ci(release): Switch from action-prepare-release to Craft #504
Conversation
This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions (reusable workflow or composite action). Changes: - Migrate .github/workflows/release.yml to Craft reusable workflow
Semver Impact of This PR🟢 Patch (bug fixes) 📋 Changelog PreviewThis is how your changes will appear in the changelog. Bug Fixes 🐛
Build / dependencies / internal 🔧
🤖 This preview updates automatically when you update the PR. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
The previous migration incorrectly removed the GitHub App token authentication step. This commit restores it by switching to the composite action pattern which preserves the auth flow.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| description: Version to release (or "auto") | ||
| required: false |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| description: Version to release (or "auto") | ||
| required: false |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| pull-requests: write | ||
|
|
||
| jobs: |
There was a problem hiding this comment.
Bug: The optional force input lacks a default. If not provided, GitHub Actions passes an empty string, which could be misinterpreted by the downstream craft action, potentially forcing a release.
Severity: CRITICAL
Suggested Fix
To ensure predictable behavior, explicitly handle the empty string case. Add a default value for the force input, such as default: 'false', or use a conditional step to set a default if the input is an empty string, like force: ${{ github.event.inputs.force || 'false' }}.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: .github/workflows/release.yml#L15-L17
Potential issue: The `release.yml` workflow defines the `force` input as optional
(`required: false`) without a default value. When a user triggers this workflow without
specifying the `force` input, GitHub Actions will pass an empty string `""` to the
`getsentry/craft@v2` action. The behavior of the `craft` action when receiving an empty
string for a boolean input is unknown. If it interprets an empty string as `true`, it
could lead to unintentionally forced releases even when release-blockers are present. If
it fails validation, the workflow will break.
Did we get this right? 👍 / 👎 to inform future reviews.
Summary
This PR migrates from the deprecated
action-prepare-releaseto the new Craft GitHub Actions.Changes
.github/workflows/release.ymlto Craft reusable workflowDocumentation
See https://getsentry.github.io/craft/github-actions/ for more information.