Initial Commit

.github/workflows/authorized-changes-detection.yml

@@ -12,25 +12,44 @@
 name: Checking workflow files
 on:
   pull_request:
-    paths:
-      - '.github/**'
-      - 'CNAME'
-      - 'static/CNAME'
-      - 'package.json'
-      - 'sidebars.js'
-      - 'sidebar-admin.js'
-      - 'sidebar-mobile-user.js'
-      - 'sidebar-web-user.js'
-      - 'docusaurus.config.js'
-      - 'babel.config.js'
-      - 'CODEOWNERS'
-      - 'LICENSE'
+    branches:
+      - '**'
 
 jobs:
-  Checking-for-unauthorized-file-changes:
-    name: Checking for unauthorized file changes
+  Check-Sensitive-Files:
+    if: ${{ github.actor != 'dependabot[bot]' && !contains(github.event.pull_request.labels.*.name, 'ignore-sensitive-files-pr') }}
+    name: Checks if sensitive files have been changed without authorization
     runs-on: ubuntu-latest
-
     steps:
-      - name: Unauthorized file modification in PR
-        run: exit 1
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get Changed Unauthorized files
+        id: changed-unauth-files
+        uses: tj-actions/changed-files@v45
+        with:
+          files: |
+            .github/**
+            CNAME
+            static/CNAME
+            package.json
+            sidebar*.js
+            docusaurus.config.js
+            babel.config.js
+            tsconfig.json
+            .gitignore
+            .coderabbit.yaml
+            CODEOWNERS
+            LICENSE          
+            *.md
+            
+      - name: List all changed unauthorized files
+        if: steps.changed-unauth-files.outputs.any_changed == 'true' || steps.changed-unauth-files.outputs.any_deleted == 'true'
+        env: 
+          CHANGED_UNAUTH_FILES: ${{ steps.changed-unauth-files.outputs.all_changed_files }}
+        run: |
+          for file in ${CHANGED_UNAUTH_FILES}; do
+            echo "$file is unauthorized to change/delete"
+          echo "To override this, apply the 'ignore-sensitive-files-pr' label"
+          done
+          exit 1