GitHub Actions: Fix Shellsheck workflow to only run on changes *.sh files

[andygrunwald]

✍️ Description

The Shellcheck GitHub Action workflow is not running. It throws an error in the "Get changed files" step:

Run if true; then
fatal: ambiguous argument 'HEAD^1': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:
'git <command> [<revision>...] -- [<file>...]'

See https://github.com/community-scripts/ProxmoxVE/actions/runs/12724031265/job/35469760341

This Pull Request is using the same "Get changes files" logic from another workflow:

ProxmoxVE/.github/workflows/validate-filenames.yml

Lines 36 to 43 in cc40b59

	- name: Get changed files
	id: changed-files
	run: |
	if ${{ github.event_name == 'pull_request_target' }}; then
	echo "files=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ steps.pr.outputs.result && fromJSON(steps.pr.outputs.result).merge_commit_sha }} | xargs)" >> $GITHUB_OUTPUT
	else
	echo "files=$(git diff --name-only ${{ github.event.before }} ${{ github.event.after }} | xargs)" >> $GITHUB_OUTPUT
	fi

Why this change?

The current way can't work. E.g. in a119a27#diff-549859aac5bcaebdf605d3ffd525377f2b314b5cc6eb4ebad490bd2cc52617a7L21, the action ludeeus/action-shellcheck was removed and shellcheck was executed directly. But shellcheck was never installed. This was never caught, as we never entered this step (due to the error above).

Right now, we don't use ludeeus/action-shellcheck as this repository requires to only run Shellcheck on changed files (due to the amount of warnings). The ludeeus/action-shellcheck action doesn't support an "only run on those files" input.
We mitigate this by using the same code as the ludeeus/action-shellcheck action to install shellcheck. Then, we run it ourselves. This is a (temp) workaround until this repo is shellcheck warning free.

Additionally we introduce https://github.com/marketplace/actions/changed-files to detect changed-files. The latest change (see b8671b9) on the changed files detection also proved that this doesn't seem to be straightforward.
As Github action is used only in the Github env and not locally, I think it make sense to use an existing codebase that is proven.

⚠️ See the testing note below - The action tj-actions/changed-files need to be approved by Repo admins.

---

🛠️ Type of Change

• Bug fix (non-breaking change that resolves an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change unexpectedly)
• New script (a fully functional and thoroughly tested script or set of scripts)

---

✅ Prerequisites

• Self-review performed (I have reviewed my code to ensure it follows established patterns and conventions.)
• Testing performed (I have thoroughly tested my changes and verified expected functionality.)
• Documentation updated (I have updated any relevant documentation)

⚠️ A note on testing

Testing is / was partially possible.
The github action "" needs to be approved by Repository admins:

tj-actions/changed-files@v45 is not allowed to be used in community-scripts/ProxmoxVE. Actions in this workflow must be: within a repository owned by community-scripts, created by GitHub, or matching the following: ludeeus/action-shellcheck@*.

---

📋 Additional Information (optional)

[MickLesk]

I know, just didn't feel like it yesterday ^^

[andygrunwald]

@MickLesk Can you add the extension tj-actions/changed-files into the repo whitelist?

tj-actions/changed-files@v45 is not allowed to be used in community-scripts/ProxmoxVE. Actions in this workflow must be: within a repository owned by community-scripts, created by GitHub, or matching the following: ludeeus/action-shellcheck@*.

Source: https://github.com/community-scripts/ProxmoxVE/actions/runs/12746776359