chore(ci): Replace pr-labels-action with native GitHub expressions by mydea · Pull Request #20252 · getsentry/sentry-javascript

mydea · 2026-04-13T13:05:10Z

Summary

Replace the custom fork mydea/pr-labels-action@fn/bump-node20 with built-in GitHub Actions expressions
Zero external dependencies needed — uses github.event.pull_request.labels.*.name directly

Before

- name: Get PR labels
  id: pr-labels
  uses: mydea/pr-labels-action@fn/bump-node20

# ...
contains(steps.pr-labels.outputs.labels, ' Gitflow ')
contains(steps.pr-labels.outputs.labels, ' ci-skip-cache ')

After

# No action step needed

# ...
contains(toJSON(github.event.pull_request.labels.*.name), 'Gitflow')
contains(toJSON(github.event.pull_request.labels.*.name), 'ci-skip-cache')

Both usages already gate on github.event_name == 'pull_request', so the labels context is always available when needed. This also eliminates the Node.js 20 deprecation warning that mydea/pr-labels-action was causing.

Test plan

CI metadata job runs successfully
Gitflow label detection still works on PRs with the Gitflow label
ci-skip-cache label detection still works

🤖 Generated with Claude Code

Replace the custom fork `mydea/pr-labels-action@fn/bump-node20` with built-in `github.event.pull_request.labels.*.name` expressions. Both usages already gate on `github.event_name == 'pull_request'`, so the labels context is always available when needed. This removes an external dependency and also eliminates the Node.js 20 deprecation warning this action was causing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

github-actions · 2026-04-13T13:05:41Z

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

Cloudflare

Split alarms into multiple traces and link them by JPeer264 in #19373
Propagate traceparent to RPC calls - via fetch by JPeer264 in #19991

Core

Automatically disable truncation when span streaming is enabled in LangGraph integration by andreiborza in #20231
Automatically disable truncation when span streaming is enabled in LangChain integration by andreiborza in #20230
Automatically disable truncation when span streaming is enabled in Google GenAI integration by andreiborza in #20229
Automatically disable truncation when span streaming is enabled in Anthropic AI integration by andreiborza in #20228
Automatically disable truncation when span streaming is enabled in Vercel AI integration by andreiborza in #20232
Automatically disable truncation when span streaming is enabled in OpenAI integration by andreiborza in #20227
Add enableTruncation option to Vercel AI integration by nicohrubec in #20195
Add enableTruncation option to Google GenAI integration by andreiborza in #20184
Add enableTruncation option to Anthropic AI integration by andreiborza in #20181
Add enableTruncation option to LangGraph integration by andreiborza in #20183
Add enableTruncation option to LangChain integration by andreiborza in #20182
Add enableTruncation option to OpenAI integration by andreiborza in #20167
Export a reusable function to add tracing headers by JPeer264 in #20076

Deps

Bump axios from 1.13.5 to 1.15.0 by dependabot in #20180
Bump hono from 4.12.7 to 4.12.12 by dependabot in #20118
Bump defu from 6.1.4 to 6.1.6 by dependabot in #20104

Other

(browser) Add View Hierarchy integration by timfish in #14981
(cloudflare,deno,vercel-edge) Add span streaming support by Lms24 in #20127
(node) Include global scope for eventLoopBlockIntegration by timfish in #20108
(node-native) Add support for V8 v14 (Node v25+) by timfish in #20125

Bug Fixes 🐛

Deno

Handle reader.closed rejection from releaseLock() in streaming by andreiborza in #20187
Avoid inferring invalid span op from Deno tracer by Lms24 in #20128

Other

(ci) Prevent command injection in ci-metadata workflow by fix-it-felix-sentry in #19899
(core, node) Support loading Express options lazily by isaacs in #20211
(e2e) Add op check to waitForTransaction in React Router e2e tests by copilot-swe-agent in #20193
(e2e-tests) Remove flaky navigation breadcrumb assertions from parameterized-routes tests by copilot-swe-agent in #20202
(node-integration-tests) Fix flaky kafkajs test race condition by copilot-swe-agent in #20189

Internal Changes 🔧

Ci

Replace pr-labels-action with native GitHub expressions by mydea in #20252

Remove node-overhead GitHub Action by mydea in #20246
Bump dorny/paths-filter from v3.0.1 to v4.0.1 by mydea in #20251
Remove codecov steps from jobs that produce no coverage/JUnit data by mydea in #20244

