.
-    # Filters can be provided inline as a string (containing valid YAML document)
-    # or as a relative path to separate file (e.g.: .github/filters.yaml).
-    # Multiline string is evaluated as embedded filter definition,
-    # single line string is evaluated as relative path to separate file.
+    # Filters can be provided inline as a string (containing valid YAML document),
+    # or as a relative path to a file (e.g.: .github/filters.yaml).
     # Filters syntax is documented by example - see examples section.
     filters: ''
 
-    # Branch, tag or commit SHA against which the changes will be detected.
-    # If it references same branch it was pushed to,
+    # Branch, tag, or commit SHA against which the changes will be detected.
+    # If it references the same branch it was pushed to,
     # changes are detected against the most recent commit before the push.
-    # Otherwise it uses git merge-base to find best common ancestor between
+    # Otherwise, it uses git merge-base to find the best common ancestor between
     # current branch (HEAD) and base.
     # When merge-base is found, it's used for change detection - only changes
-    # introduced by current branch are considered.
+    # introduced by the current branch are considered.
     # All files are considered as added if there is no common ancestor with
     # base branch or no previous commit.
     # This option is ignored if action is triggered by pull_request event.
@@ -110,16 +112,16 @@ For more information see [CHANGELOG](https://github.com/dorny/paths-filter/blob/
     base: ''
 
     # Git reference (e.g. branch name) from which the changes will be detected.
-    # Useful when workflow can be triggered only on default branch (e.g. repository_dispatch event)
-    # but you want to get changes on different branch.
+    # Useful when workflow can be triggered only on the default branch (e.g. repository_dispatch event)
+    # but you want to get changes on a different branch.
     # This option is ignored if action is triggered by pull_request event.
     # default: ${{ github.ref }}
     ref:
 
-    # How many commits are initially fetched from base branch.
+    # How many commits are initially fetched from the base branch.
     # If needed, each subsequent fetch doubles the
     # previously requested number of commits until the merge-base
-    # is found or there are no more commits in the history.
+    # is found, or there are no more commits in the history.
     # This option takes effect only when changes are detected
     # using git against base branch (feature branch workflow).
     # Default: 100
@@ -128,11 +130,11 @@ For more information see [CHANGELOG](https://github.com/dorny/paths-filter/blob/
     # Enables listing of files matching the filter:
     #   'none'  - Disables listing of matching files (default).
     #   'csv'   - Coma separated list of filenames.
-    #             If needed it uses double quotes to wrap filename with unsafe characters.
-    #   'json'  - Matching files paths are formatted as JSON array.
-    #   'shell' - Space delimited list usable as command line argument list in Linux shell.
-    #             If needed it uses single or double quotes to wrap filename with unsafe characters.
-    #   'escape'- Space delimited list usable as command line argument list in Linux shell.
+    #             If needed, it uses double quotes to wrap filename with unsafe characters.
+    #   'json'  - File paths are formatted as JSON array.
+    #   'shell' - Space delimited list usable as command-line argument list in Linux shell.
+    #             If needed, it uses single or double quotes to wrap filename with unsafe characters.
+    #   'escape'- Space delimited list usable as command-line argument list in Linux shell.
     #             Backslash escapes every potentially unsafe character.
     # Default: none
     list-files: ''
@@ -140,27 +142,28 @@ For more information see [CHANGELOG](https://github.com/dorny/paths-filter/blob/
     # Relative path under $GITHUB_WORKSPACE where the repository was checked out.
     working-directory: ''
 
-    # Personal access token used to fetch list of changed files
-    # from Github REST API.
-    # It's used only if action is triggered by pull request event.
-    # Github token from workflow context is used as default value.
-    # If empty string is provided, action falls back to detect
+    # Personal access token used to fetch a list of changed files
+    # from GitHub REST API.
+    # It's only used if action is triggered by a pull request event.
+    # GitHub token from workflow context is used as default value.
