Skip to content

Conversation

@BYK
Copy link
Member

@BYK BYK commented Jan 9, 2026

Summary

This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions.

Changes

  • Migrated .github/workflows/release_binary.yml to Craft reusable workflow
  • Updated .craft.yml with versioning.policy: calver

Documentation

See https://getsentry.github.io/craft/github-actions/ for more information.

@BYK BYK requested a review from a team as a code owner January 9, 2026 17:57
This PR migrates from the deprecated action-prepare-release to the new
Craft GitHub Actions (reusable workflow or composite action).

Changes:
- Migrate .github/workflows/release_library.yml to Craft reusable workflow
@BYK BYK force-pushed the ci/migrate-to-craft-action branch from 64b9e3e to 1736a75 Compare January 9, 2026 17:57
@github-actions
Copy link

github-actions bot commented Jan 9, 2026

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).


New Features ✨

  • (eap) Add support for native scalar arrays by Dav1dde in #5394

Build / dependencies / internal 🔧

  • (deps) Update rdkafka to 0.38 with librdkafka 2.10 by Dav1dde in #5523
  • (profile-chunks) Move profile chunks to new processing pipeline by Dav1dde in #5505
  • (release) Switch from action-prepare-release to Craft by BYK in #5527
  • (server) Return status code 413 if envelope is rejected due to size limits by Dav1dde in #5474
  • (spans) Add additional tags to usage/count per root by Dav1dde in #5511

🤖 This preview updates automatically when you update the PR.

BYK added 2 commits January 9, 2026 23:04
The previous migration incorrectly removed the GitHub App token
authentication step. This commit restores it by switching to the
composite action pattern which preserves the auth flow.
The previous migration incorrectly removed the GitHub App token
authentication step. This commit restores it by switching to the
composite action pattern which preserves the auth flow.

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2.0.1
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checkout action downgraded from v6 to v2

High Severity

The actions/checkout action is being downgraded from @v6.0.1 to SHA 34e114876b0b11c390a56381ad16ebd13914f8d5 with a comment indicating it's v2.0.1. This is a major version downgrade across all workflow files. Version 2.x is deprecated, uses end-of-life Node.js 12, and lacks critical security improvements from v6 including improved credential persistence. The version comment appears incorrect for a migration that should maintain functionality.

🔬 Verification Test

Why verification test was not possible: This is a GitHub Actions configuration issue that cannot be verified through local testing. The SHA 34e114876b0b11c390a56381ad16ebd13914f8d5 with comment # v2.0.1 can only be verified by checking the actions/checkout repository tags directly, but the comment in the code explicitly indicates v2.0.1 which represents a downgrade from the original v6.0.1.

Additional Locations (2)

Fix in Cursor Fix in Web

Comment on lines +1 to +17
name: Changelog Preview
on:
pull_request:
types:
- opened
- synchronize
- reopened
- edited
- labeled
permissions:
contents: write
pull-requests: write

jobs:
changelog-preview:
uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2
secrets: inherit
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want this, also it does not use the changelog.md we actually curate.

runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 # v6 # v2.0.1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

v6 v6 v2.0.1?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants