Merge pull request #279 from wardpeet/patch-1

Add missing predicate-quantifier

.eslintrc.json

@@ -1,6 +1,6 @@
 {
     "plugins": ["jest", "@typescript-eslint"],
-    "extends": ["plugin:github/es6"],
+    "extends": ["plugin:github/internal"],
     "parser": "@typescript-eslint/parser",
     "parserOptions": {
       "ecmaVersion": 9,
@@ -16,13 +16,10 @@
       "@typescript-eslint/no-require-imports": "error",
       "@typescript-eslint/array-type": "error",
       "@typescript-eslint/await-thenable": "error",
-      "@typescript-eslint/ban-ts-ignore": "error",
       "camelcase": "off",
       "@typescript-eslint/camelcase": "off",
-      "@typescript-eslint/class-name-casing": "error",
       "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
       "@typescript-eslint/func-call-spacing": ["error", "never"],
-      "@typescript-eslint/generic-type-naming": ["error", "^[A-Z][A-Za-z]*$"],
       "@typescript-eslint/no-array-constructor": "error",
       "@typescript-eslint/no-empty-interface": "error",
       "@typescript-eslint/no-explicit-any": "off",
@@ -32,7 +29,6 @@
       "@typescript-eslint/no-misused-new": "error",
       "@typescript-eslint/no-namespace": "error",
       "@typescript-eslint/no-non-null-assertion": "warn",
-      "@typescript-eslint/no-object-literal-type-assertion": "error",
       "@typescript-eslint/no-unnecessary-qualifier": "error",
       "@typescript-eslint/no-unnecessary-type-assertion": "error",
       "@typescript-eslint/no-useless-constructor": "error",
@@ -40,7 +36,6 @@
       "@typescript-eslint/prefer-for-of": "warn",
       "@typescript-eslint/prefer-function-type": "warn",
       "@typescript-eslint/prefer-includes": "error",
-      "@typescript-eslint/prefer-interface": "error",
       "@typescript-eslint/prefer-string-starts-ends-with": "error",
       "@typescript-eslint/promise-function-async": ["error", { "allowAny": true }],
       "@typescript-eslint/require-array-sort-compare": "error",

.github/workflows/build.yml

@@ -1,4 +1,5 @@
 name: "Build"
+
 on:
   push:
     paths-ignore: [ '*.md' ]
@@ -9,7 +10,11 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 20
+        cache: 'npm'
     - run: |
         npm install
         npm run all
@@ -17,7 +22,7 @@ jobs:
   self-test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - uses: ./
       id: filter
       with:

.github/workflows/pull-request-verification.yml

@@ -10,15 +10,21 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - uses: actions/setup-node@v4
+      with:
+        node-version: 20
+        cache: 'npm'
     - run: |
         npm install
         npm run all
 
   test-inline:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - uses: ./
       id: filter
       with:
@@ -36,8 +42,10 @@ jobs:
 
   test-external:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - uses: ./
       id: filter
       with:
@@ -49,7 +57,7 @@ jobs:
   test-without-token:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - uses: ./
       id: filter
       with:
@@ -62,7 +70,7 @@ jobs:
   test-wd-without-token:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       with:
         path: somewhere
     - uses: ./somewhere
@@ -78,7 +86,7 @@ jobs:
   test-local-changes:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - run: echo "NEW FILE" > local
     - run: git add local
     - uses: ./
@@ -98,7 +106,7 @@ jobs:
   test-change-type:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: configure GIT user
       run: git config user.email "john@nowhere.local" && git config user.name "John Doe"
     - name: modify working tree

CHANGELOG.md

@@ -1,5 +1,27 @@
 # Changelog
 
+## v3.0.2
+- [Add config parameter for predicate quantifier](https://github.com/dorny/paths-filter/pull/224)
+
+## v3.0.1
+- [Compare base and ref when token is empty](https://github.com/dorny/paths-filter/pull/133)
+
+## v3.0.0
+- [Update to Node.js 20](https://github.com/dorny/paths-filter/pull/210)
+- [Update all dependencies](https://github.com/dorny/paths-filter/pull/215)
+
+## v2.11.1
+- [Update @actions/core to v1.10.0 - Fixes warning about deprecated set-output](https://github.com/dorny/paths-filter/pull/167)
+- [Document need for pull-requests: read permission](https://github.com/dorny/paths-filter/pull/168)
+- [Updating to actions/checkout@v3](https://github.com/dorny/paths-filter/pull/164)
+
+## v2.11.0
+- [Set list-files input parameter as not required](https://github.com/dorny/paths-filter/pull/157)
+- [Update Node.js](https://github.com/dorny/paths-filter/pull/161)
+- [Fix incorrect handling of Unicode characters in exec()](https://github.com/dorny/paths-filter/pull/162)
+- [Use Octokit pagination](https://github.com/dorny/paths-filter/pull/163)
+- [Updates real world links](https://github.com/dorny/paths-filter/pull/160)
+
 ## v2.10.2
 - [Fix getLocalRef() returns wrong ref](https://github.com/dorny/paths-filter/pull/91)
 

README.md

@@ -1,23 +1,26 @@
 # Paths Changes Filter
 
-[Github Action](https://github.com/features/actions) that enables conditional execution of workflow steps and jobs, based on the files modified by pull request, on a feature
+[GitHub Action](https://github.com/features/actions) that enables conditional execution of workflow steps and jobs, based on the files modified by pull request, on a feature
 branch, or by the recently pushed commits.
 