+    # If an empty string is provided, the action falls back to detect
     # changes using git commands.
     # Default: ${{ github.token }}
     token: ''
 ```
 
 ## Outputs
-- For each filter it sets output variable named by the filter to the text:
-   - `'true'` - if **any** of changed files matches any of filter rules
-   - `'false'` - if **none** of changed files matches any of filter rules
-- For each filter it sets output variable with name `${FILTER_NAME}_count` to the count of matching files.
-- If enabled, for each filter it sets output variable with name `${FILTER_NAME}_files`. It will contain list of all files matching the filter.
-- `changes` - JSON array with names of all filters matching any of changed files.
 
-# Examples
+- For each filter, it sets output variable named by the filter to the text:
+  - `'true'` - if **any** of changed files matches any of filter rules
+  - `'false'` - if **none** of changed files matches any of filter rules
+- For each filter, it sets an output variable with the name `${FILTER_NAME}_count` to the count of matching files.
+- If enabled, for each filter it sets an output variable with the name `${FILTER_NAME}_files`. It will contain a list of all files matching the filter.
+- `changes` - JSON array with names of all filters matching any of the changed files.
 
-## Conditional execution
+## Examples
+
+### Conditional execution
 
 <details>
   <summary>Execute <b>step</b> in a workflow job only if some file in a subfolder is changed</summary>
@@ -195,6 +198,7 @@ jobs:
       if: steps.filter.outputs.backend == 'true' || steps.filter.outputs.frontend == 'true'
       run: ...
 ```
+
 </details>
 
 <details>
@@ -238,6 +242,7 @@ jobs:
       - uses: actions/checkout@v2
       - ...
 ```
+
 </details>
 
 <details>
@@ -273,9 +278,10 @@ jobs:
       - uses: actions/checkout@v2
       - ...
 ```
+
 </details>
 
-## Change detection workflows
+### Change detection workflows
 
 <details>
   <summary><b>Pull requests:</b> Detect changes against PR base branch</summary>
@@ -283,7 +289,7 @@ jobs:
 ```yaml
 on:
   pull_request:
-    branches: # PRs to following branches will trigger the workflow
+    branches: # PRs to the following branches will trigger the workflow
       - master
       - develop
 jobs:
@@ -296,6 +302,7 @@ jobs:
       with:
         filters: ... # Configure your filters
 ```
+
 </details>
 
 <details>
@@ -321,6 +328,7 @@ jobs:
         base: develop # Change detection against merge-base with this branch
         filters: ... # Configure your filters
 ```
+
 </details>
 
 <details>
@@ -329,7 +337,7 @@ jobs:
 ```yaml
 on:
   push:
-    branches: # Push to following branches will trigger the workflow
+    branches: # Push to the following branches will trigger the workflow
       - master
       - develop
       - release/**
@@ -341,13 +349,14 @@ jobs:
     - uses: dorny/paths-filter@v2
       id: filter
       with:
-        # Use context to get branch where commits were pushed.
-        # If there is only one long lived branch (e.g. master),
+        # Use context to get the branch where commits were pushed.
+        # If there is only one long-lived branch (e.g. master),
         # you can specify it directly.
         # If it's not configured, the repository default branch is used.
         base: ${{ github.ref }}
         filters: ... # Configure your filters
 ```
+
 </details>
 
 <details>
@@ -366,20 +375,21 @@ jobs:
     steps:
     - uses: actions/checkout@v2
 
-      # Some action which modifies files tracked by git (e.g. code linter)
+      # Some action that modifies files tracked by git (e.g. code linter)
     - uses: johndoe/some-action@v1
 
       # Filter to detect which files were modified
-      # Changes could be for example automatically committed
+      # Changes could be, for example, automatically committed
     - uses: dorny/paths-filter@v2
       id: filter
       with:
         base: HEAD
         filters: ... # Configure your filters
 ```
+
 </details>
 
-## Advanced options
+### Advanced options
 
 <details>
   <summary>Define filter rules in own file</summary>
@@ -391,6 +401,7 @@ jobs:
         # Path to file where filters are defined
         filters: .github/filters.yaml
 ```
+
 </details>
 
 <details>
@@ -411,6 +422,7 @@ jobs:
             - *shared
             - src/**
 ```
+
 </details>
 
 <details>
@@ -421,10 +433,10 @@ jobs:
       id: filter
       with:
         # Changed file can be 'added', 'modified', or 'deleted'.
-        # By default the type of change is not considered.
