Skip to content

chore(deps): bump getsentry/craft from 2.18.3 to 2.19.0 #5551

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
antonis merged 1 commit into from
Jan 19, 2026
Merged

chore(deps): bump getsentry/craft from 2.18.3 to 2.19.0 #5551

antonis merged 1 commit into from
Jan 19, 2026
+1 −1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 19, 2026

Bumps getsentry/craft from 2.18.3 to 2.19.0.

Release notes

Sourced from getsentry/craft's releases.

2.19.0

New Features ✨

  • (action) Emit publish request issue URL as annotation by @​BYK in #708

Bug Fixes 🐛

Docker

  • Add image template var and strict template validation by @​BYK in #713
  • Add GITHUB_API_TOKEN and x-access-token fallbacks for ghcr.io by @​BYK in #710

Other

  • (action) Use environment variables for complex inputs by @​BYK in #716
  • (aws-lambda) Skip layer publication for pre-release versions by @​BYK in #714
  • (prepare) Make NEW-VERSION optional and auto-create changelog by @​BYK in #715
  • Don't mention PRs to avoid linking in changelog previews by @​BYK in #712
Changelog

Sourced from getsentry/craft's changelog.

Changelog

2.19.0

New Features ✨

  • (action) Emit publish request issue URL as annotation by @​BYK in #708

Bug Fixes 🐛

Docker

  • Add image template var and strict template validation by @​BYK in #713
  • Add GITHUB_API_TOKEN and x-access-token fallbacks for ghcr.io by @​BYK in #710

Other

  • (action) Use environment variables for complex inputs by @​BYK in #716
  • (aws-lambda) Skip layer publication for pre-release versions by @​BYK in #714
  • (prepare) Make NEW-VERSION optional and auto-create changelog by @​BYK in #715
  • Don't mention PRs to avoid linking in changelog previews by @​BYK in #712

2.18.3

Bug Fixes 🐛

  • (changelog-preview) Replace deleted install sub-action with inline install by @​BYK in #706

2.18.2

Bug Fixes 🐛

Action

  • Simplify install by using build artifact with release fallback by @​BYK in #705
  • Resolve install sub-action path for external repos by @​BYK in #704

2.18.1

Bug Fixes 🐛

  • (changelog) Add retry and robust error handling for GitHub GraphQL by @​seer-by-sentry in #701
  • Add permissions and docs for changelog-preview reusable workflow by @​BYK in #703

2.18.0

New Features ✨

  • (dry-run) Add worktree-based dry-run mode with real diff output by @​BYK in #692

... (truncated)

Commits
  • c6e2f04 release: 2.19.0
  • 32c2e8e fix(action): Use environment variables for complex inputs (#716)
  • ec24326 fix(aws-lambda): Skip layer publication for pre-release versions (#714)
  • 86aa29b fix(prepare): Make NEW-VERSION optional and auto-create changelog (#715)
  • 15e3969 feat(action): emit publish request issue URL as annotation (#708)
  • bca0ad7 fix: Don't mention PRs to avoid linking in changelog previews (#712)
  • 1e970f4 fix(docker): Add image template var and strict template validation (#713)
  • fa3407a fix(docker): Add GITHUB_API_TOKEN and x-access-token fallbacks for ghcr.io (#...
  • c216c1a meta: Bump new development version
  • b6b2fb2 Merge branch 'release/2.18.3'
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump getsentry/craft from 2.18.3 to 2.19.0
e29ea3a 
Bumps [getsentry/craft](https://github.com/getsentry/craft) from 2.18.3 to 2.19.0.
- [Release notes](https://github.com/getsentry/craft/releases)
- [Changelog](https://github.com/getsentry/craft/blob/master/CHANGELOG.md)
- [Commits](getsentry/craft@1c58bfd...c6e2f04)

---
updated-dependencies:
- dependency-name: getsentry/craft
  dependency-version: 2.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 19, 2026
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 19, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 19, 2026
edited
Loading

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

  • chore(deps): bump getsentry/craft from 2.18.3 to 2.19.0 by dependabot[bot] in #5551
  • chore: Use pull_request_target for changelog preview by BYK in #5546

🤖 This preview updates automatically when you update the PR.

1 similar comment
@github-actions
Copy link
Contributor

github-actions bot commented Jan 19, 2026

Semver Impact of This PR

None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

  • chore(deps): bump getsentry/craft from 2.18.3 to 2.19.0 by dependabot[bot] in #5551
  • chore: Use pull_request_target for changelog preview by BYK in #5546

🤖 This preview updates automatically when you update the PR.

sentry[bot]
sentry bot reviewed Jan 19, 2026
View reviewed changes
.github/workflows/release.yml

- name: Prepare release
uses: getsentry/craft@1c58bfd57bfd6a967b6f3fc92bead2c42ee698ce # v2
uses: getsentry/craft@c6e2f04939b6ee67030588afbb5af76b127d8203 # v2
Copy link

@sentry sentry bot Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Upgrading getsentry/craft may break the release process. The craft-pre-release.sh script expects a positional argument that the new version of the action might no longer provide.
Severity: HIGH

Suggested Fix

Verify the invocation signature for preReleaseCommand in the new version of getsentry/craft. If the positional argument is no longer passed, update craft-pre-release.sh to retrieve the version from an environment variable or another source, or modify the script to handle a missing argument gracefully.

Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/workflows/release.yml#L46

Potential issue: The `release.yml` workflow upgrades the `getsentry/craft` action to a
new version. The release notes for this new version suggest that the `NEW-VERSION`
argument is now optional. The `craft-pre-release.sh` script, which is executed by this
action, expects the version to be passed as the second positional argument (`$2`). The
script also uses `set -u`, which will cause it to exit with an error if an unset
variable is referenced. If the upgraded `craft` action no longer passes this positional
argument, the release script will fail, breaking the release process.

Did we get this right? 👍 / 👎 to inform future reviews.

@sentry-release-bot sentry-release-bot bot mentioned this pull request Jan 19, 2026
Closed
3 tasks
antonis
antonis approved these changes Jan 19, 2026
View reviewed changes
Copy link
Contributor

@antonis antonis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and a test release was 🟢
getsentry/publish#6942
https://github.com/getsentry/sentry-react-native/actions/runs/21130877507/job/60761429025

@antonis antonis merged commit 6f234eb into main Jan 19, 2026
47 of 70 checks passed
@antonis antonis deleted the dependabot/github_actions/getsentry/craft-2.19.0 branch January 19, 2026 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@antonis antonis antonis approved these changes

@alwx alwx Awaiting requested review from alwx alwx is a code owner

@lucas-zimerman lucas-zimerman Awaiting requested review from lucas-zimerman lucas-zimerman is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@antonis