 Run slow tasks like integration tests or deployments only for changed components. It saves time and resources, especially in monorepo setups.
-Github workflows built-in [path filters](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestpaths)
+GitHub workflows built-in [path filters](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestpaths)
 don't allow this because they don't work on a level of individual jobs or steps.
 
 **Real world usage examples:**
-- [sentry.io](https://sentry.io/) - [backend-test-py3.6.yml](https://github.com/getsentry/sentry/blob/ca0e43dc5602a9ab2e06d3f6397cc48fb5a78541/.github/workflows/backend-test-py3.6.yml#L32)
-- [GoogleChrome/web.dev](https://web.dev/) - [lint-and-test-workflow.yml](https://github.com/GoogleChrome/web.dev/blob/e1f0c28964e99ce6a996c1e3fd3ee1985a7a04f6/.github/workflows/lint-and-test-workflow.yml#L33)
 
+- [sentry.io](https://sentry.io/) - [backend.yml](https://github.com/getsentry/sentry/blob/2ebe01feab863d89aa7564e6d243b6d80c230ddc/.github/workflows/backend.yml#L36)
+- [GoogleChrome/web.dev](https://web.dev/) - [lint-workflow.yml](https://github.com/GoogleChrome/web.dev/blob/3a57b721e7df6fc52172f676ca68d16153bda6a3/.github/workflows/lint-workflow.yml#L26)
+- [blog post Configuring python linting to be part of CI/CD using GitHub actions](https://dev.to/freshbooks/configuring-python-linting-to-be-part-of-cicd-using-github-actions-1731#what-files-does-it-run-against) - [py_linter.yml](https://github.com/iamtodor/demo-github-actions-python-linter-configuration/blob/main/.github/workflows/py_linter.yml#L31)
+
+## Supported workflows
 
-## Supported workflows:
 - **Pull requests:**
   - Workflow triggered by **[pull_request](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request)**
     or **[pull_request_target](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target)** event
   - Changes are detected against the pull request base branch
-  - Uses Github REST API to fetch a list of modified files
+  - Uses GitHub REST API to fetch a list of modified files
+  - Requires [pull-requests: read](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) permission
 - **Feature branches:**
   - Workflow triggered by **[push](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#push)**
   or any other **[event](https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows)**
@@ -41,8 +44,9 @@ don't allow this because they don't work on a level of individual jobs or steps.
   - Untracked files are ignored
 
 ## Example
+
 ```yaml
-- uses: dorny/paths-filter@v2
+- uses: dorny/paths-filter@v3
   id: changes
   with:
     filters: |
@@ -50,12 +54,14 @@ don't allow this because they don't work on a level of individual jobs or steps.
         - 'src/**'
 
   # run only if some file in 'src' folder was changed
-  if: steps.changes.outputs.src == 'true'
+- if: steps.changes.outputs.src == 'true'
   run: ...
 ```
+
 For more scenarios see [examples](#examples) section.
 
-## Notes:
+## Notes
+
 - Paths expressions are evaluated using [picomatch](https://github.com/micromatch/picomatch) library.
   Documentation for path expression format can be found on the project GitHub page.
 - Picomatch [dot](https://github.com/micromatch/picomatch#options) option is set to true.
@@ -64,8 +70,9 @@ For more scenarios see [examples](#examples) section.
 - Local execution with [act](https://github.com/nektos/act) works only with alternative runner image. Default runner doesn't have `git` binary.
   - Use: `act -P ubuntu-latest=nektos/act-environments-ubuntu:18.04`
 
+## What's New
 
-# What's New
+- New major release `v3` after update to Node 20 [Breaking change]
 - Add `ref` input parameter
 - Add `list-files: csv` format
 - Configure matrix job to run for each folder with changes using `changes` output
@@ -74,10 +81,10 @@ For more scenarios see [examples](#examples) section.
 
 For more information, see [CHANGELOG](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
 
-# Usage
+## Usage
 
 ```yaml
-- uses: dorny/paths-filter@v2
+- uses: dorny/paths-filter@v3
   with:
     # Defines filters applied to detected changed files.
     # Each filter has a name and a list of rules.
@@ -139,26 +146,43 @@ For more information, see [CHANGELOG](https://github.com/dorny/paths-filter/blob
     working-directory: ''
 
     # Personal access token used to fetch a list of changed files
-    # from Github REST API.
+    # from GitHub REST API.
     # It's only used if action is triggered by a pull request event.
-    # Github token from workflow context is used as default value.
+    # GitHub token from workflow context is used as default value.
     # If an empty string is provided, the action falls back to detect
     # changes using git commands.
     # Default: ${{ github.token }}
     token: ''
+
+    # Optional parameter to override the default behavior of file matching algorithm. 
+    # By default files that match at least one pattern defined by the filters will be included.
+    # This parameter allows to override the "at least one pattern" behavior to make it so that
+    # all of the patterns have to match or otherwise the file is excluded. 
+    # An example scenario where this is useful if you would like to match all 
+    # .ts files in a sub-directory but not .md files. 
+    # The filters below will match markdown files despite the exclusion syntax UNLESS 
+    # you specify 'every' as the predicate-quantifier parameter. When you do that, 
+    # it will only match the .ts files in the subdirectory as expected.
+    #
+    # backend:
+    #  - 'pkg/a/b/c/**'
+    #  - '!**/*.jpeg'
+    #  - '!**/*.md'
+    predicate-quantifier: 'some'
 ```
 
 ## Outputs
+
 - For each filter, it sets output variable named by the filter to the text:
-   - `'true'` - if **any** of changed files matches any of filter rules
-   - `'false'` - if **none** of changed files matches any of filter rules
+  - `'true'` - if **any** of changed files matches any of filter rules
+  - `'false'` - if **none** of changed files matches any of filter rules
 - For each filter, it sets an output variable with the name `${FILTER_NAME}_count` to the count of matching files.
 - If enabled, for each filter it sets an output variable with the name `${FILTER_NAME}_files`. It will contain a list of all files matching the filter.
 - `changes` - JSON array with names of all filters matching any of the changed files.
 