-        # Optionally it's possible to specify it using nested
-        # dictionary, where type(s) of change composes the key.
-        # Multiple change types can be specified using `|` as delimiter.
+        # By default, the type of change is not considered.
+        # Optionally, it's possible to specify it using nested
+        # dictionary, where the type of change composes the key.
+        # Multiple change types can be specified using `|` as the delimiter.
         filters: |
           shared: &shared
             - common/**
@@ -436,10 +448,10 @@ jobs:
           addedOrModifiedAnchors:
             - added|modified: *shared
 ```
+
 </details>
 
-
-## Custom processing of changed files
+### Custom processing of changed files
 
 <details>
   <summary>Passing list of modified files as command line args in Linux shell</summary>
@@ -451,7 +463,7 @@ jobs:
     # Enable listing of files matching each filter.
     # Paths to files will be available in `${FILTER_NAME}_files` output variable.
     # Paths will be escaped and space-delimited.
-    # Output is usable as command line argument list in Linux shell
+    # Output is usable as command-line argument list in Linux shell
     list-files: shell
 
     # In this example changed files will be checked by linter.
@@ -464,6 +476,7 @@ jobs:
   if: ${{ steps.filter.outputs.markdown == 'true' }}
   run: npx textlint ${{ steps.filter.outputs.markdown_files }}
 ```
+
 </details>
 
 <details>
@@ -478,7 +491,7 @@ jobs:
     # Paths will be formatted as JSON array
     list-files: json
 
-    # In this example all changed files are passed to following action to do
+    # In this example all changed files are passed to the following action to do
     # some custom processing.
     filters: |
       changed:
@@ -488,11 +501,13 @@ jobs:
   with:
     files: ${{ steps.filter.outputs.changed_files }}
 ```
+
 </details>
 
-# See also
+## See also
+
 - [test-reporter](https://github.com/dorny/test-reporter) - Displays test results from popular testing frameworks directly in GitHub
 
-# License
+## License
 
 The scripts and documentation in this project are released under the [MIT License](https://github.com/dorny/paths-filter/blob/master/LICENSE)

action.yml

@@ -13,7 +13,6 @@ inputs:
     description: |
       Git reference (e.g. branch name) from which the changes will be detected.
       This option is ignored if action is triggered by pull_request event.
-    default: ${{ github.ref }}
     required: false
   base:
     description: |
@@ -35,7 +34,7 @@ inputs:
                   If needed it uses single or double quotes to wrap filename with unsafe characters.
         'escape'- Space delimited list usable as command line argument list in linux shell.
                   Backslash escapes every potentially unsafe character.
-    required: true
+    required: false
     default: none
   initial-fetch-depth:
     description: |
@@ -49,7 +48,7 @@ outputs:
   changes:
     description: JSON array with names of all filters matching any of changed files
 runs:
-  using: 'node12'
+  using: 'node16'
   main: 'dist/index.js'
 branding:
   color: blue

package.json

@@ -26,30 +26,28 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.2.4",
-    "@actions/exec": "^1.0.4",
+    "@actions/exec": "^1.1.1",
     "@actions/github": "^2.2.0",
     "@octokit/webhooks": "^7.6.2",
     "picomatch": "^2.2.2"
   },
   "devDependencies": {
-    "@types/jest": "^25.2.3",
+    "@types/jest": "^27.4.0",
     "@types/js-yaml": "^3.12.4",
     "@types/minimatch": "^3.0.3",
     "@types/node": "^14.0.5",
     "@types/picomatch": "^2.2.1",
-    "@typescript-eslint/parser": "^3.3.0",
-    "@zeit/ncc": "^0.22.3",
-    "eslint": "^7.3.0",
-    "eslint-plugin-github": "^2.0.0",
+    "@typescript-eslint/eslint-plugin": "^5.10.2",
+    "@typescript-eslint/parser": "^5.10.2",
+    "@vercel/ncc": "^0.33.1",
+    "eslint": "^8.17.0",
+    "eslint-plugin-github": "^4.3.6",
     "eslint-plugin-jest": "^22.21.0",
-    "jest": "^26.0.1",
-    "jest-circus": "^26.0.1",
+    "jest": "^27.4.7",
+    "jest-circus": "^27.4.6",
     "js-yaml": "^3.14.0",
     "prettier": "^2.0.5",
-    "ts-jest": "^26.0.0",
+    "ts-jest": "^27.1.3",
     "typescript": "^3.9.3"
-  },
-  "jest": {
-    "testEnvironment": "node"
   }
 }

src/exec.ts

@@ -1,21 +0,0 @@
-import {exec as execImpl, ExecOptions} from '@actions/exec'
-
-// Wraps original exec() function
-// Returns exit code and whole stdout/stderr
-export default async function exec(commandLine: string, args?: string[], options?: ExecOptions): Promise<ExecResult> {
-  options = options || {}
-  let stdout = ''
-  let stderr = ''
-  options.listeners = {
-    stdout: (data: Buffer) => (stdout += data.toString()),
-    stderr: (data: Buffer) => (stderr += data.toString())
-  }
-  const code = await execImpl(commandLine, args, options)
-  return {code, stdout, stderr}
-}
-
-export interface ExecResult {
-  code: number
-  stdout: string
-  stderr: string
-}

src/git.ts

@@ -1,4 +1,4 @@
-import exec from './exec'
+import {getExecOutput} from '@actions/exec'
 import * as core from '@actions/core'
 import {File, ChangeStatus} from './file'
 
@@ -9,7 +9,7 @@ export async function getChangesInLastCommit(): Promise<File[]> {
   core.startGroup(`Change detection in last commit`)
   let output = ''
   try {
-    output = (await exec('git', ['log', '--format=', '--no-renames', '--name-status', '-z', '-n', '1'])).stdout
+    output = (await getExecOutput('git', ['log', '--format=', '--no-renames', '--name-status', '-z', '-n', '1'])).stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -18,20 +18,17 @@ export async function getChangesInLastCommit(): Promise<File[]> {
   return parseGitDiffOutput(output)
 }
 
-export async function getChanges(baseRef: string): Promise<File[]> {
-  if (!(await hasCommit(baseRef))) {
-    // Fetch single commit
-    core.startGroup(`Fetching ${baseRef} from origin`)
-    await exec('git', ['fetch', '--depth=1', '--no-tags', 'origin', baseRef])
-    core.endGroup()
-  }
+export async function getChanges(base: string, head: string): Promise<File[]> {
+  const baseRef = await ensureRefAvailable(base)
+  const headRef = await ensureRefAvailable(head)
 
   // Get differences between ref and HEAD
-  core.startGroup(`Change detection ${baseRef}..HEAD`)
+  core.startGroup(`Change detection ${base}..${head}`)
   let output = ''
   try {
     // Two dots '..' change detection - directly compares two versions
-    output = (await exec('git', ['diff', '--no-renames', '--name-status', '-z', `${baseRef}..HEAD`])).stdout
+    output = (await getExecOutput('git', ['diff', '--no-renames', '--name-status', '-z', `${baseRef}..${headRef}`]))
+      .stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -45,7 +42,7 @@ export async function getChangesOnHead(): Promise<File[]> {
