chore(deps): update Workflow args test script to v3.1.0

[github-actions]

Bumps updater/tests/workflow-args.sh from latest to 3.1.0.

Auto-generated by a dependency updater.

Changelog

3.1.0

Features

• Updater - Add post-update-script input parameter to run custom scripts after dependency updates (#130, #133)
  • Scripts receive original and new version as arguments
  • Support both bash (.sh) and PowerShell (.ps1) scripts
  • Enables workflows like updating lock files, running code generators, or modifying configuration files
• Updater - Add SSH key support and comprehensive authentication validation (#134)
  • Add ssh-key input parameter for deploy key authentication
  • Support using both ssh-key (for git) and api-token (for GitHub API) together
  • Add detailed token validation with actionable error messages
  • Detect common token issues: expiration, whitespace, SSH keys in wrong input, missing scopes
  • Validate SSH key format when provided

Fixes

• Updater - Fix boolean input handling for changelog-entry parameter and add input validation (#127)
• Updater - Fix cryptic authentication errors with better validation and error messages (#134, closes #128)

Dependencies

• Bump Danger JS from v11.3.1 to v13.0.4 (#132)
  • changelog
  • diff

3.0.0

Breaking Changes

• Updater: The default value for pr-strategy has been changed from create to update. (#124)
  This change means the updater will now maintain a single PR that gets updated with new dependency versions (instead of creating separate PRs for each version).
  If you want to preserve the previous behavior of creating separate PRs, explicitly set pr-strategy: create in your workflow:

  - uses: getsentry/github-workflows/updaterv3
    with:
      # ... other inputs ...
      pr-strategy: create  # Add this to preserve previous behavior

  In case you have existing open PRs created with the create strategy, you will need to remove these old branches
  manually as the new name would be a prefix of the old PRs, which git doesnt' allow.

• Updater and Danger reusable workflows are now composite actions (#114)

  To update your existing Updater workflows:

  ### Before
    native:
      uses: getsentry/github-workflows/.github/workflows/updater.ymlv2
      with:
        path: scripts/update-sentry-native-ndk.sh
        name: Native SDK
      secrets:
        # If a custom token is used instead, a CI would be triggered on a created PR.
        api-token: ${{ secrets.CI_DEPLOY_KEY }}
  
  ### After (v3.0)
    native:
      runs-on: ubuntu-latest
      steps:
        - uses: getsentry/github-workflows/updaterv3
          with:
            path: scripts/update-sentry-native-ndk.sh
            name: Native SDK
            api-token: ${{ secrets.CI_DEPLOY_KEY }}

  Note: If you were using SSH deploy keys with the v2 reusable workflow, the v3.0 composite action initially only supported tokens.
  SSH key support was restored in v3.1 (#134). To use SSH keys, update to v3.1+ and use the ssh-key input:

  ### With SSH key (v3.1+)
    native:
      runs-on: ubuntu-latest
      steps:
        - uses: getsentry/github-workflows/updaterv3
          with:
            path: scripts/update-sentry-native-ndk.sh
            name: Native SDK
            ssh-key: ${{ secrets.CI_DEPLOY_KEY }}

  To update your existing Danger workflows:

  ### Before
    danger:
      uses: getsentry/github-workflows/.github/workflows/danger.ymlv2
  
  ### After
    danger:
      runs-on: ubuntu-latest
      steps:
        - uses: getsentry/github-workflows/dangerv3

Features

• Updater now supports targeting non-default branches via the new target-branch input parameter (#118)
• Updater now supports filtering releases by GitHub release title patterns, e.g. to support release channels (#117)
• Updater now supports dependencies without changelog files by falling back to git commit messages (#116)
• Danger - Improve conventional commit scope handling, and non-conventional PR title support (#105)
• Add Proguard artifact endpoint for Android builds in sentry-server (#100)
• Updater - Add CMake FetchContent support for automated dependency updates (#104)

Security

• Updater - Prevent script injection vulnerabilities through workflow inputs (#98)

Fixes

• Updater - Fix null reference error when changelog has no existing bullet points (#125)
• Updater - Fix bullet-point resolution when plain text precedes bullet points (#123)
• Improve changelog generation for non-tagged commits and edge cases (#115)
• Use GITHUB_WORKFLOW_REF instead of _workflow_version input parameter to automatically determine workflow script versions (#109)

