Let's say I have a GitHub repository that has a config file for a CI/CD tool, e.g. Jenkins. In my CI/CD pipeline, I have a unit test step, in which all unit tests inside tests directory of the repository are run. Now in this case, someone malicious, who has access to the repository may add a malicious script inside the tests directory. Is there a way to tell GitHub to ignore pushes that have changes to the tests directory???
You don't let malicious people have write access to your repository. Git isn't the right solution here.