From dfe98b4332698b06b3be682b2fa3aff3d6a88ea6 Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 14:07:35 +0100 Subject: [PATCH 01/10] chore: update GitHub Actions workflows to use new updater version Refactor the update-deps.yml workflow to utilize the latest version of the updater action, improving the structure and permissions for dependency updates across Android, Cocoa, JavaScript, Native, and Symbol Collector jobs. --- .github/workflows/update-deps.yml | 92 +++++++++++++++++-------------- 1 file changed, 50 insertions(+), 42 deletions(-) diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 8d9e2122ff..b7a15ed165 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -4,61 +4,69 @@ on: # Run every day. schedule: - cron: "0 3 * * *" - # And on on every PR merge so we get the updated dependencies ASAP, and to make sure the changelog doesn't conflict. + # And on every PR merge so we get the updated dependencies ASAP, and to make sure the changelog doesn't conflict. push: branches: - main +permissions: + contents: write # To modify files and create commits + pull-requests: write # To create and update pull requests + actions: write # To cancel previous workflow runs + jobs: android: - uses: getsentry/github-workflows/.github/workflows/updater.yml@v2 - with: - path: packages/flutter/scripts/update-android.sh - name: Android SDK - secrets: - api-token: ${{ secrets.CI_DEPLOY_KEY }} + runs-on: ubuntu-latest + steps: + - uses: getsentry/github-workflows/updater@v3 + with: + path: packages/flutter/scripts/update-android.sh + name: Android SDK + api-token: ${{ secrets.CI_DEPLOY_KEY }} cocoa: - uses: getsentry/github-workflows/.github/workflows/updater.yml@v2 - with: - path: packages/flutter/scripts/update-cocoa.sh - name: Cocoa SDK - runs-on: macos-latest - secrets: - api-token: ${{ secrets.CI_DEPLOY_KEY }} + runs-on: macos-latest + steps: + - uses: getsentry/github-workflows/updater@v3 + with: + path: packages/flutter/scripts/update-cocoa.sh + name: Cocoa SDK + api-token: ${{ secrets.CI_DEPLOY_KEY }} js: - uses: getsentry/github-workflows/.github/workflows/updater.yml@v2 - with: - path: packages/flutter/scripts/update-js.sh - name: JavaScript SDK - secrets: - api-token: ${{ secrets.CI_DEPLOY_KEY }} + runs-on: ubuntu-latest + steps: + - uses: getsentry/github-workflows/updater@v3 + with: + path: packages/flutter/scripts/update-js.sh + name: JavaScript SDK + api-token: ${{ secrets.CI_DEPLOY_KEY }} native: - uses: getsentry/github-workflows/.github/workflows/updater.yml@v2 - with: - path: packages/flutter/scripts/update-native.sh - name: Native SDK - secrets: - api-token: ${{ secrets.CI_DEPLOY_KEY }} + runs-on: ubuntu-latest + steps: + - uses: getsentry/github-workflows/updater@v3 + with: + path: packages/flutter/scripts/update-native.sh + name: Native SDK + api-token: ${{ secrets.CI_DEPLOY_KEY }} metrics-flutter: - uses: getsentry/github-workflows/.github/workflows/updater.yml@v2 - with: - path: metrics/flutter.properties - name: Flutter SDK (metrics) - changelog-entry: false - pr-strategy: update - secrets: - api-token: ${{ secrets.CI_DEPLOY_KEY }} + runs-on: ubuntu-latest + steps: + - uses: getsentry/github-workflows/updater@v3 + with: + path: metrics/flutter.properties + name: Flutter SDK (metrics) + changelog-entry: false + api-token: ${{ secrets.CI_DEPLOY_KEY }} symbol-collector: - uses: getsentry/github-workflows/.github/workflows/updater.yml@v2 - with: - path: scripts/update-symbol-collector.sh - name: Symbol collector CLI - changelog-entry: false - pr-strategy: update - secrets: - api-token: ${{ secrets.CI_DEPLOY_KEY }} + runs-on: ubuntu-latest + steps: + - uses: getsentry/github-workflows/updater@v3 + with: + path: scripts/update-symbol-collector.sh + name: Symbol collector CLI + changelog-entry: false + api-token: ${{ secrets.CI_DEPLOY_KEY }} From 68629627d44d7239052adcffda8a999281d85ab6 Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 14:09:18 +0100 Subject: [PATCH 02/10] chore: add pull request trigger for update-deps.yml workflow Include a pull request trigger in the update-deps.yml workflow for testing purposes, while maintaining existing push configurations. --- .github/workflows/update-deps.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index b7a15ed165..ccea94f37d 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -8,6 +8,8 @@ on: push: branches: - main + # Don't merge, testing only + pull_request: permissions: contents: write # To modify files and create commits From 861c09adef55a4439769b50c34a96b0ad1c63de1 Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 14:10:42 +0100 Subject: [PATCH 03/10] chore: update update-deps.yml to use ssh-key instead of api-token Refactor the update-deps.yml workflow to replace the api-token with ssh-key for Android, Cocoa, JavaScript, Native, and Symbol Collector jobs, enhancing security and access management. --- .github/workflows/update-deps.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index ccea94f37d..160c9468d8 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -24,7 +24,7 @@ jobs: with: path: packages/flutter/scripts/update-android.sh name: Android SDK - api-token: ${{ secrets.CI_DEPLOY_KEY }} + ssh-key: ${{ secrets.CI_DEPLOY_KEY }} cocoa: runs-on: macos-latest @@ -33,7 +33,7 @@ jobs: with: path: packages/flutter/scripts/update-cocoa.sh name: Cocoa SDK - api-token: ${{ secrets.CI_DEPLOY_KEY }} + ssh-key: ${{ secrets.CI_DEPLOY_KEY }} js: runs-on: ubuntu-latest @@ -42,7 +42,7 @@ jobs: with: path: packages/flutter/scripts/update-js.sh name: JavaScript SDK - api-token: ${{ secrets.CI_DEPLOY_KEY }} + ssh-key: ${{ secrets.CI_DEPLOY_KEY }} native: runs-on: ubuntu-latest @@ -51,7 +51,7 @@ jobs: with: path: packages/flutter/scripts/update-native.sh name: Native SDK - api-token: ${{ secrets.CI_DEPLOY_KEY }} + ssh-key: ${{ secrets.CI_DEPLOY_KEY }} metrics-flutter: runs-on: ubuntu-latest @@ -61,7 +61,7 @@ jobs: path: metrics/flutter.properties name: Flutter SDK (metrics) changelog-entry: false - api-token: ${{ secrets.CI_DEPLOY_KEY }} + ssh-key: ${{ secrets.CI_DEPLOY_KEY }} symbol-collector: runs-on: ubuntu-latest @@ -71,4 +71,4 @@ jobs: path: scripts/update-symbol-collector.sh name: Symbol collector CLI changelog-entry: false - api-token: ${{ secrets.CI_DEPLOY_KEY }} + ssh-key: ${{ secrets.CI_DEPLOY_KEY }} From 554f818fec0d5d3d15e8f514fec4fa7acd632e6d Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 14:26:56 +0100 Subject: [PATCH 04/10] Update --- .github/workflows/update-deps.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 160c9468d8..ab8b90f81c 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -59,7 +59,7 @@ jobs: - uses: getsentry/github-workflows/updater@v3 with: path: metrics/flutter.properties - name: Flutter SDK (metrics) + name: Flutter SDK Metrics changelog-entry: false ssh-key: ${{ secrets.CI_DEPLOY_KEY }} @@ -69,6 +69,6 @@ jobs: - uses: getsentry/github-workflows/updater@v3 with: path: scripts/update-symbol-collector.sh - name: Symbol collector CLI + name: Symbol Collector CLI changelog-entry: false ssh-key: ${{ secrets.CI_DEPLOY_KEY }} From 70cb002ed45fac37f06ca61f66d24335db64f5ed Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 14:39:49 +0100 Subject: [PATCH 05/10] Fix cocoa --- packages/flutter/scripts/generate-cocoa-bindings.