-
Notifications
You must be signed in to change notification settings - Fork 2
65 lines (52 loc) · 2.08 KB
/
guardrail.yml
File metadata and controls
65 lines (52 loc) · 2.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: CMS Branch Guard
on:
pull_request:
jobs:
restrict-cms-branches:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
fetch-depth: 0 # IMPORTANT for diff to work properly
- name: Validate CMS branch changes
run: |
BRANCH_NAME="${{ github.head_ref }}"
BASE_REF="${{ github.base_ref }}"
echo "Branch: $BRANCH_NAME"
echo "Base: $BASE_REF"
if [[ "$BRANCH_NAME" == cms/* ]]; then
echo "CMS branch detected — enforcing content rules"
# Get changed files (including renames, deletions, etc.)
CHANGED_FILES=$(git diff --name-only origin/$BASE_REF...HEAD)
echo "Changed files:"
echo "$CHANGED_FILES"
# Allowed patterns:
# 1. Content files
# 2. Upload images
ALLOWED_REGEX="^(projects/website-angular/content/.*\.(md|json|yml)|projects/website-angular/public/uploads/.*\.(png|jpg|jpeg|webp|gif|svg))$"
# Find invalid files
INVALID_FILES=$(echo "$CHANGED_FILES" | grep -vE "$ALLOWED_REGEX" || true)
if [ -n "$INVALID_FILES" ]; then
echo ""
echo "ERROR: Invalid files detected in CMS branch"
echo ""
echo "The following files are NOT allowed:"
echo "$INVALID_FILES"
echo ""
echo "The following files are allowed:"
echo " - projects/website-angular/content/**/*.md|json|yml"
echo " - projects/website-angular/public/uploads/**/*.(png|jpg|jpeg|webp|gif|svg)"
echo ""
echo "Tip: CMS branches (cms/*) are only for content editing."
echo " If you need to change code, create a separate branch."
echo ""
exit 1
else
echo ""
echo "All changes are valid for a CMS branch!"
echo ""
fi
else
echo "Not a CMS branch — skipping CMS restrictions"
fi