Skip to content

build(deps): bump getsentry/github-workflows/.github/workflows/updater.yml from 2 to 3 #4884

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
romtsn merged 2 commits into from
Jan 26, 2026
Merged

build(deps): bump getsentry/github-workflows/.github/workflows/updater.yml from 2 to 3 #4884

romtsn merged 2 commits into from
Jan 26, 2026
+15 −14

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 10, 2025
edited
Loading

Bumps getsentry/github-workflows/.github/workflows/updater.yml from 2 to 3.

Release notes

Sourced from getsentry/github-workflows/.github/workflows/updater.yml's releases.

3.0.0

Breaking Changes

  • Updater: The default value for pr-strategy has been changed from create to update. (#124) This change means the updater will now maintain a single PR that gets updated with new dependency versions (instead of creating separate PRs for each version). If you want to preserve the previous behavior of creating separate PRs, explicitly set pr-strategy: create in your workflow:

    - uses: getsentry/github-workflows/updater@v3
  with:
    # ... other inputs ...
    pr-strategy: create  # Add this to preserve previous behavior

    In case you have existing open PRs created with the create strategy, you will need to remove these old branches manually as the new name would be a prefix of the old PRs, which git doesnt' allow.

  • Updater and Danger reusable workflows are now composite actions (#114)

    To update your existing Updater workflows:

    ### Before
  native:
    uses: getsentry/github-workflows/.github/workflows/updater.yml@v2
    with:
      path: scripts/update-sentry-native-ndk.sh
      name: Native SDK
    secrets:
      # If a custom token is used instead, a CI would be triggered on a created PR.
      api-token: ${{ secrets.CI_DEPLOY_KEY }}
After
native:
runs-on: ubuntu-latest
steps:
- uses: getsentry/github-workflows/updater@v3
with:
path: scripts/update-sentry-native-ndk.sh
name: Native SDK
api-token: ${{ secrets.CI_DEPLOY_KEY }}

    To update your existing Danger workflows:

    ### Before
  danger:
    uses: getsentry/github-workflows/.github/workflows/danger.yml@v2
After
danger:

... (truncated)

Changelog

Sourced from getsentry/github-workflows/.github/workflows/updater.yml's changelog.

Changelog

Unreleased

Features

  • Danger - Add support for repository-specific dangerfiles (#129)
    • Add extra-dangerfile input parameter to run custom Danger checks alongside shared workflow checks
    • Add extra-install-packages input to install additional apt packages required by custom dangerfiles
    • Custom dangerfiles receive full Danger API access (fail, warn, message, markdown, danger)
    • Enables repositories to extend Danger checks without overwriting shared workflow comments

3.1.0

Features

  • Updater - Add post-update-script input parameter to run custom scripts after dependency updates (#130, #133)
    • Scripts receive original and new version as arguments
    • Support both bash (.sh) and PowerShell (.ps1) scripts
    • Enables workflows like updating lock files, running code generators, or modifying configuration files
  • Updater - Add SSH key support and comprehensive authentication validation (#134)
    • Add ssh-key input parameter for deploy key authentication
    • Support using both ssh-key (for git) and api-token (for GitHub API) together
    • Add detailed token validation with actionable error messages
    • Detect common token issues: expiration, whitespace, SSH keys in wrong input, missing scopes
    • Validate SSH key format when provided

Fixes

  • Updater - Fix boolean input handling for changelog-entry parameter and add input validation (#127)
  • Updater - Fix cryptic authentication errors with better validation and error messages (#134, closes #128)

Dependencies

3.0.0

Breaking Changes

  • Updater: The default value for pr-strategy has been changed from create to update. (#124) This change means the updater will now maintain a single PR that gets updated with new dependency versions (instead of creating separate PRs for each version). If you want to preserve the previous behavior of creating separate PRs, explicitly set pr-strategy: create in your workflow:

    - uses: getsentry/github-workflows/updater@v3
  with:
    # ... other inputs ...

... (truncated)

Commits
  • 13be9be release: 3.1.0
  • 0d0d99a feat(updater): Add SSH key support and comprehensive authentication validatio...
  • 6272a50 chore(deps): update Danger JS to v13.0.4 (#132)
  • 71d223e fix(updater): Pass OriginalTag to post-update script on second run (#133)
  • 0bd595f chore: Rename workflow to 'Update dependencies'
  • 1c10977 chore: Use updater action to manage Danger JS version (#131)
  • 3182dd4 feat(updater): Add post-update-script support (#130)
  • 15e4b10 fix: Handle boolean inputs correctly and validate supported values (#127)
  • c6471d1 Merge branch 'release/3.0.0'
  • 342f5e2 release: 3.0.0
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 10, 2025
@dependabot dependabot bot requested review from adinauer and romtsn as code owners November 10, 2025 04:05
@dependabot dependabot bot added the github_actions Pull requests that update GitHub Actions code label Nov 10, 2025
cursor[bot]
cursor bot reviewed Nov 10, 2025
View reviewed changes
@dependabot dependabot bot force-pushed the dependabot/github_actions/getsentry/github-workflows/dot-github/workflows/updater.yml-3 branch 2 times, most recently from cb4c7cb to a01c67e Compare November 11, 2025 11:03
@dependabot dependabot bot force-pushed the dependabot/github_actions/getsentry/github-workflows/dot-github/workflows/updater.yml-3 branch from a01c67e to dfe7457 Compare November 21, 2025 11:00
cursor[bot]
cursor bot reviewed Nov 21, 2025
View reviewed changes
@dependabot dependabot bot force-pushed the dependabot/github_actions/getsentry/github-workflows/dot-github/workflows/updater.yml-3 branch 2 times, most recently from 024e207 to 9016b12 Compare December 3, 2025 11:44
sentry[bot]
sentry bot reviewed Dec 3, 2025
View reviewed changes
dependabot bot and others added 2 commits January 26, 2026 17:34
@dependabot @romtsn
build(deps): bump getsentry/github-workflows/.github/workflows/update…
8c29a96 
…r.yml

Bumps [getsentry/github-workflows/.github/workflows/updater.yml](https://github.com/getsentry/github-workflows) from 2 to 3.
- [Release notes](https://github.com/getsentry/github-workflows/releases)
- [Changelog](https://github.com/getsentry/github-workflows/blob/main/CHANGELOG.md)
- [Commits](getsentry/github-workflows@v2...v3)

---
updated-dependencies:
- dependency-name: getsentry/github-workflows/.github/workflows/updater.yml
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@romtsn
Use reusable workflow
a796975
@romtsn romtsn force-pushed the dependabot/github_actions/getsentry/github-workflows/dot-github/workflows/updater.yml-3 branch from 9016b12 to a796975 Compare January 26, 2026 16:38
@github-actions
Copy link
Contributor

github-actions bot commented Jan 26, 2026

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

Bug Fixes 🐛

  • Establish native exception mechanisms by supervacuus in #5052

Internal Changes 🔧

Deps

  • Bump getsentry/github-workflows/.github/workflows/updater.yml from 2 to 3 by dependabot[bot] in #4884
  • Bump actions/cache from 4 to 5 by dependabot in #4997
  • Bump github/codeql-action from 4.31.10 to 4.31.11 by dependabot in #5057
  • Bump getsentry/craft from 2.19.0 to 2.20.0 by dependabot in #5058

Other

  • (android) Update targetSdk to API 36 (Android 16) by markushi in #5016
  • (ci) Write permission for statuses in changelog preview by supervacuus in #5053

🤖 This preview updates automatically when you update the PR.

cursor[bot]
cursor bot reviewed Jan 26, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 26, 2026

Performance metrics 🚀

  Plain With Sentry Diff
Startup time 312.13 ms 325.76 ms 13.63 ms
Size 1.58 MiB 2.19 MiB 620.06 KiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
dba088c 365.46 ms 366.31 ms 0.85 ms
d15471f 315.20 ms 370.22 ms 55.02 ms
fc5ccaf 256.80 ms 322.36 ms 65.56 ms
806307f 357.85 ms 424.64 ms 66.79 ms
ee747ae 415.92 ms 470.15 ms 54.23 ms
694d587 312.37 ms 402.77 ms 90.41 ms
fcec2f2 311.35 ms 384.94 ms 73.59 ms
ee747ae 405.43 ms 485.70 ms 80.28 ms
d15471f 310.66 ms 368.19 ms 57.53 ms
abf451a 332.82 ms 403.67 ms 70.85 ms

App size

Revision Plain With Sentry Diff
dba088c 1.58 MiB 2.13 MiB 558.99 KiB
d15471f 1.58 MiB 2.13 MiB 559.54 KiB
fc5ccaf 1.58 MiB 2.13 MiB 557.54 KiB
806307f 1.58 MiB 2.10 MiB 533.42 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
694d587 1.58 MiB 2.19 MiB 620.06 KiB
fcec2f2 1.58 MiB 2.12 MiB 551.51 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
d15471f 1.58 MiB 2.13 MiB 559.54 KiB
abf451a 1.58 MiB 2.20 MiB 635.29 KiB

@romtsn romtsn enabled auto-merge (squash) January 26, 2026 16:49
@romtsn romtsn merged commit 1461c30 into main Jan 26, 2026
62 checks passed
@romtsn romtsn deleted the dependabot/github_actions/getsentry/github-workflows/dot-github/workflows/updater.yml-3 branch January 26, 2026 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@romtsn romtsn romtsn approved these changes

@adinauer adinauer Awaiting requested review from adinauer adinauer is a code owner

@stefanosiano stefanosiano Awaiting requested review from stefanosiano

@markushi markushi Awaiting requested review from markushi markushi is a code owner

@lcian lcian Awaiting requested review from lcian lcian is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@romtsn