50 lines
1.6 KiB
YAML
50 lines
1.6 KiB
YAML
name: Enforce Branch Protection
|
|
|
|
on:
|
|
pull_request:
|
|
types: [opened, synchronize]
|
|
|
|
jobs:
|
|
enforce:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check branch protection status
|
|
uses: actions/github-script@v6
|
|
with:
|
|
script: |
|
|
const { data: pr } = await github.rest.pulls.get({
|
|
...context.repo,
|
|
pull_number: context.payload.pull_request.number
|
|
});
|
|
|
|
if (pr.head.ref === 'main') {
|
|
core.setFailed('Direct pushes to main branch are not allowed. Please create a feature branch.');
|
|
}
|
|
|
|
const { data: status } = await github.rest.repos.getBranchProtection({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
branch: 'main'
|
|
});
|
|
|
|
if (!status.required_status_checks || !status.required_status_checks.strict) {
|
|
core.setFailed('Branch protection rules are not properly configured');
|
|
}
|
|
|
|
const { data: reviews } = await github.rest.pulls.getReviews({
|
|
...context.repo,
|
|
pull_number: context.payload.pull_request.number
|
|
});
|
|
|
|
if (reviews.filter(r => r.state === 'APPROVED').length < 1) {
|
|
core.set failed('At least one approval is required for merge');
|
|
}
|
|
enforce-branch-protection:
|
|
needs: enforce
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check branch protection status
|
|
run: |
|
|
# Add custom branch protection checks here
|
|
echo "Branch protection enforced"
|