From 69d8decb01d4c437ace54a318432173d4fb75d3e Mon Sep 17 00:00:00 2001
From: Markus Unterwaditzer <markus-tarpit+git@unterwaditzer.net>
Date: Mon, 20 Apr 2026 22:01:08 +0200
Subject: [PATCH 1/2] doc: Add warning about version numbers

---
 .github/workflows/release-client.yml | 12 ++++++++++++
 README.md                            |  6 ++++++
 2 files changed, 18 insertions(+)

diff --git a/.github/workflows/release-client.yml b/.github/workflows/release-client.yml
index ff28ac51..9e7fc3cb 100644
--- a/.github/workflows/release-client.yml
+++ b/.github/workflows/release-client.yml
@@ -36,6 +36,18 @@ jobs:
         with:
           version: '0.8.2'
 
+      - name: Validate version number
+        run: |
+          VERSION="${{ github.event.inputs.version }}"
+          MAJOR=$(echo "$VERSION" | cut -d. -f1)
+          if [ "$MAJOR" -gt 26 ]; then
+            echo "Error: Version $VERSION is not allowed. Major version must be 26 or lower."
+            echo ""
+            echo "This is likely not the version you want to release, it looks like calver."
+            echo "See README.md for more information about versioning."
+            exit 1
+          fi
+
       - name: Prepare release
         uses: getsentry/craft@c6e2f04939b6ee67030588afbb5af76b127d8203 # v2
         env:
diff --git a/README.md b/README.md
index 7a4f79bc..a47076fb 100644
--- a/README.md
+++ b/README.md
@@ -101,6 +101,12 @@ See the [python client README](./clients/python/README.md) for more information.
 
 ### Releasing clients
 
+**Note:** Clients are separately released from the broker. The broker follows
+self-hosted style calver releases (`26.4.0`), and clients are released using
+regular semver (`0.1.8`). They share tags and release branches though, so the
+latest release you see on GitHub may not be the one you have to base your
+version number on.
+
 1. Use the [release client libraries workflow](https://github.com/getsentry/taskbroker/actions/workflows/release-client.yml)
 2. Choose 'Run workflow' and enter a version number in.
 3. This will use craft + getsentry/publish to add packages to both internal and public pypi.

From 512baf5aaa77e2247573f4e0784841b84e29c245 Mon Sep 17 00:00:00 2001
From: Markus Unterwaditzer <markus-tarpit+git@unterwaditzer.net>
Date: Mon, 20 Apr 2026 22:09:59 +0200
Subject: [PATCH 2/2] fix: Address PR review comments for version validation

- Use env variable to prevent script injection
- Change -gt to -ge to reject 26.x.x calver versions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .github/workflows/release-client.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release-client.yml b/.github/workflows/release-client.yml
index 9e7fc3cb..cb645bee 100644
--- a/.github/workflows/release-client.yml
+++ b/.github/workflows/release-client.yml
@@ -37,11 +37,12 @@ jobs:
           version: '0.8.2'
 
       - name: Validate version number
+        env:
+          VERSION: ${{ github.event.inputs.version }}
         run: |
-          VERSION="${{ github.event.inputs.version }}"
           MAJOR=$(echo "$VERSION" | cut -d. -f1)
-          if [ "$MAJOR" -gt 26 ]; then
-            echo "Error: Version $VERSION is not allowed. Major version must be 26 or lower."
+          if [ "$MAJOR" -ge 26 ]; then
+            echo "Error: Version $VERSION is not allowed. Major version must be below 26."
             echo ""
             echo "This is likely not the version you want to release, it looks like calver."
             echo "See README.md for more information about versioning."