From 256ec4cf16f38b0cf66d503007806efab3ef0654 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Fri, 9 Jan 2026 17:57:00 +0000 Subject: [PATCH 01/15] ci(release): Switch from action-prepare-release to Craft This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions (reusable workflow or composite action). Changes: - Migrate .github/workflows/release.yml to Craft reusable workflow --- .github/workflows/changelog-preview.yml | 13 ++++++++++ .github/workflows/release.yml | 33 +++++++------------------ 2 files changed, 22 insertions(+), 24 deletions(-) create mode 100644 .github/workflows/changelog-preview.yml diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml new file mode 100644 index 0000000..1ed1021 --- /dev/null +++ b/.github/workflows/changelog-preview.yml @@ -0,0 +1,13 @@ +name: Changelog Preview +on: + pull_request: + types: + - opened + - synchronize + - reopened + - edited + - labeled +jobs: + changelog-preview: + uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c234aa0..14fb571 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,34 +3,19 @@ on: workflow_dispatch: inputs: version: - description: Version to release + description: Version to release (or "auto") required: false force: - description: Force a release even when there are release-blockers (optional) + description: Force a release even when there are release-blockers required: false merge_target: - description: Target branch to merge into. Uses the default branch as a fallback (optional) + description: Target branch to merge into required: false jobs: release: - runs-on: ubuntu-latest - name: "Release a new version" - steps: - - name: Get auth token - id: token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 - with: - app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} - private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 - with: - # Fetch all commits so we can determine previous version - fetch-depth: 0 - token: ${{ steps.token.outputs.token }} - - name: Prepare release - uses: getsentry/action-prepare-release@v1 - env: - GITHUB_TOKEN: ${{ steps.token.outputs.token }} - with: - version: ${{ github.event.inputs.version }} - force: ${{ github.event.inputs.force }} + uses: getsentry/craft/.github/workflows/release.yml@v2 + with: + version: ${{ inputs.version }} + force: ${{ inputs.force }} + merge_target: ${{ inputs.merge_target }} + secrets: inherit From a70aadc1a8ac6e58f47d425f0bd03b44a8961f14 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Fri, 9 Jan 2026 23:02:45 +0000 Subject: [PATCH 02/15] ci(release): Restore GitHub App token authentication The previous migration incorrectly removed the GitHub App token authentication step. This commit restores it by switching to the composite action pattern which preserves the auth flow. --- .github/workflows/release.yml | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 14fb571..675656d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,9 +13,24 @@ on: required: false jobs: release: - uses: getsentry/craft/.github/workflows/release.yml@v2 - with: - version: ${{ inputs.version }} - force: ${{ inputs.force }} - merge_target: ${{ inputs.merge_target }} - secrets: inherit + runs-on: ubuntu-latest + name: Release a new version + steps: + - name: Get auth token + id: token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + - uses: actions/checkout@v4 + with: + token: ${{ steps.token.outputs.token }} + fetch-depth: 0 + - name: Prepare release + uses: getsentry/craft@v2 + env: + GITHUB_TOKEN: ${{ steps.token.outputs.token }} + with: + version: ${{ inputs.version }} + force: ${{ inputs.force }} + merge_target: ${{ inputs.merge_target }} From 5817ecd8a290fc59113daa3684294b845d1e2153 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 00:28:05 +0000 Subject: [PATCH 03/15] fix: Pin actions to SHA and add permissions blocks --- .github/workflows/changelog-preview.yml | 4 ++++ .github/workflows/ci.yml | 8 ++++---- .github/workflows/release.yml | 10 +++++++--- .github/workflows/weekly.yml | 2 +- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml index 1ed1021..5883c00 100644 --- a/.github/workflows/changelog-preview.yml +++ b/.github/workflows/changelog-preview.yml @@ -7,6 +7,10 @@ on: - reopened - edited - labeled +permissions: + contents: write + pull-requests: write + jobs: changelog-preview: uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 53c536e..a8ae7f3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - run: rustup toolchain install stable --profile minimal --component rustfmt --component clippy --no-self-update - uses: Swatinem/rust-cache@v2 @@ -30,7 +30,7 @@ jobs: env: RUSTDOCFLAGS: -Dwarnings steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - run: rustup toolchain install stable --profile minimal --component rust-docs --no-self-update - uses: Swatinem/rust-cache@v2 @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - run: rustup toolchain install stable --profile minimal --no-self-update - uses: Swatinem/rust-cache@v2 @@ -62,7 +62,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - run: rustup toolchain install stable --profile minimal --component llvm-tools-preview --no-self-update - uses: Swatinem/rust-cache@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 675656d..e746cd9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,6 +11,10 @@ on: merge_target: description: Target branch to merge into required: false +permissions: + contents: write + pull-requests: write + jobs: release: runs-on: ubuntu-latest @@ -18,16 +22,16 @@ jobs: steps: - name: Get auth token id: token - uses: actions/create-github-app-token@v1 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v2 with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Prepare release - uses: getsentry/craft@v2 + uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index f952964..c18070d 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 - run: | rustup toolchain install ${{ matrix.rust }} --profile minimal --component clippy --no-self-update From 31f4c93fba285efb148936a783478d734082f4e7 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 01:32:43 +0000 Subject: [PATCH 04/15] fix: Use correct action version SHAs (restore original versions) --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/release.yml | 2 +- .github/workflows/weekly.