From 7833606abb2d268a40e604e2d4282296329eb9a3 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Fri, 9 Jan 2026 18:02:22 +0000 Subject: [PATCH 01/14] ci(release): Switch from action-prepare-release to Craft This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions (reusable workflow or composite action). Changes: - Migrate .github/workflows/release.yml to Craft reusable workflow --- .github/workflows/changelog-preview.yml | 13 +++++++ .github/workflows/release.yml | 47 +++++-------------------- 2 files changed, 21 insertions(+), 39 deletions(-) create mode 100644 .github/workflows/changelog-preview.yml diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml new file mode 100644 index 000000000..1ed102130 --- /dev/null +++ b/.github/workflows/changelog-preview.yml @@ -0,0 +1,13 @@ +name: Changelog Preview +on: + pull_request: + types: + - opened + - synchronize + - reopened + - edited + - labeled +jobs: + changelog-preview: + uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0af8b42fa..22a94a9dc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,48 +1,17 @@ name: Release - on: workflow_dispatch: inputs: version: - description: Version to release - required: true + description: Version to release (or "auto") + required: false force: - description: Force a release even when there are release-blockers (empty string == false) + description: Force a release even when there are release-blockers required: false - jobs: release: - runs-on: ubuntu-latest - name: "Release a new version" - steps: - - name: Get auth token - id: token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 - with: - app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} - private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - - name: Checkout - uses: actions/checkout@v4 - with: - token: ${{ steps.token.outputs.token }} - fetch-depth: 0 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: "20" - - # pnpm/action-setup@v4 - - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda - name: Install pnpm - with: - run_install: false - - - name: Prepare release - uses: getsentry/action-prepare-release@v1 - env: - GITHUB_TOKEN: ${{ steps.token.outputs.token }} - with: - version: ${{ github.event.inputs.version }} - force: ${{ github.event.inputs.force }} + uses: getsentry/craft/.github/workflows/release.yml@v2 + with: + version: ${{ inputs.version }} + force: ${{ inputs.force }} + secrets: inherit From 3f57768a1f637bb9b75912e145a2c41128eda53b Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Fri, 9 Jan 2026 23:17:18 +0000 Subject: [PATCH 02/14] ci(release): Restore GitHub App token authentication The previous migration incorrectly removed the GitHub App token authentication step. This commit restores it by switching to the composite action pattern which preserves the auth flow. --- .github/workflows/release.yml | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 22a94a9dc..7c309d5b0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,8 +10,23 @@ on: required: false jobs: release: - uses: getsentry/craft/.github/workflows/release.yml@v2 - with: - version: ${{ inputs.version }} - force: ${{ inputs.force }} - secrets: inherit + runs-on: ubuntu-latest + name: Release a new version + steps: + - name: Get auth token + id: token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + - uses: actions/checkout@v4 + with: + token: ${{ steps.token.outputs.token }} + fetch-depth: 0 + - name: Prepare release + uses: getsentry/craft@v2 + env: + GITHUB_TOKEN: ${{ steps.token.outputs.token }} + with: + version: ${{ inputs.version }} + force: ${{ inputs.force }} From e64826922e1814d1b7a5778c512a04e8c9fd6d30 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 00:28:13 +0000 Subject: [PATCH 03/14] fix: Pin actions to SHA and add permissions blocks --- .github/workflows/changelog-preview.yml | 4 ++++ .github/workflows/deploy.yml | 2 +- .github/workflows/eval.yml | 2 +- .github/workflows/merge-jobs.yml | 2 +- .github/workflows/release.yml | 10 +++++++--- .github/workflows/smoke-tests.yml | 2 +- .github/workflows/test.yml | 2 +- .github/workflows/token-cost.yml | 2 +- 8 files changed, 17 insertions(+), 9 deletions(-) diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml index 1ed102130..5883c004c 100644 --- a/.github/workflows/changelog-preview.yml +++ b/.github/workflows/changelog-preview.yml @@ -7,6 +7,10 @@ on: - reopened - edited - labeled +permissions: + contents: write + pull-requests: write + jobs: changelog-preview: uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9fc0d6d03..2934afb7c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -20,7 +20,7 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index 05e77bf16..b7e2c772f 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -24,7 +24,7 @@ jobs: checks: write contents: read steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/merge-jobs.yml b/.github/workflows/merge-jobs.yml index 19afd1def..481e820d8 100644 --- a/.github/workflows/merge-jobs.yml +++ b/.github/workflows/merge-jobs.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - name: Setup pnpm uses: pnpm/action-setup@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7c309d5b0..44e1fcceb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,10 @@ on: force: description: Force a release even when there are release-blockers required: false +permissions: + contents: write + pull-requests: write + jobs: release: runs-on: ubuntu-latest @@ -15,16 +19,16 @@ jobs: steps: - name: Get auth token id: token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v2 with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Prepare release - uses: getsentry/craft@v2 + uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 35c794362..0bf25b3aa 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 39f0b41b2..22a2a2301 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - name: Setup Node.js uses: actions/setup-node@v4 diff --git a/.github/workflows/token-cost.yml b/.github/workflows/token-cost.yml index 46053b2cb..7fe57ceed 100644 --- a/.github/workflows/token-cost.yml +++ b/.github/workflows/token-cost.yml @@ -14,7 +14,7 @@ jobs: measure-tokens: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - name: Setup Node.js uses: actions/setup-node@v4 From a7a8d43c27f5b7254bda2675fece4fa5fdae9464 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 00:43:03 +0000 Subject: [PATCH 04/14] fix: Restore Node.js and pnpm setup steps for preReleaseCommand --- .github/workflows/release.yml | 47 ++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 44e1fcceb..d0defbfde 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,7 @@ on: force: description: Force a release even when there are release-blockers required: false + permissions: contents: write pull-requests: write @@ -17,20 +18,32 @@ jobs: runs-on: ubuntu-latest name: Release a new version steps: - - name: Get auth token - id: token - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v2 - with: - app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} - private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - with: - token: ${{ steps.token.outputs.token }} - fetch-depth: 0 - - name: Prepare release - uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 - env: - GITHUB_TOKEN: ${{ steps.token.outputs.token }} - with: - version: ${{ inputs.version }} - force: ${{ inputs.force }} + - name: Get auth token + id: token + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + with: + token: ${{ steps.token.outputs.token }} + fetch-depth: 0 + + - name: Setup Node.js + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + with: + node-version: "20" + + - name: Install pnpm + uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 + with: + run_install: false + + - name: Prepare release + uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 + env: + GITHUB_TOKEN: ${{ steps.token.outputs.token }} + with: + version: ${{ inputs.version }} + force: ${{ inputs.force }} From f10e36447cb6d833b4fb1156b1e1a42cda1b59ab Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 01:33:01 +0000 Subject: [PATCH 05/14] fix: Use correct action version SHAs (restore original versions) --- .github/workflows/deploy.yml | 4 ++-- .github/workflows/eval.yml | 4 ++-- .github/workflows/merge-jobs.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- .github/workflows/smoke-tests.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- .github/workflows/token-cost.yml | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2934afb7c..84a17b382 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -20,10 +20,10 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index b7e2c772f..5826e807d 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -24,10 +24,10 @@ jobs: checks: write contents: read steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/merge-jobs.yml b/.github/workflows/merge-jobs.yml index 481e820d8..c8d5aae93 100644 --- a/.github/workflows/merge-jobs.yml +++ b/.github/workflows/merge-jobs.yml @@ -11,13 +11,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - name: Setup pnpm uses: pnpm/action-setup@v4 - name: Set up Node - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version-file: 'package.json' cache: 'pnpm' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d0defbfde..17a046070 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,13 +25,13 @@ jobs: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 with: node-version: "20" diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 0bf25b3aa..1441a5a88 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 22a2a2301..4296cbe6a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,10 +9,10 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/token-cost.yml b/.github/workflows/token-cost.yml index 7fe57ceed..8ef1d52cf 100644 --- a/.github/workflows/token-cost.yml +++ b/.github/workflows/token-cost.yml @@ -14,10 +14,10 @@ jobs: measure-tokens: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" From 2e9970967956012c61e8d7490ee835b58aafd9b0 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 02:01:52 +0000 Subject: [PATCH 06/14] fix: Use correct action version SHAs (restore original versions) --- .github/workflows/deploy.yml | 4 ++-- .github/workflows/eval.yml | 4 ++-- .github/workflows/merge-jobs.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- .github/workflows/smoke-tests.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- .github/workflows/token-cost.yml | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 84a17b382..3e1ad14e8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -20,10 +20,10 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 with: node-version: "20" diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index 5826e807d..300c34e17 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -24,10 +24,10 @@ jobs: checks: write contents: read steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 with: node-version: "20" diff --git a/.github/workflows/merge-jobs.yml b/.github/workflows/merge-jobs.yml index c8d5aae93..ca54cafa1 100644 --- a/.github/workflows/merge-jobs.yml +++ b/.github/workflows/merge-jobs.yml @@ -11,13 +11,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Setup pnpm uses: pnpm/action-setup@v4 - name: Set up Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 with: node-version-file: 'package.json' cache: 'pnpm' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 17a046070..692f09b5f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,13 +25,13 @@ jobs: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 # v4 with: node-version: "20" diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 1441a5a88..6fd44e4f6 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 with: node-version: "20" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4296cbe6a..176d2000b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,10 +9,10 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 with: node-version: "20" diff --git a/.github/workflows/token-cost.yml b/.github/workflows/token-cost.yml index 8ef1d52cf..96385cab0 100644 --- a/.github/workflows/token-cost.yml +++ b/.github/workflows/token-cost.yml @@ -14,10 +14,10 @@ jobs: measure-tokens: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 with: node-version: "20" From 35417dc0ccf211fa7b304fcc6da770a3a62e18e4 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Mon, 12 Jan 2026 12:25:20 +0000 Subject: [PATCH 07/14] fix: Clean up action version comments --- .github/workflows/deploy.yml | 4 ++-- .github/workflows/eval.yml | 4 ++-- .github/workflows/merge-jobs.yml | 4 ++-- .github/workflows/release.yml | 4 ++-- .github/workflows/smoke-tests.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- .github/workflows/token-cost.yml | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3e1ad14e8..bc7cb7c03 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -20,10 +20,10 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index 300c34e17..9a532bc4f 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -24,10 +24,10 @@ jobs: checks: write contents: read steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/merge-jobs.yml b/.github/workflows/merge-jobs.yml index ca54cafa1..da7589fc8 100644 --- a/.github/workflows/merge-jobs.yml +++ b/.github/workflows/merge-jobs.yml @@ -11,13 +11,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup pnpm uses: pnpm/action-setup@v4 - name: Set up Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version-file: 'package.json' cache: 'pnpm' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 692f09b5f..d960a5c58 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,13 +25,13 @@ jobs: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 6fd44e4f6..8c6530bad 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 176d2000b..17891e4ca 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,10 +9,10 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" diff --git a/.github/workflows/token-cost.yml b/.github/workflows/token-cost.yml index 96385cab0..394cb142b 100644 --- a/.github/workflows/token-cost.yml +++ b/.github/workflows/token-cost.yml @@ -14,10 +14,10 @@ jobs: measure-tokens: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: "20" From d54ea6567c91380aebd7798386ebaeae72c890d0 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 22:46:23 +0000 Subject: [PATCH 08/14] Update Craft SHA to 1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d960a5c58..9376029d4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,7 +41,7 @@ jobs: run_install: false - name: Prepare release - uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 + uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: From 9342fc7f0c34c08e3ff17d39a58a97a1340d0ad1 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 22:59:26 +0000 Subject: [PATCH 09/14] Remove changelog-preview workflow per review feedback --- .github/workflows/changelog-preview.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/workflows/changelog-preview.yml diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml deleted file mode 100644 index 5883c004c..000000000 --- a/.github/workflows/changelog-preview.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Changelog Preview -on: - pull_request: - types: - - opened - - synchronize - - reopened - - edited - - labeled -permissions: - contents: write - pull-requests: write - -jobs: - changelog-preview: - uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 - secrets: inherit From 05bf7dc315f34d1fb1ca329d347497621ca905ff Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:05:47 +0000 Subject: [PATCH 10/14] Add explicit permissions block to merge-jobs.yml --- .github/workflows/merge-jobs.