Prevent or validate publish release?

I appreciate the create/publish release functionality, but there are steps it does not do that our organization requires. While this is true, having the GitHub web UI offer to create or publish releases incorrectly makes them an attractive nuisance. If any of our people make the mistake of using this functionality, they end up adding tags we need to remove (hopefully before they propagate).

Ideally, I’d like to be able to override the action that is invoked on create release as an organization-definable action, so that we can control what happens. My guess is that this may be possible, but I don’t see where the mechanism is documented?

Failing that, it would be helpful to be able to run an org-defined or even repo-defined validation action before any tagging or release-related steps are performed. This would allow us, for example, to validate that the release number given in the package.json actually matches the release tag we are giving, or perform other types of sanity checks prior to release.

If we can’t do that, then the create/publish release links/buttons are an invitation to error, and we would really like a way to disable them so that people don’t use them incorrectly.

My preference is to make them work correctly, but I’d settle for preventing them from working incorrectly.

What options do we have around this?

I thought of a workaround (sort of), but it involves a race condition.

It appears that the github “publish” action basically adds a tag with an annotation and triggers a “publish” event. After this, workflow takes over as needed. It would be possible to set up a workflow such that the version number in the package.json is compared to the tag, and delete the tag (and quit the workflow) if they don’t match as expected.

The problem with this is that somebody could do a git pull, fetching the tag, in the window of time before the invalid version tag is deleted.

I feel like I’m missing something screamingly obvious here. What actually happens if the tag name in the “publish a release” page is left blank?