From b40f0cb6cba840a458ecf50bef687f0bdd6feca1 Mon Sep 17 00:00:00 2001 From: Ben Howe Date: Wed, 11 Mar 2026 09:55:26 -0700 Subject: [PATCH 1/2] Check for large files Signed-off-by: Ben Howe Co-authored-by: Melody Ren --- .github/workflows/pr_file_check.yaml | 46 ++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/pr_file_check.yaml diff --git a/.github/workflows/pr_file_check.yaml b/.github/workflows/pr_file_check.yaml new file mode 100644 index 00000000..c502ff83 --- /dev/null +++ b/.github/workflows/pr_file_check.yaml @@ -0,0 +1,46 @@ +name: Check for Large Files and Restricted Extensions + +on: + pull_request: + branches: + - main + types: [opened, synchronize, reopened] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + check-files: + name: Check file size and type + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + set-safe-directory: true + fetch-depth: 1 + + - name: Fetch base branch + run: git fetch origin ${{ github.event.pull_request.base.ref }} --depth=1 + + - name: Check for large files + run: | + MAX_SIZE=100K # Set max file size limit + LARGE_FILES=$(git diff --name-only --diff-filter=A origin/${{ github.event.pull_request.base.ref }} | xargs du -h | awk -v max="$MAX_SIZE" '$1 > max {print $2}') + + if [[ ! -z "$LARGE_FILES" ]]; then + echo "❌ The following files exceed the allowed size of $MAX_SIZE:" + echo "$LARGE_FILES" + exit 1 + fi + + - name: Check for restricted file types + run: | + BLOCKED_EXTENSIONS="(exe|zip|tar.gz|bz2)" # Add any forbidden extensions + BAD_FILES=$(git diff --name-only --diff-filter=A origin/${{ github.event.pull_request.base.ref }} | grep -E "\.($BLOCKED_EXTENSIONS)$" || true) + if [[ ! -z "$BAD_FILES" ]]; then + echo "❌ The following files have restricted extensions:" + echo "$BAD_FILES" + exit 1 + fi From fb229d4ba9c49d407cf5ba479cdb0217845eba54 Mon Sep 17 00:00:00 2001 From: Ben Howe Date: Wed, 11 Mar 2026 10:00:37 -0700 Subject: [PATCH 2/2] Fix check Signed-off-by: Ben Howe --- .github/workflows/pr_file_check.yaml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr_file_check.yaml b/.github/workflows/pr_file_check.yaml index c502ff83..3146909f 100644 --- a/.github/workflows/pr_file_check.yaml +++ b/.github/workflows/pr_file_check.yaml @@ -26,11 +26,21 @@ jobs: - name: Check for large files run: | - MAX_SIZE=100K # Set max file size limit - LARGE_FILES=$(git diff --name-only --diff-filter=A origin/${{ github.event.pull_request.base.ref }} | xargs du -h | awk -v max="$MAX_SIZE" '$1 > max {print $2}') + MAX_SIZE_BYTES=102400 # 100KB + MAX_SIZE_HUMAN="100KB" + LARGE_FILES="" + while IFS= read -r file; do + if [[ -f "$file" ]]; then + size=$(stat --format='%s' "$file") + if (( size > MAX_SIZE_BYTES )); then + human_size=$(numfmt --to=iec "$size") + LARGE_FILES+=" $file ($human_size)"$'\n' + fi + fi + done < <(git diff --name-only --diff-filter=A origin/${{ github.event.pull_request.base.ref }}) - if [[ ! -z "$LARGE_FILES" ]]; then - echo "❌ The following files exceed the allowed size of $MAX_SIZE:" + if [[ -n "$LARGE_FILES" ]]; then + echo "❌ The following files exceed the allowed size of $MAX_SIZE_HUMAN:" echo "$LARGE_FILES" exit 1 fi