From 7175cf5f0a9afe89877fe741f81d0dc58fbde214 Mon Sep 17 00:00:00 2001 From: GitHub Actions Bot Date: Thu, 10 Jul 2025 19:21:25 +0300 Subject: [PATCH] Add or update prevent-invalid-branch-merges workflow --- .../prevent-invalid-branch-merges.yml | 294 +++++++++++++----- 1 file changed, 221 insertions(+), 73 deletions(-) diff --git a/.github/workflows/prevent-invalid-branch-merges.yml b/.github/workflows/prevent-invalid-branch-merges.yml index 69b8b367f..0c1924e39 100644 --- a/.github/workflows/prevent-invalid-branch-merges.yml +++ b/.github/workflows/prevent-invalid-branch-merges.yml @@ -25,6 +25,7 @@ on: - dev_odex25_ensan - dev_odex25_helpdesk - dev_odex25_donation + - preprod_odex-event - preprod_odex25_accounting - preprod_odex25_base @@ -46,7 +47,8 @@ on: - preprod_odex25_ensan - preprod_odex25_helpdesk - preprod_odex25_donation - - master_odex-event + + - master_odex-event - master_odex25_accounting - master_odex25_base - master_odex25_dms @@ -64,93 +66,239 @@ on: - master_odex25_transactions - master_odex25_website - master_openeducat_erp-14.0.1.0 - - master_odex25_ensan + - master_odex25_ensan - master_odex25_helpdesk - master_odex25_donation - -concurrency: - group: prevent-invalid-merges-${{ github.head_ref }} - cancel-in-progress: true + + jobs: validate-merge-source: runs-on: linting_odex25-standard-modules_runner_app_server - strategy: - matrix: - base_head: - - { base: preprod_odex-event, head: dev_odex-event } - - { base: preprod_odex25_accounting, head: dev_odex25_accounting } - - { base: preprod_odex25_base, head: dev_odex25_base } - - { base: preprod_odex25_dms, head: dev_odex25_dms } - - { base: preprod_odex25_fleet, head: dev_odex25_fleet } - - { base: preprod_odex25_hr, head: dev_odex25_hr } - - { base: preprod_odex25_inventory, head: dev_odex25_inventory } - - { base: preprod_odex25_maintenance, head: dev_odex25_maintenance } - - { base: preprod_odex25_mobile, head: dev_odex25_mobile } - - { base: preprod_odex25_pos, head: dev_odex25_pos } - - { base: preprod_odex25_project, head: dev_odex25_project } - - { base: preprod_odex25_purchase, head: dev_odex25_purchase } - - { base: preprod_odex25_realstate, head: dev_odex25_realstate } - - { base: preprod_odex25_sales, head: dev_odex25_sales } - - { base: preprod_odex25_survey, head: dev_odex25_survey } - - { base: preprod_odex25_transactions, head: dev_odex25_transactions } - - { base: preprod_odex25_website, head: dev_odex25_website } - - { base: preprod_openeducat_erp-14.0.1.0, head: dev_openeducat_erp-14.0.1.0 } - - { base: preprod_odex25_ensan, head: dev_odex25_ensan } - - { base: preprod_odex25_helpdesk, head: dev_odex25_helpdesk } - - { base: preprod_odex25_donation, head: dev_odex25_donation } - - { base: master_odex-event, head: preprod_odex-event } - - { base: master_odex25_accounting, head: preprod_odex25_accounting } - - { base: master_odex25_base, head: preprod_odex25_base } - - { base: master_odex25_dms, head: preprod_odex25_dms } - - { base: master_odex25_fleet, head: preprod_odex25_fleet } - - { base: master_odex25_hr, head: preprod_odex25_hr } - - { base: master_odex25_inventory, head: preprod_odex25_inventory } - - { base: master_odex25_maintenance, head: preprod_odex25_maintenance } - - { base: master_odex25_mobile, head: preprod_odex25_mobile } - - { base: master_odex25_pos, head: preprod_odex25_pos } - - { base: master_odex25_project, head: preprod_odex25_project } - - { base: master_odex25_purchase, head: preprod_odex25_purchase } - - { base: master_odex25_realstate, head: preprod_odex25_realstate } - - { base: master_odex25_sales, head: preprod_odex25_sales } - - { base: master_odex25_survey, head: preprod_odex25_survey } - - { base: master_odex25_transactions, head: preprod_odex25_transactions } - - { base: master_odex25_website, head: preprod_odex25_website } - - { base: master_openeducat_erp-14.0.1.0, head: preprod_openeducat_erp-14.0.1.0 } - - { base: master_odex25_ensan, head: preprod_odex25_ensan } - - { base: master_odex25_helpdesk, head: preprod_odex25_helpdesk } - - { base: master_odex25_donation, head: preprod_odex25_donation } - steps: - - name: Validate branch relationship + - name: Check source branch for merge run: | echo "Base branch: ${{ github.base_ref }}" echo "Head branch: ${{ github.head_ref }}" - if [[ "${{ github.base_ref }}" == "${{ matrix.base_head.base }}" && "${{ github.head_ref }}" != "${{ matrix.base_head.head }}" ]]; then - echo "::error ::You can only merge to '${{ matrix.base_head.base }}' from '${{ matrix.base_head.head }}'!" + + # ✅ Preprod Branches + if [[ "${{ github.base_ref }}" == "preprod_odex-event" && "${{ github.head_ref }}" != "dev_odex-event" ]]; then + echo "::error ::You can only merge to 'preprod_odex-event' from 'dev_odex-event' branch!" exit 1 fi + if [[ "${{ github.base_ref }}" == "preprod_odex25_accounting" && "${{ github.head_ref }}" != "dev_odex25_accounting" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_accounting' from 'dev_odex25_accounting' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_base" && "${{ github.head_ref }}" != "dev_odex25_base" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_base' from 'dev_odex25_base' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_dms" && "${{ github.head_ref }}" != "dev_odex25_dms" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_dms' from 'dev_odex25_dms' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_fleet" && "${{ github.head_ref }}" != "dev_odex25_fleet" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_fleet' from 'dev_odex25_fleet' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_hr" && "${{ github.head_ref }}" != "dev_odex25_hr" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_hr' from 'dev_odex25_hr' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_inventory" && "${{ github.head_ref }}" != "dev_odex25_inventory" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_inventory' from 'dev_odex25_inventory' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_maintenance" && "${{ github.head_ref }}" != "dev_odex25_maintenance" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_maintenance' from 'dev_odex25_maintenance' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_mobile" && "${{ github.head_ref }}" != "dev_odex25_mobile" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_mobile' from 'dev_odex25_mobile' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_pos" && "${{ github.head_ref }}" != "dev_odex25_pos" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_pos' from 'dev_odex25_pos' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_project" && "${{ github.head_ref }}" != "dev_odex25_project" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_project' from 'dev_odex25_project' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_purchase" && "${{ github.head_ref }}" != "dev_odex25_purchase" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_purchase' from 'dev_odex25_purchase' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_realstate" && "${{ github.head_ref }}" != "dev_odex25_realstate" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_realstate' from 'dev_odex25_realstate' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_sales" && "${{ github.head_ref }}" != "dev_odex25_sales" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_sales' from 'dev_odex25_sales' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_survey" && "${{ github.head_ref }}" != "dev_odex25_survey" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_survey' from 'dev_odex25_survey' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_transactions" && "${{ github.head_ref }}" != "dev_odex25_transactions" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_transactions' from 'dev_odex25_transactions' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_website" && "${{ github.head_ref }}" != "dev_odex25_website" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_website' from 'dev_odex25_website' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_openeducat_erp-14.0.1.0" && "${{ github.head_ref }}" != "dev_openeducat_erp-14.0.1.0" ]]; then + echo "::error ::You can only merge to 'preprod_openeducat_erp-14.0.1.0' from 'dev_openeducat_erp-14.0.1.0' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_ensan" && "${{ github.head_ref }}" != "dev_odex25_ensan" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_ensan' from 'dev_odex25_ensan' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_helpdesk" && "${{ github.head_ref }}" != "dev_odex25_helpdesk" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_helpdesk' from 'dev_odex25_helpdesk' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "preprod_odex25_donation" && "${{ github.head_ref }}" != "dev_odex25_donation" ]]; then + echo "::error ::You can only merge to 'preprod_odex25_donation' from 'dev_odex25_donation' branch!" + exit 1 + fi + + # ✅ Master Branches + if [[ "${{ github.base_ref }}" == "master_odex-event" && "${{ github.head_ref }}" != "preprod_odex-event" ]]; then + echo "::error ::You can only merge to 'master_odex-event' from 'preprod_odex-event' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_accounting" && "${{ github.head_ref }}" != "preprod_odex25_accounting" ]]; then + echo "::error ::You can only merge to 'master_odex25_accounting' from 'preprod_odex25_accounting' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_base" && "${{ github.head_ref }}" != "preprod_odex25_base" ]]; then + echo "::error ::You can only merge to 'master_odex25_base' from 