Merge pull request #7 from Dev-LotusStudio/Referix-patch-1

Update gradle-publish.yml

Author: Referix

.github/workflows/gradle-publish.yml

@@ -5,25 +5,72 @@ on:
     branches:
       - dev
       - release
+  pull_request:
+    branches:
+      - dev
+      - release
 
 permissions:
   contents: write
 
 jobs:
 
+  validate-pr:
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate PR rules
+        run: |
+          base="${{ github.event.pull_request.base.ref }}"
+          head="${{ github.event.pull_request.head.ref }}"
+
+          echo "Checking PR: $head → $base"
+
+          # ✅ У release можна тільки з dev
+          if [[ "$base" == "release" && "$head" != "dev" ]]; then
+            echo "❌ Only 'dev' can be merged into 'release'."
+            exit 1
+          fi
+
+          # ✅ У dev можна з будь-якої гілки
+          if [[ "$base" == "dev" ]]; then
+            echo "✅ Allowed: any → dev"
+            exit 0
+          fi
+
+          # ❌ Все інше заборонено
+          echo "❌ Pull requests allowed only into 'dev' (or dev → release)."
+          exit 1
+
   build:
+    if: github.event_name == 'push'
     runs-on: ubuntu-latest
     outputs:
       new_version: ${{ steps.bump_version.outputs.new }}
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
+      # 🚫 Перевірка пушів у release (дозволяється тільки merge з dev)
+      - name: Validate push rules
+        run: |
+          BRANCH="${GITHUB_REF##*/}"
+          if [ "$BRANCH" == "release" ]; then
+            COMMIT_MSG=$(git log -1 --pretty=%B)
+            if [[ ! "$COMMIT_MSG" =~ "Merge pull request" ]]; then
+              echo "❌ Direct pushes to release are not allowed. Only PR merges from dev."
+              exit 1
+            fi
+          fi
+          echo "✅ Push validation passed."
+
       - name: Set up JDK
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 17
+
       - name: Determine Version
         id: bump_version
         run: |
@@ -47,7 +94,7 @@ jobs:
             MAJOR=0; MINOR=0; PATCH=0
           fi
           echo "Parsed version: $MAJOR.$MINOR.$PATCH"
-          # Беремо коміти після тегу, якщо тег є
+          # Беремо коміти після тегу
           if [ -n "$LAST_TAG" ]; then
             COMMITS=$(git log "$LAST_TAG"..HEAD --pretty=format:"%s")
           else
@@ -64,21 +111,15 @@ jobs:
           # Збільшуємо версію
           case $BUMP in
             major)
-              MAJOR=$((MAJOR+1))
-              MINOR=0
-              PATCH=0
-              ;;
+              MAJOR=$((MAJOR+1)); MINOR=0; PATCH=0 ;;
             minor)
-              MINOR=$((MINOR+1))
-              PATCH=0
-              ;;
+              MINOR=$((MINOR+1)); PATCH=0 ;;
             patch)
-              PATCH=$((PATCH+1))
-              ;;
+              PATCH=$((PATCH+1)) ;;
           esac
 
           NEW_VERSION="$MAJOR.$MINOR.$PATCH"
-          # Для dev додаємо pre-release лічильник
+          # Для dev додаємо pre-release
           if [ "$BRANCH_NAME" == "dev" ]; then
             COUNT=$(git tag --list "v${NEW_VERSION}-dev.*" | wc -l | xargs)
             COUNT=${COUNT:-0}
@@ -90,8 +131,10 @@ jobs:
 
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
+
       - name: Build with Gradle
         run: ./gradlew build
+
       - name: Rename JAR with repo name and version
         run: |
           VERSION="${{ steps.bump_version.outputs.new }}"
@@ -104,6 +147,7 @@ jobs:
           NEW_JAR_NAME="${REPO_NAME}_v${VERSION}.jar"
           echo "Renaming $JAR_PATH -> $NEW_JAR_NAME"
           mv "$JAR_PATH" "build/libs/$NEW_JAR_NAME"
+
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         with: