From 6cf07888aa8d1f8a065cbc5058b6577d78d83333 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Fri, 9 Jan 2026 18:03:30 +0000 Subject: [PATCH 01/14] ci(release): Switch from action-prepare-release to Craft This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions (reusable workflow or composite action). Changes: - Migrate .github/workflows/release.yml to Craft reusable workflow --- .github/workflows/changelog-preview.yml | 13 +++++++++ .github/workflows/release.yml | 37 ++++++------------------- 2 files changed, 21 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/changelog-preview.yml diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml new file mode 100644 index 00000000..1ed10213 --- /dev/null +++ b/.github/workflows/changelog-preview.yml @@ -0,0 +1,13 @@ +name: Changelog Preview +on: + pull_request: + types: + - opened + - synchronize + - reopened + - edited + - labeled +jobs: + changelog-preview: + uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1f711e04..22a94a9d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,38 +1,17 @@ name: Release - on: workflow_dispatch: inputs: version: - description: Version to release - required: true + description: Version to release (or "auto") + required: false force: - description: Force a release even when there are release-blockers (optional) + description: Force a release even when there are release-blockers required: false - jobs: release: - runs-on: ubuntu-latest - name: "Release a new version" - steps: - - name: Get auth token - id: token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 - with: - app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} - private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - - uses: actions/checkout@v4 - with: - token: ${{ steps.token.outputs.token }} - fetch-depth: 0 - - - run: cargo install cargo-readme - - - name: Prepare release - uses: getsentry/action-prepare-release@v1 - env: - GITHUB_TOKEN: ${{ steps.token.outputs.token }} - with: - version: ${{ github.event.inputs.version }} - force: ${{ github.event.inputs.force }} + uses: getsentry/craft/.github/workflows/release.yml@v2 + with: + version: ${{ inputs.version }} + force: ${{ inputs.force }} + secrets: inherit From fb80527052dcb23d121a8aa50a38f216c2f2776d Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Fri, 9 Jan 2026 23:18:23 +0000 Subject: [PATCH 02/14] ci(release): Restore GitHub App token authentication The previous migration incorrectly removed the GitHub App token authentication step. This commit restores it by switching to the composite action pattern which preserves the auth flow. --- .github/workflows/release.yml | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 22a94a9d..7c309d5b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,8 +10,23 @@ on: required: false jobs: release: - uses: getsentry/craft/.github/workflows/release.yml@v2 - with: - version: ${{ inputs.version }} - force: ${{ inputs.force }} - secrets: inherit + runs-on: ubuntu-latest + name: Release a new version + steps: + - name: Get auth token + id: token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + - uses: actions/checkout@v4 + with: + token: ${{ steps.token.outputs.token }} + fetch-depth: 0 + - name: Prepare release + uses: getsentry/craft@v2 + env: + GITHUB_TOKEN: ${{ steps.token.outputs.token }} + with: + version: ${{ inputs.version }} + force: ${{ inputs.force }} From 0c72b96377bffc10d34e2fca63cd28d9ab279b1d Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 00:19:02 +0000 Subject: [PATCH 03/14] fix: Pin actions to SHA and add permissions blocks --- .github/workflows/changelog-preview.yml | 4 ++++ .github/workflows/ci.yml | 12 ++++++------ .github/workflows/release.yml | 10 +++++++--- .github/workflows/weekly.yml | 4 ++-- 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml index 1ed10213..5883c004 100644 --- a/.github/workflows/changelog-preview.yml +++ b/.github/workflows/changelog-preview.yml @@ -7,6 +7,10 @@ on: - reopened - edited - labeled +permissions: + contents: write + pull-requests: write + jobs: changelog-preview: uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4d7c9131..787b3da3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - run: rustup component add rustfmt clippy @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - uses: Swatinem/rust-cache@v2 @@ -55,7 +55,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - uses: Swatinem/rust-cache@v2 @@ -83,7 +83,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - name: Install rust ${{ matrix.rust }} toolchain run: | @@ -101,7 +101,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - run: rustup component add llvm-tools-preview @@ -124,7 +124,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - run: rustup component add rust-docs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7c309d5b..44e1fcce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,10 @@ on: force: description: Force a release even when there are release-blockers required: false +permissions: + contents: write + pull-requests: write + jobs: release: runs-on: ubuntu-latest @@ -15,16 +19,16 @@ jobs: steps: - name: Get auth token id: token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v2 with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Prepare release - uses: getsentry/craft@v2 + uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 4e37ca83..64eb7385 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -19,7 +19,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - name: Install rust stable toolchain run: | @@ -36,7 +36,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0 with: From 82abf13f764aaf739df48745336e504b0dd0033e Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 01:00:51 +0000 Subject: [PATCH 04/14] fix: Restore cargo-readme installation for preReleaseCommand --- .github/workflows/release.yml | 39 ++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 44e1fcce..0806f85f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,7 @@ on: force: description: Force a release even when there are release-blockers required: false + permissions: contents: write pull-requests: write @@ -17,20 +18,24 @@ jobs: runs-on: ubuntu-latest name: Release a new version steps: - - name: Get auth token - id: token - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v2 - with: - app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} - private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - with: - token: ${{ steps.token.outputs.token }} - fetch-depth: 0 - - name: Prepare release - uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 - env: - GITHUB_TOKEN: ${{ steps.token.outputs.token }} - with: - version: ${{ inputs.version }} - force: ${{ inputs.force }} + - name: Get auth token + id: token + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + with: + token: ${{ steps.token.outputs.token }} + fetch-depth: 0 + + - run: cargo install cargo-readme + + - name: Prepare release + uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 + env: + GITHUB_TOKEN: ${{ steps.token.outputs.token }} + with: + version: ${{ inputs.version }} + force: ${{ inputs.force }} From 2ebcf4d6ddddc2cda43234f06b66248801946c5a Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 01:18:49 +0000 Subject: [PATCH 05/14] fix: Use correct action version SHAs (restore original versions) --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/release.yml | 2 +- .github/workflows/weekly.yml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 787b3da3..b6114e43 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - run: rustup component add rustfmt clippy @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - uses: Swatinem/rust-cache@v2 @@ -55,7 +55,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - uses: Swatinem/rust-cache@v2 @@ -83,7 +83,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - name: Install rust ${{ matrix.rust }} toolchain run: | @@ -101,7 +101,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - run: rustup component add llvm-tools-preview @@ -124,7 +124,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - run: rustup component add rust-docs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0806f85f..e53c1477 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 64eb7385..f22f7dc1 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -19,7 +19,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - name: Install rust stable toolchain run: | @@ -36,7 +36,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0 with: From 0928505535ca08fe86798025acc6772a5483f098 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 01:48:32 +0000 Subject: [PATCH 06/14] fix: Use correct action version SHAs (restore original versions) --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/release.yml | 2 +- .github/workflows/weekly.yml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b6114e43..a9bb0300 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - run: rustup component add rustfmt clippy @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - uses: Swatinem/rust-cache@v2 @@ -55,7 +55,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - uses: Swatinem/rust-cache@v2 @@ -83,7 +83,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Install rust ${{ matrix.rust }} toolchain run: | @@ -101,7 +101,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - run: rustup component add llvm-tools-preview @@ -124,7 +124,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - run: rustup component add rust-docs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e53c1477..8a50b531 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index f22f7dc1..72209cd5 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -19,7 +19,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Install rust stable toolchain run: | @@ -36,7 +36,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0 with: From e91d5d738c7ea2a164df93449f96c9c7a911639b Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Mon, 12 Jan 2026 12:15:23 +0000 Subject: [PATCH 07/14] fix: Clean up action version comments --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/release.yml | 2 +- .github/workflows/weekly.yml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a9bb0300..48f1327c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: rustup component add rustfmt clippy @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: Swatinem/rust-cache@v2 @@ -55,7 +55,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: Swatinem/rust-cache@v2 @@ -83,7 +83,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Install rust ${{ matrix.rust }} toolchain run: | @@ -101,7 +101,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: rustup component add llvm-tools-preview @@ -124,7 +124,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: rustup component add rust-docs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8a50b531..f24a16a4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 