devops_admin
/
odex25_standard
mirror of https://github.com/hydracp9/odex25_standard
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
odex25_standard/.github/workflows/block_reserved_branches.yml

158 lines
5.1 KiB
YAML
Raw Blame History

name: Block Reserved Branches
on:
create:
branches:
- '**'
jobs:
block-reserved-branches:
runs-on: app-sever-project-runner
steps:
- name: Validate branch creator + reserved names
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
REPO: ${{ github.repository }}
BRANCH_NAME: ${{ github.ref_name }}
CREATOR: ${{ github.actor }}
run: |
echo "Branch: $BRANCH_NAME"
echo "Creator: $CREATOR"
#######################################################
# 🟦 1) Allowed Users List
#######################################################
ALLOWED_USERS=(
"expsa"
"moutazmuhammad"
"ronozoro"
"Abubaker-Altaib"
"altexp"
"the5abir"
"ahmadaking"
"kchyounes19"
"abdurrahman-saber"
"maltayyar2"
"esam-sermah"
"mohammed-alkhazrji"
)
IS_ALLOWED="false"
for user in "${ALLOWED_USERS[@]}"; do
if [[ "$CREATOR" == "$user" ]]; then
IS_ALLOWED="true"
break
fi
done
if [[ "$IS_ALLOWED" == "false" ]]; then
echo "❌ User '$CREATOR' is NOT allowed to create branches. Deleting..."
curl -s -X DELETE \
-H "Authorization: token $GH_TOKEN" \
https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
exit 1
fi
echo "✔ User '$CREATOR' is allowed."
#######################################################
# 🟦 2) Reserved Branch Names (Your Existing List)
#######################################################
RESERVED_NAMES=(
master
dev_odex25_accounting
dev_odex25_base
dev_odex25_dms
dev_odex25_donation
dev_odex25_fleet
dev_odex25_helpdesk
dev_odex25_hr
dev_odex25_inventory
dev_odex25_maintenance
dev_odex25_mobile
dev_odex25_pos
dev_odex25_project
dev_odex25_purchase
dev_odex25_realstate
dev_odex25_sales
dev_odex25_survey
dev_odex25_transactions
dev_odex25_website
dev_odex-event
dev_openeducat_erp-14.0.1.0
dev_odex25_benefit
dev_odex25_takaful
dev_odex25_ensan
master_odex25_accounting
master_odex25_base
master_odex25_dms
master_odex25_donation
master_odex25_fleet
master_odex25_helpdesk
master_odex25_hr
master_odex25_inventory
master_odex25_maintenance
master_odex25_mobile
master_odex25_pos
master_odex25_project
master_odex25_purchase
master_odex25_realstate
master_odex25_sales
master_odex25_survey
master_odex25_transactions
master_odex25_website
master_odex-event
master_openeducat_erp-14.0.1.0
master_odex25_benefit
master_odex25_takaful
master_odex25_ensan
preprod_odex25_accounting
preprod_odex25_base
preprod_odex25_dms
preprod_odex25_donation
preprod_odex25_fleet
preprod_odex25_helpdesk
preprod_odex25_hr
preprod_odex25_inventory
preprod_odex25_maintenance
preprod_odex25_mobile
preprod_odex25_pos
preprod_odex25_project
preprod_odex25_purchase
preprod_odex25_realstate
preprod_odex25_sales
preprod_odex25_survey
preprod_odex25_transactions
preprod_odex25_website
preprod_odex-event
preprod_openeducat_erp-14.0.1.0
preprod_odex25_benefit
preprod_odex25_takaful
preprod_odex25_ensan
)
# Exact match
for reserved in "${RESERVED_NAMES[@]}"; do
if [[ "$BRANCH_NAME" == "$reserved" ]]; then
echo "❌ Branch name '$BRANCH_NAME' is reserved. Deleting..."
curl -s -X DELETE \
-H "Authorization: token $GH_TOKEN" \
https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
exit 1
fi
done
#######################################################
# 🟦 3) Pattern-based Restriction
#######################################################
if [[ "$BRANCH_NAME" == master_* || "$BRANCH_NAME" == preprod_* || "$BRANCH_NAME" == dev_* ]]; then
echo "❌ Branch name '$BRANCH_NAME' matches restricted pattern. Deleting..."
curl -s -X DELETE \
-H "Authorization: token $GH_TOKEN" \
https://api.github.com/repos/$REPO/git/refs/heads/$BRANCH_NAME
exit 1
fi
echo "✅ Branch '$BRANCH_NAME' is allowed."
Reference in New Issue View Git Blame Copy Permalink