Add or update delete-merged-branches workflow

2025-07-10 23:09:19 +03:00 · 2025-07-10 23:09:19 +03:00 · 8bae0cbb70
parent 6792cb5a5c
commit 8bae0cbb70
1 changed files with 81 additions and 50 deletions
--- a/.github/workflows/delete-merged-branches.yml
+++ b/.github/workflows/delete-merged-branches.yml
@ -1,30 +1,34 @@
 # Author: Ahmad Samir <a.atta@exp-sa.com>
-name: Block Reserved Branches
+name: Auto Delete Branch After Merge

 on:
-  create:
-    branches:
-      - '**'
+  pull_request:
+    types: [closed]

 jobs:
-  block-reserved-branches:
-    runs-on: app-sever-project-runner
+  delete-merged-branch:
+    if: github.event.pull_request.merged == true
+    name: Delete Merged Branch
+    runs-on: linting_odex25-standard-modules_runner
+
    steps:
-      - name: Check for reserved or pattern-matching branch names
+      - name: Delete merged branch (with protection check and rules)
        env:
          GH_TOKEN: ${{ secrets.GH_TOKEN }}
          REPO: ${{ github.repository }}
-          BRANCH_NAME: ${{ github.ref_name }}
+          BASE_REF: ${{ github.event.pull_request.base.ref }}
+          HEAD_REF: ${{ github.event.pull_request.head.ref }}
        run: |
-          RESERVED_NAMES=(
+          echo "🔍 Base branch: $BASE_REF"
+          echo "🔍 Head branch: $HEAD_REF"
+
+          PROTECTED_BRANCHES=(
            master
+            dev_odex-event
            dev_odex25_accounting
            dev_odex25_base
            dev_odex25_dms
-            dev_odex25_donation
-            dev_odex25_ensan
            dev_odex25_fleet
-            dev_odex25_helpdesk
            dev_odex25_hr
            dev_odex25_inventory
            dev_odex25_maintenance
@ -37,36 +41,15 @@ jobs:
            dev_odex25_survey
            dev_odex25_transactions
            dev_odex25_website
-            dev_odex-event
            dev_openeducat_erp-14.0.1.0
-            master_odex25_accounting
-            master_odex25_base
-            master_odex25_dms
-            master_odex25_donation
-            master_odex25_ensan
-            master_odex25_fleet
-            master_odex25_helpdesk
-            master_odex25_hr
-            master_odex25_inventory
-            master_odex25_maintenance
-            master_odex25_mobile
-            master_odex25_pos
-            master_odex25_project
-            master_odex25_purchase
-            master_odex25_realstate
-            master_odex25_sales
-            master_odex25_survey
-            master_odex25_transactions
-            master_odex25_website
-            master_odex-event
-            master_openeducat_erp-14.0.1.0
+            dev_odex25_ensan
+            dev_odex25_helpdesk
+            dev_odex25_donation
+            preprod_odex-event
            preprod_odex25_accounting
            preprod_odex25_base
            preprod_odex25_dms
-            preprod_odex25_donation
-            preprod_odex25_ensan
            preprod_odex25_fleet
-            preprod_odex25_helpdesk
            preprod_odex25_hr
            preprod_odex25_inventory
            preprod_odex25_maintenance
@ -79,24 +62,72 @@ jobs:
            preprod_odex25_survey
            preprod_odex25_transactions
            preprod_odex25_website
-            preprod_odex-event
            preprod_openeducat_erp-14.0.1.0
+            preprod_odex25_ensan
+            preprod_odex25_helpdesk
+            preprod_odex25_donation
+            master_odex-event
+            master_odex25_accounting
+            master_odex25_base
+            master_odex25_dms
+            master_odex25_fleet
+            master_odex25_hr
+            master_odex25_inventory
+            master_odex25_maintenance
+            master_odex25_mobile
+            master_odex25_pos
+            master_odex25_project
+            master_odex25_purchase
+            master_odex25_realstate
+            master_odex25_sales
+            master_odex25_survey
+            master_odex25_transactions
+            master_odex25_website
+            master_openeducat_erp-14.0.1.0
+            master_odex25_ensan
+            master_odex25_helpdesk
+            master_odex25_donation
          )

-          # Check if branch is an exact reserved name
-          for reserved in "${RESERVED_NAMES[@]}"; do
-            if [[ "$BRANCH_NAME" == "$reserved" ]]; then
-              echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..."
-              curl -s -X DELETE                 -H "Authorization: token $GH_TOKEN"                 https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
-              exit 1
+          # Rule 1
+          if [[ "$HEAD_REF" == dev_* && "$BASE_REF" == preprod_* ]]; then
+            echo "🚫 Rule: Do not delete dev_* merged into preprod_*"
+            exit 0
+          fi
+
+          # Rule 2
+          if [[ "$HEAD_REF" == preprod_* && "$BASE_REF" == master_* ]]; then
+            echo "🚫 Rule: Do not delete preprod_* merged into master_*"
+            exit 0
+          fi
+
+          # Rule 3: Protected branches
+          for protected in "${PROTECTED_BRANCHES[@]}"; do
+            if [[ "$HEAD_REF" == "$protected" ]]; then
+              echo "🛡️ '$HEAD_REF' is a protected branch. Skipping deletion."
+              exit 0
            fi
          done

-          # Check if branch name matches restricted patterns
-          if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then
-            echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..."
-            curl -s -X DELETE               -H "Authorization: token $GH_TOKEN"               https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
-            exit 1
+          echo "✅ '$HEAD_REF' is eligible for deletion. Checking protection..."
+
+          PROTECTION_URL="https://api.github.com/repos/$REPO/branches/$HEAD_REF/protection"
+
+          PROTECTION_STATUS=$(curl -s -o /dev/null -w "%{http_code}"             -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL")
+
+          if [ "$PROTECTION_STATUS" -eq 200 ]; then
+            echo "🔓 Removing protection on '$HEAD_REF'..."
+            curl -s -X DELETE -H "Authorization: token $GH_TOKEN" "$PROTECTION_URL"
+          else
+            echo "ℹ️ No protection found for '$HEAD_REF' (HTTP $PROTECTION_STATUS)"
          fi

-          echo "✅ Branch '$BRANCH_NAME' is allowed."
+          echo "🧹 Attempting to delete branch '$HEAD_REF'..."
+          DELETE_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE             -H "Authorization: token $GH_TOKEN"             -H "Accept: application/vnd.github.v3+json"             https://api.github.com/repos/$REPO/git/refs/heads/$HEAD_REF)
+
+          if [ "$DELETE_STATUS" -eq 204 ]; then
+            echo "✅ Branch '$HEAD_REF' successfully deleted"
+          else
+            echo "❌ Failed to delete branch '$HEAD_REF' — HTTP $DELETE_STATUS"
+            exit 1
+          fi