From 628fb2418dbc632a5ffa0a7095996d76228914a5 Mon Sep 17 00:00:00 2001 From: GitHub Actions Bot Date: Thu, 10 Jul 2025 17:12:05 +0300 Subject: [PATCH] Add or update prevent-invalid-branch-merges workflow --- .../prevent-invalid-branch-merges.yml | 294 +++++------------- 1 file changed, 73 insertions(+), 221 deletions(-) diff --git a/.github/workflows/prevent-invalid-branch-merges.yml b/.github/workflows/prevent-invalid-branch-merges.yml index 24bb05fbb..b9303a11e 100644 --- a/.github/workflows/prevent-invalid-branch-merges.yml +++ b/.github/workflows/prevent-invalid-branch-merges.yml @@ -25,7 +25,6 @@ on: - dev_odex25_ensan - dev_odex25_helpdesk - dev_odex25_donation - - preprod_odex-event - preprod_odex25_accounting - preprod_odex25_base @@ -47,8 +46,7 @@ on: - preprod_odex25_ensan - preprod_odex25_helpdesk - preprod_odex25_donation - - - master_odex-event + - master_odex-event - master_odex25_accounting - master_odex25_base - master_odex25_dms @@ -66,239 +64,93 @@ on: - master_odex25_transactions - master_odex25_website - master_openeducat_erp-14.0.1.0 - - master_odex25_ensan + - master_odex25_ensan - master_odex25_helpdesk - master_odex25_donation - - + +concurrency: + group: prevent-invalid-merges-${{ github.head_ref }} + cancel-in-progress: true jobs: validate-merge-source: runs-on: app-sever-project-runner + strategy: + matrix: + base_head: + - { base: preprod_odex-event, head: dev_odex-event } + - { base: preprod_odex25_accounting, head: dev_odex25_accounting } + - { base: preprod_odex25_base, head: dev_odex25_base } + - { base: preprod_odex25_dms, head: dev_odex25_dms } + - { base: preprod_odex25_fleet, head: dev_odex25_fleet } + - { base: preprod_odex25_hr, head: dev_odex25_hr } + - { base: preprod_odex25_inventory, head: dev_odex25_inventory } + - { base: preprod_odex25_maintenance, head: dev_odex25_maintenance } + - { base: preprod_odex25_mobile, head: dev_odex25_mobile } + - { base: preprod_odex25_pos, head: dev_odex25_pos } + - { base: preprod_odex25_project, head: dev_odex25_project } + - { base: preprod_odex25_purchase, head: dev_odex25_purchase } + - { base: preprod_odex25_realstate, head: dev_odex25_realstate } + - { base: preprod_odex25_sales, head: dev_odex25_sales } + - { base: preprod_odex25_survey, head: dev_odex25_survey } + - { base: preprod_odex25_transactions, head: dev_odex25_transactions } + - { base: preprod_odex25_website, head: dev_odex25_website } + - { base: preprod_openeducat_erp-14.0.1.0, head: dev_openeducat_erp-14.0.1.0 } + - { base: preprod_odex25_ensan, head: dev_odex25_ensan } + - { base: preprod_odex25_helpdesk, head: dev_odex25_helpdesk } + - { base: preprod_odex25_donation, head: dev_odex25_donation } + - { base: master_odex-event, head: preprod_odex-event } + - { base: master_odex25_accounting, head: preprod_odex25_accounting } + - { base: master_odex25_base, head: preprod_odex25_base } + - { base: master_odex25_dms, head: preprod_odex25_dms } + - { base: master_odex25_fleet, head: preprod_odex25_fleet } + - { base: master_odex25_hr, head: preprod_odex25_hr } + - { base: master_odex25_inventory, head: preprod_odex25_inventory } + - { base: master_odex25_maintenance, head: preprod_odex25_maintenance } + - { base: master_odex25_mobile, head: preprod_odex25_mobile } + - { base: master_odex25_pos, head: preprod_odex25_pos } + - { base: master_odex25_project, head: preprod_odex25_project } + - { base: master_odex25_purchase, head: preprod_odex25_purchase } + - { base: master_odex25_realstate, head: preprod_odex25_realstate } + - { base: master_odex25_sales, head: preprod_odex25_sales } + - { base: master_odex25_survey, head: preprod_odex25_survey } + - { base: master_odex25_transactions, head: preprod_odex25_transactions } + - { base: master_odex25_website, head: preprod_odex25_website } + - { base: master_openeducat_erp-14.0.1.0, head: preprod_openeducat_erp-14.0.1.0 } + - { base: master_odex25_ensan, head: preprod_odex25_ensan } + - { base: master_odex25_helpdesk, head: preprod_odex25_helpdesk } + - { base: master_odex25_donation, head: preprod_odex25_donation } + steps: - - name: Check source branch for merge + - name: Validate branch relationship run: | echo "Base branch: ${{ github.base_ref }}" echo "Head branch: ${{ github.head_ref }}" - - # ✅ Preprod Branches - if [[ "${{ github.base_ref }}" == "preprod_odex-event" && "${{ github.head_ref }}" != "dev_odex-event" ]]; then - echo "::error ::You can only merge to 'preprod_odex-event' from 'dev_odex-event' branch!" + if [[ "${{ github.base_ref }}" == "${{ matrix.base_head.base }}" && "${{ github.head_ref }}" != "${{ matrix.base_head.head }}" ]]; then + echo "::error ::You can only merge to '${{ matrix.base_head.base }}' from '${{ matrix.base_head.head }}'!" exit 1 fi - if [[ "${{ github.base_ref }}" == "preprod_odex25_accounting" && "${{ github.head_ref }}" != "dev_odex25_accounting" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_accounting' from 'dev_odex25_accounting' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_base" && "${{ github.head_ref }}" != "dev_odex25_base" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_base' from 'dev_odex25_base' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_dms" && "${{ github.head_ref }}" != "dev_odex25_dms" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_dms' from 'dev_odex25_dms' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_fleet" && "${{ github.head_ref }}" != "dev_odex25_fleet" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_fleet' from 'dev_odex25_fleet' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_hr" && "${{ github.head_ref }}" != "dev_odex25_hr" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_hr' from 'dev_odex25_hr' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_inventory" && "${{ github.head_ref }}" != "dev_odex25_inventory" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_inventory' from 'dev_odex25_inventory' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_maintenance" && "${{ github.head_ref }}" != "dev_odex25_maintenance" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_maintenance' from 'dev_odex25_maintenance' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_mobile" && "${{ github.head_ref }}" != "dev_odex25_mobile" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_mobile' from 'dev_odex25_mobile' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_pos" && "${{ github.head_ref }}" != "dev_odex25_pos" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_pos' from 'dev_odex25_pos' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_project" && "${{ github.head_ref }}" != "dev_odex25_project" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_project' from 'dev_odex25_project' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_purchase" && "${{ github.head_ref }}" != "dev_odex25_purchase" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_purchase' from 'dev_odex25_purchase' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_realstate" && "${{ github.head_ref }}" != "dev_odex25_realstate" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_realstate' from 'dev_odex25_realstate' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_sales" && "${{ github.head_ref }}" != "dev_odex25_sales" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_sales' from 'dev_odex25_sales' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_survey" && "${{ github.head_ref }}" != "dev_odex25_survey" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_survey' from 'dev_odex25_survey' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_transactions" && "${{ github.head_ref }}" != "dev_odex25_transactions" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_transactions' from 'dev_odex25_transactions' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_website" && "${{ github.head_ref }}" != "dev_odex25_website" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_website' from 'dev_odex25_website' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_openeducat_erp-14.0.1.0" && "${{ github.head_ref }}" != "dev_openeducat_erp-14.0.1.0" ]]; then - echo "::error ::You can only merge to 'preprod_openeducat_erp-14.0.1.0' from 'dev_openeducat_erp-14.0.1.0' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_ensan" && "${{ github.head_ref }}" != "dev_odex25_ensan" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_ensan' from 'dev_odex25_ensan' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_helpdesk" && "${{ github.head_ref }}" != "dev_odex25_helpdesk" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_helpdesk' from 'dev_odex25_helpdesk' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "preprod_odex25_donation" && "${{ github.head_ref }}" != "dev_odex25_donation" ]]; then - echo "::error ::You can only merge to 'preprod_odex25_donation' from 'dev_odex25_donation' branch!" - exit 1 - fi - - # ✅ Master Branches - if [[ "${{ github.base_ref }}" == "master_odex-event" && "${{ github.head_ref }}" != "preprod_odex-event" ]]; then - echo "::error ::You can only merge to 'master_odex-event' from 'preprod_odex-event' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_accounting" && "${{ github.head_ref }}" != "preprod_odex25_accounting" ]]; then - echo "::error ::You can only merge to 'master_odex25_accounting' from 'preprod_odex25_accounting' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_base" && "${{ github.head_ref }}" != "preprod_odex25_base" ]]; then - echo "::error ::You can only merge to 'master_odex25_base' from 