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/flutter/scripts/generate-cocoa-bindings.sh b/packages/flutter/scripts/generate-cocoa-bindings.sh index 08fc737675..ed103d816f 100755 --- a/packages/flutter/scripts/generate-cocoa-bindings.sh +++ b/packages/flutter/scripts/generate-cocoa-bindings.sh @@ -4,6 +4,7 @@ set -euo pipefail if [[ -n ${CI:+x} ]]; then echo "Running in CI so we need to set up Flutter SDK first" curl -Lv https://storage.googleapis.com/flutter_infra_release/releases/stable/macos/flutter_macos_3.27.3-stable.zip --output /tmp/flutter.zip + rm -rf /tmp/flutter unzip -q /tmp/flutter.zip -d /tmp export PATH=":/tmp/flutter/bin:$PATH" which flutter From 5dd0a3c8bbc5a0b17dd2b5c744ae0ce0428f3d1c Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 14:42:32 +0100 Subject: [PATCH 06/10] Fix formatting in update-deps.yml permissions section --- .github/workflows/update-deps.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index ab8b90f81c..3326605c2f 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -12,9 +12,9 @@ on: pull_request: permissions: - contents: write # To modify files and create commits - pull-requests: write # To create and update pull requests - actions: write # To cancel previous workflow runs + contents: write + pull-requests: write + actions: write jobs: android: From e6e2f73dc6a52384b0e40d9d33ae70bea7b31e33 Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 14:43:15 +0100 Subject: [PATCH 07/10] Modify update-deps workflow triggers Removed pull_request trigger from update-deps workflow. --- .github/workflows/update-deps.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 3326605c2f..82675c6ff2 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -8,8 +8,6 @@ on: push: branches: - main - # Don't merge, testing only - pull_request: permissions: contents: write From 9b8b0878440654aa4edbd38d6ced376b7b9b57e7 Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 15:18:48 +0100 Subject: [PATCH 08/10] Fix cocoa --- packages/flutter/scripts/generate-cocoa-bindings.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/flutter/scripts/generate-cocoa-bindings.sh b/packages/flutter/scripts/generate-cocoa-bindings.sh index ed103d816f..08fc737675 100755 --- a/packages/flutter/scripts/generate-cocoa-bindings.sh +++ b/packages/flutter/scripts/generate-cocoa-bindings.sh @@ -4,7 +4,6 @@ set -euo pipefail if [[ -n ${CI:+x} ]]; then echo "Running in CI so we need to set up Flutter SDK first" curl -Lv https://storage.googleapis.com/flutter_infra_release/releases/stable/macos/flutter_macos_3.27.3-stable.zip --output /tmp/flutter.zip - rm -rf /tmp/flutter unzip -q /tmp/flutter.zip -d /tmp export PATH=":/tmp/flutter/bin:$PATH" which flutter From 4162fb4c15082e6e5e1133e410fe664fe07557d5 Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 15:19:16 +0100 Subject: [PATCH 09/10] Update --- .github/workflows/update-deps.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 82675c6ff2..572d382b21 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -8,6 +8,7 @@ on: push: branches: - main + pull_request: permissions: contents: write From 353fd76de858c2a185a9113986a51fde06a439bf Mon Sep 17 00:00:00 2001 From: Giancarlo Buenaflor Date: Thu, 22 Jan 2026 15:23:43 +0100 Subject: [PATCH 10/10] Update --- .github/workflows/update-deps.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 572d382b21..82675c6ff2 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -8,7 +8,6 @@ on: push: branches: - main - pull_request: permissions: contents: write