ci(build): Add snapshot release workflow#3212
Conversation
Add a workflow_dispatch-triggered snapshot release pipeline that reuses the existing build workflow. Snapshot builds skip macOS code signing, override versions with a snapshot identifier, and publish to npm under the `snapshot` tag. - Add `workflow_call` inputs to build.yml for `skip-signing` and `snapshot-version` - Add `override-version` composite action to patch Cargo.toml, package.json, and npm-binary-distributions - Add `snapshot.yml` workflow that computes a snapshot version, triggers the build, and publishes to npm - Skip Python, Docker, and merge jobs for snapshot builds Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
runningcode
force-pushed
the
no/ci-snapshot
branch
from
c5e30a6 to
9ae8e1d
Compare
Instead of patching version files at build time via the override-version composite action, snapshots now follow the same pattern as releases: bump all version files upfront using bump-version.sh, commit to a temporary snapshot branch, and let build.yml build from correct source. This removes the fragile override-version action (called 5 times across different jobs with sed/awk/node), replaces the snapshot-version input with checkout-ref and is-snapshot, and adds a cleanup job to delete the temporary branch after publish. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
| @@ -0,0 +1,114 @@ | |||
| name: Snapshot Release | |||
|
|
|||
| on: | |||
There was a problem hiding this comment.
manual trigger to test. we can change this to build on every push to master once we know it is working.
There was a problem hiding this comment.
l: I would be fine with just having it set to every push to master with this PR. We can revert if needed
| with: | ||
| node-version: '20.10.0' | ||
|
|
||
| - name: Bump versions |
There was a problem hiding this comment.
so another way to do this would be to modify the versions in place in the action/workflow using sed and regexes.
this would remove the need to commit and create the snapshot branch somewhere but then we have two different mechanisms to patch the versions which could lead to drift. without modifying in place, there's no way to share the patched repo between workflows.
| if-no-files-found: 'error' | ||
|
|
||
| platform-specific-docker: | ||
| if: ${{ !inputs.is-snapshot }} |
There was a problem hiding this comment.
skip docker publishing
| @@ -297,11 +327,14 @@ jobs: | |||
| if-no-files-found: 'error' | |||
|
|
|||
| python: | |||
There was a problem hiding this comment.
not publishing to pip
| is-snapshot: | ||
| type: boolean | ||
| default: false | ||
| checkout-ref: |
There was a problem hiding this comment.
we need this checkout-ref to share the version patched repo between workflows. see comment here for more details: https://github.com/getsentry/sentry-cli/pull/3212/changes#r2924915514
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
The upload artifact preserves the platform subdirectory structure (e.g., darwin/, linux-x64/), so after download the tarballs land at npm-distributions/<platform>/*.tgz, not npm-distributions/*.tgz. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The node job downloads artifact-bin-* which includes macOS artifacts uploaded by sign-macos-binaries, but didn't declare that dependency. This could cause the npm package to be built with incomplete checksums (missing macOS entries). sign-macos-binaries already depends on macos and macos_universal, so those are covered transitively. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
|
Hey @runningcode, please check the AI review comments and resolve them, or mark as inapplicable, then I'll do a full review 🙏 |
|
Done. One is false, the other is a design choice. I commented on both! |
szokeasaurusrex
left a comment
szokeasaurusrex
left a comment
There was a problem hiding this comment.
Thanks for the PR @runningcode! I added some thoughts here.
Remove the skip-signing input from build.yml since snapshots should go through the same signing pipeline as releases. Also switch snapshot versioning from minor bump to patch bump and use cargo metadata for more reliable version parsing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Split from #3212, thanks @runningcode for noticing! Co-authored-by: Nelson Osacky <nelson.osacky@sentry.io>
| @@ -0,0 +1,114 @@ | |||
| name: Snapshot Release | |||
|
|
|||
| on: | |||
There was a problem hiding this comment.
l: I would be fine with just having it set to every push to master with this PR. We can revert if needed
Co-authored-by: Daniel Szoke <7881302+szokeasaurusrex@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2 participants
Summary
Adds a
workflow_dispatch-triggered snapshot release pipeline that reuses the existing build workflow, enabling on-demand pre-release builds from any branch. For now we are only publishing to npm under the snapshot tag.Background
We want to allow easy snapshot releases to ease internal testing as well as customer testing.
What it does
snapshot.ymlworkflow: Computes a semver-compliant snapshot version (e.g.3.4.0-snapshot.20260312.abc1234) by bumping the minor version fromCargo.toml, patches all version files viascripts/bump-version.sh, pushes a temporary snapshot branch, then triggers the buildbuild.ymlcallable: Addsworkflow_callinputs (skip-signing,is-snapshot,checkout-ref) so the snapshot workflow can reuse the full build matrixsnapshottag: Platform-specific binary packages and the main@sentry/clipackage are published with--tag snapshotso they don't affect thelatesttag🤖 Generated with Claude Code