Merge branch 'master' into szokeasaurusrex/bug-double-inject

Author: szokeasaurusrex

.craft.yml

@@ -95,6 +95,9 @@ targets:
         checksums:
           - algorithm: sha256
             format: hex
+  - name: pypi
+  - name: sentry-pypi
+    internalPypiRepo: getsentry/pypi
   - name: docker
     id: Docker Hub (release)
     source: ghcr.io/getsentry/sentry-cli
@@ -115,3 +118,5 @@ requireNames:
   - /^sentry-cli-Windows-i686.exe$/
   - /^sentry-cli-Windows-x86_64.exe$/
   - /^sentry-cli-Windows-aarch64.exe$/
+  - /^sentry_cli-.*.tar.gz$/
+  - /^sentry_cli-.*.whl$/

.github/pull_request_template.md

@@ -0,0 +1,18 @@
+### Description
+<!-- What changed and why? -->
+
+### Issues
+<!--
+* resolves: #1234
+* resolves: LIN-1234
+-->
+
+<!--
+#### Reminders
+- Add GH Issue ID _&_ Linear ID (if applicable)
+- PR title should use [conventional commit](https://develop.sentry.dev/engineering-practices/commit-messages/#type) style (`feat:`, `fix:`, `ref:`, `meta:`)
+- For external contributors: [CONTRIBUTING.md](https://github.com/getsentry/sentry-cli/blob/master/CONTRIBUTING.md), [Sentry SDK development docs](https://develop.sentry.dev/sdk/), [Discord community](https://discord.gg/Ww9hbqr)
+-->
+
+
+

.github/workflows/audit.yml

@@ -0,0 +1,25 @@
+name: Audit dependencies
+
+permissions:
+  issues: write
+  checks: write
+
+on:
+  schedule:
+    # Run weekly Monday morning
+    - cron: "49 4 * * 1"
+
+  workflow_dispatch:
+
+jobs:
+  audit:
+    name: Audit dependencies
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
+
+      - name: Audit dependencies
+        uses: rustsec/audit-check@69366f33c96575abad1ee0dba8212993eecbe998 # 2.0.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/build.yml

@@ -248,6 +248,49 @@ jobs:
           path: '*.tgz'
           if-no-files-found: 'error'
 
+  python-base:
+    name: python (base)
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
+      - name: Add Rustup Target
+        run: rustup target add x86_64-unknown-linux-musl
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # 5.6.0
+        with:
+          python-version: '3.11'
+      - run: python3 -m pip install build && python3 -m build
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
+        with:
+          name: python-base
+          path: dist/*
+          if-no-files-found: 'error'
+
+  python:
+    name: python
+    runs-on: ubuntu-24.04
+    needs: [linux, sign-macos-binaries, windows, python-base]
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # 5.0.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # 5.6.0
+        with:
+          python-version: '3.11'
+      - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # 5.0.0
+        with:
+          pattern: artifact-bin-*
+          merge-multiple: true
+          path: binaries
+      - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # 5.0.0
+        with:
+          name: python-base
+          merge-multiple: true
+          path: python-base
+      - run: scripts/wheels --binaries binaries --base python-base --dest dist
+      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
+        with:
+          name: artifact-pkg-python
+          path: dist/*
+          if-no-files-found: 'error'
+
   npm-distributions:
     name: 'Build NPM distributions'
     runs-on: ubuntu-24.04
@@ -311,7 +354,7 @@ jobs:
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # 3.11.1
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # 3.5.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # 3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -335,7 +378,7 @@ jobs:
       packages: write
     steps:
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # 3.5.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # 3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -350,7 +393,7 @@ jobs:
   merge:
     name: Create Release Artifact
     runs-on: ubuntu-24.04
-    needs: [linux, sign-macos-binaries, windows, npm-distributions, node]
+    needs: [linux, sign-macos-binaries, windows, npm-distributions, node, python]
     steps:
       - uses: actions/upload-artifact/merge@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
         with:

.github/workflows/codeql-analysis.yml

@@ -37,7 +37,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # 3.30.3
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # 3.30.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -48,7 +48,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # 3.30.3
+        uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # 3.30.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions
@@ -59,4 +59,4 @@ jobs:
       #   make bootstrap
       #   make release
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # 3.30.3
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # 3.30.5

.github/workflows/release-ghcr-latest-tag.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Log in to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # 3.5.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # 3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/release-ghcr-version-tag.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Log in to GitHub Container Registry
-        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # 3.5.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # 3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

CHANGELOG.md

@@ -2,6 +2,24 @@
 
 "You know what they say. Fool me once, strike one, but fool me twice... strike three." — Michael Scott
 
+## 2.56.0
+
+### Various fixes & improvements
+
+- feat: auto-fetch head-ref from GitHub Actions in detached HEAD state (#2805) by @runningcode
+- feat: automatically fetch base SHA in GitHub Actions PR workflows (#2799) by @runningcode
+- feat(preprod): use deflated compression when creating the zip file (#2800) by @trevor-e
+- feat(preprod): make sure at least one app bundle is present for upload (#2795) by @trevor-e
+- feat(preprod): fail upload if app is missing Info.plist (#2793) by @trevor-e
+- feat: restore GitHub Actions base branch detection (#2792) by @runningcode
+- fix: lower log level for missing base ref detection (EME-369) (#2813) by @runningcode
+- fix: simplify debug logging for PR number detection (EME-362) (#2812) by @runningcode
+- fix: serialize VCS tests to prevent race conditions (EME-368) (#2811) by @runningcode
+- fix: Validate `SENTRY_RELEASE` environment variable (#2807) by @szokeasaurusrex
+- fix: use actual PR head SHA in GitHub Actions instead of merge commit (#2785) by @runningcode
+- fix: suppress warning messages in failing build upload tests (#2791) by @runningcode
+
+
 ## 2.55.0
 
 ### Various fixes & improvements