Skip to content

feat: Added guardrails to cms/ branches #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
el-rabies merged 1 commit into from
Apr 9, 2026
Merged

feat: Added guardrails to cms/ branches #73

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions .github/workflows/guardrail.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: CMS Branch Guard

on:
pull_request:

jobs:
restrict-cms-branches:
runs-on: ubuntu-latest

steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
fetch-depth: 0 # IMPORTANT for diff to work properly

- name: Validate CMS branch changes
run: |
BRANCH_NAME="${{ github.head_ref }}"
BASE_REF="${{ github.base_ref }}"

echo "Branch: $BRANCH_NAME"
echo "Base: $BASE_REF"

if [[ "$BRANCH_NAME" == cms/* ]]; then
echo "CMS branch detected — enforcing content rules"

# Get changed files (including renames, deletions, etc.)
CHANGED_FILES=$(git diff --name-only origin/$BASE_REF...HEAD)

echo "Changed files:"
echo "$CHANGED_FILES"

# Allowed patterns:
# 1. Content files
# 2. Upload images
ALLOWED_REGEX="^(projects/website-angular/content/.*\.(md|json|yml)|projects/website-angular/public/uploads/.*\.(png|jpg|jpeg|webp|gif|svg))$"

# Find invalid files
INVALID_FILES=$(echo "$CHANGED_FILES" | grep -vE "$ALLOWED_REGEX" || true)

if [ -n "$INVALID_FILES" ]; then
echo ""
echo "ERROR: Invalid files detected in CMS branch"
echo ""
echo "The following files are NOT allowed:"
echo "$INVALID_FILES"
echo ""
echo "The following files are allowed:"
echo " - projects/website-angular/content/**/*.md|json|yml"
echo " - projects/website-angular/public/uploads/**/*.(png|jpg|jpeg|webp|gif|svg)"
echo ""
echo "Tip: CMS branches (cms/*) are only for content editing."
echo " If you need to change code, create a separate branch."
echo ""

exit 1
else
echo ""
echo "All changes are valid for a CMS branch!"
echo ""
fi

else
echo "Not a CMS branch — skipping CMS restrictions"
fi
Loading