-# Examples
+## Examples
 
-## Conditional execution
+### Conditional execution
 
 <details>
   <summary>Execute <b>step</b> in a workflow job only if some file in a subfolder is changed</summary>
@@ -168,8 +192,8 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - uses: dorny/paths-filter@v2
+    - uses: actions/checkout@v4
+    - uses: dorny/paths-filter@v3
       id: filter
       with:
         filters: |
@@ -193,6 +217,7 @@ jobs:
       if: steps.filter.outputs.backend == 'true' || steps.filter.outputs.frontend == 'true'
       run: ...
 ```
+
 </details>
 
 <details>
@@ -203,13 +228,16 @@ jobs:
   # JOB to run change detection
   changes:
     runs-on: ubuntu-latest
+    # Required permissions
+    permissions:
+      pull-requests: read
     # Set job outputs to values from filter step
     outputs:
       backend: ${{ steps.filter.outputs.backend }}
       frontend: ${{ steps.filter.outputs.frontend }}
     steps:
     # For pull requests it's not necessary to checkout the code
-    - uses: dorny/paths-filter@v2
+    - uses: dorny/paths-filter@v3
       id: filter
       with:
         filters: |
@@ -224,7 +252,7 @@ jobs:
     if: ${{ needs.changes.outputs.backend == 'true' }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - ...
 
   # JOB to build and test frontend code
@@ -233,9 +261,10 @@ jobs:
     if: ${{ needs.changes.outputs.frontend == 'true' }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - ...
 ```
+
 </details>
 
 <details>
@@ -246,12 +275,15 @@ jobs:
   # JOB to run change detection
   changes:
     runs-on: ubuntu-latest
+    # Required permissions
+    permissions:
+      pull-requests: read
     outputs:
       # Expose matched filters as job 'packages' output variable
       packages: ${{ steps.filter.outputs.changes }}
     steps:
     # For pull requests it's not necessary to checkout the code
-    - uses: dorny/paths-filter@v2
+    - uses: dorny/paths-filter@v3
       id: filter
       with:
         filters: |
@@ -268,12 +300,13 @@ jobs:
         package: ${{ fromJSON(needs.changes.outputs.packages) }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - ...
 ```
+
 </details>
 
-## Change detection workflows
+### Change detection workflows
 
 <details>
   <summary><b>Pull requests:</b> Detect changes against PR base branch</summary>
@@ -287,13 +320,17 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    # Required permissions
+    permissions:
+      pull-requests: read
     steps:
-    - uses: actions/checkout@v2
-    - uses: dorny/paths-filter@v2
+    - uses: actions/checkout@v4
+    - uses: dorny/paths-filter@v3
       id: filter
       with:
         filters: ... # Configure your filters
 ```
+
 </details>
 
 <details>
@@ -308,17 +345,18 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
       with:
         # This may save additional git fetch roundtrip if
         # merge-base is found within latest 20 commits
         fetch-depth: 20
-    - uses: dorny/paths-filter@v2
+    - uses: dorny/paths-filter@v3
       id: filter
       with:
         base: develop # Change detection against merge-base with this branch
         filters: ... # Configure your filters
 ```
+
 </details>
 
 <details>
@@ -335,8 +373,8 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - uses: dorny/paths-filter@v2
+    - uses: actions/checkout@v4
+    - uses: dorny/paths-filter@v3
       id: filter
       with:
         # Use context to get the branch where commits were pushed.
@@ -346,6 +384,7 @@ jobs:
         base: ${{ github.ref }}
         filters: ... # Configure your filters
 ```
+
 </details>
 
 <details>
@@ -362,40 +401,42 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
       # Some action that modifies files tracked by git (e.g. code linter)
     - uses: johndoe/some-action@v1
 
       # Filter to detect which files were modified
       # Changes could be, for example, automatically committed
-    - uses: dorny/paths-filter@v2
+    - uses: dorny/paths-filter@v3
       id: filter
       with:
         base: HEAD
         filters: ... # Configure your filters
 ```
+
 </details>
 
-## Advanced options
+### Advanced options
 
 <details>
   <summary>Define filter rules in own file</summary>
 
 ```yaml
-- uses: dorny/paths-filter@v2
+- uses: dorny/paths-filter@v3
       id: filter
       with:
         # Path to file where filters are defined
         filters: .github/filters.yaml
 ```
+
 </details>
 
 <details>
   <summary>Use YAML anchors to reuse path expression(s) inside another rule</summary>
 
 ```yaml
-- uses: dorny/paths-filter@v2
+- uses: dorny/paths-filter@v3
       id: filter
       with:
         # &shared is YAML anchor,
@@ -409,13 +450,14 @@ jobs:
             - *shared
             - src/**
 ```
+
 </details>
 
 <details>
   <summary>Consider if file was added, modified or deleted</summary>
 
