Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Fix Sentry sourcemap upload step #7211

Merged
merged 1 commit into from
Sep 13, 2023
Merged

fix: Fix Sentry sourcemap upload step #7211

merged 1 commit into from
Sep 13, 2023

Conversation

Gudahtt
Copy link
Member

@Gudahtt Gudahtt commented Sep 13, 2023

Development & PR Process

  1. Follow MetaMask Mobile Coding Standards
  2. Add release-xx label to identify the PR slated for a upcoming release (will be used in release discussion)
  3. Add needs-dev-review label when work is completed
  4. Add the appropiate QA label when dev review is completed
    • needs-qa: PR requires manual QA.
    • No QA/E2E only: PR does not require any manual QA effort. Prior to merging, ensure that you have successful end-to-end test runs in Bitrise.
    • Spot check on release build: PR does not require feature QA but needs non-automated verification. In the description section, provide test scenarios. Add screenshots, and or recordings of what was tested.
  5. Add QA Passed label when QA has signed off (Only required if the PR was labeled with needs-qa)
  6. Add your team's label, i.e. label starting with team- (or external-contributor label if your not a MetaMask employee)

Description

The build step where sourcemaps are uploaded to Sentry was broken because the Sentry CLI was not installed. The Sentry CLI postinstall script was disabled recently in #7032. It has now been enabled again.

Issue

No related issue

Checklist

  • There is a related GitHub issue
  • Tests are included if applicable
  • Any added code is fully documented

@Gudahtt
fix: Fix Sentry sourcemap upload step
7a38972 
The build step where sourcemaps are uploaded to Sentry was broken
because the Sentry CLI was not installed. The Sentry CLI postinstall
script was disabled recently in #7032. It has now been enabled again.
@Gudahtt Gudahtt requested a review from a team as a code owner September 13, 2023 13:04
@Gudahtt Gudahtt mentioned this pull request Sep 13, 2023
Merged
@socket-security
Copy link

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
@types/react-native-svg-charts 5.0.12 None +2 1.37 MB types
@types/react-native-vector-icons 6.4.13 None +0 11.1 kB types
@wdio/cli 7.31.1 filesystem, environment +2 223 kB wdio-user
@segment/analytics-react-native 2.13.0 network +2 1.98 MB oscb
react-native-aes-crypto 1.3.9 None +0 38 kB tectiv3
react-native-keychain 8.0.0 None +0 204 kB oblador

@socket-security
Copy link

socket-security bot commented Sep 13, 2023
edited

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: @react-native-community/cli-doctor@10.2.5, @walletconnect/time@1.0.2, selenium-webdriver@3.6.0, @ethersproject/random@5.7.0, @types/gitconfiglocal@2.0.1, @types/recursive-readdir@2.2.1, cycle@1.0.3, @ethersproject/constants@5.7.0, ethereum-ens-network-map@1.0.2, backoff@2.5.0, weak@1.0.1, @ethersproject/sha2@5.7.0, @types/react-native-svg-charts@5.0.12, lodash.isfinite@3.3.2, @segment/analytics-react-native@2.13.0, jest-worker@28.1.3

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@Gudahtt Gudahtt added needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) team-mobile-platform labels Sep 13, 2023
@Gudahtt
Copy link
Member Author

Gudahtt commented Sep 13, 2023

@SocketSecurity ignore-all

Hmm. Must be a Socket.dev error. There are no new dependencies here.

@codecov-commenter
Copy link

Codecov Report

Patch and project coverage have no change.

Comparison is base (b23a5f4) 33.15% compared to head (7a38972) 33.15%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7211   +/-   ##
=======================================
  Coverage   33.15%   33.15%           
=======================================
  Files        1005     1005           
  Lines       32656    32656           
  Branches     8398     8398           
=======================================
  Hits        10827    10827           
  Misses      21829    21829

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sonarcloud
Copy link

sonarcloud bot commented Sep 13, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@Gudahtt
Copy link
Member Author

Gudahtt commented Sep 13, 2023

@SocketSecurity ignore-all

False positive, no new dependencies

@sethkfman
Copy link
Contributor

E2E Build Test: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/f702cc8a-9c40-44fe-8262-844fcb5a13c9

@Gudahtt Gudahtt added the No QA Needed/E2E Only Apply this label when your PR does not need any QA effort. label Sep 13, 2023
cortisiko
cortisiko approved these changes Sep 13, 2023
View reviewed changes
Copy link
Member

@cortisiko cortisiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@sethkfman sethkfman merged commit 57dbc0e into main Sep 13, 2023
28 of 29 checks passed
@sethkfman sethkfman deleted the fix-sentry-cli-installation branch September 13, 2023 16:59
@github-actions github-actions bot locked and limited conversation to collaborators Sep 13, 2023
@github-actions github-actions bot removed the needs-dev-review PR needs reviews from other engineers (in order to receive required approvals) label Sep 13, 2023
@metamaskbot metamaskbot added the release-7.8.0 Issue or pull request that will be included in release 7.8.0 label Sep 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cortisiko cortisiko cortisiko approved these changes

Assignees
No one assigned
Labels
No QA Needed/E2E Only Apply this label when your PR does not need any QA effort. release-7.8.0 Issue or pull request that will be included in release 7.8.0 team-mobile-platform
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Gudahtt @codecov-commenter @sethkfman @cortisiko @metamaskbot