   core.startGroup(`Change detection on HEAD`)
   let output = ''
   try {
-    output = (await exec('git', ['diff', '--no-renames', '--name-status', '-z', 'HEAD'])).stdout
+    output = (await getExecOutput('git', ['diff', '--no-renames', '--name-status', '-z', 'HEAD'])).stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -61,30 +58,34 @@ export async function getChangesSinceMergeBase(base: string, head: string, initi
     if (baseRef === undefined || headRef === undefined) {
       return false
     }
-    return (await exec('git', ['merge-base', baseRef, headRef], {ignoreReturnCode: true})).code === 0
+    return (await getExecOutput('git', ['merge-base', baseRef, headRef], {ignoreReturnCode: true})).exitCode === 0
   }
 
   let noMergeBase = false
   core.startGroup(`Searching for merge-base ${base}...${head}`)
   try {
-    baseRef = await getFullRef(base)
-    headRef = await getFullRef(head)
+    baseRef = await getLocalRef(base)
+    headRef = await getLocalRef(head)
     if (!(await hasMergeBase())) {
-      await exec('git', ['fetch', '--no-tags', `--depth=${initialFetchDepth}`, 'origin', base, head])
+      await getExecOutput('git', ['fetch', '--no-tags', `--depth=${initialFetchDepth}`, 'origin', base, head])
       if (baseRef === undefined || headRef === undefined) {
-        baseRef = baseRef ?? (await getFullRef(base))
-        headRef = headRef ?? (await getFullRef(head))
+        baseRef = baseRef ?? (await getLocalRef(base))
+        headRef = headRef ?? (await getLocalRef(head))
         if (baseRef === undefined || headRef === undefined) {
-          await exec('git', ['fetch', '--tags', '--depth=1', 'origin', base, head], {
+          await getExecOutput('git', ['fetch', '--tags', '--depth=1', 'origin', base, head], {
             ignoreReturnCode: true // returns exit code 1 if tags on remote were updated - we can safely ignore it
           })
-          baseRef = baseRef ?? (await getFullRef(base))
-          headRef = headRef ?? (await getFullRef(head))
+          baseRef = baseRef ?? (await getLocalRef(base))
+          headRef = headRef ?? (await getLocalRef(head))
           if (baseRef === undefined) {
-            throw new Error(`Could not determine what is ${base} - fetch works but it's not a branch or tag`)
+            throw new Error(
+              `Could not determine what is ${base} - fetch works but it's not a branch, tag or commit SHA`
+            )
           }
           if (headRef === undefined) {
-            throw new Error(`Could not determine what is ${head} - fetch works but it's not a branch or tag`)
+            throw new Error(
+              `Could not determine what is ${head} - fetch works but it's not a branch, tag or commit SHA`
+            )
           }
         }
       }
@@ -93,12 +94,12 @@ export async function getChangesSinceMergeBase(base: string, head: string, initi
       let lastCommitCount = await getCommitCount()
       while (!(await hasMergeBase())) {
         depth = Math.min(depth * 2, Number.MAX_SAFE_INTEGER)
-        await exec('git', ['fetch', `--deepen=${depth}`, 'origin', base, head])
+        await getExecOutput('git', ['fetch', `--deepen=${depth}`, 'origin', base, head])
         const commitCount = await getCommitCount()
         if (commitCount === lastCommitCount) {
           core.info('No more commits were fetched')
           core.info('Last attempt will be to fetch full history')
-          await exec('git', ['fetch'])
+          await getExecOutput('git', ['fetch'])
           if (!(await hasMergeBase())) {
             noMergeBase = true
           }
@@ -122,7 +123,7 @@ export async function getChangesSinceMergeBase(base: string, head: string, initi
   core.startGroup(`Change detection ${diffArg}`)
   let output = ''
   try {
-    output = (await exec('git', ['diff', '--no-renames', '--name-status', '-z', diffArg])).stdout
+    output = (await getExecOutput('git', ['diff', '--no-renames', '--name-status', '-z', diffArg])).stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -147,7 +148,7 @@ export async function listAllFilesAsAdded(): Promise<File[]> {
