From 6792cb5a5cebc198a940d1928cddb7275cc697f5 Mon Sep 17 00:00:00 2001 From: GitHub Actions Bot Date: Thu, 10 Jul 2025 22:49:20 +0300 Subject: [PATCH] Add or update delete-merged-branches workflow --- .github/workflows/delete-merged-branches.yml | 131 +++++++------------ 1 file changed, 50 insertions(+), 81 deletions(-) diff --git a/.github/workflows/delete-merged-branches.yml b/.github/workflows/delete-merged-branches.yml index a0f5c88e8..195dee176 100644 --- a/.github/workflows/delete-merged-branches.yml +++ b/.github/workflows/delete-merged-branches.yml @@ -1,34 +1,30 @@ # Author: Ahmad Samir -name: Auto Delete Branch After Merge +name: Block Reserved Branches on: - pull_request: - types: [closed] + create: + branches: + - '**' jobs: - delete-merged-branch: - if: github.event.pull_request.merged == true - name: Delete Merged Branch - runs-on: linting_odex25-standard-modules_runner - + block-reserved-branches: + runs-on: app-sever-project-runner steps: - - name: Delete merged branch (with protection check and rules) + - name: Check for reserved or pattern-matching branch names env: GH_TOKEN: ${{ secrets.GH_TOKEN }} REPO: ${{ github.repository }} - BASE_REF: ${{ github.event.pull_request.base.ref }} - HEAD_REF: ${{ github.event.pull_request.head.ref }} + BRANCH_NAME: ${{ github.ref_name }} run: | - echo "๐Ÿ” Base branch: $BASE_REF" - echo "๐Ÿ” Head branch: $HEAD_REF" - - PROTECTED_BRANCHES=( + RESERVED_NAMES=( master - dev_odex-event dev_odex25_accounting dev_odex25_base dev_odex25_dms + dev_odex25_donation + dev_odex25_ensan dev_odex25_fleet + dev_odex25_helpdesk dev_odex25_hr dev_odex25_inventory dev_odex25_maintenance @@ -41,36 +37,15 @@ jobs: dev_odex25_survey dev_odex25_transactions dev_odex25_website + dev_odex-event dev_openeducat_erp-14.0.1.0 - dev_odex25_ensan - dev_odex25_helpdesk - dev_odex25_donation - preprod_odex-event - preprod_odex25_accounting - preprod_odex25_base - preprod_odex25_dms - preprod_odex25_fleet - preprod_odex25_hr - preprod_odex25_inventory - preprod_odex25_maintenance - preprod_odex25_mobile - preprod_odex25_pos - preprod_odex25_project - preprod_odex25_purchase - preprod_odex25_realstate - preprod_odex25_sales - preprod_odex25_survey - preprod_odex25_transactions - preprod_odex25_website - preprod_openeducat_erp-14.0.1.0 - preprod_odex25_ensan - preprod_odex25_helpdesk - preprod_odex25_donation - master_odex-event master_odex25_accounting master_odex25_base master_odex25_dms + master_odex25_donation + master_odex25_ensan master_odex25_fleet + master_odex25_helpdesk master_odex25_hr master_odex25_inventory master_odex25_maintenance @@ -83,51 +58,45 @@ jobs: master_odex25_survey master_odex25_transactions master_odex25_website + master_odex-event master_openeducat_erp-14.0.1.0 - master_odex25_ensan - master_odex25_helpdesk - master_odex25_donation + preprod_odex25_accounting + preprod_odex25_base + preprod_odex25_dms + preprod_odex25_donation + preprod_odex25_ensan + preprod_odex25_fleet + preprod_odex25_helpdesk + preprod_odex25_hr + preprod_odex25_inventory + preprod_odex25_maintenance + preprod_odex25_mobile + preprod_odex25_pos + preprod_odex25_project + preprod_odex25_purchase + preprod_odex25_realstate + preprod_odex25_sales + preprod_odex25_survey + preprod_odex25_transactions + preprod_odex25_website + preprod_odex-event + preprod_openeducat_erp-14.0.1.0 ) - # Rule 1 - if [[ "$HEAD_REF" == dev_* && "$BASE_REF" == preprod_* ]]; then - echo "๐Ÿšซ Rule: Do not delete dev_* merged into preprod_*" - exit 0 - fi - - # Rule 2 - if [[ "$HEAD_REF" == preprod_* && "$BASE_REF" == master_* ]]; then - echo "๐Ÿšซ Rule: Do not delete preprod_* merged into master_*" - exit 0 - fi - - # Rule 3: Protected branches - for protected in "${PROTECTED_BRANCHES[@]}"; do - if [[ "$HEAD_REF" == "$protected" ]]; then - echo "๐Ÿ›ก๏ธ '$HEAD_REF' is a protected branch. Skipping deletion." - exit 0 + # Check if branch is an exact reserved name + for reserved in "${RESERVED_NAMES[@]}"; do + if [[ "$BRANCH_NAME" == "$reserved" ]]; then + echo "โŒ Branch name '$BRANCH_NAME' is reserved. Deleting..." + curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME + exit 1 fi done - echo "โœ… '$HEAD_REF' is eligible for deletion. Checking protection..." - - PROTECTION_URL="https://api.github.com/repos/$REPO/branches/$HEAD_REF/protection" - - PROTECTION_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL") - - if [ "$PROTECTION_STATUS" -eq 200 ]; then - echo "๐Ÿ”“ Removing protection on '$HEAD_REF'..." - curl -s -X DELETE -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL" - else - echo "โ„น๏ธ No protection found for '$HEAD_REF' (HTTP $PROTECTION_STATUS)" + # Check if branch name matches restricted patterns + if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then + echo "โŒ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..." + curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME + exit 1 fi - echo "๐Ÿงน Attempting to delete branch '$HEAD_REF'..." - DELETE_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE -H "Authorization: token $GH_TOKEN" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/$REPO/git/refs/heads/$HEAD_REF) - - if [ "$DELETE_STATUS" -eq 204 ]; then - echo "โœ… Branch '$HEAD_REF' successfully deleted" - else - echo "โŒ Failed to delete branch '$HEAD_REF' โ€” HTTP $DELETE_STATUS" - exit 1 - fi \ No newline at end of file + echo "โœ… Branch '$BRANCH_NAME' is allowed." \ No newline at end of file