 ```yaml
-- uses: dorny/paths-filter@v2
+- uses: dorny/paths-filter@v3
       id: filter
       with:
         # Changed file can be 'added', 'modified', or 'deleted'.
@@ -434,16 +476,42 @@ jobs:
           addedOrModifiedAnchors:
             - added|modified: *shared
 ```
+
 </details>
 
+<details>
+  <summary>Detect changes in folder only for some file extensions</summary>
 
-## Custom processing of changed files
+```yaml
+- uses: dorny/paths-filter@v3
+      id: filter
+      with:
+        # This makes it so that all the patterns have to match a file for it to be
+        # considered changed. Because we have the exclusions for .jpeg and .md files
+        # the end result is that if those files are changed they will be ignored
+        # because they don't match the respective rules excluding them.
+        #
+        # This can be leveraged to ensure that you only build & test software changes
+        # that have real impact on the behavior of the code, e.g. you can set up your
+        # build to run when Typescript/Rust/etc. files are changed but markdown
+        # changes in the diff will be ignored and you consume less resources to build.
+        predicate-quantifier: 'every'
+        filters: |
+          backend:
+            - 'pkg/a/b/c/**'
+            - '!**/*.jpeg'
+            - '!**/*.md'
+```
+
+</details>
+
+### Custom processing of changed files
 
 <details>
   <summary>Passing list of modified files as command line args in Linux shell</summary>
 
 ```yaml
-- uses: dorny/paths-filter@v2
+- uses: dorny/paths-filter@v3
   id: filter
   with:
     # Enable listing of files matching each filter.
@@ -462,13 +530,14 @@ jobs:
   if: ${{ steps.filter.outputs.markdown == 'true' }}
   run: npx textlint ${{ steps.filter.outputs.markdown_files }}
 ```
+
 </details>
 
 <details>
   <summary>Passing list of modified files as JSON array to another action</summary>
 
