forked from CopilotKit/CopilotKit
-
Notifications
You must be signed in to change notification settings - Fork 0
104 lines (89 loc) · 3.41 KB
/
Copy pathstatic_check-binaries.yml
File metadata and controls
104 lines (89 loc) · 3.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: static / check binaries
on:
pull_request:
branches: [main]
permissions:
contents: read
jobs:
check-config-files:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
persist-credentials: false
- name: Check build config allowlist
run: bash .github/scripts/check-config-allowlist.sh
check-binaries:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 0
persist-credentials: false
- name: Check for binary and build artifacts
env:
BASE_REF: ${{ github.event.pull_request.base.ref }}
run: |
VIOLATIONS=0
# Get list of added/modified files in the PR
CHANGED_FILES=$(git diff --name-only "origin/${BASE_REF}...HEAD")
if [ -z "$CHANGED_FILES" ]; then
echo "No changed files detected."
exit 0
fi
# Check for binary file extensions
BINARY_FILES=$(echo "$CHANGED_FILES" | grep -iE '\.(exe|dll|so|dylib|o|obj|a|lib|wasm)$' || true)
if [ -n "$BINARY_FILES" ]; then
echo "::error::Binary files detected in PR:"
echo "$BINARY_FILES"
VIOLATIONS=1
fi
# Check for build directories
BUILD_FILES=$(echo "$CHANGED_FILES" | grep -E '/build/' || true)
if [ -n "$BUILD_FILES" ]; then
echo "::error::Files in build directories detected in PR:"
echo "$BUILD_FILES"
VIOLATIONS=1
fi
# Check for dSYM directories
DSYM_FILES=$(echo "$CHANGED_FILES" | grep -E '\.dSYM/' || true)
if [ -n "$DSYM_FILES" ]; then
echo "::error::dSYM debug symbol directories detected in PR:"
echo "$DSYM_FILES"
VIOLATIONS=1
fi
# Check for large files (>1MB) among changed files
# Exclude known large files: lockfiles, assets, docs media, bundled actions
LARGE_FILES=""
while IFS= read -r file; do
if [ -f "$file" ]; then
case "$file" in
pnpm-lock.yaml|*/pnpm-lock.yaml|*/package-lock.json|*/poetry.lock) continue ;;
assets/*|docs/public/*|examples/*/preview.gif|examples/*/assets/*) continue ;;
.github/actions/*/dist/*) continue ;;
showcase/shell/src/data/*|showcase/shell-docs/src/data/*|showcase/shell-dojo/src/data/demo-content.json) continue ;;
esac
SIZE=$(wc -c < "$file" | tr -d ' ')
if [ "$SIZE" -gt 1048576 ]; then
LARGE_FILES="${LARGE_FILES}${file} ($(( SIZE / 1024 )) KB)\n"
fi
fi
done <<< "$CHANGED_FILES"
if [ -n "$LARGE_FILES" ]; then
echo "::error::Files over 1 MB detected in PR:"
echo -e "$LARGE_FILES"
VIOLATIONS=1
fi
if [ "$VIOLATIONS" -eq 1 ]; then
echo ""
echo "This PR contains binary artifacts, build outputs, or oversized files."
echo "Please remove them and update your .gitignore if needed."
exit 1
fi
echo "No binary artifacts or oversized files detected."