[WIP][No QA] Decouple Sentry uploads from native builds#83268
[WIP][No QA] Decouple Sentry uploads from native builds#83268roryabraham wants to merge 8 commits intomainfrom
Conversation
Sentry uploads currently happen inline during Gradle/Xcode/Webpack builds. If Sentry is unreachable (e.g. transient DNS failure), the entire build fails. The Android "clear cache and retry" mechanism made this worse by corrupting the Gradle environment. This commit: - Disables Sentry auto-upload in all platform builds (Android, iOS, Web) by setting SENTRY_DISABLE_AUTO_UPLOAD=true instead of passing SENTRY_AUTH_TOKEN - Removes the flawed Android build retry mechanism - Creates a new callable uploadSentry.yml workflow that centralizes all Sentry upload logic using getsentry/action-release@v3 for sourcemaps and sentry-cli for proguard mappings and dSYMs - Calls uploadSentry.yml from both deploy.yml (staging/production) and buildAdHoc.yml (adhoc, inherited by testBuild/testBuildOnPush) - The uploadSentry job uses continue-on-error at the job level so Sentry failures never block builds or deploys Co-authored-by: Cursor <cursoragent@cursor.com>
Replace `curl | bash` sentry-cli installation with a secure download from GitHub releases that verifies SHA256 checksums, preventing supply chain attacks via the install script. Co-authored-by: Cursor <cursoragent@cursor.com>
Instead of auto-generating release names from the git SHA, construct a human-readable name that includes App PR #, Mobile-Expensify PR #, and short commit hashes. For example: adhoc-app83244-6d9d97b-me1234-abc1234 Co-authored-by: Cursor <cursoragent@cursor.com>
Pass the version tag (e.g. 9.0.35-0 for production, 9.0.35-0-staging for staging) as the Sentry release name instead of auto-generating from the git SHA. Co-authored-by: Cursor <cursoragent@cursor.com>
The change to replace SENTRY_AUTH_TOKEN with SENTRY_DISABLE_AUTO_UPLOAD was lost during the merge with main. This restores consistency with the iOS and web builds. Co-authored-by: Cursor <cursoragent@cursor.com>
roryabraham
changed the title
This comment has been minimized.
This comment has been minimized.
melvin-bot
bot
requested review from
Valforte
and removed request for
a team
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
The Sentry SDK reports events under `new.expensify@<version>` (from package.json), so uploaded sourcemaps must use the same release name. Instead of passing a release name from callers, uploadSentry.yml now computes it from the checked-out package.json. This eliminates the sentryPrep job in buildAdHoc.yml and removes the release input parameter entirely. Co-authored-by: Cursor <cursoragent@cursor.com>
roryabraham
changed the title
This comment has been minimized.
This comment has been minimized.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
For ad-hoc builds the artifacts are built from inputs.APP_REF, not github.sha. Pass the ref through so the checkout matches the built code and the derived release name is correct. Co-authored-by: Cursor <cursoragent@cursor.com>
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1dbdc3a99a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1dbdc3a99a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
🚧 @roryabraham has triggered a test Expensify/App build. You can view the workflow run here. |
This comment has been minimized.
This comment has been minimized.
|
🚧 @roryabraham has triggered a test Expensify/App build. You can view the workflow run here. |
|
🧪🧪 Use the links below to test this adhoc build on Android, iOS, and Web. Happy testing! 🧪🧪
|
|
Going to close this for #focus |
1 participant
Separate Sentry uploads from native builds. This improves build resilience and allows us to just retry failed Sentry uploads, not the whole build. In the last few days I've seen builds fail twice due to network errors with Sentry.
This also consolidates the Sentry upload logic.
Fixed Issues
Prepares for #82999
Tests
QA Steps
No QA — CI workflow changes only.
Summary
Depends on #83244 (fix Android artifact paths).
This PR decouples Sentry uploads from the native build process so that:
uploadSentry.ymlcallable workflowsetupSentryCLIcomposite action with SHA256 checksum verification (replacescurl | bash)Changes
uploadSentry.yml(new): Callable workflow that downloads build artifacts and uploads sourcemaps (viagetsentry/action-release), proguard mappings, and dSYMs (viasentry-cli) to Sentry with retry logicsetupSentryCLI/action.yml(new): Composite action for secure sentry-cli binary installation with checksum verificationbuildAndroid.yml: Disable Sentry auto-upload during Rock build (SENTRY_DISABLE_AUTO_UPLOAD)buildIOS.yml: Disable Sentry auto-upload during Rock buildbuildWeb.yml: Disable Sentry auto-upload during web buildbuildAdHoc.yml: AddsentryPrepjob for descriptive release names + calluploadSentry.ymldeploy.yml: AdduploadSentryjob using the version tag as release nameKnown Issues
SENTRY_AUTH_TOKENin the Rock build env as a primary mechanism and use this workflow as supplemental.Made with Cursor