From 024ebcbd0359a76ac03883e5fb7a507169efc786 Mon Sep 17 00:00:00 2001
From: Tyler Yahn <MrAlias@users.noreply.github.com>
Date: Mon, 21 Jul 2025 08:13:48 -0700
Subject: [PATCH] Fix markdown-fail-fast `Get Changes` step script (#7045)

This has been failing silently:
https://github.com/open-telemetry/opentelemetry-go/actions/runs/16361094932/job/46229000882

- Fix the variable handling
- Add debugging `echo`s
- Reduce permissions to minimum needed
---
 .github/workflows/markdown-fail-fast.yml | 34 +++++++++++++++++-------
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/markdown-fail-fast.yml b/.github/workflows/markdown-fail-fast.yml
index 59972bc7a..c3a85d11a 100644
--- a/.github/workflows/markdown-fail-fast.yml
+++ b/.github/workflows/markdown-fail-fast.yml
@@ -4,8 +4,8 @@ on:
   push:
   pull_request:
 
-# Declare default permissions as read only.
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   changedfiles:
@@ -20,8 +20,24 @@ jobs:
           fetch-depth: 0
       - name: Get changed files
         id: changes
+        env:
+          PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+        shell: bash
         run: |
-          echo "md=$(git diff --name-only --diff-filter=ACMRTUXB origin/${{ github.event.pull_request.base.ref }} ${{ github.event.pull_request.head.sha }} | grep .md$ | xargs)" >> $GITHUB_OUTPUT
+          echo "PR_HEAD_SHA=$PR_HEAD_SHA"
+
+          base="$(git merge-base origin/main $PR_HEAD_SHA)"
+          echo "BASE_REF=$base"
+
+          changed="$(git diff --name-only --diff-filter=ACMRTUXB $base $PR_HEAD_SHA)"
+          echo "CHANGED=$changed"
+
+          filtered="$(grep '.md$' <<<"$changed" || true)"
+          echo "filtered=$filtered"
+
+          md="$(echo $filtered | xargs -d '\n' echo)"
+          echo "md=$md"
+          echo "md=$md" >> $GITHUB_OUTPUT
 
   lint:
     name: lint markdown files
@@ -29,9 +45,9 @@ jobs:
     needs: changedfiles
     if: ${{needs.changedfiles.outputs.md}}
     steps:
-    - name: Checkout Repo
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-    - name: Run linter
-      uses: docker://avtodev/markdown-lint:v1@sha256:6aeedc2f49138ce7a1cd0adffc1b1c0321b841dc2102408967d9301c031949ee
-      with:
-        args: ${{needs.changedfiles.outputs.md}}
+      - name: Checkout Repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Run linter
+        uses: docker://avtodev/markdown-lint:v1@sha256:6aeedc2f49138ce7a1cd0adffc1b1c0321b841dc2102408967d9301c031949ee
+        with:
+          args: ${{needs.changedfiles.outputs.md}}