ci(release): Switch from action-prepare-release to Craft

[BYK]

Summary

This PR migrates from the deprecated action-prepare-release to the new Craft GitHub Actions.

Changes

• Migrated .github/workflows/release.yml to Craft reusable workflow

Documentation

See https://getsentry.github.io/craft/github-actions/ for more information.

[cursor]

Checkout action pinned to v2 commit, not v6

High Severity

The commit hash 8e8c483db84b4bee98b60c0593521ed34d9990e8 corresponds to actions/checkout@v2 (v2.3.4), not v6 as intended. The malformed comment # v6 # v6 # v2 appears to be an artifact of version comment concatenation, with the final # v2 reflecting the actual version. This is a major version downgrade from the previous @v6 reference, and v2 uses deprecated Node.js 12 runtime. This affects codeql.yml, lint.yml, release.yml, and test.yml.

🔬 Verification Test

Test code:
The commit hash can be verified against GitHub's actions/checkout repository.

Command run:

# Checking what tag the commit belongs to
curl -s https://api.github.com/repos/actions/checkout/git/refs/tags | grep -A2 "v2"

Why verification test was not possible: The web search was unable to directly confirm the commit hash mapping, but the malformed comment pattern # v6 # v6 # v2 strongly indicates version concatenation errors, and the final # v2 suggests the actual version of the pinned commit. The hash format and the comment pattern together indicate a mismatch between the intended v6 and the actual v2 commit being used.

Additional Locations (2)

• .github/workflows/lint.yml#L23-L24
• .github/workflows/release.yml#L25-L26

 

[sentry]

Bug: The optional version input lacks a default. If left blank during a manual run, it passes an empty string to the craft action, not "auto", likely causing a failure.
_{Severity: HIGH}

🔍 Detailed Analysis

The release.yml workflow's version input was changed to be optional (required: false) without a default value. The input's description suggests that leaving it blank should trigger automatic versioning (i.e., use "auto"). However, when a user manually triggers this workflow and leaves the version field empty, GitHub Actions passes an empty string ("") instead of "auto" to the craft action. This will likely cause the release process to fail because the craft tool expects either a valid version string or the literal "auto", not an empty string.

💡 Suggested Fix

To ensure automatic versioning works as intended when the version input is left blank, add default: "auto" to the version input definition in the workflow_dispatch section. This will make "auto" the fallback value.

🤖 Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/workflows/release.yml#L35

Potential issue: The `release.yml` workflow's `version` input was changed to be optional
(`required: false`) without a `default` value. The input's description suggests that
leaving it blank should trigger automatic versioning (i.e., use `"auto"`). However, when
a user manually triggers this workflow and leaves the `version` field empty, GitHub
Actions passes an empty string (`""`) instead of `"auto"` to the `craft` action. This
will likely cause the release process to fail because the `craft` tool expects either a
valid version string or the literal `"auto"`, not an empty string.

_{Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8433282}