From 25d357c7405deb7cd2b57a7815623546e2b233b3 Mon Sep 17 00:00:00 2001 From: Ben Howe Date: Wed, 11 Mar 2026 10:07:09 -0700 Subject: [PATCH 1/2] [ci] Check for large files Signed-off-by: Ben Howe --- .github/workflows/pr_file_check.yaml | 56 ++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/pr_file_check.yaml diff --git a/.github/workflows/pr_file_check.yaml b/.github/workflows/pr_file_check.yaml new file mode 100644 index 0000000..3146909 --- /dev/null +++ b/.github/workflows/pr_file_check.yaml @@ -0,0 +1,56 @@ +name: Check for Large Files and Restricted Extensions + +on: + pull_request: + branches: + - main + types: [opened, synchronize, reopened] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + check-files: + name: Check file size and type + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + set-safe-directory: true + fetch-depth: 1 + + - name: Fetch base branch + run: git fetch origin ${{ github.event.pull_request.base.ref }} --depth=1 + + - name: Check for large files + run: | + MAX_SIZE_BYTES=102400 # 100KB + MAX_SIZE_HUMAN="100KB" + LARGE_FILES="" + while IFS= read -r file; do + if [[ -f "$file" ]]; then + size=$(stat --format='%s' "$file") + if (( size > MAX_SIZE_BYTES )); then + human_size=$(numfmt --to=iec "$size") + LARGE_FILES+=" $file ($human_size)"$'\n' + fi + fi + done < <(git diff --name-only --diff-filter=A origin/${{ github.event.pull_request.base.ref }}) + + if [[ -n "$LARGE_FILES" ]]; then + echo "❌ The following files exceed the allowed size of $MAX_SIZE_HUMAN:" + echo "$LARGE_FILES" + exit 1 + fi + + - name: Check for restricted file types + run: | + BLOCKED_EXTENSIONS="(exe|zip|tar.gz|bz2)" # Add any forbidden extensions + BAD_FILES=$(git diff --name-only --diff-filter=A origin/${{ github.event.pull_request.base.ref }} | grep -E "\.($BLOCKED_EXTENSIONS)$" || true) + if [[ ! -z "$BAD_FILES" ]]; then + echo "❌ The following files have restricted extensions:" + echo "$BAD_FILES" + exit 1 + fi From c0af52a7b0ecf0a1a6f12b00feb5c571db6bd277 Mon Sep 17 00:00:00 2001 From: Ben Howe Date: Wed, 11 Mar 2026 10:30:43 -0700 Subject: [PATCH 2/2] Add copyright Signed-off-by: Ben Howe --- .github/workflows/pr_file_check.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/pr_file_check.yaml b/.github/workflows/pr_file_check.yaml index 3146909..992773b 100644 --- a/.github/workflows/pr_file_check.yaml +++ b/.github/workflows/pr_file_check.yaml @@ -1,3 +1,12 @@ +# SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: LicenseRef-NvidiaProprietary +# +# NVIDIA CORPORATION, its affiliates and licensors retain all intellectual +# property and proprietary rights in and to this material, related +# documentation and any modifications thereto. Any use, reproduction, +# disclosure or distribution of this material and related documentation +# without an express license agreement from NVIDIA CORPORATION or +# its affiliates is strictly prohibited. name: Check for Large Files and Restricted Extensions on: