ci(release): Switch from action-prepare-release to Craft

[BYK]

Summary

This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions.

Changes

• Migrated .github/workflows/release.yml to Craft reusable workflow

Documentation

See https://getsentry.github.io/craft/github-actions/ for more information.

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

New Features ✨

• Added Main to SentryThread by bitsandfoxes in #4807

Build / dependencies / internal 🔧

Deps

• Update Native SDK to v0.12.3 by github-actions in #4832
• Update Java SDK to v8.29.0 by github-actions in #4817
• Bump actions/download-artifact from 6.0.0 to 7.0.0 by dependabot in #4828
• Bump docker/setup-buildx-action from 3.11.1 to 3.12.0 by dependabot in #4827
• Bump github/codeql-action from 4.31.8 to 4.31.9 by dependabot in #4826
• Bump getsentry/action-prepare-release from 1.6.4 to 1.6.6 by dependabot in #4825
• Bump github/codeql-action from 4.31.5 to 4.31.8 by dependabot in #4813
• Bump actions/cache from 4.3.0 to 5.0.1 by dependabot in #4812
• Bump codecov/codecov-action from 5.5.1 to 5.5.2 by dependabot in #4811
• Bump actions/upload-artifact from 5.0.0 to 6.0.0 by dependabot in #4810
• Bump actions/create-github-app-token from 2.2.0 to 2.2.1 by dependabot in #4795

Other

• (release) Switch from action-prepare-release to Craft by BYK in #4835

• Remove trailing slash from workflow references by copilot-swe-agent in #4837
• Fix Build of Compiler-Extension by Flash0ver in #4804

Other

• test(integration): prevent auto-relaunch on Android by jpnurmi in #4833

---

_{🤖 This preview updates automatically when you update the PR.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.79%. Comparing base (2370080) to head (bee5f34).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4835   +/-   ##
=======================================
  Coverage   73.79%   73.79%           
=======================================
  Files         483      483           
  Lines       17551    17551           
  Branches     3461     3461           
=======================================
  Hits        12952    12952           
  Misses       3746     3746           
  Partials      853      853           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cursor]

Inconsistent Craft version pinning between workflows

Medium Severity

The PR reviewer noted issues with certain Craft versions and recommended pinning to a specific commit hash. The release.yml correctly pins to commit 1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce, but the new changelog-preview.yml uses the mutable @v2 tag instead. If the v2 tag hasn't been updated to the fixed version, or if it later regresses, the changelog-preview workflow could use a problematic version. This inconsistent approach to version pinning goes against the reviewer's guidance.

Additional Locations (1)

• .github/workflows/release.yml#L33-L34

 

[jamescrosswell]

Seems like we probably should use the commit hash here eh?

[BYK]

Not really, that would make this way harder to maintain. This is a repo we control so it is safe to use a floating tag.

[jamescrosswell]

Should we not be using a commit hash here then?

I'm OK with either, if we have a good reason, as long as we're consistent.

[BYK]

Some people were adamant for the relaese job to have hashes. Unfortunately we don't have a standard across repos so do whichever you prefer at this point. I just strongly advice against for the changelog-preview job.

If it was up to me, I'd be using floating tags for both as Craft is a project we control quite strictly.