diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0f92c961..7b5a834a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,6 +6,7 @@ on:
         description: "The branch to use to release from."
         required: true
         default: "main"
+
 jobs:
   release:
     name: Release to Maven Central
@@ -20,19 +21,23 @@ jobs:
           # We need a personal access token to be able to push to a protected branch
           token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
 
+      - name: Ensure release is from the master/main branch
+        if: ${{ github.event.inputs.branch != 'main' && github.event.inputs.branch != 'master' }}
+        run: |
+          echo "Releases can only be made from the master/main branch. Exiting."
+          exit 1
+
       - name: Set up JDK
         uses: actions/setup-java@v2
         with:
           distribution: 'adopt'
           java-version: '11'
           java-package: jdk
-          server-id: sonatype-nexus-staging # Value of the distributionManagement/repository/id field of the pom.xml
-          server-username: SONATYPE_USERNAME # env variable for username in deploy
-          server-password: SONATYPE_PASSWORD # env variable for token in deploy
-          # only signed artifacts will be released to maven central. this sets up things for the maven-gpg-plugin
-          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Value of the GPG private key to import
-          gpg-passphrase: GPG_PASSPHRASE # env variable for GPG private key passphrase
-          # this creates a settings.xml with the following server
+          server-id: sonatype-nexus-staging
+          server-username: SONATYPE_USERNAME
+          server-password: SONATYPE_PASSWORD
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: GPG_PASSPHRASE
           settings-path: ${{ github.workspace }}
 
       - name: Configure Git User