feat: Sync fork#14
Open
ngudbhav wants to merge 421 commits into
Open
Conversation
#skip-changelog
# PR Summary This small PR fixes the `datetime` deprecation warnings which you can find in the CI logs: ```python /home/runner/work/_actions/getsentry/self-hosted/master/_integration-test/test_01_basics.py:303: DeprecationWarning: datetime.datetime.utcnow() is deprecated and scheduled for removal in a future version. Use timezone-aware objects to represent datetimes in UTC: datetime.datetime.now(datetime.UTC). ```
…#3690) Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.0.2 to 2.0.6. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@3ff1caa...df432ce) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
#skip-changelog
* remove obsolete SENTRY_RELEASE_HEALTH removed in getsentry/sentry#68226 * remove unused feature flags removed in getsentry/sentry#32010 * remove session-replay-enable-canvas removed in getsentry/sentry#87762
Sentry Admin Script always fail because of missing import of lib script. ### Legal Boilerplate Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.
#skip-changelog
Fixes problems that appear when Python SDK 3.0 will be released.
a hard stop is in place with this so it can be removed now
* add shellcheck action to lint bash scripts * fix some shellcheck warnings --------- Co-authored-by: ds <ds@local> Co-authored-by: Burak Yigit Kaya <byk@sentry.io>
* Introduce patches with external kafka * Fix pre-commit hooks * Patch relay config file * Documentation for patches stuff * Provide more helpful information for Docker Compose Override file * Fix grep command * ref: rename to 'optional-modifications' * chore(pre-commit): exclude .patch extension * chore(pre-commit): escape backslash * chore(pre-commit): put exclude field on hooks * chore(pre-commit): put exclude field on top level Based on https://pre-commit.com/#top_level-exclude * chore(pre-commit): move to even more top level
PROFILES_DIR was defaulting to `/var/lib/sentry-profiles` which requires root access. When Vroom image decided to go with non-root default user, this started causing permission issues. Now the image is being refactored and it will not use `/var/lib/sentry-profiles` as the default path so we need to explicitly pass it.
…3760) * Revert "fix(vroom): Explicitly set PROFILES_DIR for upcoming change (#3759)" This reverts commit e07445d. It also very importantly changes where we mount the profiles volume which fixes the issue. Our theory is as follows: 1. Vroom Dockerfile had a line doing `mkdirp /var/lib/sentry-profiles` at image build time. This makes the directory owned by `root` 2. When we mount over that directory, and change permissions we can store the permissions changes _in_ the directory but not the directory itself 3. So when we start the vroom image with the new mount, the contents are owned by `vroom` but the main directory is still owned by `root`. This is also why [this approach](https://github.com/getsentry/vroom/pull/601/files/a23a4e395269ca39fd9bd93ecf902cb42530b5cd) worked as the entrypoint script did this at the start of every container instance. --------- Co-authored-by: Burak Yigit Kaya <byk@sentry.io>
|
CodeAnt AI is running Incremental review Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.7. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.5...46.0.7) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.7 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
CodeAnt AI Incremental review completed. |
…#4280) Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 3.0.0 to 3.1.1. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@f8d387b...1b10c78) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@53b8394...48b55a0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [j178/prek-action](https://github.com/j178/prek-action) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/j178/prek-action/releases) - [Commits](j178/prek-action@53276d8...cbc2f23) --- updated-dependencies: - dependency-name: j178/prek-action dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.1 to 9.0.3. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@9.0.1...9.0.3) --- updated-dependencies: - dependency-name: pytest dependency-version: 9.0.3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Reinaldy Rafli <github@reinaldyrafli.com>
* feat: allow upgrade tests * fix: wrong cache key
|
CodeAnt AI is running Incremental review Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI Incremental review completed. |
The health checks constantly get mis-identified by users as a problem, when they are just the effect of a problem downstream (e.g. connectivity issues, project configs not available ...). In the docker compose environment the healthcheck itself makes little sense. If health checks are failing, Sentry is down. If there is no health check and a problem in the system, Sentry is down. Docker compose does support almost none of the nuance Kubernetes allows for in health checks, and the self hosted install is not load balancing between multiple instances of Relay. There is little point in having these health checks + they lead to constant requests and questions -> turn them off. It may make sense to replace the health check with a liveness probe instead, but even these are not handled well by docker compose. Ordering of services should be good enough by relying on the `started` flag.
