chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,104 @@
|
||||
name: static / check binaries
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
check-config-files:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: Check build config allowlist
|
||||
run: bash .github/scripts/check-config-allowlist.sh
|
||||
|
||||
check-binaries:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
|
||||
with:
|
||||
fetch-depth: 0
|
||||
persist-credentials: false
|
||||
|
||||
- name: Check for binary and build artifacts
|
||||
env:
|
||||
BASE_REF: ${{ github.event.pull_request.base.ref }}
|
||||
run: |
|
||||
VIOLATIONS=0
|
||||
|
||||
# Get list of added/modified files in the PR
|
||||
CHANGED_FILES=$(git diff --name-only "origin/${BASE_REF}...HEAD")
|
||||
|
||||
if [ -z "$CHANGED_FILES" ]; then
|
||||
echo "No changed files detected."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Check for binary file extensions
|
||||
BINARY_FILES=$(echo "$CHANGED_FILES" | grep -iE '\.(exe|dll|so|dylib|o|obj|a|lib|wasm)$' || true)
|
||||
if [ -n "$BINARY_FILES" ]; then
|
||||
echo "::error::Binary files detected in PR:"
|
||||
echo "$BINARY_FILES"
|
||||
VIOLATIONS=1
|
||||
fi
|
||||
|
||||
# Check for build directories
|
||||
BUILD_FILES=$(echo "$CHANGED_FILES" | grep -E '/build/' || true)
|
||||
if [ -n "$BUILD_FILES" ]; then
|
||||
echo "::error::Files in build directories detected in PR:"
|
||||
echo "$BUILD_FILES"
|
||||
VIOLATIONS=1
|
||||
fi
|
||||
|
||||
# Check for dSYM directories
|
||||
DSYM_FILES=$(echo "$CHANGED_FILES" | grep -E '\.dSYM/' || true)
|
||||
if [ -n "$DSYM_FILES" ]; then
|
||||
echo "::error::dSYM debug symbol directories detected in PR:"
|
||||
echo "$DSYM_FILES"
|
||||
VIOLATIONS=1
|
||||
fi
|
||||
|
||||
# Check for large files (>1MB) among changed files
|
||||
# Exclude known large files: lockfiles, assets, bundled actions
|
||||
LARGE_FILES=""
|
||||
while IFS= read -r file; do
|
||||
if [ -f "$file" ]; then
|
||||
case "$file" in
|
||||
pnpm-lock.yaml|*/pnpm-lock.yaml|*/package-lock.json|*/poetry.lock) continue ;;
|
||||
assets/*|examples/*/preview.gif|examples/*/assets/*) continue ;;
|
||||
.github/actions/*/dist/*) continue ;;
|
||||
showcase/shell/src/data/*|showcase/shell-docs/src/data/*|showcase/shell-dojo/src/data/demo-content.json) continue ;;
|
||||
esac
|
||||
SIZE=$(wc -c < "$file" | tr -d ' ')
|
||||
if [ "$SIZE" -gt 1048576 ]; then
|
||||
LARGE_FILES="${LARGE_FILES}${file} ($(( SIZE / 1024 )) KB)\n"
|
||||
fi
|
||||
fi
|
||||
done <<< "$CHANGED_FILES"
|
||||
|
||||
if [ -n "$LARGE_FILES" ]; then
|
||||
echo "::error::Files over 1 MB detected in PR:"
|
||||
echo -e "$LARGE_FILES"
|
||||
VIOLATIONS=1
|
||||
fi
|
||||
|
||||
if [ "$VIOLATIONS" -eq 1 ]; then
|
||||
echo ""
|
||||
echo "This PR contains binary artifacts, build outputs, or oversized files."
|
||||
echo "Please remove them and update your .gitignore if needed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "No binary artifacts or oversized files detected."
|
||||
Reference in New Issue
Block a user