@@ -11,96 +11,97 @@ name: Proprietary Path Guard
1111# =============================================================================
1212
1313on :
14- pull_request :
15- branches : [main, develop, master]
16- push :
17- branches : ['**']
18-
19- # Manual trigger for testing
20- workflow_dispatch :
21- inputs :
22- reason :
23- description : ' Reason for manual run'
24- required : false
25- default : ' Testing'
14+ pull_request :
15+ branches : [main, develop, master]
16+ push :
17+ branches : ['**']
18+
19+ # Manual trigger for testing
20+ workflow_dispatch :
21+ inputs :
22+ reason :
23+ description : ' Reason for manual run'
24+ required : false
25+ default : ' Testing'
2626
2727permissions :
28- contents : read
28+ contents : read
2929
3030jobs :
31- check-proprietary-paths :
32- name : Check for Proprietary Paths
33- runs-on : ubuntu-latest
34- if : github.repository == 'FlowiseAI/Flowise'
35-
36- steps :
37- - name : Checkout repository
38- uses : actions/checkout@v4
39- with :
40- fetch-depth : 0
41-
42- - name : Check for proprietary paths
43- id : check-paths
44- run : |
45- echo "🔍 Checking for proprietary paths..."
46- echo "Trigger: ${{ github.event_name }}"
47- echo ""
48-
49- # Get changed files based on event type
50- if [ "${{ github.event_name }}" = "pull_request" ]; then
51- CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
52- elif [ "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]; then
53- # Push to existing branch - compare with previous commit
54- CHANGED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }})
55- else
56- # New branch - compare against default branch
57- CHANGED_FILES=$(git diff --name-only origin/${{ github.event.repository.default_branch }}...${{ github.sha }} 2>/dev/null || echo "")
58- fi
59-
60- echo "Files to check:"
61- echo "$CHANGED_FILES" | head -50 | sed 's/^/ /'
62- echo ""
63-
64- # Check for proprietary paths
65- VIOLATIONS=""
66-
67- while IFS= read -r file; do
68- [ -z "$file" ] && continue
69-
70- # Block all extensions/
71- if echo "$file" | grep -qE "^extensions/"; then
72- VIOLATIONS="$VIOLATIONS$file\n"
73- continue
74- fi
75-
76- # Block all apps/ except apps/oss-app/
77- if echo "$file" | grep -qE "^apps/"; then
78- if ! echo "$file" | grep -qE "^apps/oss-app/"; then
79- VIOLATIONS="$VIOLATIONS$file\n"
80- fi
81- fi
82- done <<< "$CHANGED_FILES"
83-
84- if [ -n "$VIOLATIONS" ]; then
85- echo "has_violations=true" >> $GITHUB_OUTPUT
86- echo "violations<<EOF" >> $GITHUB_OUTPUT
87- printf "%s" "$VIOLATIONS" >> $GITHUB_OUTPUT
88- echo "EOF" >> $GITHUB_OUTPUT
89-
90- echo "❌ Files in proprietary paths detected!"
91- echo ""
92- printf "%s" "$VIOLATIONS" | sed 's/^/ ❌ /'
93- echo ""
94- echo "Proprietary paths:"
95- echo " - extensions/ (reserved for enterprise extensions)"
96- echo " - apps/* (only apps/oss-app/ is allowed)"
97- else
98- echo "has_violations=false" >> $GITHUB_OUTPUT
99- echo "✅ No proprietary paths detected"
100- fi
101-
102- name : Fail if violations found
103- if : steps.check-paths.outputs.has_violations == 'true'
104- run : |
105- echo "::error::Files detected in proprietary paths. These paths are reserved for enterprise extensions."
106- exit 1
31+ check-proprietary-paths :
32+ name : Check for Proprietary Paths
33+ runs-on : ubuntu-latest
34+ if : github.repository == 'FlowiseAI/Flowise'
35+
36+ steps :
37+ - name : Checkout repository
38+ uses : actions/checkout@v4
39+ with :
40+ fetch-depth : 0
41+
42+ - name : Check for proprietary paths
43+ id : check-paths
44+ run : |
45+ echo "🔍 Checking for proprietary paths..."
46+ echo "Trigger: ${{ github.event_name }}"
47+ echo ""
48+
49+ # Get changed files based on event type
50+ if [ "${{ github.event_name }}" = "pull_request" ]; then
51+ CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD)
52+ elif [ "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]; then
53+ # Push to existing branch - compare with previous commit
54+ # Fall back to default branch comparison if before SHA is unreachable (e.g. force-push, shallow clone)
55+ CHANGED_FILES=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} 2>/dev/null || git diff --name-only origin/${{ github.event.repository.default_branch }}...${{ github.sha }} 2>/dev/null || echo "")
56+ else
57+ # New branch - compare against default branch
58+ CHANGED_FILES=$(git diff --name-only origin/${{ github.event.repository.default_branch }}...${{ github.sha }} 2>/dev/null || echo "")
59+ fi
60+
61+ echo "Files to check:"
62+ echo "$CHANGED_FILES" | head -50 | sed 's/^/ /'
63+ echo ""
64+
65+ # Check for proprietary paths
66+ VIOLATIONS=""
67+
68+ while IFS= read -r file; do
69+ [ -z "$file" ] && continue
70+
71+ # Block all extensions/
72+ if echo "$file" | grep -qE "^extensions/"; then
73+ VIOLATIONS="$VIOLATIONS$file\n"
74+ continue
75+ fi
76+
77+ # Block all apps/ except apps/oss-app/
78+ if echo "$file" | grep -qE "^apps/"; then
79+ if ! echo "$file" | grep -qE "^apps/oss-app/"; then
80+ VIOLATIONS="$VIOLATIONS$file\n"
81+ fi
82+ fi
83+ done <<< "$CHANGED_FILES"
84+
85+ if [ -n "$VIOLATIONS" ]; then
86+ echo "has_violations=true" >> $GITHUB_OUTPUT
87+ echo "violations<<EOF" >> $GITHUB_OUTPUT
88+ printf "%s" "$VIOLATIONS" >> $GITHUB_OUTPUT
89+ echo "EOF" >> $GITHUB_OUTPUT
90+
91+ echo "❌ Files in proprietary paths detected!"
92+ echo ""
93+ printf "%s" "$VIOLATIONS" | sed 's/^/ ❌ /'
94+ echo ""
95+ echo "Proprietary paths:"
96+ echo " - extensions/ (reserved for enterprise extensions)"
97+ echo " - apps/* (only apps/oss-app/ is allowed)"
98+ else
99+ echo "has_violations=false" >> $GITHUB_OUTPUT
100+ echo "✅ No proprietary paths detected"
101+ fi
102+
103+ name : Fail if violations found
104+ if : steps.check-paths.outputs.has_violations == 'true'
105+ run : |
106+ echo "::error::Files detected in proprietary paths. These paths are reserved for enterprise extensions."
107+ exit 1
0 commit comments