Replace dorny/paths-filter with native git diff

Use native git commands to detect path changes instead of the
dorny/paths-filter action, which is not ProdSec approved.

The replacement script handles both pull_request and push events,
and includes handling for initial pushes where there is no previous
commit to compare against.

Author: mraible

.github/workflows/main.yml

@@ -14,14 +14,37 @@ jobs:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
         with:
           fetch-depth: 0
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # v3
+      - name: Check for path changes
         id: changes
-        with:
-          filters: |
-            functions:
-              - 'functions/**'
-            ui:
-              - 'ui/**'
+        run: |
+          if [ "${{ github.event_name }}" == "pull_request" ]; then
+            BASE_SHA="${{ github.event.pull_request.base.sha }}"
+            HEAD_SHA="${{ github.event.pull_request.head.sha }}"
+          else
+            # For push events, compare with previous commit
+            BASE_SHA="${{ github.event.before }}"
+            HEAD_SHA="${{ github.sha }}"
+            # Handle initial push (no previous commit)
+            if [ "$BASE_SHA" == "0000000000000000000000000000000000000000" ]; then
+              echo "functions=true" >> $GITHUB_OUTPUT
+              echo "ui=true" >> $GITHUB_OUTPUT
+              exit 0
+            fi
+          fi
+
+          CHANGED_FILES=$(git diff --name-only $BASE_SHA $HEAD_SHA)
+
+          if echo "$CHANGED_FILES" | grep -q '^functions/'; then
+            echo "functions=true" >> $GITHUB_OUTPUT
+          else
+            echo "functions=false" >> $GITHUB_OUTPUT
+          fi
+
+          if echo "$CHANGED_FILES" | grep -q '^ui/'; then
+            echo "ui=true" >> $GITHUB_OUTPUT
+          else
+            echo "ui=false" >> $GITHUB_OUTPUT
+          fi
 
   test-functions:
     needs: check-changes