From 634fb69bdcab0a8a3c747b2eefc59977d4d12582 Mon Sep 17 00:00:00 2001 From: GitHub Actions Bot Date: Thu, 10 Jul 2025 23:08:46 +0300 Subject: [PATCH] Add or update delete-merged-branches workflow --- .github/workflows/delete-merged-branches.yml | 131 ++++++++++++------- 1 file changed, 81 insertions(+), 50 deletions(-) diff --git a/.github/workflows/delete-merged-branches.yml b/.github/workflows/delete-merged-branches.yml index 195dee176..a0f5c88e8 100644 --- a/.github/workflows/delete-merged-branches.yml +++ b/.github/workflows/delete-merged-branches.yml @@ -1,30 +1,34 @@ # Author: Ahmad Samir -name: Block Reserved Branches +name: Auto Delete Branch After Merge on: - create: - branches: - - '**' + pull_request: + types: [closed] jobs: - block-reserved-branches: - runs-on: app-sever-project-runner + delete-merged-branch: + if: github.event.pull_request.merged == true + name: Delete Merged Branch + runs-on: linting_odex25-standard-modules_runner + steps: - - name: Check for reserved or pattern-matching branch names + - name: Delete merged branch (with protection check and rules) env: GH_TOKEN: ${{ secrets.GH_TOKEN }} REPO: ${{ github.repository }} - BRANCH_NAME: ${{ github.ref_name }} + BASE_REF: ${{ github.event.pull_request.base.ref }} + HEAD_REF: ${{ github.event.pull_request.head.ref }} run: | - RESERVED_NAMES=( + echo "๐Ÿ” Base branch: $BASE_REF" + echo "๐Ÿ” Head branch: $HEAD_REF" + + PROTECTED_BRANCHES=( master + dev_odex-event dev_odex25_accounting dev_odex25_base dev_odex25_dms - dev_odex25_donation - dev_odex25_ensan dev_odex25_fleet - dev_odex25_helpdesk dev_odex25_hr dev_odex25_inventory dev_odex25_maintenance @@ -37,36 +41,15 @@ jobs: dev_odex25_survey dev_odex25_transactions dev_odex25_website - dev_odex-event dev_openeducat_erp-14.0.1.0 - master_odex25_accounting - master_odex25_base - master_odex25_dms - master_odex25_donation - master_odex25_ensan - master_odex25_fleet - master_odex25_helpdesk - master_odex25_hr - master_odex25_inventory - master_odex25_maintenance - master_odex25_mobile - master_odex25_pos - master_odex25_project - master_odex25_purchase - master_odex25_realstate - master_odex25_sales - master_odex25_survey - master_odex25_transactions - master_odex25_website - master_odex-event - master_openeducat_erp-14.0.1.0 + dev_odex25_ensan + dev_odex25_helpdesk + dev_odex25_donation + preprod_odex-event preprod_odex25_accounting preprod_odex25_base preprod_odex25_dms - preprod_odex25_donation - preprod_odex25_ensan preprod_odex25_fleet - preprod_odex25_helpdesk preprod_odex25_hr preprod_odex25_inventory preprod_odex25_maintenance @@ -79,24 +62,72 @@ jobs: preprod_odex25_survey preprod_odex25_transactions preprod_odex25_website - preprod_odex-event preprod_openeducat_erp-14.0.1.0 + preprod_odex25_ensan + preprod_odex25_helpdesk + preprod_odex25_donation + master_odex-event + master_odex25_accounting + master_odex25_base + master_odex25_dms + master_odex25_fleet + master_odex25_hr + master_odex25_inventory + master_odex25_maintenance + master_odex25_mobile + master_odex25_pos + master_odex25_project + master_odex25_purchase + master_odex25_realstate + master_odex25_sales + master_odex25_survey + master_odex25_transactions + master_odex25_website + master_openeducat_erp-14.0.1.0 + master_odex25_ensan + master_odex25_helpdesk + master_odex25_donation ) - # Check if branch is an exact reserved name - for reserved in "${RESERVED_NAMES[@]}"; do - if [[ "$BRANCH_NAME" == "$reserved" ]]; then - echo "โŒ Branch name '$BRANCH_NAME' is reserved. Deleting..." - curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME - exit 1 + # Rule 1 + if [[ "$HEAD_REF" == dev_* && "$BASE_REF" == preprod_* ]]; then + echo "๐Ÿšซ Rule: Do not delete dev_* merged into preprod_*" + exit 0 + fi + + # Rule 2 + if [[ "$HEAD_REF" == preprod_* && "$BASE_REF" == master_* ]]; then + echo "๐Ÿšซ Rule: Do not delete preprod_* merged into master_*" + exit 0 + fi + + # Rule 3: Protected branches + for protected in "${PROTECTED_BRANCHES[@]}"; do + if [[ "$HEAD_REF" == "$protected" ]]; then + echo "๐Ÿ›ก๏ธ '$HEAD_REF' is a protected branch. Skipping deletion." + exit 0 fi done - # Check if branch name matches restricted patterns - if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then - echo "โŒ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..." - curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME - exit 1 + echo "โœ… '$HEAD_REF' is eligible for deletion. Checking protection..." + + PROTECTION_URL="https://api.github.com/repos/$REPO/branches/$HEAD_REF/protection" + + PROTECTION_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL") + + if [ "$PROTECTION_STATUS" -eq 200 ]; then + echo "๐Ÿ”“ Removing protection on '$HEAD_REF'..." + curl -s -X DELETE -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL" + else + echo "โ„น๏ธ No protection found for '$HEAD_REF' (HTTP $PROTECTION_STATUS)" fi - echo "โœ… Branch '$BRANCH_NAME' is allowed." \ No newline at end of file + echo "๐Ÿงน Attempting to delete branch '$HEAD_REF'..." + DELETE_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "Authorization: token $GH_TOKEN" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/$REPO/git/refs/heads/$HEAD_REF) + + if [ "$DELETE_STATUS" -eq 204 ]; then + echo "โœ… Branch '$HEAD_REF' successfully deleted" + else + echo "โŒ Failed to delete branch '$HEAD_REF' โ€” HTTP $DELETE_STATUS" + exit 1 + fi \ No newline at end of file