chore(runway): cherry-pick fix: validate type of security data in token details and fetch when necessary cp-7.76.0 #92
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Block stable-sync to release PRs | |
| on: | |
| pull_request: | |
| types: [opened, reopened, synchronize, edited] | |
| branches: | |
| - 'release/*' | |
| jobs: | |
| check-branch: | |
| name: Block stable-sync-* to release/* | |
| # Pre-filter: only spin up runner for branches starting with 'stable-sync-' | |
| # This saves runner time for most PRs while still doing exact regex check below | |
| if: startsWith(github.head_ref, 'stable-sync-') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check exact branch pattern | |
| env: | |
| SOURCE_BRANCH: ${{ github.head_ref }} | |
| TARGET_BRANCH: ${{ github.base_ref }} | |
| run: | | |
| # Check if source branch matches stable-sync-* targeting release/X.Y.Z | |
| if [[ "$TARGET_BRANCH" =~ ^release/[0-9]+\.[0-9]+\.[0-9]+$ && "$SOURCE_BRANCH" =~ ^stable-sync- ]]; then | |
| echo "❌ ERROR: Manual merge from stable-sync-* branches to release/* is not allowed!" | |
| echo "Source branch '$SOURCE_BRANCH' matches the blocked pattern." | |
| echo "These branches should only be merged via automated workflows, comment 'Merge my PR' to merge." | |
| exit 1 | |
| fi | |
| echo "✅ Branch check passed" |