diff --git a/.github/workflows/branch-protection-checks.yml b/.github/workflows/branch-protection-checks.yml new file mode 100644 index 000000000..75417952d --- /dev/null +++ b/.github/workflows/branch-protection-checks.yml @@ -0,0 +1,25 @@ +name: Validate source branch + +on: + pull_request: + branches: + - main + - staging + +jobs: + check: + name: Incoming branch validation + runs-on: ubuntu-latest + steps: + - id: branch + name: Check branch name + run: | + GIT_BRANCH=${{ github.head_ref }} + if [[ "$GIT_BRANCH" =~ ^hotfix/*|^feature/*|^renovate/* ]]; + then + echo "'$GIT_BRANCH' is a permitted branch" + exit 0 + else + echo "'$GIT_BRANCH' is not a permitted branch" + exit 1 + fi diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml index 6e852bc50..312e227ac 100644 --- a/.github/workflows/build-and-push-image.yml +++ b/.github/workflows/build-and-push-image.yml @@ -62,6 +62,7 @@ jobs: else # Only main and staging branches can auto-deploy via push trigger # Exit with failure + echo "Only 'main' and 'staging' branches can be deployed via a push trigger" exit 1 fi fi @@ -70,7 +71,7 @@ jobs: - id: release name: Set release name run: | - RELEASE=${${{ steps.environment.outputs.environment }},,}-`date +%Y-%m-%d`.${{ github.run_number }} + RELEASE=${{ steps.environment.outputs.environment }}-`date +%Y-%m-%d`.${{ github.run_number }} echo "release=${RELEASE}" >> $GITHUB_OUTPUT deploy-image: diff --git a/renovate.json b/renovate.json index 152150c77..285874cc8 100644 --- a/renovate.json +++ b/renovate.json @@ -16,6 +16,7 @@ ], "timezone": "Europe/London", "minimumReleaseAge": "7 days", + "baseBranches": ["main", "staging"], "automergeSchedule": ["after 10am every weekday", "before 4pm every weekday"], "labels": ["dependencies", "renovate"], "vulnerabilityAlerts": {