devops_admin
/
odex25_standard
mirror of https://github.com/hydracp9/odex25_standard
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add or update delete-merged-branches workflow

This commit is contained in:
GitHub Actions Bot 2025-07-10 22:49:34 +03:00
parent 644ef1e3e3
commit 29610a6af8
1 changed files with 50 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
.github/workflows/delete-merged-branches.yml vendored
View File

@ -1,34 +1,30 @@
# Author: Ahmad Samir <a.atta@exp-sa.com>
name: Auto Delete Branch After Merge
name: Block Reserved Branches
on:
pull_request:
types: [closed]
create:
branches:
- '**'
jobs:
delete-merged-branch:
if: github.event.pull_request.merged == true
name: Delete Merged Branch
runs-on: linting_odex25-standard-modules_runner
block-reserved-branches:
runs-on: app-sever-project-runner
steps:
- name: Delete merged branch (with protection check and rules)
- name: Check for reserved or pattern-matching branch names
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
REPO: ${{ github.repository }}
BASE_REF: ${{ github.event.pull_request.base.ref }}
HEAD_REF: ${{ github.event.pull_request.head.ref }}
BRANCH_NAME: ${{ github.ref_name }}
run: |
echo "🔍 Base branch: $BASE_REF"
echo "🔍 Head branch: $HEAD_REF"
PROTECTED_BRANCHES=(
RESERVED_NAMES=(
master
dev_odex-event
dev_odex25_accounting
dev_odex25_base
dev_odex25_dms
dev_odex25_donation
dev_odex25_ensan
dev_odex25_fleet
dev_odex25_helpdesk
dev_odex25_hr
dev_odex25_inventory
dev_odex25_maintenance
@ -41,36 +37,15 @@ jobs:
dev_odex25_survey
dev_odex25_transactions
dev_odex25_website
dev_odex-event
dev_openeducat_erp-14.0.1.0
dev_odex25_ensan
dev_odex25_helpdesk
dev_odex25_donation
preprod_odex-event
preprod_odex25_accounting
preprod_odex25_base
preprod_odex25_dms
preprod_odex25_fleet
preprod_odex25_hr
preprod_odex25_inventory
preprod_odex25_maintenance
preprod_odex25_mobile
preprod_odex25_pos
preprod_odex25_project
preprod_odex25_purchase
preprod_odex25_realstate
preprod_odex25_sales
preprod_odex25_survey
preprod_odex25_transactions
preprod_odex25_website
preprod_openeducat_erp-14.0.1.0
preprod_odex25_ensan
preprod_odex25_helpdesk
preprod_odex25_donation
master_odex-event
master_odex25_accounting
master_odex25_base
master_odex25_dms
master_odex25_donation
master_odex25_ensan
master_odex25_fleet
master_odex25_helpdesk
master_odex25_hr
master_odex25_inventory
master_odex25_maintenance
@ -83,51 +58,45 @@ jobs:
master_odex25_survey
master_odex25_transactions
master_odex25_website
master_odex-event
master_openeducat_erp-14.0.1.0
master_odex25_ensan
master_odex25_helpdesk
master_odex25_donation
preprod_odex25_accounting
preprod_odex25_base
preprod_odex25_dms
preprod_odex25_donation
preprod_odex25_ensan
preprod_odex25_fleet
preprod_odex25_helpdesk
preprod_odex25_hr
preprod_odex25_inventory
preprod_odex25_maintenance
preprod_odex25_mobile
preprod_odex25_pos
preprod_odex25_project
preprod_odex25_purchase
preprod_odex25_realstate
preprod_odex25_sales
preprod_odex25_survey
preprod_odex25_transactions
preprod_odex25_website
preprod_odex-event
preprod_openeducat_erp-14.0.1.0
)
# Rule 1
if [[ "$HEAD_REF" == dev_* && "$BASE_REF" == preprod_* ]]; then
echo "🚫 Rule: Do not delete dev_* merged into preprod_*"
exit 0
fi
# Rule 2
if [[ "$HEAD_REF" == preprod_* && "$BASE_REF" == master_* ]]; then
echo "🚫 Rule: Do not delete preprod_* merged into master_*"
exit 0
fi
# Rule 3: Protected branches
for protected in "${PROTECTED_BRANCHES[@]}"; do
if [[ "$HEAD_REF" == "$protected" ]]; then
echo "🛡️ '$HEAD_REF' is a protected branch. Skipping deletion."
exit 0
# Check if branch is an exact reserved name
for reserved in "${RESERVED_NAMES[@]}"; do
if [[ "$BRANCH_NAME" == "$reserved" ]]; then
echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..."
curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
exit 1
fi
done
echo "✅ '$HEAD_REF' is eligible for deletion. Checking protection..."
PROTECTION_URL="https://api.github.com/repos/$REPO/branches/$HEAD_REF/protection"
PROTECTION_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL")
if [ "$PROTECTION_STATUS" -eq 200 ]; then
echo "🔓 Removing protection on '$HEAD_REF'..."
curl -s -X DELETE -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL"
else
echo " No protection found for '$HEAD_REF' (HTTP $PROTECTION_STATUS)"
fi
echo "🧹 Attempting to delete branch '$HEAD_REF'..."
DELETE_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "Authorization: token $GH_TOKEN" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/$REPO/git/refs/heads/$HEAD_REF)
if [ "$DELETE_STATUS" -eq 204 ]; then
echo "✅ Branch '$HEAD_REF' successfully deleted"
else
echo "❌ Failed to delete branch '$HEAD_REF' — HTTP $DELETE_STATUS"
# Check if branch name matches restricted patterns
if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then
echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..."
curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
exit 1
fi
echo "✅ Branch '$BRANCH_NAME' is allowed."