Skip to content

ref(preprod): Register endpoints on organization as well as project#106435

Merged
chromy merged 2 commits intomasterfrom
chromy/2026-01-15-foo
Mar 2, 2026
Merged

ref(preprod): Register endpoints on organization as well as project#106435
chromy merged 2 commits intomasterfrom
chromy/2026-01-15-foo

Conversation

@chromy
Copy link
Contributor

@chromy chromy commented Jan 16, 2026
edited
Loading

We would like the frontend to use paths like

  • Individual pages: /preprod/{install/size}/:artifact_id:/?project={project_id}
  • Compare pages: /preprod/size/compare/:head_id:/:base_id:/?project={project_id}

Rather than the current ones which look like:

  • Install pages are /preprod/:project_id:/:artifact_id:/install
  • Size pages are /preprod/:project_id:/:artifact_id

Making project a query param is more consistent with the existing frontend pages.

However this causes difficulties with the API paths.
This existing API paths look like this:

  • /api/0/project/:org/:project/preprodartifacts/:head_artifact_id/build-details/

That is they require the :project id/slug even though the :head_artifact_id is region unique.

This double registers each API endpoints:

  • once on /api/0/project/:org/:project/...
  • once on /api/0/organization/:org/...

We do this by adjusting the endpoint to make :project optional.
If missing it will be filled in from the head_artifact_id.
If present it will be checked against the head_artifact_id.
This allows us to refactor the endpoints to remove the :project without:

  • Doing each endpoint individually
  • Having a lot of duplicated code in the intermediate state

See EME-725 for context.

@chromy chromy requested a review from a team as a code owner January 16, 2026 12:42
@github-actions github-actions bot added Scope: Frontend Automatically applied to PRs that change frontend components Scope: Backend Automatically applied to PRs that change backend components labels Jan 16, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026

🚨 Warning: This pull request contains Frontend and Backend changes!

It's discouraged to make changes to Sentry's Frontend and Backend in a single pull request. The Frontend and Backend are not atomically deployed. If the changes are interdependent of each other, they must be separated into two pull requests and be made forward or backwards compatible, such that the Backend or Frontend can be safely deployed independently.

Have questions? Please ask in the #discuss-dev-infra channel.

cursor[bot]
cursor bot reviewed Jan 16, 2026
View reviewed changes
@chromy chromy changed the title DNM ref(preprod): Register endpoints on organization as well as project Jan 16, 2026
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from 1f4e559 to 7805c9b Compare January 16, 2026 13:14
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from 8733f07 to 4344375 Compare January 16, 2026 14:00
runningcode
runningcode approved these changes Jan 16, 2026
View reviewed changes
Copy link
Contributor

@runningcode runningcode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM aside from my comments!

src/sentry/preprod/api/bases/preprod_artifact_endpoint.py Outdated


class ProjectPreprodArtifactPermission(ProjectPermission):
class OrganizationPreprodArtifactPermission(OrganizationPermission):
Copy link
Contributor

@runningcode runningcode Jan 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if there are any security implications here? like does sentry have project level access permissions that this might break?

Are there users that don't have the org permission where this would break?

Copy link
Contributor Author

@chromy chromy Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tweaked the permissions a bit:

  • Now we use event:* as the scope which is more correct I think
  • We check in the body of the function that we have permission to access the given project
    Also fixed a bug:
  • This ProjectPreprodArtifactPermission is only for the compare triggering not here.

Copy link
Contributor

@runningcode runningcode Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, cool that event scope works!

@chromy chromy force-pushed the chromy/2026-01-15-foo branch from 5c90b8a to 1229601 Compare January 16, 2026 15:36
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from 39682fe to d6aecc6 Compare January 16, 2026 15:43
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from d71e780 to 8d0c243 Compare January 16, 2026 17:08
@runningcode runningcode mentioned this pull request Jan 19, 2026
Closed
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from 4124491 to 8cc3f63 Compare January 19, 2026 12:26
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from bbeb003 to 0a32e48 Compare January 21, 2026 16:33
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from 84acd9a to 68014c2 Compare January 21, 2026 16:55
@getsantry
Copy link
Contributor

getsantry bot commented Feb 12, 2026

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you remove the label Waiting for: Community, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

@getsantry getsantry bot added the Stale label Feb 12, 2026
@runningcode runningcode force-pushed the chromy/2026-01-15-foo branch from 68014c2 to a8d895b Compare February 13, 2026 13:53
cursor[bot]
cursor bot reviewed Feb 13, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Feb 13, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Feb 13, 2026
View reviewed changes
@runningcode runningcode force-pushed the chromy/2026-01-15-foo branch from 69098d2 to a5fc606 Compare February 13, 2026 15:49
sentry[bot]
sentry bot reviewed Feb 13, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Feb 13, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Feb 13, 2026
View reviewed changes
@getsantry getsantry bot removed the Stale label Feb 14, 2026
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from 5f57b08 to c909697 Compare March 2, 2026 09:30
sentry-warden[bot]
sentry-warden bot reviewed Mar 2, 2026
View reviewed changes
sentry[bot]
sentry bot reviewed Mar 2, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

@chromy chromy force-pushed the chromy/2026-01-15-foo branch from c909697 to 1b12900 Compare March 2, 2026 13:36
@chromy
We would like the frontend to use paths like
3e78b83 
Individual pages: /preprod/{install/size}/:artifact_id:/?project={project_id}
Compare pages: /preprod/size/compare/:head_id:/:base_id:/?project={project_id}
Rather than the current ones which look like:

Install pages are /preprod/:project_id:/:artifact_id:/install
Size pages are /preprod/:project_id:/:artifact_id
Making project a query param is more consistent with the existing frontend pages.

However this causes difficulties with the API paths.
This existing API paths look like this:

/api/0/project/:org/:project/preprodartifacts/:head_artifact_id/build-details/
That is they require the :project id/slug even though the :head_artifact_id is region unique.

This double registers each API endpoints:

once on /api/0/project/:org/:project/...
once on /api/0/organization/:org/...
We do this by adjusting the endpoint to make :project optional.
If missing it will be filled in from the head_artifact_id.
If present it will be checked against the head_artifact_id.
This allows us to refactor the endpoints to remove the :project without:

Doing each endpoint individually
Having a lot of duplicated code in the intermediate state
See EME-725 for context.
@chromy chromy force-pushed the chromy/2026-01-15-foo branch from 99e0c2b to 3e78b83 Compare March 2, 2026 13:52
@chromy chromy merged commit eb8007e into master Mar 2, 2026
76 checks passed
@chromy chromy deleted the chromy/2026-01-15-foo branch March 2, 2026 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@runningcode runningcode runningcode approved these changes

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@sentry-warden sentry-warden[bot] sentry-warden[bot] left review comments

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components Scope: Frontend Automatically applied to PRs that change frontend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chromy @runningcode