From 9e0a73e355bef7ec6299b68ca09c194d1e1937da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D8=B4=D8=B1=D9=83=D8=A9=20=D8=AE=D8=A8=D9=8A=D8=B1=20?= =?UTF-8?q?=D8=A7=D9=84=D9=85=D8=AD=D8=AF=D9=88=D8=AF=D8=A9?= Date: Sat, 22 Nov 2025 04:13:25 +0200 Subject: [PATCH] Update github action file --- .github/workflows/block_reserved_branches.yml | 62 ++++++++++++++++--- 1 file changed, 55 insertions(+), 7 deletions(-) diff --git a/.github/workflows/block_reserved_branches.yml b/.github/workflows/block_reserved_branches.yml index 308ba4805..93e7f1fbf 100644 --- a/.github/workflows/block_reserved_branches.yml +++ b/.github/workflows/block_reserved_branches.yml @@ -1,4 +1,3 @@ -# Author: Ahmad Samir name: Block Reserved Branches on: @@ -9,13 +8,53 @@ on: jobs: block-reserved-branches: runs-on: app-sever-project-runner + steps: - - name: Check for reserved or pattern-matching branch names + - name: Validate branch creator + reserved names env: GH_TOKEN: ${{ secrets.GH_TOKEN }} REPO: ${{ github.repository }} BRANCH_NAME: ${{ github.ref_name }} + CREATOR: ${{ github.actor }} run: | + echo "Branch: $BRANCH_NAME" + echo "Creator: $CREATOR" + + ####################################################### + # 🟦 1) Allowed Users List + ####################################################### + ALLOWED_USERS=( + "expsa" + "ronozoro" + "Abubaker-Altaib" + "altexp" + "the5abir" + "ahmadaking" + "kchyounes19" + "abdurrahman-saber" + ) + + IS_ALLOWED="false" + for user in "${ALLOWED_USERS[@]}"; do + if [[ "$CREATOR" == "$user" ]]; then + IS_ALLOWED="true" + break + fi + done + + if [[ "$IS_ALLOWED" == "false" ]]; then + echo "❌ User '$CREATOR' is NOT allowed to create branches. Deleting..." + curl -s -X DELETE \ + -H "Authorization: token $GH_TOKEN" \ + https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME + exit 1 + fi + + echo "✔ User '$CREATOR' is allowed." + + ####################################################### + # 🟦 2) Reserved Branch Names (Your Existing List) + ####################################################### RESERVED_NAMES=( master dev_odex25_accounting @@ -82,18 +121,27 @@ jobs: preprod_odex-event preprod_openeducat_erp-14.0.1.0 ) - # Check if branch is an exact reserved name + + # Exact match for reserved in "${RESERVED_NAMES[@]}"; do if [[ "$BRANCH_NAME" == "$reserved" ]]; then echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..." - curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME + curl -s -X DELETE \ + -H "Authorization: token $GH_TOKEN" \ + https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME exit 1 fi done - # Check if branch name matches restricted patterns + + ####################################################### + # 🟦 3) Pattern-based Restriction + ####################################################### if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..." - curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME + curl -s -X DELETE \ + -H "Authorization: token $GH_TOKEN" \ + https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME exit 1 fi - echo "✅ Branch '$BRANCH_NAME' is allowed." \ No newline at end of file + + echo "✅ Branch '$BRANCH_NAME' is allowed."