diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..5a3fa2b --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,70 @@ +name: New Sentry Release + +on: + push: + branches: + - main + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +jobs: + release: + runs-on: ubuntu-latest + env: + ##SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} + SENTRY_ORG: ${{ secrets.SENTRY_ORG }} + SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} + SENTRY_DEPLOY_ENVIRONMENT: ${{ secrets.SENTRY_DEPLOY_ENVIRONMENT }} + # Specifies custom Sentry Endpoint to send release information to + # Defaults to https://sentry.io + SENTRY_URL: ${{ secrets.SENTRY_URL }} + # The organization name for the org that we want to send release info to + SENTRY_ORG_SLUG: ${{ secrets.SENTRY_ORG_SLUG }} + + steps: + - uses: actions/checkout@v1.0.0 + + - name: Install OIDC Client from Core Package + run: npm install @actions/core@1.6.0 @actions/http-client + + - name: Get Id Token + uses: actions/github-script@v6 + id: idtoken + with: + script: | + const actions_core = require('@actions/core') + let id_token = await actions_core.getIDToken('https://trosentry.ngrok.dev') + actions_core.setOutput('token', id_token) + + - name: Create new Sentry release and deploy to Heroku + shell: bash + env: + GITHUB_OIDC_TOKEN: ${{ steps.idtoken.outputs.token }} + run: | + # Install Sentry CLI + curl -sL https://sentry.io/get-cli/ | bash + + # Get the Auth Token from Sentry's API Endpoint + sentry_access_token=`curl -X POST "https://trosentry.ngrok.dev/oauth/token/" -H 'Accept-Encoding: gzip, deflate, br, zstd' \ + -H 'Content-Type: application/json; charset=utf-8' -H 'Accept: application/json' \ + -d "{ + \"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", + \"resource\": \"https://trosentry.ngrok.dev/api/0/organizations/2\", + \"subject_token\": \"$GITHUB_OIDC_TOKEN\", + \"subject_token_type\": \"urn:ietf:params:oauth:token-type:id_token\" + }" | jq '.access_token'` + + # Expose the scoped auth token to use for release API + export SENTRY_AUTH_TOKEN=$sentry_access_token + echo $SENTRY_AUTH_TOKEN + + # Create new Sentry release + export SENTRY_RELEASE=$(sentry-cli releases propose-version) + sentry-cli releases new -p $SENTRY_PROJECT $SENTRY_RELEASE + sentry-cli releases set-commits --auto $SENTRY_RELEASE + sentry-cli releases finalize $SENTRY_RELEASE + + # Create new deploy for this Sentry release + sentry-cli releases deploys $SENTRY_RELEASE new -e $SENTRY_DEPLOY_ENVIRONMENT \ No newline at end of file