Skip to content

feat(deps): Bump @actions/core to ^2.0.1 #296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andreiborza merged 1 commit into from
Jan 2, 2026
Merged

feat(deps): Bump @actions/core to ^2.0.1 #296

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ runs:
INPUT_WORKING_DIRECTORY: ${{ inputs.working_directory }}
INPUT_DISABLE_TELEMETRY: ${{ inputs.disable_telemetry }}
INPUT_DISABLE_SAFE_DIRECTORY: ${{ inputs.disable_safe_directory }}
uses: docker://ghcr.io/getsentry/action-release-image:master
uses: docker://ghcr.io/getsentry/action-release-image:ab-bump-actions-core
Copy link

@sentry sentry bot Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The Docker image tag in action.yml was changed to a temporary branch name, ab-bump-actions-core, which will cause failures for users of this action after merge.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The Docker image tag in action.yml has been changed from the stable master tag to a branch-specific tag, ab-bump-actions-core. This change appears to be a development artifact that was unintentionally committed. While the CI for this pull request may build a temporary image with this tag, once merged, downstream users of this GitHub Action will have their workflows fail. Their systems will attempt to pull the ab-bump-actions-core image, which is not a persistent, production-ready tag and will likely not be available in the container registry, causing a docker pull failure.

💡 Suggested Fix

Revert the uses directive in action.yml to point back to the production Docker image tag, such as docker://ghcr.io/getsentry/action-release-image:master, before merging this pull request.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: action.yml#L170

Potential issue: The Docker image tag in `action.yml` has been changed from the stable
`master` tag to a branch-specific tag, `ab-bump-actions-core`. This change appears to be
a development artifact that was unintentionally committed. While the CI for this pull
request may build a temporary image with this tag, once merged, downstream users of this
GitHub Action will have their workflows fail. Their systems will attempt to pull the
`ab-bump-actions-core` image, which is not a persistent, production-ready tag and will
likely not be available in the container registry, causing a docker pull failure.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8101661

Copy link
Member Author

@andreiborza andreiborza Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is intended for testing, there's an action that runs to change this back to master on master.


# For actions running on macos or windows runners, we use a composite
# action approach which allows us to install the arch specific sentry-cli
Expand Down
Loading