 ```yaml
-- uses: dorny/paths-filter@v2
+- uses: dorny/paths-filter@v3
   id: filter
   with:
     # Enable listing of files matching each filter.
@@ -486,11 +555,13 @@ jobs:
   with:
     files: ${{ steps.filter.outputs.changed_files }}
 ```
+
 </details>
 
-# See also
+## See also
+
 - [test-reporter](https://github.com/dorny/test-reporter) - Displays test results from popular testing frameworks directly in GitHub
 
-# License
+## License
 
 The scripts and documentation in this project are released under the [MIT License](https://github.com/dorny/paths-filter/blob/master/LICENSE)

__tests__/filter.test.ts

@@ -1,4 +1,4 @@
-import {Filter} from '../src/filter'
+import {Filter, FilterConfig, PredicateQuantifier} from '../src/filter'
 import {File, ChangeStatus} from '../src/file'
 
 describe('yaml filter parsing tests', () => {
@@ -117,6 +117,37 @@ describe('matching tests', () => {
     expect(pyMatch.backend).toEqual(pyFiles)
   })
 
+  test('matches only files that are matching EVERY pattern when set to PredicateQuantifier.EVERY', () => {
+    const yaml = `
+    backend:
+      - 'pkg/a/b/c/**'
+      - '!**/*.jpeg'
+      - '!**/*.md'
+    `
+    const filterConfig: FilterConfig = {predicateQuantifier: PredicateQuantifier.EVERY}
+    const filter = new Filter(yaml, filterConfig)
+
+    const typescriptFiles = modified(['pkg/a/b/c/some-class.ts', 'pkg/a/b/c/src/main/some-class.ts'])
+    const otherPkgTypescriptFiles = modified(['pkg/x/y/z/some-class.ts', 'pkg/x/y/z/src/main/some-class.ts'])
+    const otherPkgJpegFiles = modified(['pkg/x/y/z/some-pic.jpeg', 'pkg/x/y/z/src/main/jpeg/some-pic.jpeg'])
+    const docsFiles = modified([
+      'pkg/a/b/c/some-pics.jpeg',
+      'pkg/a/b/c/src/main/jpeg/some-pic.jpeg',
+      'pkg/a/b/c/src/main/some-docs.md',
+      'pkg/a/b/c/some-docs.md'
+    ])
+
+    const typescriptMatch = filter.match(typescriptFiles)
+    const otherPkgTypescriptMatch = filter.match(otherPkgTypescriptFiles)
+    const docsMatch = filter.match(docsFiles)
+    const otherPkgJpegMatch = filter.match(otherPkgJpegFiles)
+
+    expect(typescriptMatch.backend).toEqual(typescriptFiles)
+    expect(otherPkgTypescriptMatch.backend).toEqual([])
+    expect(docsMatch.backend).toEqual([])
+    expect(otherPkgJpegMatch.backend).toEqual([])
+  })
+
   test('matches path based on rules included using YAML anchor', () => {
     const yaml = `
     shared: &shared
@@ -186,3 +217,9 @@ function modified(paths: string[]): File[] {
     return {filename, status: ChangeStatus.Modified}
   })
 }
+
+function renamed(paths: string[]): File[] {
+  return paths.map(filename => {
+    return {filename, status: ChangeStatus.Renamed}
+  })
+}

action.yml

@@ -34,7 +34,7 @@ inputs:
                   If needed it uses single or double quotes to wrap filename with unsafe characters.
         'escape'- Space delimited list usable as command line argument list in linux shell.
                   Backslash escapes every potentially unsafe character.
-    required: true
+    required: false
     default: none
   initial-fetch-depth:
     description: |
@@ -44,11 +44,16 @@ inputs:
       This option takes effect only when changes are detected using git against different base branch.
     required: false
     default: '100'
+  predicate-quantifier:
+    description: |
+      allows to override the "at least one pattern" behavior to make it so that all of the patterns have to match or otherwise the file is excluded.
+    required: false
+    default: 'some'
 outputs:
   changes:
     description: JSON array with names of all filters matching any of changed files
 runs:
-  using: 'node12'
+  using: 'node20'
   main: 'dist/index.js'
 branding:
   color: blue

package.json

@@ -1,6 +1,9 @@
 {
   "name": "paths-filter",
   "version": "1.0.0",
+  "engines": {
+    "node": ">= 20"
+  },
   "private": true,
   "description": "Execute your workflow steps only if relevant files are modified.",
   "main": "lib/main.js",
@@ -25,31 +28,28 @@
   "author": "YourNameOrOrganization",
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.2.4",
-    "@actions/exec": "^1.0.4",
-    "@actions/github": "^2.2.0",
-    "@octokit/webhooks": "^7.6.2",
-    "picomatch": "^2.2.2"
+    "@actions/core": "^1.10.0",
+    "@actions/exec": "^1.1.1",
+    "@actions/github": "6.0.0",
+    "picomatch": "^2.3.1"
   },
   "devDependencies": {
-    "@types/jest": "^25.2.3",
-    "@types/js-yaml": "^3.12.4",
-    "@types/minimatch": "^3.0.3",
-    "@types/node": "^14.0.5",
-    "@types/picomatch": "^2.2.1",
-    "@typescript-eslint/parser": "^3.3.0",
-    "@zeit/ncc": "^0.22.3",
-    "eslint": "^7.3.0",
-    "eslint-plugin-github": "^2.0.0",
-    "eslint-plugin-jest": "^22.21.0",
-    "jest": "^26.0.1",
-    "jest-circus": "^26.0.1",
-    "js-yaml": "^3.14.0",
-    "prettier": "^2.0.5",
-    "ts-jest": "^26.0.0",
-    "typescript": "^3.9.3"
-  },
-  "jest": {
-    "testEnvironment": "node"
+    "@octokit/webhooks-types": "^7.3.1",
+    "@types/jest": "^29.5.11",
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^20.11.6",
+    "@types/picomatch": "^2.3.3",
+    "@typescript-eslint/eslint-plugin": "^6.19.1",
+    "@typescript-eslint/parser": "^6.19.1",
+    "@vercel/ncc": "^0.38.1",
+    "eslint": "^8.56.0",
+    "eslint-plugin-github": "^4.10.1",
+    "eslint-plugin-jest": "^27.6.3",
+    "jest": "^29.7.0",
+    "jest-circus": "^29.7.0",
+    "js-yaml": "^4.1.0",
+    "prettier": "^2.8.8",
+    "ts-jest": "^29.1.2",
+    "typescript": "^5.3.3"
   }
 }

src/exec.ts

@@ -1,21 +0,0 @@
-import {exec as execImpl, ExecOptions} from '@actions/exec'
-
-// Wraps original exec() function
-// Returns exit code and whole stdout/stderr
-export default async function exec(commandLine: string, args?: string[], options?: ExecOptions): Promise<ExecResult> {
-  options = options || {}