Deps

Bump hono from 4.12.7 to 4.12.12 in /dev-packages/e2e-tests/test-applications/cloudflare-hono by dependabot in #20119
Bump axios from 1.13.5 to 1.15.0 in /dev-packages/e2e-tests/test-applications/nestjs-basic by dependabot in #20179

Deps Dev

Bump @sveltejs/kit from 2.53.3 to 2.57.1 by dependabot in #20216
Bump vite from 7.2.0 to 7.3.2 in /dev-packages/e2e-tests/test-applications/tanstackstart-react by dependabot in #20107

Other

(bugbot) Add rules to flag test-flake-provoking patterns by Lms24 in #20192
(react) Remove duplicated test mock by s1gr1d in #20200
(size-limit) Bump failing size limit scenario by Lms24 in #20186
Add PR review reminder workflow by copilot-swe-agent in #20175
Fix lint warnings by mydea in #20250
Fix flaky ANR test by increasing blocking duration by JPeer264 in #20239
Add automatic flaky test detector by nicohrubec in #18684

_{🤖 This preview updates automatically when you update the PR.}

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit df48e65. Configure here.}

cursor · 2026-04-13T13:08:00Z

.github/workflows/ci-metadata.yml

      has_gitflow_label:
-        ${{ github.event_name == 'pull_request' && contains(steps.pr-labels.outputs.labels, ' Gitflow ') }}
+        ${{ github.event_name == 'pull_request' && contains(toJSON(github.event.pull_request.labels.*.name),
+        'Gitflow') }}


Substring matching via toJSON replaces exact label matching

Medium Severity

Wrapping github.event.pull_request.labels.*.name in toJSON() converts the array to a string, causing contains() to perform substring matching instead of exact element matching. A label like "NotGitflow" or "debug" would falsely match "Gitflow" or "bug". Dropping toJSON() and using contains(github.event.pull_request.labels.*.name, 'Gitflow') directly performs exact array element matching, which is the correct and documented approach.

Additional Locations (1)

.github/workflows/ci-metadata.yml#L88-L89

^{Reviewed by Cursor Bugbot for commit df48e65. Configure here.}

this seems fine for this specific thing.

github-actions · 2026-04-13T13:14:43Z

size-limit report 📦

Path	Size	% Change	Change
@sentry/browser	25.73 kB	-	-
@sentry/browser - with treeshaking flags	24.22 kB	-	-
@sentry/browser (incl. Tracing)	42.72 kB	-	-
@sentry/browser (incl. Tracing, Profiling)	47.35 kB	-	-
@sentry/browser (incl. Tracing, Replay)	81.53 kB	-	-
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	71.1 kB	-	-
@sentry/browser (incl. Tracing, Replay with Canvas)	86.23 kB	-	-
@sentry/browser (incl. Tracing, Replay, Feedback)	98.44 kB	-	-
@sentry/browser (incl. Feedback)	42.52 kB	-	-
@sentry/browser (incl. sendFeedback)	30.39 kB	-	-
@sentry/browser (incl. FeedbackAsync)	35.39 kB	-	-
@sentry/browser (incl. Metrics)	27.04 kB	-	-
@sentry/browser (incl. Logs)	27.19 kB	-	-
@sentry/browser (incl. Metrics & Logs)	27.86 kB	-	-
@sentry/react	27.48 kB	-	-
@sentry/react (incl. Tracing)	45.05 kB	-	-
@sentry/vue	30.56 kB	-	-
@sentry/vue (incl. Tracing)	44.58 kB	-	-
@sentry/svelte	25.75 kB	-	-
CDN Bundle	28.41 kB	-	-
CDN Bundle (incl. Tracing)	43.76 kB	-	-
CDN Bundle (incl. Logs, Metrics)	29.79 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics)	44.83 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics)	68.6 kB	-	-
CDN Bundle (incl. Tracing, Replay)	80.63 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	81.66 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback)	86.16 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	87.19 kB	-	-
CDN Bundle - uncompressed	83 kB	-	-
CDN Bundle (incl. Tracing) - uncompressed	129.79 kB	-	-
CDN Bundle (incl. Logs, Metrics) - uncompressed	87.14 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	133.2 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	210.13 kB	-	-
CDN Bundle (incl. Tracing, Replay) - uncompressed	246.67 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	250.07 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	259.58 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	262.97 kB	-	-
@sentry/nextjs (client)	47.47 kB	-	-
@sentry/sveltekit (client)	43.2 kB	-	-
@sentry/node-core	57.86 kB	+0.02%	+6 B 🔺
@sentry/node	175.07 kB	+0.01%	+9 B 🔺
@sentry/node - without tracing	97.97 kB	+0.03%	+21 B 🔺
@sentry/aws-serverless	115.22 kB	+0.02%	+19 B 🔺

