name: Block Reserved Branches on: create: branches: - '**' jobs: block-reserved-branches: runs-on: app-sever-project-runner steps: - name: Validate branch creator + reserved names env: GH_TOKEN: ${{ secrets.GH_TOKEN }} REPO: ${{ github.repository }} BRANCH_NAME: ${{ github.ref_name }} CREATOR: ${{ github.actor }} run: | echo "Branch: $BRANCH_NAME" echo "Creator: $CREATOR" ####################################################### # 🟦 1) Allowed Users List ####################################################### # ALLOWED_USERS=( # "expsa" # "moutazmuhammad" # "ronozoro" # "Abubaker-Altaib" # "altexp" # "the5abir" # "ahmadaking" # "kchyounes19" # "abdurrahman-saber" # "maltayyar2" # "esam-sermah" # "mohammed-alkhazrji" # ) # IS_ALLOWED="false" # for user in "${ALLOWED_USERS[@]}"; do # if [[ "$CREATOR" == "$user" ]]; then # IS_ALLOWED="true" # break # fi # done # if [[ "$IS_ALLOWED" == "false" ]]; then # echo "❌ User '$CREATOR' is NOT allowed to create branches. Deleting..." # curl -s -X DELETE \ # -H "Authorization: token $GH_TOKEN" \ # https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME # exit 1 # fi # echo "✔ User '$CREATOR' is allowed." ####################################################### # 🟦 2) Reserved Branch Names (Your Existing List) ####################################################### RESERVED_NAMES=( master dev_odex25_accounting dev_odex25_base dev_odex25_dms dev_odex25_donation dev_odex25_fleet dev_odex25_helpdesk dev_odex25_hr dev_odex25_inventory dev_odex25_maintenance dev_odex25_mobile dev_odex25_pos dev_odex25_project dev_odex25_purchase dev_odex25_realstate dev_odex25_sales dev_odex25_survey dev_odex25_transactions dev_odex25_website dev_odex-event dev_openeducat_erp-14.0.1.0 dev_odex25_benefit dev_odex25_takaful dev_odex25_ensan master_odex25_accounting master_odex25_base master_odex25_dms master_odex25_donation master_odex25_fleet master_odex25_helpdesk master_odex25_hr master_odex25_inventory master_odex25_maintenance master_odex25_mobile master_odex25_pos master_odex25_project master_odex25_purchase master_odex25_realstate master_odex25_sales master_odex25_survey master_odex25_transactions master_odex25_website master_odex-event master_openeducat_erp-14.0.1.0 master_odex25_benefit master_odex25_takaful master_odex25_ensan preprod_odex25_accounting preprod_odex25_base preprod_odex25_dms preprod_odex25_donation preprod_odex25_fleet preprod_odex25_helpdesk preprod_odex25_hr preprod_odex25_inventory preprod_odex25_maintenance preprod_odex25_mobile preprod_odex25_pos preprod_odex25_project preprod_odex25_purchase preprod_odex25_realstate preprod_odex25_sales preprod_odex25_survey preprod_odex25_transactions preprod_odex25_website preprod_odex-event preprod_openeducat_erp-14.0.1.0 preprod_odex25_benefit preprod_odex25_takaful preprod_odex25_ensan ) # Exact match for reserved in "${RESERVED_NAMES[@]}"; do if [[ "$BRANCH_NAME" == "$reserved" ]]; then echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..." curl -s -X DELETE \ -H "Authorization: token $GH_TOKEN" \ https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME exit 1 fi done ####################################################### # 🟦 3) Pattern-based Restriction ####################################################### if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..." curl -s -X DELETE \ -H "Authorization: token $GH_TOKEN" \ https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME exit 1 fi echo "✅ Branch '$BRANCH_NAME' is allowed."