-  let stdout = ''
-  let stderr = ''
-  options.listeners = {
-    stdout: (data: Buffer) => (stdout += data.toString()),
-    stderr: (data: Buffer) => (stderr += data.toString())
-  }
-  const code = await execImpl(commandLine, args, options)
-  return {code, stdout, stderr}
-}
-
-export interface ExecResult {
-  code: number
-  stdout: string
-  stderr: string
-}

src/filter.ts

@@ -23,6 +23,48 @@ interface FilterRuleItem {
   isMatch: (str: string) => boolean // Matches the filename
 }
 
+/**
+ * Enumerates the possible logic quantifiers that can be used when determining
+ * if a file is a match or not with multiple patterns.
+ *
+ * The YAML configuration property that is parsed into one of these values is
+ * 'predicate-quantifier' on the top level of the configuration object of the
+ * action.
+ *
+ * The default is to use 'some' which used to be the hardcoded behavior prior to
+ * the introduction of the new mechanism.
+ *
+ * @see https://en.wikipedia.org/wiki/Quantifier_(logic)
+ */
+export enum PredicateQuantifier {
+  /**
+   * When choosing 'every' in the config it means that files will only get matched
+   * if all the patterns are satisfied by the path of the file, not just at least one of them.
+   */
+  EVERY = 'every',
+  /**
+   * When choosing 'some' in the config it means that files will get matched as long as there is
+   * at least one pattern that matches them. This is the default behavior if you don't
+   * specify anything as a predicate quantifier.
+   */
+  SOME = 'some'
+}
+
+/**
+ * Used to define customizations for how the file filtering should work at runtime.
+ */
+export type FilterConfig = {readonly predicateQuantifier: PredicateQuantifier}
+
+/**
+ * An array of strings (at runtime) that contains the valid/accepted values for
+ * the configuration parameter 'predicate-quantifier'.
+ */
+export const SUPPORTED_PREDICATE_QUANTIFIERS = Object.values(PredicateQuantifier)
+
+export function isPredicateQuantifier(x: unknown): x is PredicateQuantifier {
+  return SUPPORTED_PREDICATE_QUANTIFIERS.includes(x as PredicateQuantifier)
+}
+
 export interface FilterResults {
   [key: string]: File[]
 }
@@ -31,7 +73,7 @@ export class Filter {
   rules: {[key: string]: FilterRuleItem[]} = {}
 
   // Creates instance of Filter and load rules from YAML if it's provided
-  constructor(yaml?: string) {
+  constructor(yaml?: string, readonly filterConfig?: FilterConfig) {
     if (yaml) {
       this.load(yaml)
     }
@@ -43,7 +85,7 @@ export class Filter {
       return
     }
 
-    const doc = jsyaml.safeLoad(yaml) as FilterYaml
+    const doc = jsyaml.load(yaml) as FilterYaml
     if (typeof doc !== 'object') {
       this.throwInvalidFormatError('Root element is not an object')
     }
@@ -62,9 +104,14 @@ export class Filter {
   }
 
   private isMatch(file: File, patterns: FilterRuleItem[]): boolean {
-    return patterns.some(
-      rule => (rule.status === undefined || rule.status.includes(file.status)) && rule.isMatch(file.filename)
-    )
+    const aPredicate = (rule: Readonly<FilterRuleItem>): boolean => {
+      return (rule.status === undefined || rule.status.includes(file.status)) && rule.isMatch(file.filename)
+    }
+    if (this.filterConfig?.predicateQuantifier === 'every') {
+      return patterns.every(aPredicate)
+    } else {
+      return patterns.some(aPredicate)
+    }
   }
 
   private parseFilterItemYaml(item: FilterItemYaml): FilterRuleItem[] {

src/git.ts

@@ -1,4 +1,4 @@
-import exec from './exec'
+import {getExecOutput} from '@actions/exec'
 import * as core from '@actions/core'
 import {File, ChangeStatus} from './file'
 
@@ -9,7 +9,7 @@ export async function getChangesInLastCommit(): Promise<File[]> {
   core.startGroup(`Change detection in last commit`)
   let output = ''
   try {
-    output = (await exec('git', ['log', '--format=', '--no-renames', '--name-status', '-z', '-n', '1'])).stdout
+    output = (await getExecOutput('git', ['log', '--format=', '--no-renames', '--name-status', '-z', '-n', '1'])).stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -27,7 +27,8 @@ export async function getChanges(base: string, head: string): Promise<File[]> {
   let output = ''
   try {
     // Two dots '..' change detection - directly compares two versions
-    output = (await exec('git', ['diff', '--no-renames', '--name-status', '-z', `${baseRef}..${headRef}`])).stdout
+    output = (await getExecOutput('git', ['diff', '--no-renames', '--name-status', '-z', `${baseRef}..${headRef}`]))
+      .stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -41,7 +42,7 @@ export async function getChangesOnHead(): Promise<File[]> {
   core.startGroup(`Change detection on HEAD`)
   let output = ''
   try {
-    output = (await exec('git', ['diff', '--no-renames', '--name-status', '-z', 'HEAD'])).stdout
+    output = (await getExecOutput('git', ['diff', '--no-renames', '--name-status', '-z', 'HEAD'])).stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -57,7 +58,7 @@ export async function getChangesSinceMergeBase(base: string, head: string, initi
     if (baseRef === undefined || headRef === undefined) {
       return false
     }
-    return (await exec('git', ['merge-base', baseRef, headRef], {ignoreReturnCode: true})).code === 0
+    return (await getExecOutput('git', ['merge-base', baseRef, headRef], {ignoreReturnCode: true})).exitCode === 0
   }
 
   let noMergeBase = false
@@ -66,12 +67,12 @@ export async function getChangesSinceMergeBase(base: string, head: string, initi
     baseRef = await getLocalRef(base)
     headRef = await getLocalRef(head)
     if (!(await hasMergeBase())) {
-      await exec('git', ['fetch', '--no-tags', `--depth=${initialFetchDepth}`, 'origin', base, head])
+      await getExecOutput('git', ['fetch', '--no-tags', `--depth=${initialFetchDepth}`, 'origin', base, head])
