feat(deps): Bump @actions/core to ^2.0.1 #296
Conversation
![sentry[bot]](https://avatars.githubusercontent.com/u/1396951?s=60&v=4){kind=small}
| INPUT_DISABLE_TELEMETRY: ${{ inputs.disable_telemetry }} | ||
| INPUT_DISABLE_SAFE_DIRECTORY: ${{ inputs.disable_safe_directory }} | ||
| uses: docker://ghcr.io/getsentry/action-release-image:master | ||
| uses: docker://ghcr.io/getsentry/action-release-image:ab-bump-actions-core |
There was a problem hiding this comment.
Bug: The Docker image tag in action.yml was changed to a temporary branch name, ab-bump-actions-core, which will cause failures for users of this action after merge.
Severity: CRITICAL | Confidence: High
🔍 Detailed Analysis
The Docker image tag in action.yml has been changed from the stable master tag to a branch-specific tag, ab-bump-actions-core. This change appears to be a development artifact that was unintentionally committed. While the CI for this pull request may build a temporary image with this tag, once merged, downstream users of this GitHub Action will have their workflows fail. Their systems will attempt to pull the ab-bump-actions-core image, which is not a persistent, production-ready tag and will likely not be available in the container registry, causing a docker pull failure.
💡 Suggested Fix
Revert the uses directive in action.yml to point back to the production Docker image tag, such as docker://ghcr.io/getsentry/action-release-image:master, before merging this pull request.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: action.yml#L170
Potential issue: The Docker image tag in `action.yml` has been changed from the stable
`master` tag to a branch-specific tag, `ab-bump-actions-core`. This change appears to be
a development artifact that was unintentionally committed. While the CI for this pull
request may build a temporary image with this tag, once merged, downstream users of this
GitHub Action will have their workflows fail. Their systems will attempt to pull the
`ab-bump-actions-core` image, which is not a persistent, production-ready tag and will
likely not be available in the container registry, causing a docker pull failure.
Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8101661
There was a problem hiding this comment.
This is intended for testing, there's an action that runs to change this back to master on master.
Ensures we get a newer version of undici with security fixes, see: #295