SD-1667 Check if files are changed which are not allowed to change #1

	name: Check Forbidden Changes

	on:
	pull_request:
	types: [opened, synchronize, reopened]
	branches: [master]

	jobs:
	check_changes:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Load forbidden paths
	id: forbidden_paths
	uses: actions/github-script@v7
	with:
	script: \|
	const fs = require('fs');
	try {
	const forbiddenPaths = fs.readFileSync('.github/forbidden_changes.txt', 'utf8').split('\n').filter(path => path.trim() !== ''); // Read and filter empty lines
	return forbiddenPaths;
	} catch (error) {
	core.setFailed('Could not read forbidden paths file: ' + error.message);
	return []; // Return empty array to avoid script failing
	}

	- name: Check for forbidden changes
	id: check_changes
	uses: actions/github-script@v6
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const forbiddenPaths = ${{ steps.forbidden_paths.outputs.result }};
	const changedFiles = context.payload.pull_request.files;

	let violations = [];

	changedFiles.forEach(file => {
	forbiddenPaths.forEach(forbiddenPath => {
	const regex = new RegExp(forbiddenPath); // Use regex for matching
	if (regex.test(file.filename)) {
	violations.push(file.filename);
	}
	});
	});

	if (violations.length > 0) {
	core.setFailed(`You are not allowed to change the following file(s): ${violations.join(', ')}`);
	// Create a comment on the PR
	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: `The following file(s) are not allowed to be changed: ${violations.join(', ')}`
	});
	}

Provide feedback