From e7694ec19892a42ab0a7e3b940617a12e96b9c1f Mon Sep 17 00:00:00 2001
From: anaiberta <aberta@genexus.com>
Date: Sun, 15 Mar 2026 19:51:43 -0300
Subject: [PATCH] Add default branch validation to release workflow #180

Prevent workflow execution from non-default branches.
---
 .github/workflows/create-release-branch.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/create-release-branch.yml b/.github/workflows/create-release-branch.yml
index a49252378..59982014b 100644
--- a/.github/workflows/create-release-branch.yml
+++ b/.github/workflows/create-release-branch.yml
@@ -26,6 +26,16 @@ jobs:
     name: Validate permissions
     runs-on: ubuntu-latest
     steps:
+      - name: Check default branch
+        env:
+          REF: ${{ github.ref_name }}
+          DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+        run: |
+          if [ "$REF" != "$DEFAULT_BRANCH" ]; then
+            echo "::error::This workflow can only be run from the default branch (${DEFAULT_BRANCH}), but was triggered from '${REF}'."
+            exit 1
+          fi
+
       - name: Check admin permission
         env:
           GH_TOKEN: ${{ github.token }}