From e953d87f0715c60b1549da4f57199f4be2bd3fd1 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Sun, 28 Jun 2026 12:12:33 +0800 Subject: [PATCH] ci: add release/* branch source validation workflow (#19) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit release/* 仅接受 hotfix/* 或带 cherry-pick/backport 标签的 PR。 详见 iac_modules/docs/tldr-github-branch-model.md Co-authored-by: Haitao Pan Co-authored-by: Claude Opus 4.8 --- .github/workflows/validate-release-pr.yml | 44 +++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/validate-release-pr.yml diff --git a/.github/workflows/validate-release-pr.yml b/.github/workflows/validate-release-pr.yml new file mode 100644 index 0000000..7af7874 --- /dev/null +++ b/.github/workflows/validate-release-pr.yml @@ -0,0 +1,44 @@ +name: Validate Release PR + +# release/* 分支的发布策略门禁:仅接受 hotfix/* 或带 cherry-pick/backport 标签的 PR。 +# 详见 iac_modules/docs/tldr-github-branch-model.md +on: + pull_request_target: + types: [opened, synchronize, reopened, labeled, unlabeled] + +permissions: + contents: read + pull-requests: read + +jobs: + validate-release-source: + runs-on: ubuntu-latest + if: startsWith(github.base_ref, 'release/') + steps: + - name: Check PR source branch + run: | + SRC="${{ github.head_ref }}" + TGT="${{ github.base_ref }}" + LABELS="${{ join(github.event.pull_request.labels.*.name, ',') }}" + + echo "🔍 Validating PR into release branch" + echo " source: $SRC" + echo " target: $TGT" + echo " labels: $LABELS" + + if [[ "$SRC" =~ ^hotfix/ ]]; then + echo "✅ Allowed: hotfix/* branch" + exit 0 + fi + + if [[ "$LABELS" =~ (^|,)(cherry-pick|backport)(,|$) ]]; then + echo "✅ Allowed: cherry-pick/backport labeled PR" + exit 0 + fi + + echo "❌ Rejected." + echo "release/* 仅接受:" + echo " - 来自 hotfix/* 的 PR" + echo " - 带 cherry-pick 或 backport 标签的 PR(已验证 feature 的 backport/cherry-pick)" + echo "禁止从 main / develop / feature/* 直接合并到 release/*。" + exit 1