Prevent bigger files from being checked in

[findepi]

See #10422 for rationale.

[findepi]

the 1 MB file size limit is arbitrary, but in line with gihub's suggestions
There already is one file bigger in the repo (./docs/logos/Datafusion_Branding_Guideline.pdf).
This is a kind of file for which git-lfs could be used.

i experimented with this check in the following test PRs

• new big file uuibig pdf copy findepi/datafusion#1
• existing big file, copied same big file findepi/datafusion#2
• new small files small files findepi/datafusion#3

The error reporting isn't ideal. the offending file name is NOT printed out to console. It's only visible on the Summary page of the workflow. Hopefully this can be improved in the check itself (offered a patch here: james-callahan/gha-prevent-big-files#3), or the code inlined. I did that, but then using existing action looks so more aesthetically...

[findepi]

cc @comphead @alamb @andygrove

[lewiszlw]

We couldn't use third-party github actions, see #11259 (comment).

[findepi]

@lewiszlw thanks for pointing this out.
there was an intent from ASF infra to be able to allow 3rd party actions, which can be trusted (once reviewed) as long as you specify the exact commit hash as the reference.

i will inline the action code in the check

[findepi]

@lewiszlw inlined the action. thanks again for pointing this out.

This is how the example error looks like
https://github.com/findepi/datafusion/actions/runs/9972548232/job/27556028696?pr=1

[comphead]

does it mean to fetch all commits in PR?

[findepi]

this means non-shallow clone.
this is necessary for the references ${{ github.event.pull_request.base.sha }} and ${{ github.event.pull_request.head.sha }} to work

[comphead]

I think if this is a separate workflow then committers can enable/disable the workflow check on the project level https://github.com/apache/datafusion/actions/workflows

[findepi]

i don't know what branch protections there are configured for this repo. Committers may be also ignore such error. Ignoring workflow erros is definitely a bad habit, but I don't think we risk creating any habit. Unless things work incorrectly, the false positive should be very very rare.

[comphead]

do we need to duplicate file path?

[findepi]

The first file=${path} is necessary to create annotation on the file itself. I suppose github UI would display it if the offending file is a text file. This doesn't show up on the build output log page.

The second File ${path} is necessary for the error to be easy to understand when looking at the build output log page.

See #11508 (comment) for visualization.

[comphead]

a nit: should we do an early return exit=1 if we find the large file? or we wanna to output all of them?

[findepi]

the intention was to output all of them.

[comphead]

Thanks @findepi it looks promising imho

[findepi]

Thanks @comphead for your review!
Updated. I also refreshed test PRs (linked in #11508 (comment) ), to verify I didn't break something with the new changes.

[comphead]

Thanks @findepi
just 2 small things to double verify

• The script traverses on changes for this particular PR? What I mean if there is already existing file in the repo exceeding the max size, the new PR check shouldn't complain on that
• if the user accidentally added a large file in PR, the deleted it, would the PR pass through the check or user needs to recreate the PR? (I suppose it might be an issue with depth:0)

[findepi]

• The script traverses on changes for this particular PR? What I mean if there is already existing file in the repo exceeding the max size, the new PR check shouldn't complain on that

correct.
and yes, there is one 3.7 MB file in the repo (./docs/logos/Datafusion_Branding_Guideline.pdf)

if the user accidentally added a large file in PR, the deleted it, would the PR pass through the check or user needs to recreate the PR? (I suppose it might be an issue with depth:0)

good question

• if the deletion is a separate commit, then no, the check will not pass
• if the deletion is done by amending the commit, then yes, the check will pass

Keeping failure in "deletion is a separate commit" case is right if the PR will be merged or rebase-merged, but unnecessary if the PR will be squash-merged. If the PRs are always squash-merged, we can improve the script to take this into account. But it can be view as overengineering, on the optimistic assumption that this will fail rarely anyway.

[comphead]

lgtm thanks @findepi I think this PR is good

@alamb there is a small side effect described above which may give a false positive and basically may require PR recreate, which doesn't seem a big problem for me but for large complex PRs the user might be distressed to recreate it after hard rebase. But this is pretty rare case

[findepi]

may require PR recreate

or squashing commits (e.g. via git rebase)

[alamb]

@alamb there is a small side effect described above which may give a false positive and basically may require PR recreate, which doesn't seem a big problem for me but for large complex PRs the user might be distressed to recreate it after hard rebase. But this is pretty rare case

I agree with @findepi that there is a fairly easy workaround that doesn't need to recreate the PR (it would require rebasing it).

I think we should try this and we can always adjust as neessary if we find something isn't ideal

Thank you very much @findepi and @comphead -- I think this is a nice improvement