getsentry · Feb 12, 2025 · Feb 27, 2025 · Feb 27, 2025 · Feb 27, 2025 · Feb 27, 2025
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,10 @@
+# Docs: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# These files will be ignore by Docker for COPY and ADD commands when creating a build context
+# In other words, if a file should not be inside of the Docker container it should be
+# added to the list, otherwise, it will invalidate cache layers and have to rebuild
+# all layers after a COPY command
+.git
+.github
+Dockerfile
+.dockerignore
+*.md
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,224 @@
+name: Build and Test
+
+on:
+  pull_request:
+    paths-ignore:
+      - '**.md'
+  push:
+    branches:
+      - master
+      - release/**
+    paths-ignore:
+      - '**.md'
+
+env:
+  # Variables defined in the repository
+  SENTRY_ORG: ${{ vars.SENTRY_ORG }}
+  # For master, we have an environment variable that selects the action-release project
+  # instead of action-release-prs
+  # For other branches: https://sentry-ecosystem.sentry.io/releases/?project=4505075304693760
+  # For master branch: https://sentry-ecosystem.sentry.io/releases/?project=6576594
+  SENTRY_PROJECT: ${{ vars.SENTRY_PROJECT }}
+
+jobs:
+  prepare-docker:
+    name: Prepare docker tag
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    outputs:
+      docker_tag: ${{ steps.docker_tag.outputs.docker_tag }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Get docker tag
+        id: docker_tag
+        run: |
+          if [[ "${{ github.ref }}" == "refs/heads/master" ]]; then
+            echo "docker_tag=master" >> $GITHUB_OUTPUT
+            yarn set-docker-tag master
+          else
+            TAG=$(yq '... | select(has("uses") and .uses | test("docker://ghcr.io/getsentry/action-release-image:.*")) | .uses' action.yml | awk -F':' '{print $3}')
+            echo "docker_tag=$TAG" >> $GITHUB_OUTPUT
+
+            if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+              if [[ "$TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+                echo "Error: docker_tag $TAG matching format MAJOR.MINOR.PATCH is not allowed inside pull requests."
+                echo "Please rename the docker tag in action.yml and try again."
+                exit 1
+              fi
+            fi
+          fi
+
+      - name: Get auth token
+        id: token
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        if: github.ref == 'refs/heads/master'
+        with:
+          app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
+          private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
+
+      - name: Commit changes
+        uses: getsentry/action-github-commit@v2.0.0
+        if: github.ref == 'refs/heads/master'
+        with:
+          github-token: ${{ steps.token.outputs.token }}
+          message: "chore: Set docker tag for master [skip ci]"
+
+  docker-build:
+    name: Build & publish Docker images
+    needs: prepare-docker
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    strategy:
+      matrix:
+        target:
+          - name: builder
+            image: action-release-builder-image
+          - name: app
+            image: action-release-image
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # BUILDKIT_INLINE_CACHE creates the image in such a way that you can
+      # then use --cache-from (think of a remote cache)
+      # This feature is allowed thanks to using the buildx plugin
+      #
+      # There's a COPY command in the builder stage that can easily invalidate the cache
+      # If you notice, please add more exceptions to .dockerignore since we loose the value
+      # of using --cache-from on the app stage
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ghcr.io/${{ github.repository_owner }}/${{ matrix.target.image }}:${{ needs.prepare-docker.outputs.docker_tag }}
+          cache-from: ghcr.io/${{ github.repository_owner }}/${{ matrix.target.image }}:master
+          target: ${{ matrix.target.name }}
+          build-args: BUILDKIT_INLINE_CACHE=1
+
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install
+        run: yarn install
+
+      - name: Check format
+        run: yarn format-check
+
+      - name: Lint
+        run: yarn lint
+
+      - name: Build
+        run: yarn build
+
+  #############
+  # E2E Tests
+  #############
+
+  test-create-staging-release-per-push:
+    needs: docker-build
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    name: Test current action
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Create a staging release
+        uses: ./
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_LOG_LEVEL: debug
+        with:
+          ignore_missing: true
+
+  test-runs-on-container:
+    needs: docker-build
+    runs-on: ubuntu-latest
+    container:
+      image: node:18.17
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Create a staging release
+        uses: ./
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_LOG_LEVEL: debug
+        with:
+          ignore_missing: true
+
+  test-mock-release:
+    needs: docker-build
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    name: Mock a release
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Mock creating a Sentry release
+        uses: ./
+        env:
+          MOCK: true
+        with:
+          environment: production
+
+  test-mock-release-working-directory:
+    needs: docker-build
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    name: Mock a release in a different working directory
+    steps:
+      - name: Checkout directory we'll be running from
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          path: main/
+
+      - name: Checkout directory we'll be testing
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          path: test/
+
+      - name: Mock creating a Sentry release in a different directory
+        uses: ./main
+        env:
+          MOCK: true
+        with:
+          environment: production
+          working_directory: ./test
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: Prepare Release
+name: "Action: Prepare Release"
 
 on:
   workflow_dispatch:

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
diff --git a/.github/workflows/verify-dist.yml b/.github/workflows/verify-dist.yml
@@ -8,6 +8,7 @@ on:
   push:
     branches:
       - master
+      - release/**
     paths-ignore:
       - "**.md"
   pull_request:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,26 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+  - repo: local
+    hooks:
+      - id: format
+        name: Format
+        entry: yarn format
+        language: system
+        pass_filenames: false
+      - id: lint
+        name: Lint
+        entry: yarn lint
+        language: system
+        pass_filenames: false
+      - id: set-docker-tag-from-branch
+        name: Set docker tag in action.yml from current git branch
+        entry: yarn set-docker-tag-from-branch
+        language: system
+        pass_filenames: false