72209cd5..3dd8e634 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -19,7 +19,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Install rust stable toolchain run: | @@ -36,7 +36,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0 with: From ef1739e74c884f8f5d680a442e946660a6ad3ffe Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 22:46:31 +0000 Subject: [PATCH 08/14] Update Craft SHA to 1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f24a16a4..8335ab1f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: - run: cargo install cargo-readme - name: Prepare release - uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 + uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: From f68c7d3adf51bb68b4be2eed553220284dba858f Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 22:59:45 +0000 Subject: [PATCH 09/14] Remove changelog-preview workflow per review feedback --- .github/workflows/changelog-preview.yml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/workflows/changelog-preview.yml diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml deleted file mode 100644 index 5883c004..00000000 --- a/.github/workflows/changelog-preview.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Changelog Preview -on: - pull_request: - types: - - opened - - synchronize - - reopened - - edited - - labeled -permissions: - contents: write - pull-requests: write - -jobs: - changelog-preview: - uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 - secrets: inherit From 6b13d0f9cb6676786d1b2776cffd15d3c1086b39 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:06:32 +0000 Subject: [PATCH 10/14] Add explicit permissions block to ci.yml --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 48f1327c..98d94d8f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,6 +7,10 @@ on: - "release/**" pull_request: +permissions: + contents: write + pull-requests: write + jobs: lints: name: Lints From 479448eb5b9df25d4a42f222608d83f31c2ebd42 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:16:57 +0000 Subject: [PATCH 11/14] Revert permissions changes to ci.yml --- .github/workflows/ci.yml | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 98d94d8f..4d7c9131 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,17 +7,13 @@ on: - "release/**" pull_request: -permissions: - contents: write - pull-requests: write - jobs: lints: name: Lints runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@v4 - run: rustup component add rustfmt clippy @@ -40,7 +36,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@v4 - uses: Swatinem/rust-cache@v2 @@ -59,7 +55,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@v4 - uses: Swatinem/rust-cache@v2 @@ -87,7 +83,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@v4 - name: Install rust ${{ matrix.rust }} toolchain run: | @@ -105,7 +101,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - run: rustup component add llvm-tools-preview @@ -128,7 +124,7 @@ jobs: steps: - name: Checkout sources - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + uses: actions/checkout@v4 - run: rustup component add rust-docs From 85ffc892ecf4401b4eef60bdc82c23e0737d1cc1 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 00:07:26 +0000 Subject: [PATCH 12/14] fix: revert extraneous changes to non-release workflow files --- .github/workflows/weekly.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 3dd8e634..4e37ca83 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -19,7 +19,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - name: Install rust stable toolchain run: | @@ -36,7 +36,7 @@ jobs: if: github.repository_owner == 'getsentry' steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # v2.0.0 with: From a67b3ac5efe33574dee1f4d34efbf30102752641 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 11:15:20 +0000 Subject: [PATCH 13/14] fix: clean up release.yml formatting and version comments --- .github/workflows/release.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8335ab1f..c20e1556 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,5 @@ name: Release + on: workflow_dispatch: inputs: @@ -6,7 +7,7 @@ on: description: Version to release (or "auto") required: false force: - description: Force a release even when there are release-blockers + description: Force a release even when there are release-blockers (optional) required: false permissions: @@ -16,16 +17,16 @@ permissions: jobs: release: runs-on: ubuntu-latest - name: Release a new version + name: "Release a new version" steps: - name: Get auth token id: token - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 @@ -37,5 +38,5 @@ jobs: env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: - version: ${{ inputs.version }} - force: ${{ inputs.force }} + version: ${{ github.event.inputs.version }} + force: ${{ github.event.inputs.force }} From 0038d13ede854fac3473b2cebc299575aeca89ca Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 13:17:09 +0000 Subject: [PATCH 14/14] build(craft): Update Craft action to c6e2f04 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c20e1556..5469c17e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -34,7 +34,7 @@ jobs: - run: cargo install cargo-readme - name: Prepare release - uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2 + uses: getsentry/craft@c6e2f04939b6ee67030588afbb5af76b127d8203 # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: