#!/usr/bin/env bash set -euo pipefail fail=0 while IFS= read -r -d '' path; do base="$(basename "$path")" case "$base" in .DS_Store|.env) echo "::error file=$path::tracked local-only file is forbidden" fail=1 ;; esac case "$path" in *node_modules/*|node_modules/*) echo "::error file=$path::tracked node_modules content is forbidden" fail=1 ;; *.tmp|*.temp|*.bak|*.orig|*.rej|*.zip|*.tar|*.tar.gz|*.tgz|*.rar|*.7z) echo "::error file=$path::tracked temporary/archive artifact is forbidden" fail=1 ;; esac if [ -f "$path" ]; then size="$(wc -c < "$path" | tr -d ' ')" if [ "${size:-0}" -gt 52428800 ]; then echo "::error file=$path::tracked file is larger than 50 MiB" fail=1 fi fi done < <(git ls-files -z) exit "$fail"