Skip to content
Open
Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
1736a75
ci(release): Switch from action-prepare-release to Craft
BYK Jan 9, 2026
2af3714
ci(release): Restore GitHub App token authentication
BYK Jan 9, 2026
c6c86bb
ci(release): Restore GitHub App token authentication
BYK Jan 9, 2026
e876603
fix: Pin actions to SHA and add permissions blocks
BYK Jan 10, 2026
3720f92
fix: Add calver: true configuration for CalVer releases
BYK Jan 10, 2026
38dd030
fix: Use correct action version SHAs (restore original versions)
BYK Jan 10, 2026
4dc3375
fix: Use correct action version SHAs (restore original versions)
BYK Jan 10, 2026
bc1ec1a
fix: Clean up action version comments
BYK Jan 12, 2026
32733fe
Update Craft SHA to 1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce
BYK Jan 13, 2026
630e289
Update Craft SHA to 1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce
BYK Jan 13, 2026
60fdab7
Remove changelog-preview workflow per review feedback
BYK Jan 13, 2026
d13a73d
Add explicit permissions block to build_binary.yml
BYK Jan 13, 2026
904e96d
Add explicit permissions block to build_library.yml
BYK Jan 13, 2026
f1b80cd
Add explicit permissions block to ci.yml
BYK Jan 13, 2026
adbad65
Add explicit permissions block to enforce-license-compliance.yml
BYK Jan 13, 2026
90df28a
Revert permissions changes to build_binary.yml
BYK Jan 13, 2026
522251b
Revert permissions changes to build_library.yml
BYK Jan 13, 2026
364cb0b
Revert permissions changes to ci.yml
BYK Jan 13, 2026
ae8fa20
Revert permissions changes to enforce-license-compliance.yml
BYK Jan 13, 2026
f866211
fix: revert extraneous changes to non-release workflow files
BYK Jan 13, 2026
c47299a
build(craft): Fix release workflows and config
BYK Jan 14, 2026
1b3f60d
build(craft): Update Craft action to c6e2f04
BYK Jan 14, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/beta.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
- 6379:6379

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/build_binary.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
apt-get update
apt-get install -y --no-install-recommends git ca-certificates gcc libc6-dev curl make zip

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -66,7 +66,7 @@ jobs:
runs-on: ubuntu-22.04-arm

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -100,7 +100,7 @@ jobs:
runs-on: macos-14

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -133,7 +133,7 @@ jobs:
runs-on: windows-2022

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/build_library.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
}')[matrix.build-arch] }}

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -70,7 +70,7 @@ jobs:
runs-on: macos-14

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -117,7 +117,7 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down
17 changes: 17 additions & 0 deletions .github/workflows/changelog-preview.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Changelog Preview
on:
pull_request:
types:
- opened
- synchronize
- reopened
- edited
- labeled
permissions:
contents: write
pull-requests: write

jobs:
changelog-preview:
uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2
secrets: inherit
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want this, also it does not use the changelog.md we actually curate.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this only makes sense if you are using automated changelogs. Happy to remove but I also recommend giving automated changelogs a shot. It allows curation too: https://getsentry.github.io/craft/configuration/#custom-changelog-entries-from-pr-descriptions

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am interested about the automated snapshots, but I'd like to review/look into that separately. From your presentation it sounds like the automated changelogs can possibly do what we're interested in now, but we still have a few workflows tied to the manual process.

6 changes: 5 additions & 1 deletion .github/workflows/changelog.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,16 @@ on:
types: [opened, synchronize, reopened, edited, ready_for_review, labeled, unlabeled]
merge_group:

permissions:
contents: write
pull-requests: write

jobs:
build:
name: Changelogs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
26 changes: 13 additions & 13 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -107,7 +107,7 @@ jobs:
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand All @@ -128,7 +128,7 @@ jobs:
outputs:
devservices-files-changed: ${{ steps.changes.outputs.devservices-files-changed }}
steps:
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.1.7
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.1.7
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
name: Check for file changes
id: changes
Expand Down Expand Up @@ -157,7 +157,7 @@ jobs:
if: "!startsWith(github.ref, 'refs/heads/release-library/')"

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -219,7 +219,7 @@ jobs:
ghcr.io/getsentry/objectstore:nightly \
run

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -250,7 +250,7 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -365,7 +365,7 @@ jobs:
run: |
curl -sL https://sentry.io/get-cli/ | bash

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -441,7 +441,7 @@ jobs:
run: |
curl -sL https://sentry.io/get-cli/ | bash