       if (baseRef === undefined || headRef === undefined) {
         baseRef = baseRef ?? (await getLocalRef(base))
         headRef = headRef ?? (await getLocalRef(head))
         if (baseRef === undefined || headRef === undefined) {
-          await exec('git', ['fetch', '--tags', '--depth=1', 'origin', base, head], {
+          await getExecOutput('git', ['fetch', '--tags', '--depth=1', 'origin', base, head], {
             ignoreReturnCode: true // returns exit code 1 if tags on remote were updated - we can safely ignore it
           })
           baseRef = baseRef ?? (await getLocalRef(base))
@@ -93,12 +94,12 @@ export async function getChangesSinceMergeBase(base: string, head: string, initi
       let lastCommitCount = await getCommitCount()
       while (!(await hasMergeBase())) {
         depth = Math.min(depth * 2, Number.MAX_SAFE_INTEGER)
-        await exec('git', ['fetch', `--deepen=${depth}`, 'origin', base, head])
+        await getExecOutput('git', ['fetch', `--deepen=${depth}`, 'origin', base, head])
         const commitCount = await getCommitCount()
         if (commitCount === lastCommitCount) {
           core.info('No more commits were fetched')
           core.info('Last attempt will be to fetch full history')
-          await exec('git', ['fetch'])
+          await getExecOutput('git', ['fetch'])
           if (!(await hasMergeBase())) {
             noMergeBase = true
           }
@@ -122,7 +123,7 @@ export async function getChangesSinceMergeBase(base: string, head: string, initi
   core.startGroup(`Change detection ${diffArg}`)
   let output = ''
   try {
-    output = (await exec('git', ['diff', '--no-renames', '--name-status', '-z', diffArg])).stdout
+    output = (await getExecOutput('git', ['diff', '--no-renames', '--name-status', '-z', diffArg])).stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -147,7 +148,7 @@ export async function listAllFilesAsAdded(): Promise<File[]> {
   core.startGroup('Listing all files tracked by git')
   let output = ''
   try {
-    output = (await exec('git', ['ls-files', '-z'])).stdout
+    output = (await getExecOutput('git', ['ls-files', '-z'])).stdout
   } finally {
     fixStdOutNullTermination()
     core.endGroup()
@@ -165,17 +166,17 @@ export async function listAllFilesAsAdded(): Promise<File[]> {
 export async function getCurrentRef(): Promise<string> {
   core.startGroup(`Get current git ref`)
   try {
-    const branch = (await exec('git', ['branch', '--show-current'])).stdout.trim()
+    const branch = (await getExecOutput('git', ['branch', '--show-current'])).stdout.trim()
     if (branch) {
       return branch
     }
 
-    const describe = await exec('git', ['describe', '--tags', '--exact-match'], {ignoreReturnCode: true})
-    if (describe.code === 0) {
+    const describe = await getExecOutput('git', ['describe', '--tags', '--exact-match'], {ignoreReturnCode: true})
+    if (describe.exitCode === 0) {
       return describe.stdout.trim()
     }
 
-    return (await exec('git', ['rev-parse', HEAD])).stdout.trim()
+    return (await getExecOutput('git', ['rev-parse', HEAD])).stdout.trim()
   } finally {
     core.endGroup()
   }
@@ -198,11 +199,11 @@ export function isGitSha(ref: string): boolean {
 }
 
 async function hasCommit(ref: string): Promise<boolean> {
-  return (await exec('git', ['cat-file', '-e', `${ref}^{commit}`], {ignoreReturnCode: true})).code === 0
+  return (await getExecOutput('git', ['cat-file', '-e', `${ref}^{commit}`], {ignoreReturnCode: true})).exitCode === 0
 }
 
 async function getCommitCount(): Promise<number> {
-  const output = (await exec('git', ['rev-list', '--count', '--all'])).stdout
+  const output = (await getExecOutput('git', ['rev-list', '--count', '--all'])).stdout
   const count = parseInt(output)
   return isNaN(count) ? 0 : count
 }
@@ -212,7 +213,7 @@ async function getLocalRef(shortName: string): Promise<string | undefined> {
     return (await hasCommit(shortName)) ? shortName : undefined
   }
 
-  const output = (await exec('git', ['show-ref', shortName], {ignoreReturnCode: true})).stdout
+  const output = (await getExecOutput('git', ['show-ref', shortName], {ignoreReturnCode: true})).stdout
   const refs = output
     .split(/\r?\n/g)
     .map(l => l.match(/refs\/(?:(?:heads)|(?:tags)|(?:remotes\/origin))\/(.*)$/))
@@ -236,10 +237,10 @@ async function ensureRefAvailable(name: string): Promise<string> {
   try {
     let ref = await getLocalRef(name)
     if (ref === undefined) {
-      await exec('git', ['fetch', '--depth=1', '--no-tags', 'origin', name])
+      await getExecOutput('git', ['fetch', '--depth=1', '--no-tags', 'origin', name])
       ref = await getLocalRef(name)
       if (ref === undefined) {
-        await exec('git', ['fetch', '--depth=1', '--tags', 'origin', name])
+        await getExecOutput('git', ['fetch', '--depth=1', '--tags', 'origin', name])
         ref = await getLocalRef(name)
         if (ref === undefined) {
           throw new Error(`Could not determine what is ${name} - fetch works but it's not a branch, tag or commit SHA`)

src/main.ts

@@ -1,9 +1,17 @@
 import * as fs from 'fs'
 import * as core from '@actions/core'
 import * as github from '@actions/github'
-import {Webhooks} from '@octokit/webhooks'
+import {GetResponseDataTypeFromEndpointMethod} from '@octokit/types'
+import {PushEvent, PullRequestEvent} from '@octokit/webhooks-types'
 
-import {Filter, FilterResults} from './filter'
+import {
+  isPredicateQuantifier,
+  Filter,
+  FilterConfig,
+  FilterResults,
+  PredicateQuantifier,
+  SUPPORTED_PREDICATE_QUANTIFIERS
+} from './filter'
 import {File, ChangeStatus} from './file'
 import * as git from './git'
 import {backslashEscape, shellEscape} from './list-format/shell-escape'
@@ -25,19 +33,28 @@ async function run(): Promise<void> {
