popular github action compromised

https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised

Harden-Runner detection: tj-actions/changed-files action is compromised We are investigating a critical security incident involving the popular tj-actions/changed-files GitHub Action. We want to alert you immediately so that you can take prompt action.

Your secrets are in the build logs