chore(ci): Pin all GitHub Actions to full commit SHAs

[antonis]

📢 Type of change

• Bugfix
• New feature
• Enhancement
• Refactoring

📜 Description

Pin all remaining GitHub Actions references from mutable version tags (e.g. @v7) to full commit SHAs with the version preserved as a trailing comment (e.g. @043fb46d… # v7).

Actions pinned:

Action	Version	Occurrences
actions/upload-artifact	v7	14
actions/download-artifact	v8	8
actions/github-script	v9	2
actions/setup-java	v5	5
actions/checkout	v6	1
actions/cache	v5	1
ruby/setup-ruby	v1	6
getsentry/release-comment-issues-gh-action	v1	1
getsentry/github-workflows/updater	v3	9

💡 Motivation and Context

Reduces supply chain risk by ensuring CI workflows are pinned to immutable references. Mutable tags can be force-pushed by upstream maintainers (or attackers who compromise their accounts), silently changing the code that runs in our CI.

Part of the cross-SDK dependency pinning audit — see #6239.

Closes #6244.

💚 How did you test it?

Each SHA was verified to resolve to the same commit as the mutable tag it replaced:

• Lightweight tags: SHA taken directly from the tag ref
• Annotated tags (e.g. actions/github-script@v9): dereferenced through the tag object to the underlying commit
• Branch refs (e.g. ruby/setup-ruby@v1): resolved to the current branch HEAD

📝 Checklist

• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled
• I updated the docs if needed.
• I updated the wizard if needed.
• All tests passing
• No breaking changes

🔮 Next steps

[github-actions]

Semver Impact of This PR

⚪ None (no version bump detected)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

• chore(ci): Pin all GitHub Actions to full commit SHAs by antonis in #6243

• fix(tracing): Enable fetch instrumentation when expo/fetch is active by antonis in #6226
• fix: Bump tmp to 0.2.7 to resolve path traversal vulnerability by antonis in #6233
• feat(logs): Add enableAutoConsoleLogs option to opt out of console capture by alwx in #6235
• chore(deps): update JavaScript SDK to v10.55.0 by github-actions in #6222
• chore(deps): update Sentry Android Gradle Plugin to v6.9.0 by github-actions in #6230
• refactor(android): Convert sentry.gradle to Kotlin DSL (sentry.gradle.kts) by antonis in #6119

---

_{🤖 This preview updates automatically when you update the PR.}

[sentry]

📲 Install Builds

Android

🔗 App Name	App ID	Version	Configuration
Sentry RN	io.sentry.reactnative.sample	8.13.0 (90)	Release

⚙️ sentry-react-native Build Distribution Settings

[github-actions]

Android (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	407.22 ms	444.90 ms	37.68 ms
Size	48.30 MiB	53.60 MiB	5.30 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
7ac3378+dirty	404.78 ms	439.84 ms	35.06 ms
8929511+dirty	405.33 ms	452.16 ms	46.83 ms
04207c4+dirty	459.19 ms	518.54 ms	59.35 ms
ad66da3+dirty	468.46 ms	533.56 ms	65.10 ms
eb93136+dirty	416.18 ms	467.32 ms	51.14 ms
5c1e987+dirty	423.52 ms	471.64 ms	48.12 ms
4966363+dirty	400.04 ms	431.08 ms	31.04 ms
5fe1c6c+dirty	401.62 ms	445.28 ms	43.66 ms
1122a96+dirty	422.22 ms	464.33 ms	42.10 ms
9210ae6+dirty	475.41 ms	525.24 ms	49.84 ms

App size

Revision	Plain	With Sentry	Diff
7ac3378+dirty	43.75 MiB	48.13 MiB	4.37 MiB
8929511+dirty	43.75 MiB	48.16 MiB	4.41 MiB
04207c4+dirty	43.75 MiB	48.12 MiB	4.37 MiB
ad66da3+dirty	48.30 MiB	53.49 MiB	5.19 MiB
eb93136+dirty	48.30 MiB	53.58 MiB	5.28 MiB
5c1e987+dirty	43.75 MiB	48.08 MiB	4.33 MiB
4966363+dirty	48.30 MiB	53.54 MiB	5.24 MiB
5fe1c6c+dirty	43.75 MiB	48.14 MiB	4.39 MiB
1122a96+dirty	48.30 MiB	53.54 MiB	5.24 MiB
9210ae6+dirty	48.30 MiB	53.54 MiB	5.23 MiB

[github-actions]

iOS (legacy) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	3832.76 ms	1222.57 ms	-2610.19 ms
Size	5.15 MiB	6.70 MiB	1.54 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
b9bebee+dirty	3850.15 ms	1227.51 ms	-2622.64 ms
a50b33d+dirty	1197.74 ms	1197.17 ms	-0.57 ms
5257d80+dirty	3854.39 ms	1234.28 ms	-2620.11 ms
9210ae6+dirty	3815.93 ms	1214.14 ms	-2601.79 ms
c004dae+dirty	3850.32 ms	1227.79 ms	-2622.53 ms
0b5120f+dirty	3838.39 ms	1232.91 ms	-2605.48 ms
882f8ae+dirty	3840.30 ms	1224.41 ms	-2615.88 ms
f3215d3+dirty	3842.73 ms	1219.33 ms	-2623.40 ms
ca9d079+dirty	3835.63 ms	1218.68 ms	-2616.95 ms
4966363+dirty	3854.04 ms	1231.55 ms	-2622.50 ms

