From f348b2dddffc751d85b8ef65120cb188b3616efa Mon Sep 17 00:00:00 2001
From: Jimisola Laursen <jimisola@jimisola.com>
Date: Sun, 8 Mar 2026 21:34:21 +0100
Subject: [PATCH] fix: fix check_release workflow to actually validate releases

- Was a no-op: 'push' event never fires when called via workflow_call from release
- Validate bare semver tag format (e.g. 1.2.3, not v1.2.3)
- Validate release targets main, hotfix/*, or release/* branch

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/workflows/check_release.yml | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/check_release.yml b/.github/workflows/check_release.yml
index 6c35b4c..ef0c4d6 100644
--- a/.github/workflows/check_release.yml
+++ b/.github/workflows/check_release.yml
@@ -1,4 +1,4 @@
-name: Lint (black and flake8)
+name: Check Release
 on:
   workflow_call:
 
@@ -6,6 +6,16 @@ jobs:
   check-release:
     runs-on: ubuntu-latest
     steps:
-      - name: Check branch and tag
-        if: github.event_name == 'push' && !(github.ref == 'refs/heads/main' && startsWith(github.ref, 'refs/tags/v'))
-        run: exit 1
\ No newline at end of file
+      - name: Check tag format
+        run: |
+          if ! echo "${{ github.ref }}" | grep -qE '^refs/tags/[0-9]+\.[0-9]+\.[0-9]+'; then
+            echo "Tag must be a semver version like 1.2.3 (no v prefix)"
+            exit 1
+          fi
+      - name: Check branch
+        run: |
+          branch="${{ github.event.release.target_commitish }}"
+          if [[ "$branch" != "main" && "$branch" != hotfix/* && "$branch" != release/* ]]; then
+            echo "Release must target main, hotfix/*, or release/* branch (got: $branch)"
+            exit 1
+          fi