   core.startGroup('Listing all files tracked by git')
   let output = ''
   try {
-    output = (await exec('git', ['ls-files', '-z'])).stdout
+    output = (await getExecOutput('git', ['ls-files', '-z'])).stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -163,19 +164,19 @@ export async function listAllFilesAsAdded(): Promise<File[]> {
 }
 
 export async function getCurrentRef(): Promise<string> {
-  core.startGroup(`Determining current ref`)
+  core.startGroup(`Get current git ref`)
   try {
-    const branch = (await exec('git', ['branch', '--show-current'])).stdout.trim()
+    const branch = (await getExecOutput('git', ['branch', '--show-current'])).stdout.trim()
     if (branch) {
       return branch
     }
 
-    const describe = await exec('git', ['describe', '--tags', '--exact-match'], {ignoreReturnCode: true})
-    if (describe.code === 0) {
+    const describe = await getExecOutput('git', ['describe', '--tags', '--exact-match'], {ignoreReturnCode: true})
+    if (describe.exitCode === 0) {
       return describe.stdout.trim()
     }
 
-    return (await exec('git', ['rev-parse', HEAD])).stdout.trim()
+    return (await getExecOutput('git', ['rev-parse', HEAD])).stdout.trim()
   } finally {
     core.endGroup()
   }
@@ -198,30 +199,26 @@ export function isGitSha(ref: string): boolean {
 }
 
 async function hasCommit(ref: string): Promise<boolean> {
-  core.startGroup(`Checking if commit for ${ref} is locally available`)
-  try {
-    return (await exec('git', ['cat-file', '-e', `${ref}^{commit}`], {ignoreReturnCode: true})).code === 0
-  } finally {
-    core.endGroup()
-  }
+  return (await getExecOutput('git', ['cat-file', '-e', `${ref}^{commit}`], {ignoreReturnCode: true})).exitCode === 0
 }
 
 async function getCommitCount(): Promise<number> {
-  const output = (await exec('git', ['rev-list', '--count', '--all'])).stdout
+  const output = (await getExecOutput('git', ['rev-list', '--count', '--all'])).stdout
   const count = parseInt(output)
   return isNaN(count) ? 0 : count
 }
 
-async function getFullRef(shortName: string): Promise<string | undefined> {
+async function getLocalRef(shortName: string): Promise<string | undefined> {
   if (isGitSha(shortName)) {
-    return shortName
+    return (await hasCommit(shortName)) ? shortName : undefined
   }
 
-  const output = (await exec('git', ['show-ref', shortName], {ignoreReturnCode: true})).stdout
+  const output = (await getExecOutput('git', ['show-ref', shortName], {ignoreReturnCode: true})).stdout
   const refs = output
     .split(/\r?\n/g)
-    .map(l => l.match(/refs\/.*$/)?.[0] ?? '')
-    .filter(l => l !== '')
+    .map(l => l.match(/refs\/(?:(?:heads)|(?:tags)|(?:remotes\/origin))\/(.*)$/))
+    .filter(match => match !== null && match[1] === shortName)
+    .map(match => match?.[0] ?? '') // match can't be null here but compiler doesn't understand that
 
   if (refs.length === 0) {
     return undefined
@@ -235,6 +232,28 @@ async function getFullRef(shortName: string): Promise<string | undefined> {
   return refs[0]
 }
 
+async function ensureRefAvailable(name: string): Promise<string> {
+  core.startGroup(`Ensuring ${name} is fetched from origin`)
+  try {
+    let ref = await getLocalRef(name)
+    if (ref === undefined) {
+      await getExecOutput('git', ['fetch', '--depth=1', '--no-tags', 'origin', name])
+      ref = await getLocalRef(name)
+      if (ref === undefined) {
+        await getExecOutput('git', ['fetch', '--depth=1', '--tags', 'origin', name])
+        ref = await getLocalRef(name)
+        if (ref === undefined) {
+          throw new Error(`Could not determine what is ${name} - fetch works but it's not a branch, tag or commit SHA`)
+        }
+      }
+    }
+
+    return ref
+  } finally {
+    core.endGroup()
+  }
+}
+
 function fixStdOutNullTermination(): void {
   // Previous command uses NULL as delimiters and output is printed to stdout.
   // We have to make sure next thing written to stdout will start on new line.

src/main.ts

@@ -1,6 +1,7 @@
 import * as fs from 'fs'
 import * as core from '@actions/core'
 import * as github from '@actions/github'
+import type {Octokit} from '@octokit/rest'
 import {Webhooks} from '@octokit/webhooks'
 
 import {Filter, FilterResults} from './filter'
@@ -61,14 +62,30 @@ async function getChangedFiles(token: string, base: string, ref: string, initial
   // if base is 'HEAD' only local uncommitted changes will be detected
   // This is the simplest case as we don't need to fetch more commits or evaluate current/before refs
   if (base === git.HEAD) {
+    if (ref) {
+      core.warning(`'ref' input parameter is ignored when 'base' is set to HEAD`)
+    }
     return await git.getChangesOnHead()
   }
 
-  if (github.context.eventName === 'pull_request' || github.context.eventName === 'pull_request_target') {
+  const prEvents = ['pull_request', 'pull_request_review', 'pull_request_review_comment', 'pull_request_target']
+  if (prEvents.includes(github.context.eventName)) {
+    if (ref) {
+      core.warning(`'ref' input parameter is ignored when 'base' is set to HEAD`)
+    }
+    if (base) {
+      core.warning(`'base' input parameter is ignored when action is triggered by pull request event`)
+    }
     const pr = github.context.payload.pull_request as Webhooks.WebhookPayloadPullRequestPullRequest
     if (token) {
       return await getChangedFilesFromApi(token, pr)
     }
+    if (github.context.eventName === 'pull_request_target') {
+      // pull_request_target is executed in context of base branch and GITHUB_SHA points to last commit in base branch
+      // Therefor it's not possible to look at changes in last commit
+      // At the same time we don't want to fetch any code from forked repository
+      throw new Error(`'token' input parameter is required if action is triggered by 'pull_request_target' event`)
+    }
     core.info('Github token is not available - changes will be detected from PRs merge commit')
     return await git.getChangesInLastCommit()
   } else {
@@ -77,86 +94,92 @@ async function getChangedFiles(token: string, base: string, ref: string, initial
 }
 
 async function getChangedFilesFromGit(base: string, head: string, initialFetchDepth: number): Promise<File[]> {
-  const defaultRef = github.context.payload.repository?.default_branch
+  const defaultBranch = github.context.payload.repository?.default_branch
 
   const beforeSha =
     github.context.eventName === 'push' ? (github.context.payload as Webhooks.WebhookPayloadPush).before : null
 
-  const ref =
-    git.getShortName(head || github.context.ref) ||
-    (core.warning(`'ref' field is missing in event payload - using current branch, tag or commit SHA`),
-    await git.getCurrentRef())
+  const currentRef = await git.getCurrentRef()
 
-  const baseRef = git.getShortName(base) || defaultRef
-  if (!baseRef) {
+  head = git.getShortName(head || github.context.ref || currentRef)
+  base = git.getShortName(base || defaultBranch)
+
+  if (!head) {
+    throw new Error(
+      "This action requires 'head' input to be configured, 'ref' to be set in the event payload or branch/tag checked out in current git repository"
+    )
+  }
+
+  if (!base) {
     throw new Error(
       "This action requires 'base' input to be configured or 'repository.default_branch' to be set in the event payload"
     )
   }
 
-  const isBaseRefSha = git.isGitSha(baseRef)
-  const isBaseRefSameAsRef = baseRef === ref
+  const isBaseSha = git.isGitSha(base)
+  const isBaseSameAsHead = base === head
 
   // If base is commit SHA we will do comparison against the referenced commit
   // Or if base references same branch it was pushed to, we will do comparison against the previously pushed commit
-  if (isBaseRefSha || isBaseRefSameAsRef) {
