From 2ffd563931cf82b1dc9821a9c7930dc0252b9517 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D8=B4=D8=B1=D9=83=D8=A9=20=D8=AE=D8=A8=D9=8A=D8=B1=20?=
 =?UTF-8?q?=D8=A7=D9=84=D9=85=D8=AD=D8=AF=D9=88=D8=AF=D8=A9?=
 <it@exp-sa.com>
Date: Sat, 22 Nov 2025 04:13:51 +0200
Subject: [PATCH] Update github action file

---
 .github/workflows/block_reserved_branches.yml | 49 +++++++++++++++++--
 1 file changed, 45 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/block_reserved_branches.yml b/.github/workflows/block_reserved_branches.yml
index 25eef0b2f..93e7f1fbf 100644
--- a/.github/workflows/block_reserved_branches.yml
+++ b/.github/workflows/block_reserved_branches.yml
@@ -1,4 +1,3 @@
-# Author: Ahmad Samir <a.atta@exp-sa.com>
 name: Block Reserved Branches
 
 on:
@@ -9,13 +8,53 @@ on:
 jobs:
   block-reserved-branches:
     runs-on: app-sever-project-runner
+
     steps:
-      - name: Check for reserved or pattern-matching branch names
+      - name: Validate branch creator + reserved names
         env:
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
           REPO: ${{ github.repository }}
           BRANCH_NAME: ${{ github.ref_name }}
+          CREATOR: ${{ github.actor }}
         run: |
+          echo "Branch: $BRANCH_NAME"
+          echo "Creator: $CREATOR"
+
+          #######################################################
+          # 🟦 1) Allowed Users List
+          #######################################################
+          ALLOWED_USERS=(
+            "expsa"
+            "ronozoro"
+            "Abubaker-Altaib"
+            "altexp"
+            "the5abir"
+            "ahmadaking"
+            "kchyounes19"
+            "abdurrahman-saber"
+          )
+
+          IS_ALLOWED="false"
+          for user in "${ALLOWED_USERS[@]}"; do
+            if [[ "$CREATOR" == "$user" ]]; then
+              IS_ALLOWED="true"
+              break
+            fi
+          done
+
+          if [[ "$IS_ALLOWED" == "false" ]]; then
+            echo "❌ User '$CREATOR' is NOT allowed to create branches. Deleting..."
+            curl -s -X DELETE \
+              -H "Authorization: token $GH_TOKEN" \
+              https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
+            exit 1
+          fi
+
+          echo "✔ User '$CREATOR' is allowed."
+
+          #######################################################
+          # 🟦 2) Reserved Branch Names (Your Existing List)
+          #######################################################
           RESERVED_NAMES=(
             master
             dev_odex25_accounting
@@ -83,7 +122,7 @@ jobs:
             preprod_openeducat_erp-14.0.1.0
           )
 
-          # Check if branch is an exact reserved name
+          # Exact match
           for reserved in "${RESERVED_NAMES[@]}"; do
             if [[ "$BRANCH_NAME" == "$reserved" ]]; then
               echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..."
@@ -94,7 +133,9 @@ jobs:
             fi
           done
 
-          # Check if branch name matches restricted patterns
+          #######################################################
+          # 🟦 3) Pattern-based Restriction
+          #######################################################
           if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then
             echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..."
             curl -s -X DELETE \