name: Block Reserved Branches on: create: branches: - '**' jobs: block-reserved-branches: runs-on: app-sever-project-runner steps: - name: Validate branch creator + reserved names env: GH_TOKEN: ${{ secrets.GH_TOKEN }} REPO: ${{ github.repository }} BRANCH_NAME: ${{ github.ref_name }} CREATOR: ${{ github.actor }} run: | echo "Branch: $BRANCH_NAME" echo "Creator: $CREATOR" ####################################################### # 🟦 1) Allowed Users List ####################################################### ALLOWED_USERS=( "expsa" "moutazmuhammad" "ronozoro" "Abubaker-Altaib" "altexp" "the5abir" "ahmadaking" "kchyounes19" "abdurrahman-saber" "maltayyar2" ) IS_ALLOWED="false" for user in "${ALLOWED_USERS[@]}"; do if [[ "$CREATOR" == "$user" ]]; then IS_ALLOWED="true" break fi done if [[ "$IS_ALLOWED" == "false" ]]; then echo "❌ User '$CREATOR' is NOT allowed to create branches. Deleting..." curl -s -X DELETE \ -H "Authorization: token $GH_TOKEN" \ https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME exit 1 fi echo "✔ User '$CREATOR' is allowed." ####################################################### # 🟦 2) Reserved Branch Names (Your Existing List) ####################################################### RESERVED_NAMES=( master dev_odex25_accounting dev_odex25_base dev_odex25_dms dev_odex25_donation dev_odex25_ensan dev_odex25_fleet dev_odex25_helpdesk dev_odex25_hr dev_odex25_inventory dev_odex25_maintenance dev_odex25_mobile dev_odex25_pos dev_odex25_project dev_odex25_purchase dev_odex25_realstate dev_odex25_sales dev_odex25_survey dev_odex25_transactions dev_odex25_website dev_odex-event dev_openeducat_erp-14.0.1.0 master_odex25_accounting master_odex25_base master_odex25_dms master_odex25_donation master_odex25_ensan master_odex25_fleet master_odex25_helpdesk master_odex25_hr master_odex25_inventory master_odex25_maintenance master_odex25_mobile master_odex25_pos master_odex25_project master_odex25_purchase master_odex25_realstate master_odex25_sales master_odex25_survey master_odex25_transactions master_odex25_website master_odex-event master_openeducat_erp-14.0.1.0 preprod_odex25_accounting preprod_odex25_base preprod_odex25_dms preprod_odex25_donation preprod_odex25_ensan preprod_odex25_fleet preprod_odex25_helpdesk preprod_odex25_hr preprod_odex25_inventory preprod_odex25_maintenance preprod_odex25_mobile preprod_odex25_pos preprod_odex25_project preprod_odex25_purchase preprod_odex25_realstate preprod_odex25_sales preprod_odex25_survey preprod_odex25_transactions preprod_odex25_website preprod_odex-event preprod_openeducat_erp-14.0.1.0 ) # Exact match for reserved in "${RESERVED_NAMES[@]}"; do if [[ "$BRANCH_NAME" == "$reserved" ]]; then echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..." curl -s -X DELETE \ -H "Authorization: token $GH_TOKEN" \ https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME exit 1 fi done ####################################################### # 🟦 3) Pattern-based Restriction ####################################################### if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..." curl -s -X DELETE \ -H "Authorization: token $GH_TOKEN" \ https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME exit 1 fi echo "✅ Branch '$BRANCH_NAME' is allowed."