From ba85576f990ae5eae1227107dccd4a7c8964f7b5 Mon Sep 17 00:00:00 2001
From: Nikita Grevtsov <n.a.grevtsov@gmail.com>
Date: Wed, 10 Dec 2025 20:12:02 +0500
Subject: [PATCH] =?UTF-8?q?ci:=20=D0=B4=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB?=
 =?UTF-8?q?=D0=B5=D0=BD=D1=8B=20=D0=BF=D1=80=D0=BE=D0=B2=D0=B5=D1=80=D0=BA?=
 =?UTF-8?q?=D0=B8=20=D0=BF=D1=80=D0=B8=20=D0=B7=D0=B0=D0=BF=D1=83=D1=81?=
 =?UTF-8?q?=D0=BA=D0=B5=20=D1=80=D0=B5=D0=BB=D0=B8=D0=B7=D0=BD=D0=BE=D0=B3?=
 =?UTF-8?q?=D0=BE=20=D0=B2=D0=BE=D1=80=D0=BA=D1=84=D0=BB=D0=BE=D1=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/npm-publish.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index 167abc9d..0d0c0b02 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -24,8 +24,26 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
 
 jobs:
+  check-permissions:
+    runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.ADD_TO_PROJECT_PAT }}
+    steps:
+      - name: Check Main Branch
+        if: github.ref != 'refs/heads/main'
+        run: |
+          echo "❌ Этот workflow может быть запущен только на основной ветке (main)"
+          exit 1
+
+      - name: Verify Release Team
+        run: |
+          if ! gh api "orgs/cdek-it/teams/react-native-release/memberships/$GITHUB_ACTOR" --silent 2>/dev/null; then
+            echo "❌ Этот workflow может быть запущен только участниками команды release"
+            exit 1
+          fi
   install:
     runs-on: ubuntu-latest
+    needs: check-permissions
     steps:
       - uses: actions/checkout@v6
       - uses: ./.github/actions/setup-node