From 5eb8e21edacbd288dd50ecaba7e7d2bf93447fec Mon Sep 17 00:00:00 2001 From: Grendgi Date: Fri, 12 Jun 2026 16:42:35 +0300 Subject: [PATCH] Add monitoring TG CI hygiene guard --- .gitea/scripts/hygiene-check.sh | 35 +++++++++++++++++++++++++++++++++ .gitea/workflows/ci.yml | 8 ++++++++ 2 files changed, 43 insertions(+) create mode 100644 .gitea/scripts/hygiene-check.sh diff --git a/.gitea/scripts/hygiene-check.sh b/.gitea/scripts/hygiene-check.sh new file mode 100644 index 0000000..6f4f696 --- /dev/null +++ b/.gitea/scripts/hygiene-check.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +set -euo pipefail + +fail=0 + +while IFS= read -r -d '' path; do + base="$(basename "$path")" + case "$base" in + .DS_Store|.env) + echo "::error file=$path::tracked local-only file is forbidden" + fail=1 + ;; + esac + + case "$path" in + *node_modules/*|node_modules/*) + echo "::error file=$path::tracked node_modules content is forbidden" + fail=1 + ;; + *.tmp|*.temp|*.bak|*.orig|*.rej|*.zip|*.tar|*.tar.gz|*.tgz|*.rar|*.7z) + echo "::error file=$path::tracked temporary/archive artifact is forbidden" + fail=1 + ;; + esac + + if [ -f "$path" ]; then + size="$(wc -c < "$path" | tr -d ' ')" + if [ "${size:-0}" -gt 52428800 ]; then + echo "::error file=$path::tracked file is larger than 50 MiB" + fail=1 + fi + fi +done < <(git ls-files -z) + +exit "$fail" diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index d8a0e5d..2149f33 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -5,8 +5,15 @@ on: pull_request: jobs: + hygiene: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: bash .gitea/scripts/hygiene-check.sh + go: runs-on: ubuntu-latest + needs: hygiene steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 @@ -22,6 +29,7 @@ jobs: python: runs-on: ubuntu-latest + needs: hygiene steps: - uses: actions/checkout@v4 - run: python3 -m compileall src alembic