Add or update delete-merged-branches workflow

2025-07-10 20:49:26 +03:00 · 2025-07-10 20:49:26 +03:00 · 8794a69cbc
parent 71cff1e7bd
commit 8794a69cbc
1 changed files with 132 additions and 40 deletions
--- a/.github/workflows/delete-merged-branches.yml
+++ b/.github/workflows/delete-merged-branches.yml
@ -3,16 +3,16 @@

 on:
  pull_request:
-          types: [closed]  # triggers when PR is closed (merged or just closed)
+    types: [closed]

 jobs:
  delete-merged-branch:
    if: github.event.pull_request.merged == true
    name: Delete Merged Branch
-          runs-on: app-sever-project-runner  # your self-hosted runner
+    runs-on: app-sever-project-runner

    steps:
-            - name: Delete merged branch (with rules)
+      - name: Delete merged branch (with protection check and rules)
        env:
          GH_TOKEN: ${{ secrets.GH_TOKEN }}
          REPO: ${{ github.repository }}
@ -22,20 +22,112 @@
          echo "🔍 Base branch: $BASE_REF"
          echo "🔍 Head branch: $HEAD_REF"

-                # ❌ Do not delete dev_* merged into preprod_*
+          PROTECTED_BRANCHES=(
+            master
+            dev_odex-event
+            dev_odex25_accounting
+            dev_odex25_base
+            dev_odex25_dms
+            dev_odex25_fleet
+            dev_odex25_hr
+            dev_odex25_inventory
+            dev_odex25_maintenance
+            dev_odex25_mobile
+            dev_odex25_pos
+            dev_odex25_project
+            dev_odex25_purchase
+            dev_odex25_realstate
+            dev_odex25_sales
+            dev_odex25_survey
+            dev_odex25_transactions
+            dev_odex25_website
+            dev_openeducat_erp-14.0.1.0
+            dev_odex25_ensan
+            dev_odex25_helpdesk
+            dev_odex25_donation
+            preprod_odex-event
+            preprod_odex25_accounting
+            preprod_odex25_base
+            preprod_odex25_dms
+            preprod_odex25_fleet
+            preprod_odex25_hr
+            preprod_odex25_inventory
+            preprod_odex25_maintenance
+            preprod_odex25_mobile
+            preprod_odex25_pos
+            preprod_odex25_project
+            preprod_odex25_purchase
+            preprod_odex25_realstate
+            preprod_odex25_sales
+            preprod_odex25_survey
+            preprod_odex25_transactions
+            preprod_odex25_website
+            preprod_openeducat_erp-14.0.1.0
+            preprod_odex25_ensan
+            preprod_odex25_helpdesk
+            preprod_odex25_donation
+            master_odex-event
+            master_odex25_accounting
+            master_odex25_base
+            master_odex25_dms
+            master_odex25_fleet
+            master_odex25_hr
+            master_odex25_inventory
+            master_odex25_maintenance
+            master_odex25_mobile
+            master_odex25_pos
+            master_odex25_project
+            master_odex25_purchase
+            master_odex25_realstate
+            master_odex25_sales
+            master_odex25_survey
+            master_odex25_transactions
+            master_odex25_website
+            master_openeducat_erp-14.0.1.0
+            master_odex25_ensan
+            master_odex25_helpdesk
+            master_odex25_donation
+          )
+
+          # Rule 1
          if [[ "$HEAD_REF" == dev_* && "$BASE_REF" == preprod_* ]]; then
            echo "🚫 Rule: Do not delete dev_* merged into preprod_*"
            exit 0
          fi

-                # ❌ Do not delete preprod_* merged into master_*
+          # Rule 2
          if [[ "$HEAD_REF" == preprod_* && "$BASE_REF" == master_* ]]; then
            echo "🚫 Rule: Do not delete preprod_* merged into master_*"
            exit 0
          fi

-                echo "✅ Allowed to delete '$HEAD_REF' from '$REPO'"
+          # Rule 3: Protected branches
+          for protected in "${PROTECTED_BRANCHES[@]}"; do
+            if [[ "$HEAD_REF" == "$protected" ]]; then
+              echo "🛡️ '$HEAD_REF' is a protected branch. Skipping deletion."
+              exit 0
+            fi
+          done

-                curl -s -X DELETE                   -H "Authorization: token $GH_TOKEN"                   -H "Accept: application/vnd.github.v3+json"                   https://api.github.com/repos/$REPO/git/refs/heads/$HEAD_REF                   -w "
-🧹 Deleted branch '$HEAD_REF' from '$REPO' — HTTP %{http_code}
-"
+          echo "✅ '$HEAD_REF' is eligible for deletion. Checking protection..."
+
+          PROTECTION_URL="https://api.github.com/repos/$REPO/branches/$HEAD_REF/protection"
+
+          PROTECTION_STATUS=$(curl -s -o /dev/null -w "%{http_code}"             -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL")
+
+          if [ "$PROTECTION_STATUS" -eq 200 ]; then
+            echo "🔓 Removing protection on '$HEAD_REF'..."
+            curl -s -X DELETE -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL"
+          else
+            echo "ℹ️ No protection found for '$HEAD_REF' (HTTP $PROTECTION_STATUS)"
+          fi
+
+          echo "🧹 Attempting to delete branch '$HEAD_REF'..."
+          DELETE_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE             -H "Authorization: token $GH_TOKEN"             -H "Accept: application/vnd.github.v3+json"             https://api.github.com/repos/$REPO/git/refs/heads/$HEAD_REF)
+
+          if [ "$DELETE_STATUS" -eq 204 ]; then
+            echo "✅ Branch '$HEAD_REF' successfully deleted"
+          else
+            echo "❌ Failed to delete branch '$HEAD_REF' — HTTP $DELETE_STATUS"
+            exit 1
+          fi