From 1e0a341b34b3a6aef1bc66a28c6c08eff3fd35b4 Mon Sep 17 00:00:00 2001
From: Alec Thomas <aat@block.xyz>
Date: Thu, 25 Jun 2026 10:11:35 +1000
Subject: [PATCH] feat: guard release against non-main and stale branches

---
 Justfile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/Justfile b/Justfile
index 1b53dde6..2f3f6cbd 100644
--- a/Justfile
+++ b/Justfile
@@ -55,6 +55,14 @@ build GOOS=(GOOS) GOARCH=(GOARCH):
 release:
     #!/usr/bin/env bash
     set -euo pipefail
+    branch="$(git rev-parse --abbrev-ref HEAD)"
+    if [ "${branch}" != "main" ]; then
+      echo "Releases must be tagged on main, not ${branch}"; exit 1
+    fi
+    git fetch origin main
+    if [ "$(git rev-parse HEAD)" != "$(git rev-parse origin/main)" ]; then
+      echo "Local main is not up to date with origin/main"; exit 1
+    fi
     next="$(svu next)"
     if [ "${next}" = "$(svu current 2>/dev/null)" ]; then
       echo "No releasable changes since ${next}"; exit 1