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a8ae7f3..7960d92 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - run: rustup toolchain install stable --profile minimal --component rustfmt --component clippy --no-self-update - uses: Swatinem/rust-cache@v2 @@ -30,7 +30,7 @@ jobs: env: RUSTDOCFLAGS: -Dwarnings steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - run: rustup toolchain install stable --profile minimal --component rust-docs --no-self-update - uses: Swatinem/rust-cache@v2 @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - run: rustup toolchain install stable --profile minimal --no-self-update - uses: Swatinem/rust-cache@v2 @@ -62,7 +62,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - run: rustup toolchain install stable --profile minimal --component llvm-tools-preview --no-self-update - uses: Swatinem/rust-cache@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e746cd9..5e25d68 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index c18070d..aae4db0 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 - run: | rustup toolchain install ${{ matrix.rust }} --profile minimal --component clippy --no-self-update From ae39765a6c5ff26f167a4f0aa826343c3eee5b39 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Sat, 10 Jan 2026 02:01:34 +0000 Subject: [PATCH 05/15] fix: Use correct action version SHAs (restore original versions) --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/release.yml | 2 +- .github/workflows/weekly.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7960d92..0394002 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - run: rustup toolchain install stable --profile minimal --component rustfmt --component clippy --no-self-update - uses: Swatinem/rust-cache@v2 @@ -30,7 +30,7 @@ jobs: env: RUSTDOCFLAGS: -Dwarnings steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - run: rustup toolchain install stable --profile minimal --component rust-docs --no-self-update - uses: Swatinem/rust-cache@v2 @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - run: rustup toolchain install stable --profile minimal --no-self-update - uses: Swatinem/rust-cache@v2 @@ -62,7 +62,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - run: rustup toolchain install stable --profile minimal --component llvm-tools-preview --no-self-update - uses: Swatinem/rust-cache@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5e25d68..7a77df2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index aae4db0..27c0be6 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v2 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - run: | rustup toolchain install ${{ matrix.rust }} --profile minimal --component clippy --no-self-update From d05467d518864c4e46501e7c6a9c547c5d6748ed Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Mon, 12 Jan 2026 12:26:56 +0000 Subject: [PATCH 06/15] fix: Clean up action version comments --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/release.yml | 4 ++-- .github/workflows/weekly.yml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0394002..83cab17 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: rustup toolchain install stable --profile minimal --component rustfmt --component clippy --no-self-update - uses: Swatinem/rust-cache@v2 @@ -30,7 +30,7 @@ jobs: env: RUSTDOCFLAGS: -Dwarnings steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: rustup toolchain install stable --profile minimal --component rust-docs --no-self-update - uses: Swatinem/rust-cache@v2 @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: rustup toolchain install stable --profile minimal --no-self-update - uses: Swatinem/rust-cache@v2 @@ -62,7 +62,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: rustup toolchain install stable --profile minimal --component llvm-tools-preview --no-self-update - uses: Swatinem/rust-cache@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7a77df2..f0a6835 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,11 +22,11 @@ jobs: steps: - name: Get auth token id: token - uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v2 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index 27c0be6..a03ad6d 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - run: | rustup toolchain install ${{ matrix.rust }} --profile minimal --component clippy --no-self-update From cd11c8be6211e7eb13bc94d07625e3ae27ddc7bf Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 22:43:31 +0000 Subject: [PATCH 07/15] Update Craft SHA to 1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f0a6835..a8eaaae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,7 +31,7 @@ jobs: token: ${{ steps.token.outputs.token }} fetch-depth: 0 - name: Prepare release - uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 + uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: From 1f6ef22915c16d5e6b651c7e8933640cfee06d6f Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:01:12 +0000 Subject: [PATCH 08/15] Add explicit permissions block to ci.yml --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 83cab17..05b331e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,6 +10,10 @@ on: env: RUSTFLAGS: -Dwarnings +permissions: + contents: write + pull-requests: write + jobs: lints: name: Style/Linting From bbca2f797a4b187fd5bcf4ad29fe5046a9197267 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:01:13 +0000 Subject: [PATCH 09/15] Add explicit permissions block to enforce-license-compliance.yml --- .github/workflows/enforce-license-compliance.