-    if (!isBaseRefSha && !beforeSha) {
+  if (isBaseSha || isBaseSameAsHead) {
+    const baseSha = isBaseSha ? base : beforeSha
+    if (!baseSha) {
       core.warning(`'before' field is missing in event payload - changes will be detected from last commit`)
+      if (head !== currentRef) {
+        core.warning(`Ref ${head} is not checked out - results might be incorrect!`)
+      }
       return await git.getChangesInLastCommit()
     }
 
-    const baseSha = isBaseRefSha ? baseRef : beforeSha
     // If there is no previously pushed commit,
     // we will do comparison against the default branch or return all as added
     if (baseSha === git.NULL_SHA) {
-      if (defaultRef && baseRef !== defaultRef) {
-        core.info(`First push of a branch detected - changes will be detected against the default branch ${defaultRef}`)
-        return await git.getChangesSinceMergeBase(defaultRef, ref, initialFetchDepth)
+      if (defaultBranch && base !== defaultBranch) {
+        core.info(
+          `First push of a branch detected - changes will be detected against the default branch ${defaultBranch}`
+        )
+        return await git.getChangesSinceMergeBase(defaultBranch, head, initialFetchDepth)
       } else {
         core.info('Initial push detected - all files will be listed as added')
+        if (head !== currentRef) {
+          core.warning(`Ref ${head} is not checked out - results might be incorrect!`)
+        }
         return await git.listAllFilesAsAdded()
       }
     }
 
-    core.info(`Changes will be detected against commit (${baseSha})`)
-    return await git.getChanges(baseSha)
+    core.info(`Changes will be detected between ${baseSha} and ${head}`)
+    return await git.getChanges(baseSha, head)
   }
 
-  // Changes introduced by current branch against the base branch
-  core.info(`Changes will be detected against ${baseRef}`)
-  return await git.getChangesSinceMergeBase(baseRef, ref, initialFetchDepth)
+  core.info(`Changes will be detected between ${base} and ${head}`)
+  return await git.getChangesSinceMergeBase(base, head, initialFetchDepth)
 }
 
 // Uses github REST api to get list of files changed in PR
 async function getChangedFilesFromApi(
   token: string,
-  pullRequest: Webhooks.WebhookPayloadPullRequestPullRequest
+  prNumber: Webhooks.WebhookPayloadPullRequestPullRequest
 ): Promise<File[]> {
-  core.startGroup(`Fetching list of changed files for PR#${pullRequest.number} from Github API`)
+  core.startGroup(`Fetching list of changed files for PR#${prNumber.number} from Github API`)
   try {
     const client = new github.GitHub(token)
     const per_page = 100
     const files: File[] = []
 
-    for (let page = 1; ; page++) {
-      core.info(`Invoking listFiles(pull_number: ${pullRequest.number}, page: ${page}, per_page: ${per_page})`)
-      const response = await client.pulls.listFiles({
+    core.info(`Invoking listFiles(pull_number: ${prNumber.number}, per_page: ${per_page})`)
+    for await (const response of client.paginate.iterator(
+      client.pulls.listFiles.endpoint.merge({
         owner: github.context.repo.owner,
         repo: github.context.repo.repo,
-        pull_number: pullRequest.number,
-        per_page,
-        page
+        pull_number: prNumber.number,
+        per_page
       })
-
+    ) as AsyncIterableIterator<Octokit.Response<Octokit.PullsListFilesResponse>>) {
       if (response.status !== 200) {
         throw new Error(`Fetching list of changed files from GitHub API failed with error code ${response.status}`)
       }
-
       core.info(`Received ${response.data.length} items`)
-      if (response.data.length === 0) {
-        core.info('All changed files has been fetched from GitHub API')
-        break
-      }
 
       for (const row of response.data) {
         core.info(`[${row.status}] ${row.filename}`)