From 76d01ffaf97bfa196d80931ae391342abc73ca89 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Wed, 5 Mar 2025 10:29:55 +0100
Subject: [PATCH] ci(docker): use GitHub native file change tracking

Don't pull in an external action but rely on GitHubs native way to
detect file changes. Also fix a logic flaw where a PR would try to push
an image (but never succeed due to missing secrets).

Co-authored-by: Benjamin Lipp <blipp@rosenpass.eu>
Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 .github/workflows/docker.yaml | 39 ++++++++---------------------------
 1 file changed, 9 insertions(+), 30 deletions(-)

diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index a646bab..2171cc9 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -1,5 +1,7 @@
 name: Build Docker Images
 
+# Run this job on all non-pull-request events,
+# or if Docker-related files are changed in a pull request.
 on:
   push:
     branches:
@@ -7,6 +9,9 @@ on:
     tags:
       - "v*"
   pull_request:
+    paths:
+      - "docker/Dockerfile"
+      - ".github/workflows/docker.yaml"
     branches:
       - "main"
 
@@ -15,33 +20,10 @@ permissions:
   packages: write
 
 jobs:
-  # ----------------------------------------
-  # 1. Check if docker/Dockerfile or .github/workflows/docker.yaml changed
-  # ----------------------------------------
-  check-dockerfile-changes:
-    runs-on: ubuntu-latest
-    outputs:
-      docker_files_changed: ${{ steps.filter.outputs.docker_files_changed }}
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-
-      - name: Paths filter
-        id: filter
-        uses: dorny/paths-filter@v3
-        with:
-          filters: |
-            docker_files_changed:
-              - 'docker/Dockerfile'
-              - '.github/workflows/docker.yaml'
   # --------------------------------
-  # 2. BUILD & TEST
+  # 1. BUILD & TEST
   # --------------------------------
   build-and-test-rp:
-    needs: check-dockerfile-changes
-    # Run this job on all non-pull-request events,
-    # or if Docker-related files are changed in a pull request.
-    if: ${{ needs.check-dockerfile-changes.outputs.docker_files_changed == 'true' || github.event_name != 'pull_request' }}
     strategy:
       matrix:
         arch: [amd64, arm64]
@@ -131,12 +113,11 @@ jobs:
 
           echo "Standalone Key Exchange test OK."
   # --------------------------------
-  # 3. PUSH (only if tests pass)
+  # 2. PUSH (only if tests pass)
   # --------------------------------
   docker-image-rp:
     needs:
       - build-and-test-rp
-      - check-dockerfile-changes
     # Skip if this is not a PR. Then we want to push this image.
     if: ${{ github.event_name != 'pull_request' }}
     # Use a matrix to build for both AMD64 and ARM64
@@ -184,10 +165,8 @@ jobs:
   docker-image-rosenpass:
     needs:
       - build-and-test-rp
-      - check-dockerfile-changes
-    # Run this job on all non-pull-request events,
-    # or if Docker-related files are changed in a pull request.
-    if: ${{ needs.check-dockerfile-changes.outputs.docker_files_changed == 'true' || github.event_name != 'pull_request' }}
+    # Skip if this is not a PR. Then we want to push this image.
+    if: ${{ github.event_name != 'pull_request' }}
     # Use a matrix to build for both AMD64 and ARM64
     strategy:
       matrix: