diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index efff90e16..80dd2d4d4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -45,14 +45,40 @@ jobs: runs-on: ubuntu-latest environment: protected branches steps: - - name: Verify branch + - name: Verify release ref run: | - if [ "${GITHUB_REF}" != "refs/heads/main" ]; then - echo "❌ Error: Releases can only be triggered from main branch" + if [ "${GITHUB_REF_TYPE}" != "branch" ]; then + echo "❌ Error: Releases can only be triggered from branches" echo "Current ref: ${GITHUB_REF}" exit 1 fi + if [ "${GITHUB_REF_NAME}" = "main" ]; then + echo "✅ Official and pre-release releases are allowed from main" + exit 0 + fi + + case "${INPUTS_VERSION}" in + prepatch|preminor|premajor) + ;; + *) + echo "❌ Error: Official releases can only be triggered from main branch" + echo "Current branch: ${GITHUB_REF_NAME}" + echo "Requested version bump: ${INPUTS_VERSION}" + exit 1 + ;; + esac + + if [ -z "${INPUTS_PRERELEASE_TYPE}" ]; then + echo "❌ Error: Branch releases must specify prerelease_type as alpha, beta, or rc" + exit 1 + fi + + echo "✅ Pre-release branch release allowed from ${GITHUB_REF_NAME}" + env: + INPUTS_VERSION: ${{ inputs.version }} + INPUTS_PRERELEASE_TYPE: ${{ inputs.prerelease_type }} + - name: Confirm major release if: ${{ inputs.version == 'major' || inputs.version == 'premajor' }} run: | @@ -294,7 +320,7 @@ jobs: id: push-tag run: | git tag "v${STEPS_NEW_VERSION_OUTPUTS_VERSION}" - git push origin main + git push origin "HEAD:${GITHUB_REF_NAME}" git push origin "v${STEPS_NEW_VERSION_OUTPUTS_VERSION}" env: STEPS_NEW_VERSION_OUTPUTS_VERSION: ${{ steps.new-version.outputs.version }}