From b4aea8e36e320a8572da01aca18a443bf757809f Mon Sep 17 00:00:00 2001 From: GitHub Actions Bot Date: Thu, 10 Jul 2025 23:16:03 +0300 Subject: [PATCH] Add or update block_reserved_branches workflow --- .github/workflows/block_reserved_branches.yml | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 .github/workflows/block_reserved_branches.yml diff --git a/.github/workflows/block_reserved_branches.yml b/.github/workflows/block_reserved_branches.yml new file mode 100644 index 000000000..308ba4805 --- /dev/null +++ b/.github/workflows/block_reserved_branches.yml @@ -0,0 +1,99 @@ +# Author: Ahmad Samir +name: Block Reserved Branches + +on: + create: + branches: + - '**' + +jobs: + block-reserved-branches: + runs-on: app-sever-project-runner + steps: + - name: Check for reserved or pattern-matching branch names + env: + GH_TOKEN: ${{ secrets.GH_TOKEN }} + REPO: ${{ github.repository }} + BRANCH_NAME: ${{ github.ref_name }} + run: | + RESERVED_NAMES=( + master + dev_odex25_accounting + dev_odex25_base + dev_odex25_dms + dev_odex25_donation + dev_odex25_ensan + dev_odex25_fleet + dev_odex25_helpdesk + dev_odex25_hr + dev_odex25_inventory + dev_odex25_maintenance + dev_odex25_mobile + dev_odex25_pos + dev_odex25_project + dev_odex25_purchase + dev_odex25_realstate + dev_odex25_sales + dev_odex25_survey + dev_odex25_transactions + dev_odex25_website + dev_odex-event + dev_openeducat_erp-14.0.1.0 + master_odex25_accounting + master_odex25_base + master_odex25_dms + master_odex25_donation + master_odex25_ensan + master_odex25_fleet + master_odex25_helpdesk + master_odex25_hr + master_odex25_inventory + master_odex25_maintenance + master_odex25_mobile + master_odex25_pos + master_odex25_project + master_odex25_purchase + master_odex25_realstate + master_odex25_sales + master_odex25_survey + master_odex25_transactions + master_odex25_website + master_odex-event + master_openeducat_erp-14.0.1.0 + preprod_odex25_accounting + preprod_odex25_base + preprod_odex25_dms + preprod_odex25_donation + preprod_odex25_ensan + preprod_odex25_fleet + preprod_odex25_helpdesk + preprod_odex25_hr + preprod_odex25_inventory + preprod_odex25_maintenance + preprod_odex25_mobile + preprod_odex25_pos + preprod_odex25_project + preprod_odex25_purchase + preprod_odex25_realstate + preprod_odex25_sales + preprod_odex25_survey + preprod_odex25_transactions + preprod_odex25_website + preprod_odex-event + preprod_openeducat_erp-14.0.1.0 + ) + # Check if branch is an exact reserved name + for reserved in "${RESERVED_NAMES[@]}"; do + if [[ "$BRANCH_NAME" == "$reserved" ]]; then + echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..." + curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME + exit 1 + fi + done + # Check if branch name matches restricted patterns + if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then + echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..." + curl -s -X DELETE -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME + exit 1 + fi + echo "✅ Branch '$BRANCH_NAME' is allowed." \ No newline at end of file