2.13.1

Fixes

• Updater - invalid workflow syntax - reverts recent switch to env vars (#97)

2.13.0

Features

• Danger - Changelog checks can now additionally be skipped with a skip-changelog label (#94)

2.12.0

Features

• Gzip-compressed HTTP requests (#88)

Fixes

• Don't update from a manually-updated prerelease to a latest stable release that is earlier than the prerelease (#78)
• Cross-repo links in changelog notes (#82)
• Truncate changelog to nearest SemVer even if actual previous version is missing (#84)

2.11.0

Features

• Add support for prettier-ignore notes on CHANGELOG.md (#75)

Example of notes before ## Unreleased Header on CHANGELOG.md

Important

If you are upgrading to the 1.x versions of the Sentry SDK from 0.x or below,
make sure you follow our migration guide first.

2.10.0

Changes

• Remove octokit/request-action dependency in favor of using gh api (#74)

Fixes

• Bump updater action dependency to fix an issue when creating/updating a PR (#71)

Dependencies

• Bump actions/checkout from v3 to v4 (#72)
• Bump styfle/cancel-workflow-action from v0.12.0 to v0.12.1 (#73)

2.9.1

Fixes

• Danger - fix pinned action check if the ref is at the end of the file (#70)

2.9.0

Fixes

• Danger - recognize PR links based on full URL instead of just the PR number. (#68)

Dependencies

• Bump danger/danger-js from v11.1.2 to v11.3.1 (#59)

2.8.1

Fixes

• Sentry-CLI integration test - set server script root so assets access works. (#63)

2.8.0

Fixes

• Updater - non-bot commit-checks in PRs for SSH repository URLs (starting with gitgithub.com:) (#62)

Features

• Sentry-CLI integration test action: support envelopes (#58)

Dependencies

• Bump updater action dependencies (#61)

2.7.0

Features

• Sentry-CLI integration test action (#54)

2.6.0

Features

• Danger - add "github" to the list of whitelisted users for action-pinning check (#55)

2.5.1

Fixes

• Updater - exit code in PR commit check if the PR doesn't exist yet (#51)

2.5.0

Features

• Updater - don't update existing branches if there are manually added commits (#50)
• Danger - ignore "deps" and "test" PR flavors in changelog checks (#49)

Fixes

• Updater - update deprecated actions (#48)

2.4.0

Features

• Danger - check that a changelog entry is not added to an already released section (#44)

2.3.0

Features

• Updater - add changelog-entry option to disable adding a changelog entry (#43)

2.2.2

Fixes

• Skip local actions when checking pinned actions in Danger (#41)

2.2.1

Fixes

• Support comments when parsing pinned actions in Danger (#40)

2.2.0

Features

• Danger - check for that actions are pinned to a commit (#39)

2.1.1

Fixes

• Show GitHub annotations when running from forks - can't post a PR comment in that case (#37)

2.1.0

Features

• New reusable workflow, danger.yml, to check Pull Requests with predefined rules (#34)

2.0.0

Changes

• Rename api_token secret to api-token (#21)
• Change changelog target section header from "Features" to "Dependencies" (#19)

Features

• Add pr-strategy switch to choose between creating new PRs or updating an existing one (#22)
• Add changelog-section input setting to specify target changelog section header (#19)

Fixes

• Preserve changelog bullet-point format (#20)
• Changelog section parsing when an entry text contains the section name in the text (#25)

1.0.0

Initial release & subsequent fixes - only major version v1 was kept & overridden for this release.

[seer-by-sentry]

Potential bug: The test script workflow-args.sh hardcodes a version number, which will cause the updater-no-changes test to fail when a new version is released.

• Description: The get-version case in updater/tests/workflow-args.sh hardcodes the version as "3.1.0". The updater-no-changes test compares this hardcoded value against the latest tag fetched from the getsentry/github-workflows repository. When a new version of the repository is released (e.g., 3.2.0), the test will fail because the hardcoded version will no longer match the latest tag. This will cause CI to fail on every push, blocking development until the version in the script is manually updated.

• Suggested fix: Instead of hardcoding the version in workflow-args.sh, dynamically determine the current version. This could involve parsing the version from a file that is automatically updated, or refactoring the test to not depend on a specific version number.
  _{severity: 0.65, confidence: 0.98}

_{Did we get this right? 👍 / 👎 to inform future reviews.}