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -506,7 +506,7 @@ jobs:
REVISION: "${{ github.event.pull_request.head.sha || github.sha }}"

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
Expand Down Expand Up @@ -572,7 +572,7 @@ jobs:
if: "!startsWith(github.ref, 'refs/heads/release-library/') && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' && needs.build-setup.outputs.full_ci == 'true'"

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
Expand Down Expand Up @@ -783,7 +783,7 @@ jobs:
ghcr.io/getsentry/objectstore:nightly \
run

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -832,7 +832,7 @@ jobs:
steps:
# Checkout Sentry and run integration tests against latest Relay
- name: Checkout Sentry
uses: actions/checkout@v6.0.1
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
repository: getsentry/sentry
path: sentry
Expand Down Expand Up @@ -902,7 +902,7 @@ jobs:
needs: devservices-files-changed
if: needs.devservices-files-changed.outputs.devservices-files-changed == 'true'
steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
name: Checkout repository

- name: Get devservices version
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
submodules: recursive

Expand Down Expand Up @@ -54,7 +54,7 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

- name: Install Rust Toolchain
run: rustup toolchain install stable --profile minimal --no-self-update
Expand Down
21 changes: 11 additions & 10 deletions .github/workflows/release_binary.yml
Original file line number Diff line number Diff line change
@@ -1,43 +1,44 @@
name: Release

on:
workflow_dispatch:
inputs:
version:
description: Version to release (optional)
required: false
force:
description: Force a release even when there are release-blockers (optional)
description: Force a release even when there are release-blockers
required: false

schedule:
# We want the release to be at 9-10am Pacific Time
# We also want it to be 1 hour before the on-prem release
- cron: "0 17 15 * *"

permissions:
contents: write
pull-requests: write

jobs:
release:
runs-on: ubuntu-latest
name: "Release a new Relay version"

name: Release a new Relay version
steps:
- name: Get auth token
id: token
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
with:
app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}

- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
token: ${{ steps.token.outputs.token }}
fetch-depth: 0

- name: Prepare release
uses: getsentry/action-prepare-release@v1
uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2
env:
GITHUB_TOKEN: ${{ steps.token.outputs.token }}
with:
version: ${{ github.event.inputs.version }}
force: ${{ github.event.inputs.force }}
version: ${{ inputs.version }}
force: ${{ inputs.force }}
calver: true

This comment was marked as outdated.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Dav1dde do we still have calver + semver in Relay

Copy link
Member

@Dav1dde Dav1dde Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calver for self-hosted and binary releases, semver for (Python) library releases

This comment was marked as outdated.

51 changes: 25 additions & 26 deletions .github/workflows/release_library.yml
Original file line number Diff line number Diff line change
@@ -1,38 +1,37 @@
name: Release Library

on:
workflow_dispatch:
inputs:
version:
description: Version to release
required: true
description: Version to release (or "auto")
required: false
force:
description: Force a release even when there are release-blockers (optional)
description: Force a release even when there are release-blockers
required: false
permissions:
contents: write
pull-requests: write

jobs:
release:
runs-on: ubuntu-latest
name: "Release a new librelay version"

name: Release a new version
steps:
- name: Get auth token
id: token
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
with:
app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}

- uses: actions/checkout@v6.0.1
with:
token: ${{ steps.token.outputs.token }}
fetch-depth: 0

- name: Prepare release
uses: getsentry/action-prepare-release@v1
env:
GITHUB_TOKEN: ${{ steps.token.outputs.token }}
with:
version: ${{ github.event.inputs.version }}
force: ${{ github.event.inputs.force }}
path: py
- name: Get auth token
id: token
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
with:
app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
token: ${{ steps.token.outputs.token }}
fetch-depth: 0
- name: Prepare release
uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2
env:
GITHUB_TOKEN: ${{ steps.token.outputs.token }}
with:
version: ${{ inputs.version }}
force: ${{ inputs.force }}
path: py

This comment was marked as outdated.

This comment was marked as outdated.

4 changes: 2 additions & 2 deletions .github/workflows/validate-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
outputs:
gocd: ${{ steps.changes.outputs.gocd }}
steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Check for relevant file changes
uses: getsentry/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: changes
Expand All @@ -39,7 +39,7 @@ jobs:
id-token: "write"

steps:
- uses: actions/checkout@v6.0.1
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- id: 'auth'
uses: google-github-actions/auth@v3
with:
Expand Down
Loading