diff --git a/.github/workflows/build_batch_release.yml b/.github/workflows/build_batch_release.yml index 9e8ed0776..c486dd77c 100644 --- a/.github/workflows/build_batch_release.yml +++ b/.github/workflows/build_batch_release.yml @@ -4,12 +4,16 @@ on: push: branches: - release/** +permissions: + contents: write + pull-requests: write + jobs: build: name: Build gems runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Set up Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/build_images.yml b/.github/workflows/build_images.yml index 444ac1f3a..5dbc00ba9 100644 --- a/.github/workflows/build_images.yml +++ b/.github/workflows/build_images.yml @@ -35,7 +35,7 @@ jobs: steps: - name: Check out current commit - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Generate short image name and extract version id: image_name diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml index ac02f9a3e..25384b5eb 100644 --- a/.github/workflows/build_release.yml +++ b/.github/workflows/build_release.yml @@ -4,13 +4,17 @@ on: push: branches: - release-*/** +permissions: + contents: write + pull-requests: write + jobs: build: name: Build runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 # v4 - name: Set up Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml new file mode 100644 index 000000000..5883c004c --- /dev/null +++ b/.github/workflows/changelog-preview.yml @@ -0,0 +1,17 @@ +name: Changelog Preview +on: + pull_request: + types: + - opened + - synchronize + - reopened + - edited + - labeled +permissions: + contents: write + pull-requests: write + +jobs: + changelog-preview: + uses: getsentry/craft/.github/workflows/changelog-preview.yml@v2 + secrets: inherit diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index a3cd6b1ab..341439478 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/e2e_tests.yml b/.github/workflows/e2e_tests.yml index 68a9680f1..fd7dccdf0 100644 --- a/.github/workflows/e2e_tests.yml +++ b/.github/workflows/e2e_tests.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Set up `.env` file run: | diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 5a0a66f0b..674d2b77d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,7 +6,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Set up Ruby uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/prepare_batch_release.yml b/.github/workflows/prepare_batch_release.yml index 4fbdce88a..b683f6453 100644 --- a/.github/workflows/prepare_batch_release.yml +++ b/.github/workflows/prepare_batch_release.yml @@ -3,28 +3,35 @@ on: workflow_dispatch: inputs: version: - description: Version to release - required: true + description: Version to release (or "auto") + required: false force: - description: Force a release even when there are release-blockers (optional) + description: Force a release even when there are release-blockers required: false + +permissions: + contents: write + pull-requests: write + jobs: release: runs-on: ubuntu-latest - name: "Release a new version" + name: Release a new version steps: - name: Get auth token id: token - uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0 + uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1 with: app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }} private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v4 + + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v4 with: token: ${{ steps.token.outputs.token }} fetch-depth: 0 + - name: Prepare release - uses: getsentry/action-prepare-release@v1 + uses: getsentry/craft@39ee616a6a58dc64797feecb145d66770492b66c # v2 env: GITHUB_TOKEN: ${{ steps.token.outputs.token }} with: diff --git a/.github/workflows/sentry_delayed_job_test.yml b/.github/workflows/sentry_delayed_job_test.yml index c9bce4f7c..4e2528e0f 100644 --- a/.github/workflows/sentry_delayed_job_test.yml +++ b/.github/workflows/sentry_delayed_job_test.yml @@ -44,7 +44,7 @@ jobs: - { ruby_version: "head" } - { ruby_version: 'jruby-head' } steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Install sqlite run: | # See https://github.community/t5/GitHub-Actions/ubuntu-latest-Apt-repository-list-issues/td-p/41122/page/2 diff --git a/.github/workflows/sentry_opentelemetry_test.yml b/.github/workflows/sentry_opentelemetry_test.yml index bb374faed..808bf5421 100644 --- a/.github/workflows/sentry_opentelemetry_test.yml +++ b/.github/workflows/sentry_opentelemetry_test.yml @@ -42,7 +42,7 @@ jobs: exclude: - { ruby_version: 'jruby-head' } steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Set up Ruby ${{ matrix.ruby_version }} uses: ruby/setup-ruby@v1 diff --git a/.github/workflows/sentry_rails_test.yml b/.github/workflows/sentry_rails_test.yml index c7210a5df..c1143847e 100644 --- a/.github/workflows/sentry_rails_test.yml +++ b/.github/workflows/sentry_rails_test.yml @@ -69,7 +69,7 @@ jobs: rails_version: "7.0.0" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Install sqlite and ImageMagick run: | # See https://github.community/t5/GitHub-Actions/ubuntu-latest-Apt-repository-list-issues/td-p/41122/page/2 diff --git a/.github/workflows/sentry_resque_test.yml b/.github/workflows/sentry_resque_test.yml index ac5f72eef..9d25b5b55 100644 --- a/.github/workflows/sentry_resque_test.yml +++ b/.github/workflows/sentry_resque_test.yml @@ -41,7 +41,7 @@ jobs: - ruby_version: 'jruby' - ruby_version: 'jruby-head' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Set up Ruby ${{ matrix.ruby_version }} uses: ruby/setup-ruby@v1 with: diff --git a/.github/workflows/sentry_ruby_test.yml b/.github/workflows/sentry_ruby_test.yml index 9f7bc6a32..e183e9b9f 100644 --- a/.github/workflows/sentry_ruby_test.yml +++ b/.github/workflows/sentry_ruby_test.yml @@ -57,7 +57,7 @@ jobs: - ruby_version: 'jruby' - ruby_version: 'jruby-head' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Set up Ruby ${{ matrix.ruby_version }} uses: ruby/setup-ruby@v1 diff --git a/.github/workflows/sentry_sidekiq_test.yml b/.github/workflows/sentry_sidekiq_test.yml index 650c35077..c07f35b8d 100644 --- a/.github/workflows/sentry_sidekiq_test.yml +++ b/.github/workflows/sentry_sidekiq_test.yml @@ -57,7 +57,7 @@ jobs: - ruby_version: jruby - ruby_version: jruby-head steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Set up Ruby ${{ matrix.ruby_version }} uses: ruby/setup-ruby@v1 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9125af6a0..93eaccc66 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -74,7 +74,7 @@ jobs: - resque-tests - opentelemetry-tests steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 # v4 # v2 - name: Codecov uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3