Merge pull request #1147 from dnum-mi/tech/allow-merge-into-main-only-from-develop

laruiss · web-flow · commit 7b000bfce478 · 2025-11-04T18:37:44.000+01:00
ci: 🔒 ajoute workflow pour restreindre les merge vers main
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,5 @@
+## 🚨 Rappel
+
+> ⚠️ Toutes les PR doivent être ouvertes **vers `develop`** (jamais directement vers `main`).
+>
+> Si vous voyez `main` comme branche de destination, changez-la avant de soumettre la PR.
diff --git a/.github/workflows/check-merge-branch.yml b/.github/workflows/check-merge-branch.yml
@@ -0,0 +1,19 @@
+name: Enforce merge policy to main
+
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, reopened, synchronize, ready_for_review]
+
+jobs:
+  check-merge-source:
+    name: Verify source branch
+    runs-on: ubuntu-latest
+    steps:
+      - name: Ensure PR comes only from develop
+        if: github.head_ref != 'develop'
+        run: |
+          echo "❌ Cette PR ne peut pas être fusionnée directement dans main."
+          echo "➡️  Seule la branche 'develop' est autorisée à merger vers 'main'."
+          echo "Branche actuelle : '${{ github.head_ref }}'"
+          exit 1
diff --git a/.github/workflows/publish-release-beta.yml b/.github/workflows/publish-release-beta.yml
@@ -10,18 +10,22 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
-          always-auth: true
-          node-version: 18
+          node-version: 24
+          registry-url: 'https://registry.npmjs.org'
       - name: Install pnpm
-        run: npm i -g pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: latest
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_MININT_TOKEN }}
         run: pnpm run semantic-release
diff --git a/.github/workflows/publish-release-next.yml b/.github/workflows/publish-release-next.yml
@@ -10,18 +10,22 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
-          always-auth: true
-          node-version: 18
+          node-version: 24
+          registry-url: 'https://registry.npmjs.org'
       - name: Install pnpm
-        run: npm i -g pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: latest
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_MININT_TOKEN }}
         run: pnpm run semantic-release
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -2,7 +2,6 @@ name: Release
 on:
   push:
     branches:
-      - beta
       - main
 
 jobs:
@@ -11,18 +10,22 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
         with:
-          always-auth: true
-          node-version: 20.11
+          node-version: 24
+          registry-url: 'https://registry.npmjs.org'
       - name: Install pnpm
-        run: npm i -g pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: latest
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_MININT_TOKEN }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_MININT_TOKEN }}
         run: pnpm run semantic-release
diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
@@ -23,9 +23,11 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: 22
+          node-version: 24
       - name: Install pnpm
-        run: npm i -g pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: latest
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
       - name: Lint (show only errors)
diff --git a/.npmrc b/.npmrc
@@ -1,5 +1,5 @@
 @gouvminint:registry=https://registry.npmjs.com
-//registry.npmjs.com/:_authToken=${NPM_TOKEN}
+//registry.npmjs.com/:_authToken=${NODE_AUTH_TOKEN}
 always-auth=true
 legacy-peer-deps=true
 access=public