View base workflow run

github-actions · 2026-04-13T13:16:13Z

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	11,023	-	8,882	+24%
GET With Sentry	1,821	17%	1,782	+2%
GET With Sentry (error only)	7,174	65%	5,873	+22%
POST Baseline	1,130	-	1,203	-6%
POST With Sentry	531	47%	597	-11%
POST With Sentry (error only)	977	86%	1,069	-9%
MYSQL Baseline	3,742	-	3,197	+17%
MYSQL With Sentry	417	11%	479	-13%
MYSQL With Sentry (error only)	3,137	84%	2,657	+18%

View base workflow run

logaretm

Looks like we just need to reformat this

sentry · 2026-04-14T07:50:53Z

.github/workflows/ci-metadata.yml

+        ${{ github.event_name == 'pull_request' && contains(toJSON(github.event.pull_request.labels.*.name), 'Gitflow')
+        }}
      force_skip_cache:
        ${{ github.event_name == 'schedule' || (github.event_name == 'pull_request' &&
-        contains(steps.pr-labels.outputs.labels, ' ci-skip-cache ')) }}
+        contains(toJSON(github.event.pull_request.labels.*.name), 'ci-skip-cache')) }}


Bug: The use of toJSON() with contains() causes substring matching on the label list, not exact element matching. This can lead to incorrect label detection.
_{Severity: MEDIUM}

Suggested Fix

Remove the toJSON() function call from the expression. Use contains(github.event.pull_request.labels.*.name, 'label-name') directly to perform an exact match against the elements in the label array, ensuring correct conditional logic in the CI workflow.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: .github/workflows/ci-metadata.yml#L85-L89 Potential issue: The workflow checks for pull request labels using `contains(toJSON(github.event.pull_request.labels.*.name), 'some-label')`. The `toJSON()` function converts the label array into a single JSON string. Consequently, `contains()` performs a case-insensitive substring search on this string instead of an exact match on array elements. For example, if checking for the label `'Gitflow'`, a PR with a label like `'No-Gitflow'` would incorrectly return `true` because `'Gitflow'` is a substring of the JSON string `["No-Gitflow","bug"]`. This could cause CI jobs to be skipped or run incorrectly based on partial label names.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

cursor bot reviewed Apr 13, 2026

View reviewed changes

mydea self-assigned this Apr 13, 2026

mydea requested review from logaretm and s1gr1d April 13, 2026 13:11

logaretm approved these changes Apr 13, 2026

View reviewed changes

fix linting

e719d33

mydea enabled auto-merge (squash) April 14, 2026 07:47

sentry bot reviewed Apr 14, 2026

View reviewed changes

Uh oh!

Conversation

mydea commented Apr 13, 2026

Summary

Before

After

Test plan

Uh oh!

github-actions bot commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Semver Impact of This PR

New Features ✨

Cloudflare

Core

Deps

Other

Bug Fixes 🐛

Deno

Other

Internal Changes 🔧

Ci

Deps

Deps Dev

Other

Uh oh!

cursor bot left a comment

Choose a reason for hiding this comment

Uh oh!

cursor bot Apr 13, 2026

Choose a reason for hiding this comment

Substring matching via toJSON replaces exact label matching

Uh oh!

mydea Apr 13, 2026

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented Apr 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

size-limit report 📦

Uh oh!

github-actions bot commented Apr 13, 2026

node-overhead report 🧳

Uh oh!

logaretm left a comment

Choose a reason for hiding this comment

Uh oh!

sentry bot Apr 14, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

github-actions bot commented Apr 13, 2026 •

edited

Loading

Substring matching via `toJSON` replaces exact label matching

github-actions bot commented Apr 13, 2026 •

edited

Loading