Fix GitHub Actions script injection vulnerability by using intermediate
environment variables instead of direct interpolation of github context
data in run steps.

Changes:
- updater/action.yml: Use env vars for inputs.name, inputs.path,
  inputs.changelog-entry, inputs.pr-strategy, and inputs.post-update-script
- sentry-cli/integration-test/action.yml: Use env vars for
  github.action_path and inputs.path

This prevents potential code injection attacks where untrusted input
could be executed as shell commands.

Fixes: https://linear.app/getsentry/issue/VULN-1100
Fixes: https://linear.app/getsentry/issue/DI-1657

Co-authored-by: fix-it-felix-sentry[bot] <260785270+fix-it-felix-sentry[bot]@users.noreply.github.com>

Add a composite action that validates non-maintainer PRs against
contribution guidelines. Checks that PRs reference a GitHub issue with
prior maintainer discussion, and enforces draft status on all new PRs.

Extracts the validation logic into standalone JS scripts for
testability, matching the pattern used by the danger action.

Previously this workflow was being copy-pasted across SDK repos
(327 lines each). Now each repo only needs a ~15-line caller workflow.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

- Paginate comment listing in enforce-draft.js to handle PRs with 30+
  comments
- Add null check on comment user property for deleted/suspended accounts
- Clarify in README that maintainers are only exempt from issue validation,
  not draft enforcement

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(validate-pr): Allow trusted bots and service accounts to bypass validation

Adds an allowlist of trusted bots and service accounts that are exempt
from issue reference validation. Prevents dependabot, renovate, and
internal release bots from being automatically closed.

The allowlist is managed centrally in validate-pr.js — SDK repos pick
up changes via SHA bumps.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: Also skip draft enforcement for allowed bots

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Initial plan

* fix: add missing setOutput('skipped', 'true') for maintainer check

Agent-Logs-Url: https://github.com/getsentry/github-workflows/sessions/679d4d30-c819-45cb-b992-04eb4dbc6193

Co-authored-by: jpnurmi <140617+jpnurmi@users.noreply.github.com>

* fix(validate-pr): set skipped output for admin/maintain authors

Co-authored-by: jpnurmi <140617+jpnurmi@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jpnurmi <140617+jpnurmi@users.noreply.github.com>

The `convertPullRequestToDraft` GraphQL mutation requires permissions
that the SDK Maintainer Bot app does not have, causing the action to
fail on non-draft PRs.

Remove the draft conversion and labeling steps entirely rather than
expanding the app's permissions.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat(validate-pr): Skip all checks when a maintainer reopens a PR

When a maintainer reopens a previously closed PR, skip all validation
(issue reference, maintainer discussion, assignee checks). This allows
maintainers to override the action's decision without the PR being
immediately closed again.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* ref(validate-pr): Move maintainer-reopen check after bot check

Avoids an unnecessary GitHub API call when the PR author is a bot.
Also renumbers steps for consistency.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat(validate-pr): Skip checks for users with write access

Users with write repository access (admin, maintain, or write role) now
bypass PR validation. Maintainer-only checks (reopening closed PRs,
counting as maintainer in issue discussions) remain restricted to
admin/maintain roles.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* test(updater): Update sentry-cli branch assertion

sentry-cli currently has main and master pointing at the same HEAD, so
the updater emits both names in mainBranch output. Match that fixture
output instead of requiring master only.

* select first

* Update CHANGELOG.md

Co-authored-by: GitHub <noreply@github.com>

…#167)

The `writes output` / `writes to env:GITHUB_OUTPUT` tests assert against
the live state of getsentry/sentry-cli via `git ls-remote`. Whether the
script reports `main` or `master` depends on which of the two currently
points at the upstream HEAD, which flips over time. PR #165 baked
`main` into the assertion while both happened to point at HEAD; sentry-cli
has since diverged and post-merge CI on main now reports `master`,
failing the test.

Accept either branch name so the test isn't coupled to transient
upstream branch state.

* fix(updater): Trigger CI for new PRs without changelog updates

New updater PRs can end with no branch update after creation when
changelog entries are disabled. Amend and push the created PR commit in
that case so GitHub emits a pull_request synchronize event.

Fixes: #164
Co-Authored-By: OpenAI Codex <noreply@openai.com>

* Update CHANGELOG.md

* Update updater/action.yml

Co-authored-by: Ivan Dlugos <6349682+vaind@users.noreply.github.com>

---------

Co-authored-by: OpenAI Codex <noreply@openai.com>
Co-authored-by: Ivan Dlugos <6349682+vaind@users.noreply.github.com>

* fix: complete script injection hardening across all actions

PR #150 moved user inputs to env vars but left step outputs
(`steps.*.outputs.*`) directly interpolated in `run:` blocks —
an attacker controlling e.g. git tags in a dependency repo could
still inject arbitrary commands.

Additionally, switch all PowerShell run blocks from double-quote
string interpolation (`"$env:VAR"`) to string concatenation
(`'prefix' + $env:VAR`) to eliminate any possibility of
subexpression evaluation.

Changes:
- updater/action.yml: move all remaining step outputs (tags, URLs,
  branch names) to env vars; replace double-quote interpolation
  with concatenation throughout
- sentry-cli/integration-test/action.yml: same concatenation fix
- danger/action.yml: move docker image version from direct
  interpolation to env var with semver validation

Refs: VULN-1100

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Update updater/action.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix(updater): URL-encode existing-PR query params; add changelog entry

PR branches derived from CMake dependency paths can contain '#', which
the previous query-string concatenation would treat as a URL fragment
delimiter and truncate. Switch to `gh api -X GET -f` so gh URL-encodes
the values, ensuring existing PRs are still matched when the branch
name contains special characters.

Also add the changelog entry for this PR so the advisory danger check
passes.

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>