OpenTermsArchive · Ndpnt · Jan 8, 2026 · Jan 8, 2026 · Jan 8, 2026 · Jan 8, 2026
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,7 +2,7 @@ name: Release
 
 on:
   pull_request_target:
-    branches: 
+    branches:
       - main
     types: [ closed ]
 
@@ -21,8 +21,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
+          ref: main
           token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }}
 
       - uses: actions/setup-node@v4
@@ -50,24 +51,17 @@ jobs:
           git commit -m "Release v${{ steps.release-changelog.outputs.version }}"
           git tag v${{ steps.release-changelog.outputs.version }}
 
-      - name: Run status checks for release commit on temporary branch # Use temporary branch to enable pushing commits to this branch protected by required status checks 
-        uses: CasperWA/push-protected@v2
-        with:
-          token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }}
-          branch: main
-          unprotect_reviews: true
-
-      - name: Update npm
-        run: npm install -g npm@latest
-
+      # Publish to NPM first, before pushing to repository
+      # If this fails, no changes are pushed to the repository, ensuring consistency
       - name: Publish to NPM public repository
         run: npm publish --provenance
 
+      # Only push to repository after successful NPM publish
       - name: Push changes to repository
-        run: git push origin && git push --tags
+        run: git push origin main && git push --tags
 
       - name: Create GitHub release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           tag_name: v${{ steps.release-changelog.outputs.version }}
           body: ${{ steps.release-changelog.outputs.content }}
@@ -88,6 +82,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
+          ref: main
           token: ${{ secrets.RELEASE_BOT_GITHUB_TOKEN }}
 
       - name: Configure Git author
@@ -101,4 +96,4 @@ jobs:
       - name: Save changelog
         run: |
           git commit -m "Clean changelog" CHANGELOG.md
-          git push origin
+          git push origin main
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All changes that impact users of this module are documented in this file, in the [Common Changelog](https://common-changelog.org) format with some additional specifications defined in the CONTRIBUTING file. This codebase adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Unreleased [no-release]
+
+_Modifications made in this changeset do not add, remove or alter any behavior, dependency, API or functionality of the software. They only change non-functional parts of the repository, such as the README file or CI workflows._
+
 ## 10.2.0 - 2026-01-08
 
 _Full changeset and discussions: [#1219](https://github.com/OpenTermsArchive/engine/pull/1219)._