ci: npm-publish checks

grevtsovna · grevtsovna · commit ccb436ef5a43 · 2025-12-10T17:29:05.000+05:00
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
@@ -24,8 +24,31 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
 
 jobs:
+  check-permissions:
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Check Main Branch
+        if: github.ref != 'refs/heads/main'
+        run: |
+          echo "❌ Этот workflow может быть запущен только на основной ветке (main)"
+          exit 1
+
+      - name: Verify Release Team
+        run: |
+          RELEASE_TEAM_MEMBERS=$(gh api "orgs/cdek-it/teams/react-native-release/members" \
+            --jq 'map(.login)')
+
+          if ! echo "$RELEASE_TEAM_MEMBERS" | grep -q "$GITHUB_ACTOR"; then
+            echo "❌ Этот workflow может быть запущен только участниками команды release"
+            exit 1
+          fi
+
+      - run: exit 1
   install:
     runs-on: ubuntu-latest
+    needs: check-permissions
     steps:
       - uses: actions/checkout@v6
       - uses: ./.github/actions/setup-node
