fix(ci): checkout in sentry-release job; telemetry config as secrets#17
Merged
Conversation
getsentry/action-release@v1 internally runs `sentry-cli releases set-commits --auto`, which requires a git repository on disk to detect commits between releases. Without a prior `actions/checkout`, the runner has only the downloaded artifact in its working directory and sentry-cli fails with "could not find repository at '.'". Adds `actions/checkout@v4` with `fetch-depth: 0` so the auto-discovery has enough history to attach commits to the Sentry release. Also stores POSTHOG_API_KEY / SENTRY_DSN_AUTOMATIONS / AUTOMATION_EVENT_API_URL as secrets rather than repo vars — light-touch obfuscation in CI logs. The values are still safe-to-embed at the project level (write-only Sentry DSNs and PostHog project keys), but treating them as secrets keeps them from rendering verbatim in workflow output.
Swimburger
approved these changes
May 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two small CI fixes for the release pipeline merged in #16.
Changes
fix: actions/checkout in sentry-release jobA real
workflow_dispatchrun ofrelease.ymlforpreview@v0.0.1-ci-testfailed with:```
Command failed: sentry-cli ... releases set-commits preview@v0.0.1-ci-test --auto
error: could not find repository at '.'; class=Repository (6); code=NotFound (-3)
```
Root cause:
getsentry/action-release@v1internally runssentry-cli releases set-commits --auto, which requires a git repository on disk so it can attach the relevant commits to the new Sentry release. Thesentry-releasejob downloaded the bundle artifact but never ranactions/checkout, so the runner's working directory had no git repo.Fix: add
actions/checkout@v4withfetch-depth: 0as the first step of thesentry-releasejob. Full history is cheap (small repo) and givesset-commits --autoenough context to detect commits between releases.chore: store telemetry config as secretsMoves
POSTHOG_API_KEY,SENTRY_DSN_AUTOMATIONS, andAUTOMATION_EVENT_API_URLfrom repo vars to secrets. These values are technically write-only at the project level and could be vars, but treating them as secrets keeps them from rendering verbatim in CI logs — light-touch obfuscation only.SENTRY_ORG(buildwithfern) andSENTRY_PROJECT(automations-actions) remain hardcoded in the workflow — they're not sensitive and don't need to be configurable.Updates
CONTRIBUTING.md's required-configuration table to match.Test plan
actionlintcleanpnpm check+pnpm typecheck) passpreview@v0.0.1-ci-test(or another throwaway version) and confirmsentry-releaseruns end-to-end. SetPOSTHOG_API_KEY,SENTRY_DSN_AUTOMATIONS,AUTOMATION_EVENT_API_URL, andFERN_SENTRY_AUTH_TOKENas repo secrets first.