tj-actions/changed-files
List the files changed in a push or pull request so later steps can run conditionally.
What it does
tj-actions/changed-files computes which files changed and exposes them as outputs, so you can, for example, run linters only on changed files or skip a job when nothing relevant changed.
It needs full history for accurate diffs on some events, so pair it with actions/checkout using fetch-depth: 0.
Usage
workflow (.yml)
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- id: changed
uses: tj-actions/changed-files@v46
with:
files: 'src/**'
- if: steps.changed.outputs.any_changed == 'true'
run: npm run lintInputs
| Input | Description | Default | Required |
|---|---|---|---|
files | Glob(s) to filter the changed set. | all | No |
separator | Separator for the output list. | space | No |
Outputs
| Output | Description |
|---|---|
all_changed_files | List of changed files matching the filter. |
any_changed | true if any matching file changed. |
Notes
Accurate diffs on pushes need full history; use fetch-depth: 0 on checkout.
Common errors
- An empty or wrong changed set usually means a shallow checkout. Set
fetch-depth: 0.
Security and pinning
- Pin this action to a full commit SHA. In March 2025 tj-actions tags were compromised to leak secrets; workflows pinned to a SHA were not affected. This is the clearest real-world case for SHA pinning.
Alternatives and related
Frequently asked questions
Why should I pin tj-actions/changed-files to a SHA?
Its tags were compromised in a 2025 supply-chain attack. Pinning to a commit SHA means a moved or malicious tag cannot change what runs in your pipeline.