From 7fffb045dbfa77dd2e76d095786b1e70af19da95 Mon Sep 17 00:00:00 2001
From: Chris Park <chris.park@aligent.com.au>
Date: Mon, 12 May 2025 12:12:04 +0930
Subject: [PATCH 1/2] DO-1857: prevent package release off non-main branches

---
 .github/workflows/release.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d0d6b378..14ce9bbe 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,6 +12,13 @@ jobs:
     name: 🚀 Publish to NPM
     runs-on: ubuntu-latest
     steps:
+      - name: check branch/release constraint
+        run: |
+          if [[ ${{ github.event.release.target_commitish }} != 'main' ]]; then
+            echo "Any release must be from the main branch. Aborting."
+            exit 1
+          fi
+
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.release.target_commitish }}

From 2b13f1dabbd90cfda7b9f046363b856bffcd5f8a Mon Sep 17 00:00:00 2001
From: Chris Park <chris.park@aligent.com.au>
Date: Mon, 12 May 2025 12:27:26 +0930
Subject: [PATCH 2/2] DO-1857: use if conditional for better readability

---
 .github/workflows/release.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 14ce9bbe..611236c0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,11 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check branch/release constraint
+        if: github.event.release.target_commitish != 'main'
         run: |
-          if [[ ${{ github.event.release.target_commitish }} != 'main' ]]; then
-            echo "Any release must be from the main branch. Aborting."
-            exit 1
-          fi
+          echo "Any release must be from the main branch. Aborting."
+          exit 1
 
       - uses: actions/checkout@v4
         with: