From 90fc4d0dd0e6f1e04704f9655f674cfe0b32a452 Mon Sep 17 00:00:00 2001
From: John Bampton <jbampton@gmail.com>
Date: Tue, 31 Mar 2026 20:19:35 +1000
Subject: [PATCH] [CI] Add pre-commit hook to stop ZIP files being committed

Zip files are hard to track and have security implications

https://pre-commit.com/#repos-repo

https://pre-commit.com/#repository-local-hooks

https://pre-commit.com/#fail
---
 .pre-commit-config.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index cf6f8d39027d..e332df9a5de3 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -31,6 +31,17 @@ repos:
       - id: doctoc
         name: Add TOC for Markdown files
         files: ^CONTRIBUTING\.md$|^INSTALL\.md$|^README\.md$
+  - repo: local
+    hooks:
+      - id: check-zip-file-is-not-committed
+        name: check no zip files are committed
+        description: Zip files are not allowed in the repository
+        language: fail
+        entry: |
+          Zip files are not allowed in the repository as they are hard to
+          track and have security implications. Please remove the zip file from the repository.
+        files: (?i)\.zip$
+        exclude: ^core/src/test/resources/vhds/test\.vhd\.zip$
   - repo: https://github.com/oxipng/oxipng
     rev: v9.1.5
     hooks: