Skip to content

ci(release): Switch from action-prepare-release to Craft #5527

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BYK wants to merge 7 commits into
base: master
Choose a base branch
from
Open

ci(release): Switch from action-prepare-release to Craft #5527

BYK wants to merge 7 commits into from

Conversation

@BYK
Copy link
Member

@BYK BYK commented Jan 9, 2026

Summary

This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions.

Changes

  • Migrated .github/workflows/release_binary.yml to Craft reusable workflow
  • Updated .craft.yml with versioning.policy: calver

Documentation

See https://getsentry.github.io/craft/github-actions/ for more information.

@BYK BYK requested a review from a team as a code owner January 9, 2026 17:57
@BYK
ci(release): Switch from action-prepare-release to Craft
1736a75 
This PR migrates from the deprecated action-prepare-release to the new
Craft GitHub Actions (reusable workflow or composite action).

Changes:
- Migrate .github/workflows/release_library.yml to Craft reusable workflow
@BYK BYK force-pushed the ci/migrate-to-craft-action branch from 64b9e3e to 1736a75 Compare January 9, 2026 17:57
@github-actions
Copy link

github-actions bot commented Jan 9, 2026
edited
Loading

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

  • (eap) Add support for native scalar arrays by Dav1dde in #5394

Build / dependencies / internal 🔧

  • (deps) Update rdkafka to 0.38 with librdkafka 2.10 by Dav1dde in #5523
  • (profile-chunks) Move profile chunks to new processing pipeline by Dav1dde in #5505
  • (release) Switch from action-prepare-release to Craft by BYK in #5527
  • (server) Return status code 413 if envelope is rejected due to size limits by Dav1dde in #5474
  • (spans) Add additional tags to usage/count per root by Dav1dde in #5511

🤖 This preview updates automatically when you update the PR.

BYK added 2 commits January 9, 2026 23:04
@BYK
ci(release): Restore GitHub App token authentication
2af3714 
The previous migration incorrectly removed the GitHub App token
authentication step. This commit restores it by switching to the
composite action pattern which preserves the auth flow.
@BYK
ci(release): Restore GitHub App token authentication
c6c86bb 
The previous migration incorrectly removed the GitHub App token
authentication step. This commit restores it by switching to the
composite action pattern which preserves the auth flow.
cursor[bot]
cursor bot reviewed Jan 9, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 10, 2026
View reviewed changes
.github/workflows/beta.yml Outdated

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2.0.1
Copy link

@cursor cursor bot Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checkout action downgraded from v6 to v2

High Severity

The actions/checkout action is being downgraded from @v6.0.1 to SHA 34e114876b0b11c390a56381ad16ebd13914f8d5 with a comment indicating it's v2.0.1. This is a major version downgrade across all workflow files. Version 2.x is deprecated, uses end-of-life Node.js 12, and lacks critical security improvements from v6 including improved credential persistence. The version comment appears incorrect for a migration that should maintain functionality.

🔬 Verification Test

Why verification test was not possible: This is a GitHub Actions configuration issue that cannot be verified through local testing. The SHA 34e114876b0b11c390a56381ad16ebd13914f8d5 with comment # v2.0.1 can only be verified by checking the actions/checkout repository tags directly, but the comment in the code explicitly indicates v2.0.1 which represents a downgrade from the original v6.0.1.

Additional Locations (2)

Fix in Cursor Fix in Web

cursor[bot]
cursor bot reviewed Jan 10, 2026
View reviewed changes
Dav1dde
Dav1dde reviewed Jan 12, 2026
View reviewed changes
.github/workflows/changelog-preview.yml
Comment on lines +1 to +17
name: Changelog Preview
on:
pull_request:
types:
- opened
- synchronize
- reopened
- edited
- labeled
permissions:
contents: write
pull-requests: write

jobs:
changelog-preview:
uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2
secrets: inherit
Copy link
Member

@Dav1dde Dav1dde Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want this, also it does not use the changelog.md we actually curate.

.github/workflows/changelog.yml
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 # v6 # v2.0.1
Copy link
Member

@Dav1dde Dav1dde Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

v6 v6 v2.0.1?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dav1dde Dav1dde Dav1dde left review comments

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@BYK @Dav1dde