From cad177146f941dc9f4e5da7088a22a919ae9d692 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D8=B4=D8=B1=D9=83=D8=A9=20=D8=AE=D8=A8=D9=8A=D8=B1=20?= =?UTF-8?q?=D8=A7=D9=84=D9=85=D8=AD=D8=AF=D9=88=D8=AF=D8=A9?= Date: Fri, 21 Nov 2025 23:59:15 +0200 Subject: [PATCH] Update github action file --- .github/workflows/restrict-pr-authors.yaml | 111 ++++++++++++++++++--- 1 file changed, 98 insertions(+), 13 deletions(-) diff --git a/.github/workflows/restrict-pr-authors.yaml b/.github/workflows/restrict-pr-authors.yaml index e7c26348c..4d92927ee 100644 --- a/.github/workflows/restrict-pr-authors.yaml +++ b/.github/workflows/restrict-pr-authors.yaml @@ -1,13 +1,12 @@ -# Author: Moutaz (restrict PR authors) -name: Restrict PR Authors +name: Restrict PR Authors & Committers permissions: contents: read pull-requests: write - + on: pull_request: - types: [opened, reopened] + types: [opened, reopened, synchronize] branches: - dev_odex-event - dev_odex25_accounting @@ -31,27 +30,113 @@ on: - dev_odex25_helpdesk - dev_odex25_donation + - preprod_odex-event + - preprod_odex25_accounting + - preprod_odex25_base + - preprod_odex25_dms + - preprod_odex25_fleet + - preprod_odex25_helpdesk + - preprod_odex25_hr + - preprod_odex25_inventory + - preprod_odex25_maintenance + - preprod_odex25_mobile + - preprod_odex25_pos + - preprod_odex25_project + - preprod_odex25_purchase + - preprod_odex25_realstate + - preprod_odex25_sales + - preprod_odex25_survey + - preprod_odex25_transactions + - preprod_odex25_website + - preprod_openeducat_erp-14.0.1.0 + - preprod_odex25_ensan + - preprod_odex25_donation + + - master_odex-event + - master_odex25_accounting + - master_odex25_base + - master_odex25_dms + - master_odex25_fleet + - master_odex25_helpdesk + - master_odex25_hr + - master_odex25_inventory + - master_odex25_maintenance + - master_odex25_mobile + - master_odex25_pos + - master_odex25_project + - master_odex25_purchase + - master_odex25_realstate + - master_odex25_sales + - master_odex25_survey + - master_odex25_transactions + - master_odex25_website + - master_openeducat_erp-14.0.1.0 + - master_odex25_ensan + - master_odex25_donation + jobs: validate: runs-on: linting_odex25-standard-modules_runner steps: - - name: Check PR Author + - name: Validate PR Author & Commit Authors uses: actions/github-script@v7 with: github-token: ${{ secrets.PR_CLOSE_TOKEN }} script: | - const allowed = ["expsa", "moutazmuhammad", "ronozoro", "Abubaker-Altaib", "altexp", "MohamedGad100", "the5abir", "esraa8mostafa", "zainab2097", "ahmadaking", "mohamed33", "mohammed-alkhazrji", "AwatifImam", "kchyounes19", "eslamtalaat744", "abuzaid4exp", "AbuzarExp", "yahyaDevelopOdoo", "MahmoudSalahEXP", "Nossibaelhadi"]; - const author = context.payload.pull_request.user.login; + const allowed = [ + "expsa", + "moutazmuhammad", + "ronozoro", + "Abubaker-Altaib", + "altexp", + "the5abir", + "ahmadaking", + "kchyounes19", + "abdurrahman-saber" + ]; - core.info(`PR Author: ${author}`); + const pr = context.payload.pull_request; + const prAuthor = pr.user.login; + const owner = context.repo.owner; + const repo = context.repo.repo; - if (!allowed.includes(author)) { - core.error(`User '${author}' is NOT allowed. Closing PR...`); + core.info(`PR author: ${prAuthor}`); + + // Check PR author + if (!allowed.includes(prAuthor)) { + core.error(`Unauthorized PR author: ${prAuthor}. Closing PR...`); await github.rest.pulls.update({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.payload.pull_request.number, + owner, + repo, + pull_number: pr.number, state: "closed" }); + return; } + + // Check commit authors + const commitList = await github.rest.pulls.listCommits({ + owner, + repo, + pull_number: pr.number + }); + + for (const commit of commitList.data) { + const commitAuthor = commit.author ? commit.author.login : null; + + if (commitAuthor && !allowed.includes(commitAuthor)) { + core.error(`Unauthorized commit author: ${commitAuthor}. Closing PR...`); + + await github.rest.pulls.update({ + owner, + repo, + pull_number: pr.number, + state: "closed" + }); + + return; + } + } + + core.info("All PR authors and committers are allowed.");