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/merge-jobs.yml b/.github/workflows/merge-jobs.yml index da7589fc8..6d7bde5db 100644 --- a/.github/workflows/merge-jobs.yml +++ b/.github/workflows/merge-jobs.yml @@ -5,6 +5,10 @@ on: branches: ["main", "release/*"] workflow_dispatch: +permissions: + contents: write + pull-requests: write + jobs: build-publish: runs-on: ubuntu-latest From 6b2f8d0ea5c89820ad0d20cb8792026427441cf8 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:16:29 +0000 Subject: [PATCH 11/14] Revert permissions changes to merge-jobs.yml --- .github/workflows/merge-jobs.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/merge-jobs.yml b/.github/workflows/merge-jobs.yml index 6d7bde5db..19afd1def 100644 --- a/.github/workflows/merge-jobs.yml +++ b/.github/workflows/merge-jobs.yml @@ -5,23 +5,19 @@ on: branches: ["main", "release/*"] workflow_dispatch: -permissions: - contents: write - pull-requests: write - jobs: build-publish: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@v4 - name: Setup pnpm uses: pnpm/action-setup@v4 - name: Set up Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@v4 with: node-version-file: 'package.json' cache: 'pnpm' From a0b2f86ceb239b3acd9b81a8efc881dc9179faa9 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 00:06:31 +0000 Subject: [PATCH 12/14] fix: revert extraneous changes to non-release workflow files --- .github/workflows/deploy.yml | 4 ++-- .github/workflows/eval.yml | 4 ++-- .github/workflows/smoke-tests.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- .github/workflows/token-cost.yml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index bc7cb7c03..9fc0d6d03 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -20,10 +20,10 @@ jobs: if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@v4 with: node-version: "20" diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml index 9a532bc4f..05e77bf16 100644 --- a/.github/workflows/eval.yml +++ b/.github/workflows/eval.yml @@ -24,10 +24,10 @@ jobs: checks: write contents: read steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@v4 with: node-version: "20" diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index 8c6530bad..35c794362 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@v4 with: node-version: "20" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 17891e4ca..39f0b41b2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,10 +9,10 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@v4 with: node-version: "20" diff --git a/.github/workflows/token-cost.yml b/.github/workflows/token-cost.yml index 394cb142b..46053b2cb 100644 --- a/.github/workflows/token-cost.yml +++ b/.github/workflows/token-cost.yml @@ -14,10 +14,10 @@ jobs: measure-tokens: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@v4 with: node-version: "20" From 30117e2b5dcd75aea685ad0dcfdfef3dca39f8e5 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 11:14:53 +0000 Subject: [PATCH 13/14] fix: clean up release.yml formatting and version comments --- .github/workflows/release.yml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9376029d4..e39395493 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,5 @@ name: Release + on: workflow_dispatch: inputs: @@ -6,7 +7,7 @@ on: description: Version to release (or "auto") required: false force: - description: Force a release even when there are release-blockers + description: Force a release even when there are release-blockers (empty string == false) required: false permissions: @@ -16,27 +17,29 @@ permissions: jobs: release: runs-on: ubuntu-latest - name: Release a new version + name: "Release a new version" steps: - name: Get auth token id: token - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: Checkout + uses: actions/checkout@v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Setup Node.js - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 + uses: actions/setup-node@v4 with: node-version: "20" - - name: Install pnpm - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4 + # pnpm/action-setup@v4 + - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda + name: Install pnpm with: run_install: false @@ -45,5 +48,5 @@ jobs: env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: - version: ${{ inputs.version }} - force: ${{ inputs.force }} + version: ${{ github.event.inputs.version }} + force: ${{ github.event.inputs.force }} From a59bd75f54d06317183084f99aacc654e88bf295 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 13:16:49 +0000 Subject: [PATCH 14/14] build(craft): Update Craft action to c6e2f04 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e39395493..a34563c43 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -44,7 +44,7 @@ jobs: run_install: false - name: Prepare release - uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2 + uses: getsentry/craft@c6e2f04939b6ee67030588afbb5af76b127d8203 # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: