Skip to content

feat(deps): Bump @actions/core to ^2.0.1#296

Merged
andreiborza merged 1 commit intomasterfrom
ab/bump-actions-core
Jan 2, 2026
Merged

feat(deps): Bump @actions/core to ^2.0.1#296
andreiborza merged 1 commit intomasterfrom
ab/bump-actions-core

Conversation

@andreiborza
Copy link
Member

@andreiborza andreiborza commented Jan 2, 2026

Ensures we get a newer version of undici with security fixes, see: #295

sentry[bot]
sentry bot reviewed Jan 2, 2026
View reviewed changes
action.yml
INPUT_DISABLE_TELEMETRY: ${{ inputs.disable_telemetry }}
INPUT_DISABLE_SAFE_DIRECTORY: ${{ inputs.disable_safe_directory }}
uses: docker://ghcr.io/getsentry/action-release-image:master
uses: docker://ghcr.io/getsentry/action-release-image:ab-bump-actions-core
Copy link

@sentry sentry bot Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The Docker image tag in action.yml was changed to a temporary branch name, ab-bump-actions-core, which will cause failures for users of this action after merge.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The Docker image tag in action.yml has been changed from the stable master tag to a branch-specific tag, ab-bump-actions-core. This change appears to be a development artifact that was unintentionally committed. While the CI for this pull request may build a temporary image with this tag, once merged, downstream users of this GitHub Action will have their workflows fail. Their systems will attempt to pull the ab-bump-actions-core image, which is not a persistent, production-ready tag and will likely not be available in the container registry, causing a docker pull failure.

💡 Suggested Fix

Revert the uses directive in action.yml to point back to the production Docker image tag, such as docker://ghcr.io/getsentry/action-release-image:master, before merging this pull request.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: action.yml#L170

Potential issue: The Docker image tag in `action.yml` has been changed from the stable
`master` tag to a branch-specific tag, `ab-bump-actions-core`. This change appears to be
a development artifact that was unintentionally committed. While the CI for this pull
request may build a temporary image with this tag, once merged, downstream users of this
GitHub Action will have their workflows fail. Their systems will attempt to pull the
`ab-bump-actions-core` image, which is not a persistent, production-ready tag and will
likely not be available in the container registry, causing a docker pull failure.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8101661

Copy link
Member Author

@andreiborza andreiborza Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is intended for testing, there's an action that runs to change this back to master on master.

@andreiborza andreiborza mentioned this pull request Jan 2, 2026
Closed
@andreiborza andreiborza merged commit 5b7eafe into master Jan 2, 2026
31 checks passed
@andreiborza andreiborza deleted the ab/bump-actions-core branch January 2, 2026 10:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@szokeasaurusrex szokeasaurusrex szokeasaurusrex approved these changes

@chargome chargome chargome approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@andreiborza @szokeasaurusrex @chargome