-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
88df683
commit 52d87cf
Showing
1 changed file
with
70 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| name: New Sentry Release | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| permissions: | ||
| id-token: write # This is required for requesting the JWT | ||
| contents: read # This is required for actions/checkout | ||
|
|
||
| jobs: | ||
| release: | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| ##SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | ||
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | ||
| SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | ||
| SENTRY_DEPLOY_ENVIRONMENT: ${{ secrets.SENTRY_DEPLOY_ENVIRONMENT }} | ||
| # Specifies custom Sentry Endpoint to send release information to | ||
| # Defaults to https://sentry.io | ||
| SENTRY_URL: ${{ secrets.SENTRY_URL }} | ||
| # The organization name for the org that we want to send release info to | ||
| SENTRY_ORG_SLUG: ${{ secrets.SENTRY_ORG_SLUG }} | ||
|
|
||
| steps: | ||
| - uses: actions/[email protected] | ||
|
|
||
| - name: Install OIDC Client from Core Package | ||
| run: npm install @actions/[email protected] @actions/http-client | ||
|
|
||
| - name: Get Id Token | ||
| uses: actions/github-script@v6 | ||
| id: idtoken | ||
| with: | ||
| script: | | ||
| const actions_core = require('@actions/core') | ||
| let id_token = await actions_core.getIDToken() | ||
| actions_core.setOutput('token', id_token) | ||
| - name: Create new Sentry release and deploy to Heroku | ||
| shell: bash | ||
| env: | ||
| GITHUB_OIDC_TOKEN: ${{ steps.idtoken.token }} | ||
| run: | | ||
| # Install Sentry CLI | ||
| curl -sL https://sentry.io/get-cli/ | bash | ||
| # Get the Auth Token from Sentry's API Endpoint | ||
| sentry_access_token=`curl -X POST "$SENTRY_URL/oauth/token" -H 'Accept-Encoding: gzip, deflate, br, zstd' \ | ||
| -H 'Content-Type: application/json; charset=utf-8' -H 'Accept: application/json' \ | ||
| -H 'Accept: application/json' | ||
| -d "{ | ||
| \"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", | ||
| \"resource\": \"$SENTRY_URL/api/0/organizations/$SENTRY_ORG_SLUG\", | ||
| \"subject_token\": \"$GITHUB_OIDC_TOKEN\", | ||
| \"subject_token_type\": \"urn:ietf:params:oauth:token-type:id_token\" | ||
| }" | jq '.access_token'` | ||
| # Expose the scoped auth token to use for release API | ||
| export SENTRY_AUTH_TOKEN=$sentry_access_token | ||
| # Create new Sentry release | ||
| export SENTRY_RELEASE=$(sentry-cli releases propose-version) | ||
| sentry-cli releases new -p $SENTRY_PROJECT $SENTRY_RELEASE | ||
| sentry-cli releases set-commits --auto $SENTRY_RELEASE | ||
| sentry-cli releases finalize $SENTRY_RELEASE | ||
| # Create new deploy for this Sentry release | ||
| sentry-cli releases deploys $SENTRY_RELEASE new -e $SENTRY_DEPLOY_ENVIRONMENT |