odex25_standard/.github/workflows/restrict-pr-authors.yaml

name: Restrict PR Authors & Committers

permissions:
  contents: read
  pull-requests: write

on:
  pull_request:
    types: [opened, reopened, synchronize]
    branches:
      - dev_odex-event
      - dev_odex25_accounting
      - dev_odex25_base
      - dev_odex25_dms
      - dev_odex25_fleet
      - dev_odex25_hr
      - dev_odex25_inventory
      - dev_odex25_maintenance
      - dev_odex25_mobile
      - dev_odex25_pos
      - dev_odex25_project
      - dev_odex25_purchase
      - dev_odex25_realstate
      - dev_odex25_sales
      - dev_odex25_survey
      - dev_odex25_transactions
      - dev_odex25_website
      - dev_openeducat_erp-14.0.1.0
      - dev_odex25_benefit
      - dev_odex25_takaful
      - dev_odex25_helpdesk
      - dev_odex25_donation
      - dev_odex25_ensan

jobs:
  check_pr_author:
    runs-on: linting_odex25-standard-modules_runner

    steps:
      - name: Validate PR Author & Commit Authors
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GH_TOKEN }}
          script: |
            const allowed = [
              "expsa",
              "moutazmuhammad",
              "ronozoro",
              "Abubaker-Altaib",
              "altexp",
              "the5abir",
              "ahmadaking",
              "kchyounes19",
              "abdurrahman-saber",
              "maltayyar2",
              "esam-sermah",
              "mohammed-alkhazrji",
              "SamirLadoui-sa",
            ];

            const pr = context.payload.pull_request;
            const prAuthor = pr.user.login;
            const owner = context.repo.owner;
            const repo = context.repo.repo;

            core.info(`PR author: ${prAuthor}`);

            // Check PR author
            if (!allowed.includes(prAuthor)) {
              core.error(`Unauthorized PR author: ${prAuthor}. Closing PR...`);
              await github.rest.pulls.update({
                owner,
                repo,
                pull_number: pr.number,
                state: "closed"
              });
              return;
            }
            core.info("All PR authors are allowed.");            

# // Check commit authors
# const commitList = await github.rest.pulls.listCommits({
#   owner,
#   repo,
#   pull_number: pr.number
# });

# core.info("PR author is allowed.");

# // Uncomment below if you want to block unauthorized commit authors also
# /*
# for (const commit of commitList.data) {
#   const commitAuthor = commit.author ? commit.author.login : null;

#   if (commitAuthor && !allowed.includes(commitAuthor)) {
#     core.error(`Unauthorized commit author: ${commitAuthor}. Closing PR...`);

#     await github.rest.pulls.update({
#       owner,
#       repo,
#       pull_number: pr.number,
#       state: "closed"
#     });

#     return;
#   }
# }

# core.info("All PR authors and committers are allowed.");
# */