'preprod_odex25_base' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_dms" && "${{ github.head_ref }}" != "preprod_odex25_dms" ]]; then + echo "::error ::You can only merge to 'master_odex25_dms' from 'preprod_odex25_dms' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_fleet" && "${{ github.head_ref }}" != "preprod_odex25_fleet" ]]; then + echo "::error ::You can only merge to 'master_odex25_fleet' from 'preprod_odex25_fleet' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_hr" && "${{ github.head_ref }}" != "preprod_odex25_hr" ]]; then + echo "::error ::You can only merge to 'master_odex25_hr' from 'preprod_odex25_hr' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_inventory" && "${{ github.head_ref }}" != "preprod_odex25_inventory" ]]; then + echo "::error ::You can only merge to 'master_odex25_inventory' from 'preprod_odex25_inventory' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_maintenance" && "${{ github.head_ref }}" != "preprod_odex25_maintenance" ]]; then + echo "::error ::You can only merge to 'master_odex25_maintenance' from 'preprod_odex25_maintenance' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_mobile" && "${{ github.head_ref }}" != "preprod_odex25_mobile" ]]; then + echo "::error ::You can only merge to 'master_odex25_mobile' from 'preprod_odex25_mobile' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_pos" && "${{ github.head_ref }}" != "preprod_odex25_pos" ]]; then + echo "::error ::You can only merge to 'master_odex25_pos' from 'preprod_odex25_pos' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_project" && "${{ github.head_ref }}" != "preprod_odex25_project" ]]; then + echo "::error ::You can only merge to 'master_odex25_project' from 'preprod_odex25_project' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_purchase" && "${{ github.head_ref }}" != "preprod_odex25_purchase" ]]; then + echo "::error ::You can only merge to 'master_odex25_purchase' from 'preprod_odex25_purchase' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_realstate" && "${{ github.head_ref }}" != "preprod_odex25_realstate" ]]; then + echo "::error ::You can only merge to 'master_odex25_realstate' from 'preprod_odex25_realstate' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_sales" && "${{ github.head_ref }}" != "preprod_odex25_sales" ]]; then + echo "::error ::You can only merge to 'master_odex25_sales' from 'preprod_odex25_sales' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_survey" && "${{ github.head_ref }}" != "preprod_odex25_survey" ]]; then + echo "::error ::You can only merge to 'master_odex25_survey' from 'preprod_odex25_survey' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_transactions" && "${{ github.head_ref }}" != "preprod_odex25_transactions" ]]; then + echo "::error ::You can only merge to 'master_odex25_transactions' from 'preprod_odex25_transactions' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_website" && "${{ github.head_ref }}" != "preprod_odex25_website" ]]; then + echo "::error ::You can only merge to 'master_odex25_website' from 'preprod_odex25_website' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_openeducat_erp-14.0.1.0" && "${{ github.head_ref }}" != "preprod_openeducat_erp-14.0.1.0" ]]; then + echo "::error ::You can only merge to 'master_openeducat_erp-14.0.1.0' from 'preprod_openeducat_erp-14.0.1.0' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_ensan" && "${{ github.head_ref }}" != "preprod_odex25_ensan" ]]; then + echo "::error ::You can only merge to 'master_odex25_ensan' from 'preprod_odex25_ensan' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_helpdesk" && "${{ github.head_ref }}" != "preprod_odex25_helpdesk" ]]; then + echo "::error ::You can only merge to 'master_odex25_helpdesk' from 'preprod_odex25_helpdesk' branch!" + exit 1 + fi + + if [[ "${{ github.base_ref }}" == "master_odex25_donation" && "${{ github.head_ref }}" != "preprod_odex25_donation" ]]; then + echo "::error ::You can only merge to 'master_odex25_donation' from 'preprod_odex25_donation' branch!" + exit 1 + fi + + + # ❌ Block ALL merges to 'master' if [[ "${{ github.base_ref }}" == "master" ]]; then - echo "::error ::Direct merges to 'master' are blocked!" + echo "::error ::Merging to 'master' branch is not allowed!" exit 1 fi - echo "✅ Merge validation passed." - - lint: - runs-on: app-sever-project-runner - if: ${{ github.event.pull_request.changed_files > 0 }} - concurrency: - group: linting-${{ github.head_ref }} - cancel-in-progress: true - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Run linter (example: YAML lint) - run: | - echo "Running linter only on changed files..." - # Example: yamllint . --strict - echo "✅ Linting complete." \ No newline at end of file + echo "Merge validation passed." \ No newline at end of file