Repository Policy Enforcement

You work as a DevOps engineer for a large technology company. Multiple development teams contribute code to a shared Git repository, and there have been incidents of developers pushing files with disallowed extensions and unexpected code changes.

How would you design a system to automatically enforce repository policies that restrict unwanted file types and code patterns from being pushed?