     const filtersYaml = isPathInput(filtersInput) ? getConfigFileContent(filtersInput) : filtersInput
     const listFiles = core.getInput('list-files', {required: false}).toLowerCase() || 'none'
     const initialFetchDepth = parseInt(core.getInput('initial-fetch-depth', {required: false})) || 10
+    const predicateQuantifier = core.getInput('predicate-quantifier', {required: false}) || PredicateQuantifier.SOME
 
     if (!isExportFormat(listFiles)) {
       core.setFailed(`Input parameter 'list-files' is set to invalid value '${listFiles}'`)
       return
     }
 
-    const filter = new Filter(filtersYaml)
+    if (!isPredicateQuantifier(predicateQuantifier)) {
+      const predicateQuantifierInvalidErrorMsg =
+        `Input parameter 'predicate-quantifier' is set to invalid value ` +
+        `'${predicateQuantifier}'. Valid values: ${SUPPORTED_PREDICATE_QUANTIFIERS.join(', ')}`
+      throw new Error(predicateQuantifierInvalidErrorMsg)
+    }
+    const filterConfig: FilterConfig = {predicateQuantifier}
+
+    const filter = new Filter(filtersYaml, filterConfig)
     const files = await getChangedFiles(token, base, ref, initialFetchDepth)
     core.info(`Detected ${files.length} changed files`)
     const results = filter.match(files)
     exportResults(results, listFiles)
   } catch (error) {
-    core.setFailed(error.message)
+    core.setFailed(getErrorMessage(error))
   }
 }
 
@@ -75,7 +92,7 @@ async function getChangedFiles(token: string, base: string, ref: string, initial
     if (base) {
       core.warning(`'base' input parameter is ignored when action is triggered by pull request event`)
     }
-    const pr = github.context.payload.pull_request as Webhooks.WebhookPayloadPullRequestPullRequest
+    const pr = github.context.payload.pull_request as PullRequestEvent
     if (token) {
       return await getChangedFilesFromApi(token, pr)
     }
@@ -85,8 +102,11 @@ async function getChangedFiles(token: string, base: string, ref: string, initial
       // At the same time we don't want to fetch any code from forked repository
       throw new Error(`'token' input parameter is required if action is triggered by 'pull_request_target' event`)
     }
-    core.info('Github token is not available - changes will be detected from PRs merge commit')
-    return await git.getChangesInLastCommit()
+    core.info('Github token is not available - changes will be detected using git diff')
+    const baseSha = github.context.payload.pull_request?.base.sha
+    const defaultBranch = github.context.payload.repository?.default_branch
+    const currentRef = await git.getCurrentRef()
+    return await git.getChanges(base || baseSha || defaultBranch, currentRef)
   } else {
     return getChangedFilesFromGit(base, ref, initialFetchDepth)
   }
@@ -95,8 +115,7 @@ async function getChangedFiles(token: string, base: string, ref: string, initial
 async function getChangedFilesFromGit(base: string, head: string, initialFetchDepth: number): Promise<File[]> {
   const defaultBranch = github.context.payload.repository?.default_branch
 
-  const beforeSha =
-    github.context.eventName === 'push' ? (github.context.payload as Webhooks.WebhookPayloadPush).before : null
+  const beforeSha = github.context.eventName === 'push' ? (github.context.payload as PushEvent).before : null
 
   const currentRef = await git.getCurrentRef()
 
@@ -156,37 +175,28 @@ async function getChangedFilesFromGit(base: string, head: string, initialFetchDe
 }
 
 // Uses github REST api to get list of files changed in PR
-async function getChangedFilesFromApi(
-  token: string,
-  prNumber: Webhooks.WebhookPayloadPullRequestPullRequest
-): Promise<File[]> {
-  core.startGroup(`Fetching list of changed files for PR#${prNumber.number} from Github API`)
+async function getChangedFilesFromApi(token: string, pullRequest: PullRequestEvent): Promise<File[]> {
+  core.startGroup(`Fetching list of changed files for PR#${pullRequest.number} from Github API`)
   try {
-    const client = new github.GitHub(token)
+    const client = github.getOctokit(token)
     const per_page = 100
     const files: File[] = []
 
-    for (let page = 1; ; page++) {
-      core.info(`Invoking listFiles(pull_number: ${prNumber.number}, page: ${page}, per_page: ${per_page})`)
-      const response = await client.pulls.listFiles({
+    core.info(`Invoking listFiles(pull_number: ${pullRequest.number}, per_page: ${per_page})`)
+    for await (const response of client.paginate.iterator(
+      client.rest.pulls.listFiles.endpoint.merge({
         owner: github.context.repo.owner,
         repo: github.context.repo.repo,
-        pull_number: prNumber.number,
-        per_page,
-        page
+        pull_number: pullRequest.number,
+        per_page
       })
-
+    )) {
       if (response.status !== 200) {
         throw new Error(`Fetching list of changed files from GitHub API failed with error code ${response.status}`)
       }
-
       core.info(`Received ${response.data.length} items`)
-      if (response.data.length === 0) {
-        core.info('All changed files has been fetched from GitHub API')
-        break
-      }
 
-      for (const row of response.data) {
+      for (const row of response.data as GetResponseDataTypeFromEndpointMethod<typeof client.rest.pulls.listFiles>) {
         core.info(`[${row.status}] ${row.filename}`)
         // There's no obvious use-case for detection of renames
         // Therefore we treat it as if rename detection in git diff was turned off.
@@ -272,4 +282,9 @@ function isExportFormat(value: string): value is ExportFormat {
   return ['none', 'csv', 'shell', 'json', 'escape'].includes(value)
 }
 
+function getErrorMessage(error: unknown): string {
+  if (error instanceof Error) return error.message
+  return String(error)
+}
+
 run()