CD/CD consolidation
This commit is contained in:
StellaOps Bot
25
.gitea/scripts/validate/verify-binaries.sh
Normal file
25
.gitea/scripts/validate/verify-binaries.sh
Normal file
@@ -0,0 +1,25 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# Verifies binary artefacts live only in approved locations.
|
||||
# Allowed roots: .nuget/packages (curated feed + cache), vendor (pinned binaries),
|
||||
# offline (air-gap bundles/templates), plugins/tools/deploy/ops (module-owned binaries).
|
||||
|
||||
repo_root="$(git rev-parse --show-toplevel)"
|
||||
cd "$repo_root"
|
||||
|
||||
# Extensions considered binary artefacts.
|
||||
binary_ext="(nupkg|dll|exe|so|dylib|a|lib|tar|tar.gz|tgz|zip|jar|deb|rpm|bin)"
|
||||
# Locations allowed to contain binaries.
|
||||
allowed_prefix="^(.nuget/packages|.nuget/packages/packages|vendor|offline|plugins|tools|deploy|ops|third_party|docs/artifacts|samples|src/.*/Fixtures|src/.*/fixtures)/"
|
||||
|
||||
# Only consider files that currently exist in the working tree (skip deleted placeholders).
|
||||
violations=$(git ls-files | while read -r f; do [[ -f "$f" ]] && echo "$f"; done | grep -E "\\.${binary_ext}$" | grep -Ev "$allowed_prefix" || true)
|
||||
|
||||
if [[ -n "$violations" ]]; then
|
||||
echo "Binary artefacts found outside approved directories:" >&2
|
||||
echo "$violations" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
printf "Binary layout OK (allowed roots: %s)\n" "$allowed_prefix"
|
||||
Reference in New Issue
Block a user