|
CodeAnt AI is running Incremental review Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI Incremental review completed. |
If the host container runtime sets these variables, for example behind a corporate proxy, SeaweedFS services are unable to talk to each other by default. Since they have no business talking to the outside world, just force clear these variables.
|
CodeAnt AI is running Incremental review Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI Incremental review completed. |
|
CodeAnt AI is running Incremental review Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI Incremental review completed. |
* feat: Add launchpad taskworker container
Add a launchpad-taskworker service that shares the existing taskbroker
infrastructure with the sentry taskworker. Activations are separated by
the `application` value ("launchpad" vs "sentry") so workers only fetch
their own tasks.
* fix: make launchpad working on self-hosted
* feat: add launchpad to feature-complete profile
* feat: add required feature flag
* feat: integration test for mobile build
* fix(test): wrong organization name
* feat(test): debug organization token
* test: acquire csrf token from login response
Investigated and resolved CSRF token issue in integration tests for organization token creation. The organization auth tokens endpoint requires CSRF protection via the X-CSRFToken header,
which should be populated with the value from the sc cookie obtained during the login response. This was discovered by examining the sentry codebase's OrganizationAuthTokensEndpoint which
uses Django REST Framework's SessionAuthentication that enforces CSRF by default. The solution involves extracting the CSRF token from the client's cookies and passing it to POST requests
as a request header.
* feat: remove feature flag
* fix: cursor review comments
---------
Co-authored-by: Reinaldy Rafli <github@reinaldyrafli.com>
|
CodeAnt AI is running Incremental review Thanks for using CodeAnt! 🎉We're free for open-source projects. if you're enjoying it, help us grow by sharing. Share on X · |
|
CodeAnt AI Incremental review completed. |
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 8.0.0 to 8.1.0. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@cec2083...0880764) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Reinaldy Rafli <github@reinaldyrafli.com>
|
Skipping CodeAnt AI review — this PR changes more than 100 files, which usually means a migration, codemod, or vendored drop. Line-level review on diffs this large produces duplicate findings on the same rewrite pattern and drowns out anything that actually matters. If you still want a review, comment |
Use environment variables to store GitHub context data instead of directly interpolating them in the run script. This prevents potential script injection attacks. Changes: - Move GitHub context variables to env block - Reference variables using proper shell variable syntax with quotes - Apply to: github.repository, github.run_id, github.event.repository.id, and github.event.number/github.event.inputs.pr Fixes: https://linear.app/getsentry/issue/VULN-1575 Fixes: https://linear.app/getsentry/issue/DI-1872 Co-authored-by: fix-it-felix-sentry[bot] <260785270+fix-it-felix-sentry[bot]@users.noreply.github.com> Co-authored-by: Reinaldy Rafli <github@reinaldyrafli.com>
|
Skipping CodeAnt AI review — this PR changes more than 100 files, which usually means a migration, codemod, or vendored drop. Line-level review on diffs this large produces duplicate findings on the same rewrite pattern and drowns out anything that actually matters. If you still want a review, comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CodeAnt-AI Description
Add feature-complete install flow with Podman support and new storage setup
What Changed
Impact
✅ Easier full-stack installs✅ Fewer manual upgrade steps✅ Safer config migrations🔄 Retrigger CodeAnt AI Review
Details
💡 Usage Guide
Checking Your Pull Request
Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.
Talking to CodeAnt AI
Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:
This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.
Example
Preserve Org Learnings with CodeAnt
You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:
This helps CodeAnt AI learn and adapt to your team's coding style and standards.
Example
Retrigger review
Ask CodeAnt AI to review the PR again, by typing:
Check Your Repository Health
To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.