.github/workflows/enforce-branch-policy.yml

@@ -0,0 +1,49 @@
+name: Enforce Branch Protection
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  enforce:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch protection status
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const { data: pr } = await github.rest.pulls.get({
+              ...context.repo,
+              pull_number: context.payload.pull_request.number
+            });
+            
+            if (pr.head.ref === 'main') {
+              core.setFailed('Direct pushes to main branch are not allowed. Please create a feature branch.');
+            }
+            
+            const { data: status } = await github.rest.repos.getBranchProtection({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              branch: 'main'
+            });
+            
+            if (!status.required_status_checks || !status.required_status_checks.strict) {
+              core.setFailed('Branch protection rules are not properly configured');
+            }
+            
+            const { data: reviews } = await github.rest.pulls.getReviews({
+              ...context.repo,
+              pull_number: context.payload.pull_request.number
+            });
+            
+            if (reviews.filter(r => r.state === 'APPROVED').length < 1) {
+              core.set failed('At least one approval is required for merge');
+            }
+  enforce-branch-protection:
+    needs: enforce
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch protection status
+        run: |
+          # Add custom branch protection checks here
+          echo "Branch protection enforced"