Add or update block_reserved_branches workflow

2025-07-10 23:16:04 +03:00 · 2025-07-10 23:16:04 +03:00 · 7b9548eb75
parent 57ecb7206b
commit 7b9548eb75
1 changed files with 99 additions and 0 deletions
--- a/.github/workflows/block_reserved_branches.yml
+++ b/.github/workflows/block_reserved_branches.yml
@ -0,0 +1,99 @@
+# Author: Ahmad Samir <a.atta@exp-sa.com>
+name: Block Reserved Branches
+
+on:
+  create:
+    branches:
+      - '**'
+
+jobs:
+  block-reserved-branches:
+    runs-on: app-sever-project-runner
+    steps:
+      - name: Check for reserved or pattern-matching branch names
+        env:
+          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH_NAME: ${{ github.ref_name }}
+        run: |
+          RESERVED_NAMES=(
+            master
+            dev_odex25_accounting
+            dev_odex25_base
+            dev_odex25_dms
+            dev_odex25_donation
+            dev_odex25_ensan
+            dev_odex25_fleet
+            dev_odex25_helpdesk
+            dev_odex25_hr
+            dev_odex25_inventory
+            dev_odex25_maintenance
+            dev_odex25_mobile
+            dev_odex25_pos
+            dev_odex25_project
+            dev_odex25_purchase
+            dev_odex25_realstate
+            dev_odex25_sales
+            dev_odex25_survey
+            dev_odex25_transactions
+            dev_odex25_website
+            dev_odex-event
+            dev_openeducat_erp-14.0.1.0
+            master_odex25_accounting
+            master_odex25_base
+            master_odex25_dms
+            master_odex25_donation
+            master_odex25_ensan
+            master_odex25_fleet
+            master_odex25_helpdesk
+            master_odex25_hr
+            master_odex25_inventory
+            master_odex25_maintenance
+            master_odex25_mobile
+            master_odex25_pos
+            master_odex25_project
+            master_odex25_purchase
+            master_odex25_realstate
+            master_odex25_sales
+            master_odex25_survey
+            master_odex25_transactions
+            master_odex25_website
+            master_odex-event
+            master_openeducat_erp-14.0.1.0
+            preprod_odex25_accounting
+            preprod_odex25_base
+            preprod_odex25_dms
+            preprod_odex25_donation
+            preprod_odex25_ensan
+            preprod_odex25_fleet
+            preprod_odex25_helpdesk
+            preprod_odex25_hr
+            preprod_odex25_inventory
+            preprod_odex25_maintenance
+            preprod_odex25_mobile
+            preprod_odex25_pos
+            preprod_odex25_project
+            preprod_odex25_purchase
+            preprod_odex25_realstate
+            preprod_odex25_sales
+            preprod_odex25_survey
+            preprod_odex25_transactions
+            preprod_odex25_website
+            preprod_odex-event
+            preprod_openeducat_erp-14.0.1.0
+          )
+          # Check if branch is an exact reserved name
+          for reserved in "${RESERVED_NAMES[@]}"; do
+            if [[ "$BRANCH_NAME" == "$reserved" ]]; then
+              echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..."
+              curl -s -X DELETE                 -H "Authorization: token $GH_TOKEN"                 https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
+              exit 1
+            fi
+          done
+          # Check if branch name matches restricted patterns
+          if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then
+            echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..."
+            curl -s -X DELETE               -H "Authorization: token $GH_TOKEN"               https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
+            exit 1
+          fi
+          echo "✅ Branch '$BRANCH_NAME' is allowed."