build: fetch sentry-native from release zip

[edde746]

📜 Description

Use the pre-packaged release zip instead of git clone to avoid dependency on chromium.googlesource.com which is unreliable.

💡 Motivation and Context

See getsentry/sentry-native#1625

💚 How did you test it?

Tested by integrating the fork into a Flutter desktop app (Windows) that previously failed to build due to chromium.googlesource.com being unavailable — the build now completes successfully using the release zip.

📝 Checklist

• I reviewed submitted code
• I added tests to verify changes
• No new PII added or SDK only sends newly added PII if sendDefaultPii is enabled
• I updated the docs if needed
• All tests passing
• No breaking changes

#skip-changelog

[sdk-maintainer-bot]

This PR has been automatically closed. The referenced issue does not show a discussion between you and a maintainer.

To avoid wasted effort on both sides, please discuss your proposed approach in the issue first and wait for a maintainer to respond before opening a PR.

Please review our contributing guidelines for more details.

[edde746]

Please review our contributing guidelines for more details.

CONTRIBUTING.md contains the words "maintainer" and "issue" 0 times.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.80%. Comparing base (5b3a9e9) to head (711f54f).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3621      +/-   ##
==========================================
+ Coverage   86.83%   91.80%   +4.96%     
==========================================
  Files         320      102     -218     
  Lines       10789     3479    -7310     
==========================================
- Hits         9369     3194    -6175     
+ Misses       1420      285    -1135     

Flag	Coverage Δ
sentry	?
sentry_dio	?
sentry_drift	?
sentry_file	?
sentry_firebase_remote_config	100.00% <ø> (ø)
sentry_flutter	91.38% <ø> (+0.37%)	⬆️
sentry_hive	?
sentry_isar	?
sentry_link	?
sentry_logging	?
sentry_sqflite	?
sentry_supabase	97.27% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[buenaflor]

We'll go ahead with this.

CI failures are unrelated to this PR

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 946c132. Configure here.}

[cursor]

Missing URL_HASH for downloaded dependency archive

Medium Severity

The sentry-native FetchContent_Declare uses a direct URL download without a URL_HASH parameter. This means the downloaded sentry-native.zip lacks integrity verification, unlike the previous Git method. This introduces a supply chain risk for a security SDK, as CMake documentation recommends URL_HASH for remote fetches.

 

^{Triggered by project rule: PR Review Guidelines for Cursor Bot (Root)}

^{Reviewed by Cursor Bugbot for commit 946c132. Configure here.}