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/enforce-license-compliance.yml b/.github/workflows/enforce-license-compliance.yml index 0f03db2..d87be97 100644 --- a/.github/workflows/enforce-license-compliance.yml +++ b/.github/workflows/enforce-license-compliance.yml @@ -6,6 +6,10 @@ on: pull_request: branches: [master] +permissions: + contents: write + pull-requests: write + jobs: enforce-license-compliance: runs-on: ubuntu-latest From 70b7c990202a7efb0fe7e595b9263891e62128a7 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:12:53 +0000 Subject: [PATCH 10/15] Revert permissions changes to ci.yml --- .github/workflows/ci.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 05b331e..53c536e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,17 +10,13 @@ on: env: RUSTFLAGS: -Dwarnings -permissions: - contents: write - pull-requests: write - jobs: lints: name: Style/Linting runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - run: rustup toolchain install stable --profile minimal --component rustfmt --component clippy --no-self-update - uses: Swatinem/rust-cache@v2 @@ -34,7 +30,7 @@ jobs: env: RUSTDOCFLAGS: -Dwarnings steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - run: rustup toolchain install stable --profile minimal --component rust-docs --no-self-update - uses: Swatinem/rust-cache@v2 @@ -51,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - run: rustup toolchain install stable --profile minimal --no-self-update - uses: Swatinem/rust-cache@v2 @@ -66,7 +62,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - run: rustup toolchain install stable --profile minimal --component llvm-tools-preview --no-self-update - uses: Swatinem/rust-cache@v2 From 0c67a24197943180325f20f1e29619408e213234 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:12:55 +0000 Subject: [PATCH 11/15] Revert permissions changes to enforce-license-compliance.yml --- .github/workflows/enforce-license-compliance.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/enforce-license-compliance.yml b/.github/workflows/enforce-license-compliance.yml index d87be97..0f03db2 100644 --- a/.github/workflows/enforce-license-compliance.yml +++ b/.github/workflows/enforce-license-compliance.yml @@ -6,10 +6,6 @@ on: pull_request: branches: [master] -permissions: - contents: write - pull-requests: write - jobs: enforce-license-compliance: runs-on: ubuntu-latest From a03d442c8d858f00c873210d20936d73004b6335 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Tue, 13 Jan 2026 23:56:17 +0000 Subject: [PATCH 12/15] fix: revert extraneous changes to non-release workflow files --- .github/workflows/weekly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/weekly.yml b/.github/workflows/weekly.yml index a03ad6d..f952964 100644 --- a/.github/workflows/weekly.yml +++ b/.github/workflows/weekly.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - uses: actions/checkout@v4 - run: | rustup toolchain install ${{ matrix.rust }} --profile minimal --component clippy --no-self-update From 97317fde0e9fc5d1c55ad811c190ddca80f1c2b6 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 11:13:08 +0000 Subject: [PATCH 13/15] fix: clean up release.yml formatting and version comments --- .github/workflows/release.yml | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a8eaaae..cb4bbfd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,10 +6,10 @@ on: description: Version to release (or "auto") required: false force: - description: Force a release even when there are release-blockers + description: Force a release even when there are release-blockers (optional) required: false merge_target: - description: Target branch to merge into + description: Target branch to merge into. Uses the default branch as a fallback (optional) required: false permissions: contents: write @@ -18,23 +18,23 @@ permissions: jobs: release: runs-on: ubuntu-latest - name: Release a new version + name: "Release a new version" steps: - - name: Get auth token - id: token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2 - with: - app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} - private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - with: - token: ${{ steps.token.outputs.token }} - fetch-depth: 0 - - name: Prepare release - uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2 - env: - GITHUB_TOKEN: ${{ steps.token.outputs.token }} - with: - version: ${{ inputs.version }} - force: ${{ inputs.force }} - merge_target: ${{ inputs.merge_target }} + - name: Get auth token + id: token + uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + with: + app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} + private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} + - uses: actions/checkout@v4 + with: + # Fetch all commits so we can determine previous version + fetch-depth: 0 + token: ${{ steps.token.outputs.token }} + - name: Prepare release + uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2 + env: + GITHUB_TOKEN: ${{ steps.token.outputs.token }} + with: + version: ${{ github.event.inputs.version }} + force: ${{ github.event.inputs.force }} From 7ba0804ba05a9c5a12b7ade75dcfb31f72150850 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 12:19:25 +0000 Subject: [PATCH 14/15] build(craft): Update Craft action to c6e2f04 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cb4bbfd..81814c5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: fetch-depth: 0 token: ${{ steps.token.outputs.token }} - name: Prepare release - uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2 + uses: getsentry/craft@c6e2f04939b6ee67030588afbb5af76b127d8203 # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: From 5e95ffbe57eb3b1f09c794000c216b37d022a3ef Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Wed, 14 Jan 2026 22:20:52 +0000 Subject: [PATCH 15/15] chore: add unlabeled trigger to changelog-preview --- .github/workflows/changelog-preview.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml index 5883c00..30c6083 100644 --- a/.github/workflows/changelog-preview.yml +++ b/.github/workflows/changelog-preview.yml @@ -7,6 +7,7 @@ on: - reopened - edited - labeled + - unlabeled permissions: contents: write pull-requests: write