'preprod_odex25_base' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_dms" && "${{ github.head_ref }}" != "preprod_odex25_dms" ]]; then - echo "::error ::You can only merge to 'master_odex25_dms' from 'preprod_odex25_dms' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_fleet" && "${{ github.head_ref }}" != "preprod_odex25_fleet" ]]; then - echo "::error ::You can only merge to 'master_odex25_fleet' from 'preprod_odex25_fleet' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_hr" && "${{ github.head_ref }}" != "preprod_odex25_hr" ]]; then - echo "::error ::You can only merge to 'master_odex25_hr' from 'preprod_odex25_hr' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_inventory" && "${{ github.head_ref }}" != "preprod_odex25_inventory" ]]; then - echo "::error ::You can only merge to 'master_odex25_inventory' from 'preprod_odex25_inventory' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_maintenance" && "${{ github.head_ref }}" != "preprod_odex25_maintenance" ]]; then - echo "::error ::You can only merge to 'master_odex25_maintenance' from 'preprod_odex25_maintenance' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_mobile" && "${{ github.head_ref }}" != "preprod_odex25_mobile" ]]; then - echo "::error ::You can only merge to 'master_odex25_mobile' from 'preprod_odex25_mobile' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_pos" && "${{ github.head_ref }}" != "preprod_odex25_pos" ]]; then - echo "::error ::You can only merge to 'master_odex25_pos' from 'preprod_odex25_pos' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_project" && "${{ github.head_ref }}" != "preprod_odex25_project" ]]; then - echo "::error ::You can only merge to 'master_odex25_project' from 'preprod_odex25_project' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_purchase" && "${{ github.head_ref }}" != "preprod_odex25_purchase" ]]; then - echo "::error ::You can only merge to 'master_odex25_purchase' from 'preprod_odex25_purchase' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_realstate" && "${{ github.head_ref }}" != "preprod_odex25_realstate" ]]; then - echo "::error ::You can only merge to 'master_odex25_realstate' from 'preprod_odex25_realstate' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_sales" && "${{ github.head_ref }}" != "preprod_odex25_sales" ]]; then - echo "::error ::You can only merge to 'master_odex25_sales' from 'preprod_odex25_sales' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_survey" && "${{ github.head_ref }}" != "preprod_odex25_survey" ]]; then - echo "::error ::You can only merge to 'master_odex25_survey' from 'preprod_odex25_survey' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_transactions" && "${{ github.head_ref }}" != "preprod_odex25_transactions" ]]; then - echo "::error ::You can only merge to 'master_odex25_transactions' from 'preprod_odex25_transactions' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_website" && "${{ github.head_ref }}" != "preprod_odex25_website" ]]; then - echo "::error ::You can only merge to 'master_odex25_website' from 'preprod_odex25_website' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_openeducat_erp-14.0.1.0" && "${{ github.head_ref }}" != "preprod_openeducat_erp-14.0.1.0" ]]; then - echo "::error ::You can only merge to 'master_openeducat_erp-14.0.1.0' from 'preprod_openeducat_erp-14.0.1.0' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_ensan" && "${{ github.head_ref }}" != "preprod_odex25_ensan" ]]; then - echo "::error ::You can only merge to 'master_odex25_ensan' from 'preprod_odex25_ensan' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_helpdesk" && "${{ github.head_ref }}" != "preprod_odex25_helpdesk" ]]; then - echo "::error ::You can only merge to 'master_odex25_helpdesk' from 'preprod_odex25_helpdesk' branch!" - exit 1 - fi - - if [[ "${{ github.base_ref }}" == "master_odex25_donation" && "${{ github.head_ref }}" != "preprod_odex25_donation" ]]; then - echo "::error ::You can only merge to 'master_odex25_donation' from 'preprod_odex25_donation' branch!" - exit 1 - fi - - - # ❌ Block ALL merges to 'master' if [[ "${{ github.base_ref }}" == "master" ]]; then - echo "::error ::Merging to 'master' branch is not allowed!" + echo "::error ::Direct merges to 'master' are blocked!" exit 1 fi - echo "Merge validation passed." \ No newline at end of file + echo "✅ Merge validation passed." + + lint: + runs-on: app-sever-project-runner + if: ${{ github.event.pull_request.changed_files > 0 }} + concurrency: + group: linting-${{ github.head_ref }} + cancel-in-progress: true + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run linter (example: YAML lint) + run: | + echo "Running linter only on changed files..." + # Example: yamllint . --strict + echo "✅ Linting complete." \ No newline at end of file