Skip to content

ci(release): Switch from action-prepare-release to Craft #106005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
BYK wants to merge 20 commits into
base: master
Choose a base branch
from
+28 −4
Open

ci(release): Switch from action-prepare-release to Craft #106005

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
cb1f57a
ci(release): Switch from action-prepare-release to Craft
BYK Jan 9, 2026
b163338
:hammer_and_wrench: apply pre-commit fixes
getsantry[bot] Jan 9, 2026
4f79d78
ci(release): Restore GitHub App token authentication
BYK Jan 9, 2026
05b5d16
:hammer_and_wrench: apply pre-commit fixes
getsantry[bot] Jan 9, 2026
6bf9975
fix: Pin actions to SHA and add permissions blocks
BYK Jan 10, 2026
ea875c0
fix: Add packages:write permission for GHCR workflow
BYK Jan 10, 2026
5965c5c
fix: Clean up action version comments
BYK Jan 12, 2026
852394c
Update Craft SHA to 1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce
BYK Jan 13, 2026
93599c6
Add explicit permissions block to acceptance.yml
BYK Jan 13, 2026
c711a58
Add explicit permissions block to codeql.yml
BYK Jan 13, 2026
50c8d71
Add explicit permissions block to react-to-product-owners-yml-changes…
BYK Jan 13, 2026
3eb330e
Add explicit permissions block to self-hosted.yml
BYK Jan 13, 2026
8cf1450
Revert permissions changes to acceptance.yml
BYK Jan 13, 2026
3e1d88d
Revert permissions changes to codeql.yml
BYK Jan 13, 2026
4d50c19
Revert permissions changes to react-to-product-owners-yml-changes.yml
BYK Jan 13, 2026
3a5f0da
Revert permissions changes to self-hosted.yml
BYK Jan 13, 2026
692b7d4
fix: revert extraneous changes to non-release workflow files
BYK Jan 14, 2026
e67d98e
fix: clean up release.yml formatting and version comments
BYK Jan 14, 2026
ecd451c
build(craft): Update Craft action to c6e2f04
BYK Jan 14, 2026
aaf6cfe
chore: add unlabeled trigger to changelog-preview
BYK Jan 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .craft.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,5 @@ artifactProvider:
name: none
targets:
- name: github
versioning:
policy: calver
4 changes: 2 additions & 2 deletions .github/workflows/backend.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@ jobs:
with:
mode: backend-ci

- name: Sync API Urls to TypeScirpt
- name: Sync API Urls to TypeScript
run: |
python3 -m tools.api_urls_to_typescript

Expand All @@ -278,7 +278,7 @@ jobs:
uses: getsentry/action-github-commit@31f6706ca1a7b9ad6d22c1b07bf3a92eabb05632 # v2.0.0
with:
github-token: ${{ steps.token.outputs.token }}
message: ':hammer_and_wrench: Sync API Urls to TypeScirpt'
message: ':hammer_and_wrench: Sync API Urls to TypeScript'

migration:
if: needs.files-changed.outputs.migration_lockfile == 'true'
Expand Down
18 changes: 18 additions & 0 deletions .github/workflows/changelog-preview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: Changelog Preview
on:
pull_request:
types:
- opened
- synchronize
- reopened
- edited
- labeled
- unlabeled
Copy link
Contributor

@cursor cursor bot Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

YAML indentation error breaks workflow trigger configuration

High Severity

The - unlabeled entry on line 10 has incorrect indentation. It's at 4 spaces (same level as types:), but needs to be at 6 spaces to be part of the types: list. This creates invalid YAML since you cannot mix a mapping key with a sequence item at the same level. The workflow will either fail to parse or won't trigger on unlabeled events, breaking the changelog preview functionality for that event type.

Fix in Cursor Fix in Web

permissions:
contents: write
pull-requests: write

jobs:
changelog-preview:
uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2
Copy link
Contributor

@cursor cursor bot Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Craft reusable workflow uses mutable tag instead of SHA (Bugbot Rules)

Medium Severity

The PR discussion explicitly states the team convention to "pin all actions to sha's in sentry." However, the changelog-preview.yml workflow references getsentry/craft/.github/workflows/changelog-preview.yml@v2 using a mutable tag, while release.yml in the same PR correctly SHA-pins the Craft action with @39ee616a6a58dc64797feecb145d66770492b66c. This inconsistency violates the stated team convention and could cause reproducibility issues if the v2 tag changes.

Fix in Cursor Fix in Web

secrets: inherit
8 changes: 6 additions & 2 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ on:
workflow_dispatch:
inputs:
version:
description: Version to release (optional)
description: Version to release (or "auto")
required: false
force:
description: Force a release even when there are release-blockers (optional)
Expand All @@ -12,6 +12,10 @@ on:
# We want the release to be at 9-10am Pacific Time
# We also want it to be 1 hour before the self-hosted release
- cron: '0 17 15 * *'
permissions:
contents: write
pull-requests: write

jobs:
release:
runs-on: ubuntu-latest
Expand All @@ -28,7 +32,7 @@ jobs:
token: ${{ steps.token.outputs.token }}
fetch-depth: 0
- name: Prepare release
uses: getsentry/action-prepare-release@d2cc2db3db92bc5b79a90c316f588f2b13626a2b # v1.5.6
uses: getsentry/craft@c6e2f04939b6ee67030588afbb5af76b127d8203 # v2
env:
GITHUB_TOKEN: ${{ steps.token.outputs.token }}
with:
Expand Down
Loading