feat(build): Track plugin versions from SENTRY_PIPELINE in build uploads (EME-606) #2994
+172
−20
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
runningcode
commented
Nov 27, 2025
| metadata_content.contains("sentry-cli-version:"), | ||
| "Metadata should contain sentry-cli-version" | ||
| ); | ||
| assert!( |
Contributor
Author
There was a problem hiding this comment.
technically it is impossible to have both. i could also add an assertion that both are not set but I didn't think it was worth it.
runningcode
changed the title
runningcode
force-pushed
the
no/track-plugin-versions-in-build-uploads
branch
2 times, most recently
from
e5a54f1 to
2ba8eda
Compare
Add support for tracking Gradle and Fastlane plugin versions in build uploads by accepting them as CLI parameters and writing them to the metadata file in the uploaded zip archive. This enables the backend to store plugin version information in the PreprodArtifact database table for size analysis and build distribution tracking. Changes: - Add --gradle-plugin-version and --fastlane-plugin-version CLI parameters - Write plugin versions to .sentry-cli-metadata.txt in uploaded zips - Update write_version_metadata() to accept optional plugin versions - Add test coverage for metadata file generation with plugin versions 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
…data (EME-XXX) Replace specific --gradle-plugin-version and --fastlane-plugin-version parameters with a more general --metadata parameter that accepts key-value pairs. This allows for flexible metadata inclusion in build uploads without requiring new CLI parameters for each metadata type. Usage: --metadata gradle-plugin=4.12.0 --metadata fastlane-plugin=1.2.3 Metadata is written to .sentry-cli-metadata.txt in uploaded archives in a sorted, deterministic format for consistent checksums. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
runningcode
force-pushed
the
no/track-plugin-versions-in-build-uploads
branch
from
c981217 to
2ab57cf
Compare
Remove references to --gradle-plugin-version and --fastlane-plugin-version from test fixtures, replacing them with the new --metadata parameter that was introduced in the previous commits. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Replace to_string() calls on string literals with to_owned() as recommended by clippy lint str_to_string. This is more idiomatic for converting &str to String when the source is already a string literal. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Address security and data integrity issues identified in PR review: 1. Reject empty metadata keys to prevent malformed output lines - Check that parts[0] is not empty before accepting key-value pairs - Update warning message to clarify requirement for non-empty keys 2. Reject reserved 'sentry-cli-version' key to prevent spoofing - Filter out any user-provided 'sentry-cli-version' metadata - Log warning when reserved key is detected - Prevents duplicate entries and version spoofing in tracking This ensures the .sentry-cli-metadata.txt file maintains integrity and prevents backend parser confusion. Fixes issues reported by Cursor bot in PR #2994. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
…-XXX) Replace --metadata CLI argument with automatic detection of plugin versions from the SENTRY_PIPELINE environment variable. This simplifies the interface and leverages existing infrastructure used for User-Agent headers. Changes: - Remove --metadata argument from CLI - Parse SENTRY_PIPELINE to extract plugin name and version - Format: "sentry-gradle-plugin/4.12.0" or "sentry-fastlane-plugin/1.2.3" - Only recognize known Sentry plugins (gradle and fastlane) - Update function signatures from HashMap to (plugin_name, plugin_version) - Write plugin info to .sentry-cli-metadata.txt in uploaded archives - Update all tests to use new parameter format The SENTRY_PIPELINE variable is already set by the Gradle and Fastlane plugins, so this requires no changes to those plugins while enabling version tracking for size analysis and build distribution. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
![sentry[bot]](https://avatars.githubusercontent.com/u/1396951?s=60&v=4){kind=small}
| handle_file(path, &byteview)? | ||
| handle_file(path, &byteview, plugin_name.as_deref(), plugin_version.as_deref())? | ||
| } else if path.is_dir() { | ||
| debug!("Normalizing directory: {}", path.display()); |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
runningcode
commented
Dec 10, 2025
| debug!("Detected {name} version {version} from SENTRY_PIPELINE"); | ||
| Some((name.to_owned(), version.to_owned())) | ||
| } else { | ||
| debug!("SENTRY_PIPELINE contains unrecognized plugin: {name}"); |
Contributor
Author
There was a problem hiding this comment.
This will be printed out as debug for javascript when they use the SENTRY_PIPELINE variable. I think this message is helpful for debugging but might be confusing if we print it for javascript devs.
Alternatively, we can also detect the javascript tool and not print this in that case. WDYT?
Format code to match Rust style guidelines. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
runningcode
changed the title
…-606) Update changelog to reflect that plugin versions are automatically tracked from SENTRY_PIPELINE environment variable rather than via CLI parameters.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Automatically track Sentry plugin versions in build uploads by parsing the existing
SENTRY_PIPELINEenvironment variable. This enables size analysis and build distribution tracking by storing plugin version metadata in the PreprodArtifact database table.Changes
Plugin Version Detection
SENTRY_PIPELINEenvironment variablesentry-gradle-plugin/4.12.0orsentry-fastlane-plugin/1.2.3sentry-gradle-pluginsentry-fastlane-pluginMetadata File Format
The
.sentry-cli-metadata.txtfile inside uploaded zips now includes detected plugin info:Related PRs:
getsentry/launchpad#464
getsentry/sentry#103062
getsentry/sentry-android-gradle-plugin#1036
getsentry/sentry-fastlane-plugin#365