Skip to content

ci(release): Switch from action-prepare-release to Craft #463

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BYK wants to merge 17 commits into
base: main
Choose a base branch
from
Open

ci(release): Switch from action-prepare-release to Craft #463

BYK wants to merge 17 commits into from
+35 −15

Conversation

@BYK
Copy link
Member

@BYK BYK commented Jan 9, 2026

Summary

This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions.

Changes

  • Migrated .github/workflows/release.yml to Craft reusable workflow
  • Updated .craft.yml with versioning.policy: calver

Documentation

See https://getsentry.github.io/craft/github-actions/ for more information.

@BYK
ci(release): Switch from action-prepare-release to Craft
27c1164 
This PR migrates from the deprecated action-prepare-release to the new
Craft GitHub Actions (reusable workflow or composite action).

Changes:
- Migrate .github/workflows/release.yml to Craft reusable workflow
- Update .craft.yml with versioning.policy: calver
@BYK BYK requested a review from a team as a code owner January 9, 2026 18:05
@github-actions
Copy link

github-actions bot commented Jan 9, 2026
edited
Loading

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

Uptime

  • Assertion failure data now contains the assertion by klochek in #459
  • Add a config to disable assert evaluation by klochek in #457

Build / dependencies / internal 🔧

  • (release) Switch from action-prepare-release to Craft by BYK in #463

🤖 This preview updates automatically when you update the PR.

BYK added 3 commits January 9, 2026 23:19
@BYK
ci(release): Restore GitHub App token authentication
ae3a830 
The previous migration incorrectly removed the GitHub App token
authentication step. This commit restores it by switching to the
composite action pattern which preserves the auth flow.
@BYK
fix: Pin actions to SHA and add permissions blocks
374d1e9
@BYK
fix: Use correct action version SHAs (restore original versions)
b3439ee
sentry[bot]
sentry bot reviewed Jan 10, 2026
View reviewed changes
.github/workflows/release.yml Outdated
Comment on lines 37 to 38
version: ${{ inputs.version }}
force: ${{ inputs.force }}
Copy link

@sentry sentry bot Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: During scheduled runs, ${{ inputs.version }} will be empty, which may cause the craft action to fail as it might not accept an empty version string.
Severity: CRITICAL

🔍 Detailed Analysis

The release.yml workflow is triggered on a schedule and by workflow_dispatch. For scheduled runs, the inputs context is empty. Consequently, the version and force parameters passed to the craft action will be empty strings. While the PR adds a versioning: policy: calver configuration, which might be intended to handle this, there is a risk that the craft action does not interpret an empty string as a request for auto-versioning and will instead fail, as it's documented to reject empty version inputs. This would cause all scheduled releases to fail.

💡 Suggested Fix

Provide a default value for the version and force inputs to handle scheduled runs where the inputs context is empty. For example: version: ${{ inputs.version || 'auto' }} and force: ${{ inputs.force || false }}.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/workflows/release.yml#L37-L38

Potential issue: The `release.yml` workflow is triggered on a schedule and by
`workflow_dispatch`. For scheduled runs, the `inputs` context is empty. Consequently,
the `version` and `force` parameters passed to the `craft` action will be empty strings.
While the PR adds a `versioning: policy: calver` configuration, which might be intended
to handle this, there is a risk that the `craft` action does not interpret an empty
string as a request for auto-versioning and will instead fail, as it's documented to
reject empty `version` inputs. This would cause all scheduled releases to fail.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8427358

sentry[bot]
sentry bot reviewed Jan 12, 2026
View reviewed changes
.github/workflows/release.yml Outdated
Comment on lines 37 to 38
version: ${{ inputs.version }}
force: ${{ inputs.force }}
Copy link

@sentry sentry bot Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: On scheduled runs, inputs.version and inputs.force will be empty strings, which may cause the getsentry/craft action to fail if it doesn't handle empty inputs.
Severity: HIGH

🔍 Detailed Analysis

The GitHub workflow is configured to run on a schedule. During a scheduled run, the inputs context is empty, causing ${{ inputs.version }} and ${{ inputs.force }} to be passed as empty strings to the getsentry/craft@v2 action. If this action does not gracefully handle empty string values for these parameters, the scheduled release process will fail. While it is plausible the action is designed to handle this, as its author wrote this workflow, the behavior is unconfirmed and could lead to a failure in the automated release pipeline.

💡 Suggested Fix

To ensure the workflow is robust, add a fallback value for the version parameter. For example, use ${{ inputs.version || 'auto' }} to explicitly use the 'auto' versioning feature during scheduled runs, assuming this is the intended default behavior for the Craft action.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/workflows/release.yml#L37-L38

Potential issue: The GitHub workflow is configured to run on a schedule. During a
scheduled run, the `inputs` context is empty, causing `${{ inputs.version }}` and `${{
inputs.force }}` to be passed as empty strings to the `getsentry/craft@v2` action. If
this action does not gracefully handle empty string values for these parameters, the
scheduled release process will fail. While it is plausible the action is designed to
handle this, as its author wrote this workflow, the behavior is unconfirmed and could
lead to a failure in the automated release pipeline.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8473281

@BYK BYK enabled auto-merge (squash) January 14, 2026 21:53
@BYK BYK requested a review from klochek January 14, 2026 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@klochek klochek Awaiting requested review from klochek

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BYK