ci: use production environment for sentry-release auth token#645
Merged
Conversation
Contributor
Semver Impact of This PR🟢 Patch (bug fixes) 📋 Changelog PreviewThis is how your changes will appear in the changelog. Bug Fixes 🐛
Internal Changes 🔧
🤖 This preview updates automatically when you update the PR. |
BYK
changed the title
…ntry-release workflow - Add environment: production so the job can access SENTRY_AUTH_TOKEN - Drop sentry/ prefix from release version to match Sentry.init() and sourcemap uploads which both use bare semver (e.g., '0.24.0')
BYK
force-pushed
the
fix/sentry-release-auth
branch
from
cccd5d0 to
d83e081
Compare
This was referenced Apr 2, 2026
BYK
added a commit
that referenced
this pull request
Apr 2, 2026
## Summary Fixes the [third sentry-release failure](https://github.com/getsentry/cli/actions/runs/23918696701/job/69759189495): ``` Error: Organization is required. ``` The previous PR (#645) mistakenly removed the `sentry/` prefix thinking it was a version prefix. It's actually the **org slug** — `parseReleaseArg("sentry/0.24.0")` splits into org=`sentry`, version=`0.24.0`. Restoring it provides the org without needing `SENTRY_ORG`. Fixes #647.
5 tasks
BYK
added a commit
that referenced
this pull request
Apr 3, 2026
## Summary Fixes `set-commits --auto` to properly discover commits and documents release workflow pitfalls learned from shipping the sentry-release CI workflow. Continuation of #643, #645, #648, #649 (all merged). ## Changes ### `set-commits --auto` rewrite (`src/lib/api/releases.ts`) - **Replace bogus `{repository: "auto", commit: "auto"}`** — list org repos via paginated API, match against local git remote, send real refs with HEAD SHA - **Fetch previous release commit** via `/previous-with-commits/` endpoint so Sentry can compute the commit range (without this, 0 commits are reported) - **Paginate** through all org repos with early-exit (`listRepositoriesPaginated`) - Use `ApiError` for no-repos (correct negative caching), `ValidationError` for local git failures - Fix `ApiError` constructor: `endpoint` as 4th arg, not 3rd ### Fallback fix (`src/commands/release/set-commits.ts`) - Catch `ValidationError` in `setCommitsDefault` → fall back to local git history ### Workflow fixes (`.github/workflows/sentry-release.yml`) - `actions/checkout@v6` with `fetch-depth: 0` (needed for `--auto` git discovery) - Move `--url` from `release create` to `release deploy` (URL belongs on the deploy) - Inline comments documenting every pitfall (Node.js version, env scoping, org prefix) ### Documentation - **agent-guidance.md**: New "Release Workflow" section with CI/CD setup notes; new Common Mistakes for version mismatch and `--auto` without checkout - **release.md**: CI workflow example + "Important Notes" section - **create.ts help**: Clarifies `org/version` positional format and version matching - **set-commits.ts help**: Clarifies `--auto` requires git checkout; documents default fallback behavior - Regenerated SKILL.md + reference files ### Tests - Isolated tests: repo discovery, pagination, no-match, no-repos, no-remote, previous commit fetch - Command tests: `--auto` cwd pass-through, `ValidationError` fallback in default mode - Patch coverage: `releases.ts` ~99%, `set-commits.ts` ~75%
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the second sentry-release failure:
Two issues:
Missing environment —
SENTRY_AUTH_TOKENis scoped to theproductionenvironment. Withoutenvironment: productionon the job, the secret resolves to empty.Wrong release version — The workflow used
sentry/${VERSION}(e.g.,sentry/0.24.0) butSentry.init()and sourcemap uploads both use bare semver (0.24.0). Events would never be associated with the release.Changes
environment: productionto thefinalizejobsentry/prefix from all release version references to matchSentry.init()(release: CLI_VERSIONintelemetry.ts:417) and sourcemap uploads (release: VERSIONinbuild.ts:179)