From ee2c2bb87041a333ee8f14354a2294b6866c1e40 Mon Sep 17 00:00:00 2001
From: jingwenxie <jingwenxie@microsoft.com>
Date: Wed, 17 Jul 2024 04:16:40 +0000
Subject: [PATCH] Disable change on minigraph and init_cfg.json

---
 .github/workflows/protect-file.yml | 37 ++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 .github/workflows/protect-file.yml

diff --git a/.github/workflows/protect-file.yml b/.github/workflows/protect-file.yml
new file mode 100644
index 000000000000..bc7e0ae1de1a
--- /dev/null
+++ b/.github/workflows/protect-file.yml
@@ -0,0 +1,37 @@
+name: Protect certain files to avoid further changes
+
+on:
+  push:
+    branches:
+      - 'master'
+      - '202[2-9][0-9][0-9]'
+  pull_request:
+    branches:
+      - 'master'
+      - '202[2-9][0-9][0-9]'
+
+jobs:
+  check-file:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Fetch base branch
+        run: |
+          git fetch origin ${GITHUB_BASE_REF}
+
+      - name: Check protected files
+        run: |
+          echo "Starting file check step"
+          protected_files=('src/sonic-config-engine/minigraph.py' 'files/build_templates/init_cfg.json.j2')
+          base_branch=$(git rev-parse origin/${GITHUB_BASE_REF})
+          
+          for protected_file in "${protected_files[@]}"; do
+            echo "Checking ${protected_file}"
+            if git diff --name-only $base_branch | grep -q "^${protected_file}\$"; then
+              echo "Error: You are trying to modify ${protected_file}, which is protected."
+              exit 1
+            fi
+          done
+          echo "No changes detected in protected files"