App size

Revision	Plain	With Sentry	Diff
b9bebee+dirty	5.15 MiB	6.68 MiB	1.53 MiB
a50b33d+dirty	3.38 MiB	4.73 MiB	1.35 MiB
5257d80+dirty	5.15 MiB	6.69 MiB	1.54 MiB
9210ae6+dirty	5.15 MiB	6.68 MiB	1.53 MiB
c004dae+dirty	5.15 MiB	6.67 MiB	1.51 MiB
0b5120f+dirty	5.15 MiB	6.68 MiB	1.53 MiB
882f8ae+dirty	5.15 MiB	6.70 MiB	1.54 MiB
f3215d3+dirty	5.15 MiB	6.67 MiB	1.52 MiB
ca9d079+dirty	5.15 MiB	6.69 MiB	1.53 MiB
4966363+dirty	5.15 MiB	6.68 MiB	1.53 MiB

[github-actions]

iOS (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	3824.51 ms	1221.69 ms	-2602.82 ms
Size	5.15 MiB	6.70 MiB	1.54 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
b9bebee+dirty	3858.02 ms	1231.92 ms	-2626.11 ms
a50b33d+dirty	1207.11 ms	1212.10 ms	5.00 ms
5257d80+dirty	3845.40 ms	1226.21 ms	-2619.19 ms
9210ae6+dirty	3834.11 ms	1216.64 ms	-2617.47 ms
c004dae+dirty	3857.82 ms	1224.87 ms	-2632.95 ms
0b5120f+dirty	3843.24 ms	1223.00 ms	-2620.24 ms
882f8ae+dirty	3842.51 ms	1230.40 ms	-2612.11 ms
f3215d3+dirty	3846.08 ms	1231.85 ms	-2614.23 ms
ca9d079+dirty	3818.62 ms	1216.72 ms	-2601.90 ms
4966363+dirty	3863.07 ms	1227.19 ms	-2635.88 ms

App size

Revision	Plain	With Sentry	Diff
b9bebee+dirty	5.15 MiB	6.68 MiB	1.53 MiB
a50b33d+dirty	3.38 MiB	4.73 MiB	1.35 MiB
5257d80+dirty	5.15 MiB	6.69 MiB	1.54 MiB
9210ae6+dirty	5.15 MiB	6.68 MiB	1.53 MiB
c004dae+dirty	5.15 MiB	6.67 MiB	1.51 MiB
0b5120f+dirty	5.15 MiB	6.68 MiB	1.53 MiB
882f8ae+dirty	5.15 MiB	6.70 MiB	1.54 MiB
f3215d3+dirty	5.15 MiB	6.67 MiB	1.52 MiB
ca9d079+dirty	5.15 MiB	6.69 MiB	1.53 MiB
4966363+dirty	5.15 MiB	6.68 MiB	1.53 MiB

[github-actions]

Android (new) Performance metrics 🚀

	Plain	With Sentry	Diff
Startup time	499.41 ms	539.72 ms	40.31 ms
Size	48.30 MiB	53.60 MiB	5.30 MiB

Baseline results on branch: main

Startup times

Revision	Plain	With Sentry	Diff
3d377b5+dirty	425.38 ms	440.67 ms	15.30 ms
ad66da3+dirty	411.49 ms	449.38 ms	37.89 ms
eb93136+dirty	500.37 ms	532.58 ms	32.21 ms
4966363+dirty	415.67 ms	448.60 ms	32.93 ms
890d145+dirty	486.42 ms	514.85 ms	28.43 ms
1122a96+dirty	510.16 ms	542.00 ms	31.84 ms
9210ae6+dirty	444.14 ms	459.80 ms	15.66 ms
ef27341+dirty	519.02 ms	553.42 ms	34.40 ms
3817909+dirty	357.52 ms	391.52 ms	34.00 ms
a50b33d+dirty	353.21 ms	398.48 ms	45.27 ms

App size

Revision	Plain	With Sentry	Diff
3d377b5+dirty	43.94 MiB	49.00 MiB	5.06 MiB
ad66da3+dirty	48.30 MiB	53.49 MiB	5.19 MiB
eb93136+dirty	48.30 MiB	53.58 MiB	5.28 MiB
4966363+dirty	48.30 MiB	53.54 MiB	5.24 MiB
890d145+dirty	43.94 MiB	49.00 MiB	5.06 MiB
1122a96+dirty	48.30 MiB	53.54 MiB	5.24 MiB
9210ae6+dirty	48.30 MiB	53.54 MiB	5.23 MiB
ef27341+dirty	48.30 MiB	53.54 MiB	5.24 MiB
3817909+dirty	43.94 MiB	48.94 MiB	5.00 MiB
a50b33d+dirty	43.94 MiB	48.94 MiB	5.00 MiB