fix(ci): use @ for Sentry release id (slash is rejected by Sentry)

[FedeZara]

Follow-up fix to PR #19. A real dispatch of the release workflow against verify-token@v0.0.1-test failed at the sentry-release step:

error: invalid value 'verify-token/v0.0.1-test' for '<VERSION>':
Invalid release version. Slashes and certain whitespace characters are not permitted.

Summary

Sentry's release-version validator rejects slashes, so the post-#19 format <action>/<version> is unusable as a Sentry release identifier. Decouple the two identifiers — they were always conceptually separate, just happened to share a string until now:

• Git tag stays <action>/<version> (slash). That's what the consumer syntax uses: fern-api/actions@<action>/<version> requires, and that part already works (verified by the dispatch reaching sentry-release in the first place).
• Telemetry release identifier — Sentry release, the RELEASE_TAG baked into the bundle, PostHog $lib_version, log payload actions_version, and Lightweight API event actions_version — uses <action>@<version> (at-sign). That's the conventional Sentry release shape (my-app@1.2.3) the validator accepts, and the @ poses no problem for these systems because they're identifiers, not refs.

RELEASE_TAG is what the SDK passes to Sentry.init({ release }), so it must match the release name that the Sentry CLI creates via getsentry/action-release. Changing one without the other would break source-map deobfuscation. So both changed together.

Changes

File	Change
.github/workflows/release.yml	RELEASE_TAG env and sentry-release.with.version switched to <action>@<version>. Comments added explaining why the two formats coexist.
scripts/append-release-entry.mjs	Ledger Tag: line stays /; Sentry release: line switches to @.
packages/shared/src/telemetry/build-constants.ts	Doc comment on RELEASE_TAG updated to reflect the @ format and the divergence from the git tag.
CONTRIBUTING.md	Sentry-release step description notes the format and the rationale.

Test plan

• pnpm typecheck — clean
• actionlint .github/workflows/release.yml — clean
• Smoke-test scripts/append-release-entry.mjs with ACTION=verify-token VERSION=v1.0.0 — Tag: renders with /, Sentry release: renders with @
• After merge, re-dispatch release.yml for verify-token with v0.0.1-test (or a fresh v0.0.2-test). Verify:
  • sentry-release step completes (no slash-rejection error)
  • Sentry release identifier in the Sentry UI is verify-token@v0.0.1-test
  • Git tag created is verify-token/v0.0.1-test
  • Bundle contains the literal verify-token@v0.0.1-test: git show verify-token/v0.0.1-test:dist/index.js | grep -F 'verify-token@v0.0.1-test'
  • The bundle's baked Sentry.init({ release }) value matches the Sentry release id (otherwise sourcemap deobfuscation won't resolve)

Why this wasn't caught in #19

The sentry-release job auto-skips when FERN_SENTRY_AUTH_TOKEN isn't provisioned (intentional, so the pipeline can run end-to-end before Sentry is set up). All my pre-#19 smoke tests ran without Sentry credentials, so the validator path was never exercised locally. First real dispatch with the token configured surfaced it immediately.

[FedeZara]

• fix(ci): use @ for Sentry release id (slash is rejected by Sentry) #20 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.