Skip to content

chore(deps): bump getsentry/github-workflows from 2 to 3 #5240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): bump getsentry/github-workflows from 2 to 3 #5240

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 6, 2025
edited
Loading

Bumps getsentry/github-workflows from 2 to 3.

Release notes

Sourced from getsentry/github-workflows's releases.

3.0.0

Breaking Changes

  • Updater: The default value for pr-strategy has been changed from create to update. (#124) This change means the updater will now maintain a single PR that gets updated with new dependency versions (instead of creating separate PRs for each version). If you want to preserve the previous behavior of creating separate PRs, explicitly set pr-strategy: create in your workflow:

    - uses: getsentry/github-workflows/updater@v3
  with:
    # ... other inputs ...
    pr-strategy: create  # Add this to preserve previous behavior

    In case you have existing open PRs created with the create strategy, you will need to remove these old branches manually as the new name would be a prefix of the old PRs, which git doesnt' allow.

  • Updater and Danger reusable workflows are now composite actions (#114)

    To update your existing Updater workflows:

    ### Before
  native:
    uses: getsentry/github-workflows/.github/workflows/updater.yml@v2
    with:
      path: scripts/update-sentry-native-ndk.sh
      name: Native SDK
    secrets:
      # If a custom token is used instead, a CI would be triggered on a created PR.
      api-token: ${{ secrets.CI_DEPLOY_KEY }}
After
native:
runs-on: ubuntu-latest
steps:
- uses: getsentry/github-workflows/updater@v3
with:
path: scripts/update-sentry-native-ndk.sh
name: Native SDK
api-token: ${{ secrets.CI_DEPLOY_KEY }}

    To update your existing Danger workflows:

    ### Before
  danger:
    uses: getsentry/github-workflows/.github/workflows/danger.yml@v2
After
danger:

... (truncated)

Changelog

Sourced from getsentry/github-workflows's changelog.

Changelog

Unreleased

Fixes

  • Updater - Fix boolean input handling for changelog-entry parameter and add input validation (#127)

3.0.0

Breaking Changes

  • Updater: The default value for pr-strategy has been changed from create to update. (#124) This change means the updater will now maintain a single PR that gets updated with new dependency versions (instead of creating separate PRs for each version). If you want to preserve the previous behavior of creating separate PRs, explicitly set pr-strategy: create in your workflow:

    - uses: getsentry/github-workflows/updater@v3
  with:
    # ... other inputs ...
    pr-strategy: create  # Add this to preserve previous behavior

    In case you have existing open PRs created with the create strategy, you will need to remove these old branches manually as the new name would be a prefix of the old PRs, which git doesnt' allow.

  • Updater and Danger reusable workflows are now composite actions (#114)

    To update your existing Updater workflows:

    ### Before
  native:
    uses: getsentry/github-workflows/.github/workflows/updater.yml@v2
    with:
      path: scripts/update-sentry-native-ndk.sh
      name: Native SDK
    secrets:
      # If a custom token is used instead, a CI would be triggered on a created PR.
      api-token: ${{ secrets.CI_DEPLOY_KEY }}
After
native:
runs-on: ubuntu-latest
steps:
- uses: getsentry/github-workflows/updater@v3
with:
path: scripts/update-sentry-native-ndk.sh
name: Native SDK
api-token: ${{ secrets.CI_DEPLOY_KEY }}

... (truncated)

Commits
  • 342f5e2 release: 3.0.0
  • 91b2c01 chore: Clean up changelog by removing outdated version sections and redundant...
  • 13193d2 fix: Handle null bullet point detection in update-changelog script (#125)
  • 67d5a87 feat!: Change updater pr-strategy default to 'update' (#124)
  • 45bc4f7 fix: Improve bullet-point resolution when plain text precedes bullet points (...
  • 5f024a8 test: Convert workflow test scripts to use PowerShell and Pester (#122)
  • 747517a feat: Allow updater to target non-default branches (#118)
  • de9e3fa feat: Support GitHub release title pattern matching (#117)
  • 1dbbc41 Add git commit fallback for repositories without changelog files (#116)
  • 6af5c2d fix: improve changelog generation for non-tagged commits and edge cases (#115)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump getsentry/github-workflows from 2 to 3
1cf054a 
Bumps [getsentry/github-workflows](https://github.com/getsentry/github-workflows) from 2 to 3.
- [Release notes](https://github.com/getsentry/github-workflows/releases)
- [Changelog](https://github.com/getsentry/github-workflows/blob/main/CHANGELOG.md)
- [Commits](getsentry/github-workflows@v2...v3)

---
updated-dependencies:
- dependency-name: getsentry/github-workflows
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 6, 2025
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 6, 2025
seer-by-sentry[bot]
seer-by-sentry bot reviewed Oct 6, 2025
View reviewed changes
.github/workflows/danger.yml
jobs:
danger:
uses: getsentry/github-workflows/.github/workflows/danger.yml@v2
uses: getsentry/github-workflows/.github/workflows/danger.yml@v3
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential bug: The workflow references v3 but uses the incorrect v2 invocation syntax (.github/workflows/danger.yml@v3), which is a breaking change that will cause the action to fail.

  • Description: The GitHub workflow is being upgraded to use getsentry/github-workflows@v3. However, the invocation syntax remains the v2 style, referencing the full workflow path like .github/workflows/danger.yml@v3. The v3 version of this workflow is a composite action and requires a different syntax, such as getsentry/github-workflows/danger@v3. This mismatch will cause the GitHub Actions runner to fail when trying to locate and execute the workflow. This will prevent essential CI/CD jobs from running. A previous attempt to upgrade this repository reportedly failed due to this exact issue.

  • Suggested fix: Update the uses clause in the workflow file to use the correct v3 composite action syntax. For example, change uses: getsentry/github-workflows/.github/workflows/danger.yml@v3 to uses: getsentry/github-workflows/danger@v3. This change should be applied to all affected workflows.
    severity: 0.85, confidence: 0.95

Did we get this right? 👍 / 👎 to inform future reviews.

@antonis
Copy link
Contributor

antonis commented Oct 6, 2025

Since changes are needed I will follow up with #5218 (which is currently blocked)

@antonis antonis added the Blocked label Oct 6, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 10, 2025

Looks like getsentry/github-workflows is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Oct 10, 2025
@dependabot dependabot bot deleted the dependabot/github_actions/getsentry/github-workflows-3 branch October 10, 2025 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seer-by-sentry seer-by-sentry[bot] seer-by-sentry[bot] left review comments

@alwx alwx Awaiting requested review from alwx alwx is a code owner

@antonis antonis Awaiting requested review from antonis antonis is a code owner

@lucas-zimerman lucas-zimerman Awaiting requested review from lucas-zimerman lucas-zimerman is a code owner

Assignees

No one assigned

Labels

Blocked dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@antonis