From 0b85f6a41871fba62f1873bae33279427b66f9f9 Mon Sep 17 00:00:00 2001
From: maltayyar2 <M.Altayyar@exp-sa.com>
Date: Fri, 16 Jan 2026 00:01:56 +0300
Subject: [PATCH] ci: standardize workflows (Odoo 18) - Clean & Fix Remote URL

---
 .github/workflows/deploy-manager.yml       |  2 +-
 .github/workflows/restrict-pr-authors.yaml | 48 ++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/restrict-pr-authors.yaml

diff --git a/.github/workflows/deploy-manager.yml b/.github/workflows/deploy-manager.yml
index 9fd46b1..038f42e 100644
--- a/.github/workflows/deploy-manager.yml
+++ b/.github/workflows/deploy-manager.yml
@@ -119,7 +119,7 @@ jobs:
                  # Better to assume the setup script handles it, or handle it here:
                  cd "$TARGET_DIR"
                  git init
-                 git remote add origin git@github.com:hydracp9/odex30_standard.git
+                 git remote add origin git@github.com-odoo18:hydracp9/odex30_standard.git
             fi
             
             cd "$TARGET_DIR"
diff --git a/.github/workflows/restrict-pr-authors.yaml b/.github/workflows/restrict-pr-authors.yaml
new file mode 100644
index 0000000..3277fac
--- /dev/null
+++ b/.github/workflows/restrict-pr-authors.yaml
@@ -0,0 +1,48 @@
+name: Restrict PR Authors
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+    branches: 
+      - '**' # Apply to all PRs in this repo
+
+permissions:
+  pull-requests: write
+
+jobs:
+  check_pr_author:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate PR Author
+        uses: actions/github-script@v7
+        with:
+          script: |
+            // TODO: Add your team members here
+            const allowed = [
+              "hydracp9",
+              "eltayar", // Added for testing/dev
+              // "another-client-user"
+            ];
+
+            const prAuthor = context.payload.pull_request.user.login;
+
+            core.info(`PR Author: ${prAuthor}`);
+
+            if (!allowed.includes(prAuthor)) {
+              core.setFailed(`⛔ Unauthorized Access: User '${prAuthor}' is not in the allowed list.`);
+              
+              // Optional: Close the PR automatically
+              try {
+                 await github.rest.pulls.update({
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    pull_number: context.payload.pull_request.number,
+                    state: "closed"
+                 });
+                 core.info("PR has been closed automatically.");
+              } catch (e) {
+                 core.warning("Failed to close PR automatically.");
+              }
+            } else {
+              core.info("✅ Authorized.");
+            }