From 4aed6da2ea283e6df925a2fda93952a6ad1870fe Mon Sep 17 00:00:00 2001 From: WilcoLouwerse Date: Mon, 23 Mar 2026 20:07:34 +0100 Subject: [PATCH 1/4] fix(ci): inline branch-protection logic so check is named 'check-branch' The org-level ruleset requires a status check named 'check-branch'. The previous reusable workflow call produced 'protect / check-branch', which never satisfied the requirement. Inlining the logic with the job named 'check-branch' produces the exact name the ruleset expects. --- .github/workflows/branch-protection.yml | 40 +++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/.github/workflows/branch-protection.yml b/.github/workflows/branch-protection.yml index 67cdd60..51ccd76 100644 --- a/.github/workflows/branch-protection.yml +++ b/.github/workflows/branch-protection.yml @@ -5,6 +5,40 @@ on: branches: [main, beta] jobs: - protect: - uses: ConductionNL/.github/.github/workflows/branch-protection.yml@main - secrets: inherit + check-branch: + runs-on: ubuntu-latest + steps: + - name: Validate source branch + run: | + TARGET="${{ github.base_ref }}" + SOURCE="${{ github.head_ref }}" + + echo "PR: $SOURCE → $TARGET" + + if [[ "$TARGET" == "main" || "$TARGET" == "master" ]]; then + if [[ "$SOURCE" != "beta" ]] && ! [[ "$SOURCE" =~ ^hotfix ]]; then + echo "::error::Pull requests to main must come from 'beta' or a 'hotfix/*' branch." + echo "" + echo "Allowed patterns:" + echo " beta → main" + echo " hotfix/* → main" + echo "" + echo "Your branch '$SOURCE' does not match any allowed pattern." + exit 1 + fi + + elif [[ "$TARGET" == "beta" ]]; then + if [[ "$SOURCE" != "development" ]] && ! [[ "$SOURCE" =~ ^hotfix ]] && [[ "$SOURCE" != "main" ]] && [[ "$SOURCE" != "master" ]]; then + echo "::error::Pull requests to beta must come from 'development', 'main', or a 'hotfix/*' branch." + echo "" + echo "Allowed patterns:" + echo " development → beta" + echo " hotfix/* → beta" + echo " main → beta (backport)" + echo "" + echo "Your branch '$SOURCE' does not match any allowed pattern." + exit 1 + fi + fi + + echo "✓ Branch check passed: $SOURCE → $TARGET" From 94fb92367857cee72a963bab338fd95f31cb48bb Mon Sep 17 00:00:00 2001 From: WilcoLouwerse Date: Mon, 23 Mar 2026 20:08:11 +0100 Subject: [PATCH 2/4] Revert "fix(ci): inline branch-protection logic so check is named 'check-branch'" This reverts commit 4aed6da2ea283e6df925a2fda93952a6ad1870fe. --- .github/workflows/branch-protection.yml | 40 ++----------------------- 1 file changed, 3 insertions(+), 37 deletions(-) diff --git a/.github/workflows/branch-protection.yml b/.github/workflows/branch-protection.yml index 51ccd76..67cdd60 100644 --- a/.github/workflows/branch-protection.yml +++ b/.github/workflows/branch-protection.yml @@ -5,40 +5,6 @@ on: branches: [main, beta] jobs: - check-branch: - runs-on: ubuntu-latest - steps: - - name: Validate source branch - run: | - TARGET="${{ github.base_ref }}" - SOURCE="${{ github.head_ref }}" - - echo "PR: $SOURCE → $TARGET" - - if [[ "$TARGET" == "main" || "$TARGET" == "master" ]]; then - if [[ "$SOURCE" != "beta" ]] && ! [[ "$SOURCE" =~ ^hotfix ]]; then - echo "::error::Pull requests to main must come from 'beta' or a 'hotfix/*' branch." - echo "" - echo "Allowed patterns:" - echo " beta → main" - echo " hotfix/* → main" - echo "" - echo "Your branch '$SOURCE' does not match any allowed pattern." - exit 1 - fi - - elif [[ "$TARGET" == "beta" ]]; then - if [[ "$SOURCE" != "development" ]] && ! [[ "$SOURCE" =~ ^hotfix ]] && [[ "$SOURCE" != "main" ]] && [[ "$SOURCE" != "master" ]]; then - echo "::error::Pull requests to beta must come from 'development', 'main', or a 'hotfix/*' branch." - echo "" - echo "Allowed patterns:" - echo " development → beta" - echo " hotfix/* → beta" - echo " main → beta (backport)" - echo "" - echo "Your branch '$SOURCE' does not match any allowed pattern." - exit 1 - fi - fi - - echo "✓ Branch check passed: $SOURCE → $TARGET" + protect: + uses: ConductionNL/.github/.github/workflows/branch-protection.yml@main + secrets: inherit From c6e9faa366e3e2731cf1696af5c5c813c5d6631e Mon Sep 17 00:00:00 2001 From: WilcoLouwerse Date: Tue, 24 Mar 2026 12:48:06 +0100 Subject: [PATCH 3/4] fix: disable branch-protection check on main until org ruleset is updated MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The org ruleset requires context 'check-branch' but the reusable workflow reports 'protect / check-branch', blocking all beta → main PRs. Removing main from the workflow trigger as a workaround until the ruleset is fixed. --- .github/workflows/branch-protection.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/branch-protection.yml b/.github/workflows/branch-protection.yml index 67cdd60..2d72a93 100644 --- a/.github/workflows/branch-protection.yml +++ b/.github/workflows/branch-protection.yml @@ -2,7 +2,7 @@ name: Branch Protection on: pull_request: - branches: [main, beta] + branches: [beta] # main: disabled until ruleset check-branch context is fixed (should be 'protect / check-branch') jobs: protect: From 8593128993a1d5a669e6d255c6c9e7f4c06e4304 Mon Sep 17 00:00:00 2001 From: WilcoLouwerse Date: Tue, 24 Mar 2026 12:50:37 +0100 Subject: [PATCH 4/4] style: reformat branch list for readability --- .github/workflows/branch-protection.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/branch-protection.yml b/.github/workflows/branch-protection.yml index 2d72a93..8238c8a 100644 --- a/.github/workflows/branch-protection.yml +++ b/.github/workflows/branch-protection.yml @@ -2,7 +2,10 @@ name: Branch Protection on: pull_request: - branches: [beta] # main: disabled until ruleset check-branch context is fixed (should be 'protect / check-branch') + branches: [ + # main, #(disabled until ruleset check-branch context is fixed (should be 'protect / check-branch')) + beta + ] jobs: protect: