From 9a2bfa836dd50d384af1f965132e49ba5ac5a7aa Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Thu, 29 May 2025 18:16:45 +0300 Subject: [PATCH 01/11] fix(sec): Reduct sensitive data from Maestro logs --- .github/workflows/e2e.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 48c2ec055c..a9450ea6e2 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -414,6 +414,19 @@ jobs: if: ${{ matrix.platform == 'ios' }} run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test + - name: Redact sensitive data from logs + if: ${{ always() }} + run: | + if [[ "$(uname)" == "Darwin" ]]; then + find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ + sed -i '' "s/${{ secrets.SENTRY_AUTH_TOKEN }}/[REDACTED]/g" {} + + echo 'Redacted sensitive data from logs on MacOS' + else + find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ + sed -i "s/${{ secrets.SENTRY_AUTH_TOKEN }}/[REDACTED]/g" {} + + echo 'Redacted sensitive data from logs on Ubuntu' + fi + - name: Upload logs if: ${{ always() }} uses: actions/upload-artifact@v4 From f9c7f701f25dff6964e7b5d958effadc059b84c7 Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Fri, 30 May 2025 13:31:16 +0300 Subject: [PATCH 02/11] Test secret reduction script --- .github/workflows/e2e.yml | 360 +------------------------------------- 1 file changed, 8 insertions(+), 352 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index a9450ea6e2..11ce689ee5 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -25,277 +25,10 @@ jobs: uses: ./.github/workflows/skip-ci-noauth.yml secrets: inherit - metrics: - runs-on: ${{ matrix.runs-on }} - needs: [diff_check, auth_token_check] - if: ${{ needs.diff_check.outputs.skip_ci != 'true' && needs.auth_token_check.outputs.skip_ci != 'true' && !startsWith(github.ref, 'refs/heads/release/') }} - env: - SENTRY_DISABLE_AUTO_UPLOAD: 'true' - strategy: - # we want that the matrix keeps running, default is to cancel them if it fails. - fail-fast: false - matrix: - rn-architecture: ['legacy', 'new'] - platform: ["ios", "android"] - include: - - platform: ios - runs-on: macos-13 - name: iOS - appPlain: performance-tests/test-app-plain.ipa - - platform: android - # Not using the latest version due to a known issue: https://github.com/getsentry/sentry-react-native/issues/4418 - runs-on: ubuntu-22.04 - name: Android - appPlain: performance-tests/TestAppPlain/android/app/build/outputs/apk/release/app-release.apk - steps: - - uses: actions/checkout@v4 - - - uses: ./.github/actions/disk-cleanup - if: ${{ matrix.platform == 'android' }} - - - run: sudo xcode-select -s /Applications/Xcode_14.2.app/Contents/Developer - if: ${{ matrix.platform == 'ios' }} - - - run: npm i -g corepack - - uses: actions/setup-node@v4 - with: - node-version: 18 - cache: 'yarn' - cache-dependency-path: yarn.lock - - - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: "adopt" - - name: Gradle cache - uses: gradle/gradle-build-action@v3 - - name: Install Global Dependencies - run: npm i -g react-native-cli @sentry/cli - - name: Install Dependencies - run: yarn install - - name: Build SDK - run: yarn build - - - uses: actions/cache@v4 - id: app-plain-cache - with: - path: ${{ matrix.appPlain }} - # if the whole plain app folder is hashed the cache is never hit as there are files generated in the folder - # the cache key is calculated both at cache retrieval and save time - # hashFiles fails when there are rn android new arch generated files in the folder (exact reason unknown) - # we removed the lock file of the app due to monorepo changes, we use the package.json instead - # to avoid frequent rebuilds of the app - key: ${{ github.workflow }}-${{ github.job }}-appplain-${{ matrix.platform }}-${{ matrix.rn-architecture }}-${{ hashFiles('performance-tests/TestAppSentry/package.json') }} - - name: Build app plain - if: steps.app-plain-cache.outputs['cache-hit'] != 'true' - working-directory: ./performance-tests/TestAppPlain - run: | - cd ${{ matrix.platform }} - if [[ "${{ matrix.platform }}" == "android" ]]; then - if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then - perl -i -pe's/newArchEnabled=false/newArchEnabled=true/g' gradle.properties - fi - ./gradlew assembleRelease - else - export PRODUCTION=1 - if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then - export RCT_NEW_ARCH_ENABLED=1 - fi - pod install - cd ../.. - fastlane build_perf_test_app_plain - fi - env: - APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} - APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} - APP_STORE_CONNECT_KEY: ${{ secrets.APP_STORE_CONNECT_KEY }} - FASTLANE_KEYCHAIN_PASSWORD: ${{ secrets.FASTLANE_KEYCHAIN_PASSWORD }} - MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} - MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} - MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} - - name: Build app with Sentry - working-directory: ./performance-tests/TestAppSentry - run: | - cd ${{ matrix.platform }} - if [[ "${{ matrix.platform }}" == "android" ]]; then - if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then - perl -i -pe's/newArchEnabled=false/newArchEnabled=true/g' gradle.properties - fi - ./gradlew assembleRelease - else - export PRODUCTION=1 - if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then - export RCT_NEW_ARCH_ENABLED=1 - fi - pod install - cd ../.. - fastlane build_perf_test_app_sentry - cd TestAppSentry - fi - env: - APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} - APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} - APP_STORE_CONNECT_KEY: ${{ secrets.APP_STORE_CONNECT_KEY }} - FASTLANE_KEYCHAIN_PASSWORD: ${{ secrets.FASTLANE_KEYCHAIN_PASSWORD }} - MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} - MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} - MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} - - name: Collect apps metrics - uses: getsentry/action-app-sdk-overhead-metrics@v1 - with: - name: ${{ matrix.name }} (${{ matrix.rn-architecture }}) - config: ./performance-tests/metrics-${{ matrix.platform }}.yml - sauce-user: ${{ secrets.SAUCE_USERNAME }} - sauce-key: ${{ secrets.SAUCE_ACCESS_KEY }} - - react-native-build: - name: Build RN ${{ matrix.rn-version }} ${{ matrix.rn-architecture }} ${{ matrix.engine }} ${{ matrix.platform }} ${{ matrix.build-type }} ${{ matrix.ios-use-frameworks }} - runs-on: ${{ matrix.runs-on }} - needs: [diff_check, auth_token_check] - if: ${{ needs.diff_check.outputs.skip_ci != 'true' && needs.auth_token_check.outputs.skip_ci != 'true' && !startsWith(github.ref, 'refs/heads/release/') }} - env: - RN_VERSION: ${{ matrix.rn-version }} - RN_ENGINE: ${{ matrix.engine }} - USE_FRAMEWORKS: ${{ matrix.ios-use-frameworks }} - PRODUCTION: ${{ matrix.build-type == 'production' && '1' || '0' }} - RCT_NEW_ARCH_ENABLED: ${{ matrix.rn-architecture == 'new' && '1' || '0' }} - SENTRY_DISABLE_AUTO_UPLOAD: 'false' - strategy: - fail-fast: false # keeps matrix running if one fails - matrix: - rn-version: ['0.65.3', '0.79.1'] - rn-architecture: ['legacy', 'new'] - platform: ['android', 'ios'] - build-type: ['production'] - ios-use-frameworks: ['no', 'static', 'dynamic'] - engine: ['hermes', 'jsc'] - include: - - platform: ios - rn-version: '0.79.1' - xcode-version: '16.2' - runs-on: macos-15 - - platform: ios - rn-version: '0.65.3' - xcode-version: '14.2' - runs-on: macos-13 - - platform: android - runs-on: ubuntu-latest - exclude: - # exclude JSC for new RN versions (keeping the matrix manageable) - - rn-version: '0.79.1' - engine: 'jsc' - # exclude all rn versions lower than 0.70.0 for new architecture - - rn-version: '0.65.3' - rn-architecture: 'new' - # exlude old rn version for use frameworks builds (to minimalize the matrix) - - rn-version: '0.65.3' - platform: 'ios' - ios-use-frameworks: 'static' - - rn-version: '0.65.3' - platform: 'ios' - ios-use-frameworks: 'dynamic' - # use frameworks is ios only feature - - platform: 'android' - ios-use-frameworks: 'static' - - platform: 'android' - ios-use-frameworks: 'dynamic' - # exclude new rn architecture and dynamic frameworks - - rn-architecture: 'new' - ios-use-frameworks: 'dynamic' - - steps: - - uses: actions/checkout@v4 - - - uses: ./.github/actions/disk-cleanup - if: ${{ matrix.platform == 'android' }} - - - name: Sentry Release - run: | - SENTRY_RELEASE_CANDIDATE=$(echo 'e2e/${{ github.ref }}' | perl -pe 's/\//-/g') - echo "SENTRY_RELEASE=$SENTRY_RELEASE_CANDIDATE" >> $GITHUB_ENV - - - name: Sentry Dist - run: | - SENTRY_DIST_CANDIDATE=${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-${GITHUB_SHA:0:8} - echo "SENTRY_DIST=$SENTRY_DIST_CANDIDATE" >> $GITHUB_ENV - - - name: Sentry Envs - run: | - echo "SENTRY_RELEASE=$SENTRY_RELEASE" - echo "SENTRY_DIST=$SENTRY_DIST" - - - run: sudo xcode-select -s /Applications/Xcode_${{ matrix.xcode-version }}.app/Contents/Developer - if: ${{ matrix.platform == 'ios' }} - - - run: npm i -g corepack - - uses: actions/setup-node@v4 - with: - node-version: 18 - cache: 'yarn' - cache-dependency-path: yarn.lock - - - uses: actions/setup-java@v4 - with: - java-version: ${{ matrix.rn-version == '0.65.3' && '11' || '17' }} - distribution: 'adopt' - - - name: Gradle cache - uses: gradle/gradle-build-action@v3 - - - name: Setup Global Tools - run: | - npm i -g yalc semver - - - name: Setup Global Xcode Tools - if: ${{ matrix.platform == 'ios' }} - run: which xcbeautify || brew install xcbeautify - - - name: Install JS Dependencies - run: yarn install - - - name: Setup Plain RN ${{ matrix.rn-version }} App - run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --create - - # The old node has to be enabled after creating the test app - # to avoid issues with the old node version - - run: corepack disable - - uses: actions/setup-node@v4 - if: ${{ matrix.rn-version == '0.65.3' }} - with: - node-version: 16 - - - uses: ruby/setup-ruby@v1 - if: ${{ matrix.platform == 'ios' }} - with: - working-directory: dev-packages/e2e-tests/react-native-versions/${{ matrix.rn-version }}/RnDiffApp - ruby-version: '3.3.0' # based on what is used in the sample - bundler-cache: true # runs 'bundle install' and caches installed gems automatically - cache-version: 1 # cache the installed gems - - - name: Build Plain RN ${{ matrix.rn-version }} App - run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --build - - - name: Upload App - if: matrix.build-type == 'production' - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-app-package - path: dev-packages/e2e-tests/RnDiffApp.ap* - retention-days: 1 - - - name: Upload logs - if: ${{ always() }} - uses: actions/upload-artifact@v4 - with: - name: rn-build-logs-${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }} - path: dev-packages/e2e-tests/react-native-versions/${{ matrix.rn-version }}/RnDiffApp/ios/*.log - react-native-test: name: Test RN ${{ matrix.rn-version }} ${{ matrix.rn-architecture }} ${{ matrix.engine }} ${{ matrix.platform }} ${{ matrix.build-type }} ${{ matrix.ios-use-frameworks }} - needs: [react-native-build, diff_check] - if: ${{ needs.diff_check.outputs.skip_ci != 'true' }} runs-on: ${{ matrix.runs-on }} strategy: @@ -329,101 +62,24 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Install Maestro - uses: dniHze/maestro-test-action@bda8a93211c86d0a05b7a4597c5ad134566fbde4 # pin@v1.0.0 - with: - version: ${{env.MAESTRO_VERSION}} - - - name: Install iDB Companion - if: ${{ matrix.platform == 'ios' }} - run: brew tap facebook/fb && brew install facebook/fb/idb-companion - - - uses: ./.github/actions/disk-cleanup - if: ${{ matrix.platform == 'android' }} - - - name: Setup Global Xcode Tools - if: ${{ matrix.platform == 'ios' }} - run: which xcbeautify || brew install xcbeautify - - - name: Download App Package - if: matrix.build-type == 'production' - uses: actions/download-artifact@v4 - with: - name: ${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-app-package - path: dev-packages/e2e-tests - - - name: Enable Corepack - run: npm i -g corepack - - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: 'yarn' - cache-dependency-path: yarn.lock - - - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'adopt' - - - name: Gradle cache - uses: gradle/gradle-build-action@v3 - - - name: Setup KVM - if: ${{ matrix.platform == 'android' }} - shell: bash + - name: Create test file with dummy secret (TESTING ONLY) + if: ${{ always() }} run: | - # check if virtualization is supported... - sudo apt install -y --no-install-recommends cpu-checker coreutils && echo "CPUs=$(nproc --all)" && kvm-ok - # allow access to KVM to run the emulator - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \ - | sudo tee /etc/udev/rules.d/99-kvm4all.rules - sudo udevadm control --reload-rules - sudo udevadm trigger --name-match=kvm - - - name: Install JS Dependencies - run: yarn install - - - name: Run tests on Android - if: ${{ matrix.platform == 'android' }} - uses: reactivecircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # pin@v2.34.0 - with: - api-level: 30 - force-avd-creation: false - disable-animations: true - disable-spellchecker: true - target: 'aosp_atd' - channel: canary # Necessary for ATDs - emulator-options: > - -no-window - -no-snapshot-save - -gpu swiftshader_indirect - -noaudio - -no-boot-anim - -camera-back none - -camera-front none - -timezone US/Pacific - script: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test - - - uses: futureware-tech/simulator-action@dab10d813144ef59b48d401cd95da151222ef8cd # pin@v4 - if: ${{ matrix.platform == 'ios' }} - with: - model: ${{ env.IOS_DEVICE }} - os_version: ${{ env.IOS_VERSION }} - - - name: Run tests on iOS - if: ${{ matrix.platform == 'ios' }} - run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test + mkdir -p ./dev-packages/e2e-tests/maestro-logs + echo '{"test": "This contains the secret dummy-secret-12345 in the middle"}' > ./dev-packages/e2e-tests/maestro-logs/test-secret.json + echo 'Another line with dummy-secret-12345 here' > ./dev-packages/e2e-tests/maestro-logs/test-secret.txt + echo 'Created test files with dummy secret: dummy-secret-12345' - name: Redact sensitive data from logs if: ${{ always() }} run: | if [[ "$(uname)" == "Darwin" ]]; then find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ - sed -i '' "s/${{ secrets.SENTRY_AUTH_TOKEN }}/[REDACTED]/g" {} + + sed -i '' "s/dummy-secret-12345/[REDACTED]/g" {} + echo 'Redacted sensitive data from logs on MacOS' else find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ - sed -i "s/${{ secrets.SENTRY_AUTH_TOKEN }}/[REDACTED]/g" {} + + sed -i "s/dummy-secret-12345/[REDACTED]/g" {} + echo 'Redacted sensitive data from logs on Ubuntu' fi From 632a831b082b7f5c9e9bf4dd9039de3c88553036 Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Fri, 30 May 2025 13:33:14 +0300 Subject: [PATCH 03/11] Revert "Test secret reduction script" This reverts commit f9c7f701f25dff6964e7b5d958effadc059b84c7. --- .github/workflows/e2e.yml | 360 +++++++++++++++++++++++++++++++++++++- 1 file changed, 352 insertions(+), 8 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 11ce689ee5..a9450ea6e2 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -25,10 +25,277 @@ jobs: uses: ./.github/workflows/skip-ci-noauth.yml secrets: inherit + metrics: + runs-on: ${{ matrix.runs-on }} + needs: [diff_check, auth_token_check] + if: ${{ needs.diff_check.outputs.skip_ci != 'true' && needs.auth_token_check.outputs.skip_ci != 'true' && !startsWith(github.ref, 'refs/heads/release/') }} + env: + SENTRY_DISABLE_AUTO_UPLOAD: 'true' + strategy: + # we want that the matrix keeps running, default is to cancel them if it fails. + fail-fast: false + matrix: + rn-architecture: ['legacy', 'new'] + platform: ["ios", "android"] + include: + - platform: ios + runs-on: macos-13 + name: iOS + appPlain: performance-tests/test-app-plain.ipa + - platform: android + # Not using the latest version due to a known issue: https://github.com/getsentry/sentry-react-native/issues/4418 + runs-on: ubuntu-22.04 + name: Android + appPlain: performance-tests/TestAppPlain/android/app/build/outputs/apk/release/app-release.apk + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/disk-cleanup + if: ${{ matrix.platform == 'android' }} + + - run: sudo xcode-select -s /Applications/Xcode_14.2.app/Contents/Developer + if: ${{ matrix.platform == 'ios' }} + + - run: npm i -g corepack + - uses: actions/setup-node@v4 + with: + node-version: 18 + cache: 'yarn' + cache-dependency-path: yarn.lock + + - uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: "adopt" + - name: Gradle cache + uses: gradle/gradle-build-action@v3 + - name: Install Global Dependencies + run: npm i -g react-native-cli @sentry/cli + - name: Install Dependencies + run: yarn install + - name: Build SDK + run: yarn build + + - uses: actions/cache@v4 + id: app-plain-cache + with: + path: ${{ matrix.appPlain }} + # if the whole plain app folder is hashed the cache is never hit as there are files generated in the folder + # the cache key is calculated both at cache retrieval and save time + # hashFiles fails when there are rn android new arch generated files in the folder (exact reason unknown) + # we removed the lock file of the app due to monorepo changes, we use the package.json instead + # to avoid frequent rebuilds of the app + key: ${{ github.workflow }}-${{ github.job }}-appplain-${{ matrix.platform }}-${{ matrix.rn-architecture }}-${{ hashFiles('performance-tests/TestAppSentry/package.json') }} + - name: Build app plain + if: steps.app-plain-cache.outputs['cache-hit'] != 'true' + working-directory: ./performance-tests/TestAppPlain + run: | + cd ${{ matrix.platform }} + if [[ "${{ matrix.platform }}" == "android" ]]; then + if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then + perl -i -pe's/newArchEnabled=false/newArchEnabled=true/g' gradle.properties + fi + ./gradlew assembleRelease + else + export PRODUCTION=1 + if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then + export RCT_NEW_ARCH_ENABLED=1 + fi + pod install + cd ../.. + fastlane build_perf_test_app_plain + fi + env: + APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} + APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} + APP_STORE_CONNECT_KEY: ${{ secrets.APP_STORE_CONNECT_KEY }} + FASTLANE_KEYCHAIN_PASSWORD: ${{ secrets.FASTLANE_KEYCHAIN_PASSWORD }} + MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} + - name: Build app with Sentry + working-directory: ./performance-tests/TestAppSentry + run: | + cd ${{ matrix.platform }} + if [[ "${{ matrix.platform }}" == "android" ]]; then + if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then + perl -i -pe's/newArchEnabled=false/newArchEnabled=true/g' gradle.properties + fi + ./gradlew assembleRelease + else + export PRODUCTION=1 + if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then + export RCT_NEW_ARCH_ENABLED=1 + fi + pod install + cd ../.. + fastlane build_perf_test_app_sentry + cd TestAppSentry + fi + env: + APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} + APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} + APP_STORE_CONNECT_KEY: ${{ secrets.APP_STORE_CONNECT_KEY }} + FASTLANE_KEYCHAIN_PASSWORD: ${{ secrets.FASTLANE_KEYCHAIN_PASSWORD }} + MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} + - name: Collect apps metrics + uses: getsentry/action-app-sdk-overhead-metrics@v1 + with: + name: ${{ matrix.name }} (${{ matrix.rn-architecture }}) + config: ./performance-tests/metrics-${{ matrix.platform }}.yml + sauce-user: ${{ secrets.SAUCE_USERNAME }} + sauce-key: ${{ secrets.SAUCE_ACCESS_KEY }} + + react-native-build: + name: Build RN ${{ matrix.rn-version }} ${{ matrix.rn-architecture }} ${{ matrix.engine }} ${{ matrix.platform }} ${{ matrix.build-type }} ${{ matrix.ios-use-frameworks }} + runs-on: ${{ matrix.runs-on }} + needs: [diff_check, auth_token_check] + if: ${{ needs.diff_check.outputs.skip_ci != 'true' && needs.auth_token_check.outputs.skip_ci != 'true' && !startsWith(github.ref, 'refs/heads/release/') }} + env: + RN_VERSION: ${{ matrix.rn-version }} + RN_ENGINE: ${{ matrix.engine }} + USE_FRAMEWORKS: ${{ matrix.ios-use-frameworks }} + PRODUCTION: ${{ matrix.build-type == 'production' && '1' || '0' }} + RCT_NEW_ARCH_ENABLED: ${{ matrix.rn-architecture == 'new' && '1' || '0' }} + SENTRY_DISABLE_AUTO_UPLOAD: 'false' + strategy: + fail-fast: false # keeps matrix running if one fails + matrix: + rn-version: ['0.65.3', '0.79.1'] + rn-architecture: ['legacy', 'new'] + platform: ['android', 'ios'] + build-type: ['production'] + ios-use-frameworks: ['no', 'static', 'dynamic'] + engine: ['hermes', 'jsc'] + include: + - platform: ios + rn-version: '0.79.1' + xcode-version: '16.2' + runs-on: macos-15 + - platform: ios + rn-version: '0.65.3' + xcode-version: '14.2' + runs-on: macos-13 + - platform: android + runs-on: ubuntu-latest + exclude: + # exclude JSC for new RN versions (keeping the matrix manageable) + - rn-version: '0.79.1' + engine: 'jsc' + # exclude all rn versions lower than 0.70.0 for new architecture + - rn-version: '0.65.3' + rn-architecture: 'new' + # exlude old rn version for use frameworks builds (to minimalize the matrix) + - rn-version: '0.65.3' + platform: 'ios' + ios-use-frameworks: 'static' + - rn-version: '0.65.3' + platform: 'ios' + ios-use-frameworks: 'dynamic' + # use frameworks is ios only feature + - platform: 'android' + ios-use-frameworks: 'static' + - platform: 'android' + ios-use-frameworks: 'dynamic' + # exclude new rn architecture and dynamic frameworks + - rn-architecture: 'new' + ios-use-frameworks: 'dynamic' + + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/disk-cleanup + if: ${{ matrix.platform == 'android' }} + + - name: Sentry Release + run: | + SENTRY_RELEASE_CANDIDATE=$(echo 'e2e/${{ github.ref }}' | perl -pe 's/\//-/g') + echo "SENTRY_RELEASE=$SENTRY_RELEASE_CANDIDATE" >> $GITHUB_ENV + + - name: Sentry Dist + run: | + SENTRY_DIST_CANDIDATE=${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-${GITHUB_SHA:0:8} + echo "SENTRY_DIST=$SENTRY_DIST_CANDIDATE" >> $GITHUB_ENV + + - name: Sentry Envs + run: | + echo "SENTRY_RELEASE=$SENTRY_RELEASE" + echo "SENTRY_DIST=$SENTRY_DIST" + + - run: sudo xcode-select -s /Applications/Xcode_${{ matrix.xcode-version }}.app/Contents/Developer + if: ${{ matrix.platform == 'ios' }} + + - run: npm i -g corepack + - uses: actions/setup-node@v4 + with: + node-version: 18 + cache: 'yarn' + cache-dependency-path: yarn.lock + + - uses: actions/setup-java@v4 + with: + java-version: ${{ matrix.rn-version == '0.65.3' && '11' || '17' }} + distribution: 'adopt' + + - name: Gradle cache + uses: gradle/gradle-build-action@v3 + + - name: Setup Global Tools + run: | + npm i -g yalc semver + + - name: Setup Global Xcode Tools + if: ${{ matrix.platform == 'ios' }} + run: which xcbeautify || brew install xcbeautify + + - name: Install JS Dependencies + run: yarn install + + - name: Setup Plain RN ${{ matrix.rn-version }} App + run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --create + + # The old node has to be enabled after creating the test app + # to avoid issues with the old node version + - run: corepack disable + - uses: actions/setup-node@v4 + if: ${{ matrix.rn-version == '0.65.3' }} + with: + node-version: 16 + + - uses: ruby/setup-ruby@v1 + if: ${{ matrix.platform == 'ios' }} + with: + working-directory: dev-packages/e2e-tests/react-native-versions/${{ matrix.rn-version }}/RnDiffApp + ruby-version: '3.3.0' # based on what is used in the sample + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + cache-version: 1 # cache the installed gems + + - name: Build Plain RN ${{ matrix.rn-version }} App + run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --build + + - name: Upload App + if: matrix.build-type == 'production' + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-app-package + path: dev-packages/e2e-tests/RnDiffApp.ap* + retention-days: 1 + + - name: Upload logs + if: ${{ always() }} + uses: actions/upload-artifact@v4 + with: + name: rn-build-logs-${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }} + path: dev-packages/e2e-tests/react-native-versions/${{ matrix.rn-version }}/RnDiffApp/ios/*.log + react-native-test: name: Test RN ${{ matrix.rn-version }} ${{ matrix.rn-architecture }} ${{ matrix.engine }} ${{ matrix.platform }} ${{ matrix.build-type }} ${{ matrix.ios-use-frameworks }} + needs: [react-native-build, diff_check] + if: ${{ needs.diff_check.outputs.skip_ci != 'true' }} runs-on: ${{ matrix.runs-on }} strategy: @@ -62,24 +329,101 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Create test file with dummy secret (TESTING ONLY) - if: ${{ always() }} + - name: Install Maestro + uses: dniHze/maestro-test-action@bda8a93211c86d0a05b7a4597c5ad134566fbde4 # pin@v1.0.0 + with: + version: ${{env.MAESTRO_VERSION}} + + - name: Install iDB Companion + if: ${{ matrix.platform == 'ios' }} + run: brew tap facebook/fb && brew install facebook/fb/idb-companion + + - uses: ./.github/actions/disk-cleanup + if: ${{ matrix.platform == 'android' }} + + - name: Setup Global Xcode Tools + if: ${{ matrix.platform == 'ios' }} + run: which xcbeautify || brew install xcbeautify + + - name: Download App Package + if: matrix.build-type == 'production' + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-app-package + path: dev-packages/e2e-tests + + - name: Enable Corepack + run: npm i -g corepack + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: 'yarn' + cache-dependency-path: yarn.lock + + - uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'adopt' + + - name: Gradle cache + uses: gradle/gradle-build-action@v3 + + - name: Setup KVM + if: ${{ matrix.platform == 'android' }} + shell: bash run: | - mkdir -p ./dev-packages/e2e-tests/maestro-logs - echo '{"test": "This contains the secret dummy-secret-12345 in the middle"}' > ./dev-packages/e2e-tests/maestro-logs/test-secret.json - echo 'Another line with dummy-secret-12345 here' > ./dev-packages/e2e-tests/maestro-logs/test-secret.txt - echo 'Created test files with dummy secret: dummy-secret-12345' + # check if virtualization is supported... + sudo apt install -y --no-install-recommends cpu-checker coreutils && echo "CPUs=$(nproc --all)" && kvm-ok + # allow access to KVM to run the emulator + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \ + | sudo tee /etc/udev/rules.d/99-kvm4all.rules + sudo udevadm control --reload-rules + sudo udevadm trigger --name-match=kvm + + - name: Install JS Dependencies + run: yarn install + + - name: Run tests on Android + if: ${{ matrix.platform == 'android' }} + uses: reactivecircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # pin@v2.34.0 + with: + api-level: 30 + force-avd-creation: false + disable-animations: true + disable-spellchecker: true + target: 'aosp_atd' + channel: canary # Necessary for ATDs + emulator-options: > + -no-window + -no-snapshot-save + -gpu swiftshader_indirect + -noaudio + -no-boot-anim + -camera-back none + -camera-front none + -timezone US/Pacific + script: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test + + - uses: futureware-tech/simulator-action@dab10d813144ef59b48d401cd95da151222ef8cd # pin@v4 + if: ${{ matrix.platform == 'ios' }} + with: + model: ${{ env.IOS_DEVICE }} + os_version: ${{ env.IOS_VERSION }} + + - name: Run tests on iOS + if: ${{ matrix.platform == 'ios' }} + run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test - name: Redact sensitive data from logs if: ${{ always() }} run: | if [[ "$(uname)" == "Darwin" ]]; then find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ - sed -i '' "s/dummy-secret-12345/[REDACTED]/g" {} + + sed -i '' "s/${{ secrets.SENTRY_AUTH_TOKEN }}/[REDACTED]/g" {} + echo 'Redacted sensitive data from logs on MacOS' else find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ - sed -i "s/dummy-secret-12345/[REDACTED]/g" {} + + sed -i "s/${{ secrets.SENTRY_AUTH_TOKEN }}/[REDACTED]/g" {} + echo 'Redacted sensitive data from logs on Ubuntu' fi From a0e516ff6e5f61aa0b51c1265e37f05842628f86 Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Fri, 30 May 2025 14:43:22 +0300 Subject: [PATCH 04/11] Use variable substitution to avoid leaking in the GH logs --- .github/workflows/e2e.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index a9450ea6e2..41fe1e4fce 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -419,11 +419,11 @@ jobs: run: | if [[ "$(uname)" == "Darwin" ]]; then find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ - sed -i '' "s/${{ secrets.SENTRY_AUTH_TOKEN }}/[REDACTED]/g" {} + + sed -i '' "s/${SENTRY_AUTH_TOKEN}/[REDACTED]/g" {} + echo 'Redacted sensitive data from logs on MacOS' else find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ - sed -i "s/${{ secrets.SENTRY_AUTH_TOKEN }}/[REDACTED]/g" {} + + sed -i "s/${SENTRY_AUTH_TOKEN}/[REDACTED]/g" {} + echo 'Redacted sensitive data from logs on Ubuntu' fi From 431eccd81aba2d87dae0d71157d68f665beb3db5 Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Fri, 30 May 2025 14:45:56 +0300 Subject: [PATCH 05/11] Test secret reduction script --- .github/workflows/e2e.yml | 358 +------------------------------------- 1 file changed, 7 insertions(+), 351 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 41fe1e4fce..939f8fcb13 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -13,7 +13,7 @@ concurrency: cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} + SENTRY_AUTH_TOKEN: 'dummy-secret-12345' MAESTRO_VERSION: '1.40.3' IOS_DEVICE: 'iPhone 16' IOS_VERSION: '18.1' @@ -25,277 +25,10 @@ jobs: uses: ./.github/workflows/skip-ci-noauth.yml secrets: inherit - metrics: - runs-on: ${{ matrix.runs-on }} - needs: [diff_check, auth_token_check] - if: ${{ needs.diff_check.outputs.skip_ci != 'true' && needs.auth_token_check.outputs.skip_ci != 'true' && !startsWith(github.ref, 'refs/heads/release/') }} - env: - SENTRY_DISABLE_AUTO_UPLOAD: 'true' - strategy: - # we want that the matrix keeps running, default is to cancel them if it fails. - fail-fast: false - matrix: - rn-architecture: ['legacy', 'new'] - platform: ["ios", "android"] - include: - - platform: ios - runs-on: macos-13 - name: iOS - appPlain: performance-tests/test-app-plain.ipa - - platform: android - # Not using the latest version due to a known issue: https://github.com/getsentry/sentry-react-native/issues/4418 - runs-on: ubuntu-22.04 - name: Android - appPlain: performance-tests/TestAppPlain/android/app/build/outputs/apk/release/app-release.apk - steps: - - uses: actions/checkout@v4 - - - uses: ./.github/actions/disk-cleanup - if: ${{ matrix.platform == 'android' }} - - - run: sudo xcode-select -s /Applications/Xcode_14.2.app/Contents/Developer - if: ${{ matrix.platform == 'ios' }} - - - run: npm i -g corepack - - uses: actions/setup-node@v4 - with: - node-version: 18 - cache: 'yarn' - cache-dependency-path: yarn.lock - - - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: "adopt" - - name: Gradle cache - uses: gradle/gradle-build-action@v3 - - name: Install Global Dependencies - run: npm i -g react-native-cli @sentry/cli - - name: Install Dependencies - run: yarn install - - name: Build SDK - run: yarn build - - - uses: actions/cache@v4 - id: app-plain-cache - with: - path: ${{ matrix.appPlain }} - # if the whole plain app folder is hashed the cache is never hit as there are files generated in the folder - # the cache key is calculated both at cache retrieval and save time - # hashFiles fails when there are rn android new arch generated files in the folder (exact reason unknown) - # we removed the lock file of the app due to monorepo changes, we use the package.json instead - # to avoid frequent rebuilds of the app - key: ${{ github.workflow }}-${{ github.job }}-appplain-${{ matrix.platform }}-${{ matrix.rn-architecture }}-${{ hashFiles('performance-tests/TestAppSentry/package.json') }} - - name: Build app plain - if: steps.app-plain-cache.outputs['cache-hit'] != 'true' - working-directory: ./performance-tests/TestAppPlain - run: | - cd ${{ matrix.platform }} - if [[ "${{ matrix.platform }}" == "android" ]]; then - if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then - perl -i -pe's/newArchEnabled=false/newArchEnabled=true/g' gradle.properties - fi - ./gradlew assembleRelease - else - export PRODUCTION=1 - if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then - export RCT_NEW_ARCH_ENABLED=1 - fi - pod install - cd ../.. - fastlane build_perf_test_app_plain - fi - env: - APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} - APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} - APP_STORE_CONNECT_KEY: ${{ secrets.APP_STORE_CONNECT_KEY }} - FASTLANE_KEYCHAIN_PASSWORD: ${{ secrets.FASTLANE_KEYCHAIN_PASSWORD }} - MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} - MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} - MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} - - name: Build app with Sentry - working-directory: ./performance-tests/TestAppSentry - run: | - cd ${{ matrix.platform }} - if [[ "${{ matrix.platform }}" == "android" ]]; then - if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then - perl -i -pe's/newArchEnabled=false/newArchEnabled=true/g' gradle.properties - fi - ./gradlew assembleRelease - else - export PRODUCTION=1 - if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then - export RCT_NEW_ARCH_ENABLED=1 - fi - pod install - cd ../.. - fastlane build_perf_test_app_sentry - cd TestAppSentry - fi - env: - APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} - APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} - APP_STORE_CONNECT_KEY: ${{ secrets.APP_STORE_CONNECT_KEY }} - FASTLANE_KEYCHAIN_PASSWORD: ${{ secrets.FASTLANE_KEYCHAIN_PASSWORD }} - MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} - MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} - MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} - - name: Collect apps metrics - uses: getsentry/action-app-sdk-overhead-metrics@v1 - with: - name: ${{ matrix.name }} (${{ matrix.rn-architecture }}) - config: ./performance-tests/metrics-${{ matrix.platform }}.yml - sauce-user: ${{ secrets.SAUCE_USERNAME }} - sauce-key: ${{ secrets.SAUCE_ACCESS_KEY }} - - react-native-build: - name: Build RN ${{ matrix.rn-version }} ${{ matrix.rn-architecture }} ${{ matrix.engine }} ${{ matrix.platform }} ${{ matrix.build-type }} ${{ matrix.ios-use-frameworks }} - runs-on: ${{ matrix.runs-on }} - needs: [diff_check, auth_token_check] - if: ${{ needs.diff_check.outputs.skip_ci != 'true' && needs.auth_token_check.outputs.skip_ci != 'true' && !startsWith(github.ref, 'refs/heads/release/') }} - env: - RN_VERSION: ${{ matrix.rn-version }} - RN_ENGINE: ${{ matrix.engine }} - USE_FRAMEWORKS: ${{ matrix.ios-use-frameworks }} - PRODUCTION: ${{ matrix.build-type == 'production' && '1' || '0' }} - RCT_NEW_ARCH_ENABLED: ${{ matrix.rn-architecture == 'new' && '1' || '0' }} - SENTRY_DISABLE_AUTO_UPLOAD: 'false' - strategy: - fail-fast: false # keeps matrix running if one fails - matrix: - rn-version: ['0.65.3', '0.79.1'] - rn-architecture: ['legacy', 'new'] - platform: ['android', 'ios'] - build-type: ['production'] - ios-use-frameworks: ['no', 'static', 'dynamic'] - engine: ['hermes', 'jsc'] - include: - - platform: ios - rn-version: '0.79.1' - xcode-version: '16.2' - runs-on: macos-15 - - platform: ios - rn-version: '0.65.3' - xcode-version: '14.2' - runs-on: macos-13 - - platform: android - runs-on: ubuntu-latest - exclude: - # exclude JSC for new RN versions (keeping the matrix manageable) - - rn-version: '0.79.1' - engine: 'jsc' - # exclude all rn versions lower than 0.70.0 for new architecture - - rn-version: '0.65.3' - rn-architecture: 'new' - # exlude old rn version for use frameworks builds (to minimalize the matrix) - - rn-version: '0.65.3' - platform: 'ios' - ios-use-frameworks: 'static' - - rn-version: '0.65.3' - platform: 'ios' - ios-use-frameworks: 'dynamic' - # use frameworks is ios only feature - - platform: 'android' - ios-use-frameworks: 'static' - - platform: 'android' - ios-use-frameworks: 'dynamic' - # exclude new rn architecture and dynamic frameworks - - rn-architecture: 'new' - ios-use-frameworks: 'dynamic' - - steps: - - uses: actions/checkout@v4 - - - uses: ./.github/actions/disk-cleanup - if: ${{ matrix.platform == 'android' }} - - - name: Sentry Release - run: | - SENTRY_RELEASE_CANDIDATE=$(echo 'e2e/${{ github.ref }}' | perl -pe 's/\//-/g') - echo "SENTRY_RELEASE=$SENTRY_RELEASE_CANDIDATE" >> $GITHUB_ENV - - - name: Sentry Dist - run: | - SENTRY_DIST_CANDIDATE=${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-${GITHUB_SHA:0:8} - echo "SENTRY_DIST=$SENTRY_DIST_CANDIDATE" >> $GITHUB_ENV - - - name: Sentry Envs - run: | - echo "SENTRY_RELEASE=$SENTRY_RELEASE" - echo "SENTRY_DIST=$SENTRY_DIST" - - - run: sudo xcode-select -s /Applications/Xcode_${{ matrix.xcode-version }}.app/Contents/Developer - if: ${{ matrix.platform == 'ios' }} - - - run: npm i -g corepack - - uses: actions/setup-node@v4 - with: - node-version: 18 - cache: 'yarn' - cache-dependency-path: yarn.lock - - - uses: actions/setup-java@v4 - with: - java-version: ${{ matrix.rn-version == '0.65.3' && '11' || '17' }} - distribution: 'adopt' - - - name: Gradle cache - uses: gradle/gradle-build-action@v3 - - - name: Setup Global Tools - run: | - npm i -g yalc semver - - - name: Setup Global Xcode Tools - if: ${{ matrix.platform == 'ios' }} - run: which xcbeautify || brew install xcbeautify - - - name: Install JS Dependencies - run: yarn install - - - name: Setup Plain RN ${{ matrix.rn-version }} App - run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --create - - # The old node has to be enabled after creating the test app - # to avoid issues with the old node version - - run: corepack disable - - uses: actions/setup-node@v4 - if: ${{ matrix.rn-version == '0.65.3' }} - with: - node-version: 16 - - - uses: ruby/setup-ruby@v1 - if: ${{ matrix.platform == 'ios' }} - with: - working-directory: dev-packages/e2e-tests/react-native-versions/${{ matrix.rn-version }}/RnDiffApp - ruby-version: '3.3.0' # based on what is used in the sample - bundler-cache: true # runs 'bundle install' and caches installed gems automatically - cache-version: 1 # cache the installed gems - - - name: Build Plain RN ${{ matrix.rn-version }} App - run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --build - - - name: Upload App - if: matrix.build-type == 'production' - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-app-package - path: dev-packages/e2e-tests/RnDiffApp.ap* - retention-days: 1 - - - name: Upload logs - if: ${{ always() }} - uses: actions/upload-artifact@v4 - with: - name: rn-build-logs-${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }} - path: dev-packages/e2e-tests/react-native-versions/${{ matrix.rn-version }}/RnDiffApp/ios/*.log - react-native-test: name: Test RN ${{ matrix.rn-version }} ${{ matrix.rn-architecture }} ${{ matrix.engine }} ${{ matrix.platform }} ${{ matrix.build-type }} ${{ matrix.ios-use-frameworks }} - needs: [react-native-build, diff_check] - if: ${{ needs.diff_check.outputs.skip_ci != 'true' }} runs-on: ${{ matrix.runs-on }} strategy: @@ -329,90 +62,13 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Install Maestro - uses: dniHze/maestro-test-action@bda8a93211c86d0a05b7a4597c5ad134566fbde4 # pin@v1.0.0 - with: - version: ${{env.MAESTRO_VERSION}} - - - name: Install iDB Companion - if: ${{ matrix.platform == 'ios' }} - run: brew tap facebook/fb && brew install facebook/fb/idb-companion - - - uses: ./.github/actions/disk-cleanup - if: ${{ matrix.platform == 'android' }} - - - name: Setup Global Xcode Tools - if: ${{ matrix.platform == 'ios' }} - run: which xcbeautify || brew install xcbeautify - - - name: Download App Package - if: matrix.build-type == 'production' - uses: actions/download-artifact@v4 - with: - name: ${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-app-package - path: dev-packages/e2e-tests - - - name: Enable Corepack - run: npm i -g corepack - - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: 'yarn' - cache-dependency-path: yarn.lock - - - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'adopt' - - - name: Gradle cache - uses: gradle/gradle-build-action@v3 - - - name: Setup KVM - if: ${{ matrix.platform == 'android' }} - shell: bash + - name: Create test file with dummy secret (TESTING ONLY) + if: ${{ always() }} run: | - # check if virtualization is supported... - sudo apt install -y --no-install-recommends cpu-checker coreutils && echo "CPUs=$(nproc --all)" && kvm-ok - # allow access to KVM to run the emulator - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \ - | sudo tee /etc/udev/rules.d/99-kvm4all.rules - sudo udevadm control --reload-rules - sudo udevadm trigger --name-match=kvm - - - name: Install JS Dependencies - run: yarn install - - - name: Run tests on Android - if: ${{ matrix.platform == 'android' }} - uses: reactivecircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # pin@v2.34.0 - with: - api-level: 30 - force-avd-creation: false - disable-animations: true - disable-spellchecker: true - target: 'aosp_atd' - channel: canary # Necessary for ATDs - emulator-options: > - -no-window - -no-snapshot-save - -gpu swiftshader_indirect - -noaudio - -no-boot-anim - -camera-back none - -camera-front none - -timezone US/Pacific - script: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test - - - uses: futureware-tech/simulator-action@dab10d813144ef59b48d401cd95da151222ef8cd # pin@v4 - if: ${{ matrix.platform == 'ios' }} - with: - model: ${{ env.IOS_DEVICE }} - os_version: ${{ env.IOS_VERSION }} - - - name: Run tests on iOS - if: ${{ matrix.platform == 'ios' }} - run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test + mkdir -p ./dev-packages/e2e-tests/maestro-logs + echo '{"test": "This contains the secret dummy-secret-12345 in the middle"}' > ./dev-packages/e2e-tests/maestro-logs/test-secret.json + echo 'Another line with dummy-secret-12345 here' > ./dev-packages/e2e-tests/maestro-logs/test-secret.txt + echo 'Created test files with dummy secret: dummy-secret-12345' - name: Redact sensitive data from logs if: ${{ always() }} From 6302cbb2cdd2445419e532bdf5024b679514fc8c Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Fri, 30 May 2025 14:48:02 +0300 Subject: [PATCH 06/11] Revert "Test secret reduction script" This reverts commit 431eccd81aba2d87dae0d71157d68f665beb3db5. --- .github/workflows/e2e.yml | 358 +++++++++++++++++++++++++++++++++++++- 1 file changed, 351 insertions(+), 7 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 939f8fcb13..41fe1e4fce 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -13,7 +13,7 @@ concurrency: cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} env: - SENTRY_AUTH_TOKEN: 'dummy-secret-12345' + SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} MAESTRO_VERSION: '1.40.3' IOS_DEVICE: 'iPhone 16' IOS_VERSION: '18.1' @@ -25,10 +25,277 @@ jobs: uses: ./.github/workflows/skip-ci-noauth.yml secrets: inherit + metrics: + runs-on: ${{ matrix.runs-on }} + needs: [diff_check, auth_token_check] + if: ${{ needs.diff_check.outputs.skip_ci != 'true' && needs.auth_token_check.outputs.skip_ci != 'true' && !startsWith(github.ref, 'refs/heads/release/') }} + env: + SENTRY_DISABLE_AUTO_UPLOAD: 'true' + strategy: + # we want that the matrix keeps running, default is to cancel them if it fails. + fail-fast: false + matrix: + rn-architecture: ['legacy', 'new'] + platform: ["ios", "android"] + include: + - platform: ios + runs-on: macos-13 + name: iOS + appPlain: performance-tests/test-app-plain.ipa + - platform: android + # Not using the latest version due to a known issue: https://github.com/getsentry/sentry-react-native/issues/4418 + runs-on: ubuntu-22.04 + name: Android + appPlain: performance-tests/TestAppPlain/android/app/build/outputs/apk/release/app-release.apk + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/disk-cleanup + if: ${{ matrix.platform == 'android' }} + + - run: sudo xcode-select -s /Applications/Xcode_14.2.app/Contents/Developer + if: ${{ matrix.platform == 'ios' }} + + - run: npm i -g corepack + - uses: actions/setup-node@v4 + with: + node-version: 18 + cache: 'yarn' + cache-dependency-path: yarn.lock + + - uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: "adopt" + - name: Gradle cache + uses: gradle/gradle-build-action@v3 + - name: Install Global Dependencies + run: npm i -g react-native-cli @sentry/cli + - name: Install Dependencies + run: yarn install + - name: Build SDK + run: yarn build + + - uses: actions/cache@v4 + id: app-plain-cache + with: + path: ${{ matrix.appPlain }} + # if the whole plain app folder is hashed the cache is never hit as there are files generated in the folder + # the cache key is calculated both at cache retrieval and save time + # hashFiles fails when there are rn android new arch generated files in the folder (exact reason unknown) + # we removed the lock file of the app due to monorepo changes, we use the package.json instead + # to avoid frequent rebuilds of the app + key: ${{ github.workflow }}-${{ github.job }}-appplain-${{ matrix.platform }}-${{ matrix.rn-architecture }}-${{ hashFiles('performance-tests/TestAppSentry/package.json') }} + - name: Build app plain + if: steps.app-plain-cache.outputs['cache-hit'] != 'true' + working-directory: ./performance-tests/TestAppPlain + run: | + cd ${{ matrix.platform }} + if [[ "${{ matrix.platform }}" == "android" ]]; then + if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then + perl -i -pe's/newArchEnabled=false/newArchEnabled=true/g' gradle.properties + fi + ./gradlew assembleRelease + else + export PRODUCTION=1 + if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then + export RCT_NEW_ARCH_ENABLED=1 + fi + pod install + cd ../.. + fastlane build_perf_test_app_plain + fi + env: + APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} + APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} + APP_STORE_CONNECT_KEY: ${{ secrets.APP_STORE_CONNECT_KEY }} + FASTLANE_KEYCHAIN_PASSWORD: ${{ secrets.FASTLANE_KEYCHAIN_PASSWORD }} + MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} + - name: Build app with Sentry + working-directory: ./performance-tests/TestAppSentry + run: | + cd ${{ matrix.platform }} + if [[ "${{ matrix.platform }}" == "android" ]]; then + if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then + perl -i -pe's/newArchEnabled=false/newArchEnabled=true/g' gradle.properties + fi + ./gradlew assembleRelease + else + export PRODUCTION=1 + if [[ ${{ matrix.rn-architecture }} == 'new' ]]; then + export RCT_NEW_ARCH_ENABLED=1 + fi + pod install + cd ../.. + fastlane build_perf_test_app_sentry + cd TestAppSentry + fi + env: + APP_STORE_CONNECT_KEY_ID: ${{ secrets.APP_STORE_CONNECT_KEY_ID }} + APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }} + APP_STORE_CONNECT_KEY: ${{ secrets.APP_STORE_CONNECT_KEY }} + FASTLANE_KEYCHAIN_PASSWORD: ${{ secrets.FASTLANE_KEYCHAIN_PASSWORD }} + MATCH_GIT_PRIVATE_KEY: ${{ secrets.MATCH_GIT_PRIVATE_KEY }} + MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }} + MATCH_USERNAME: ${{ secrets.MATCH_USERNAME }} + - name: Collect apps metrics + uses: getsentry/action-app-sdk-overhead-metrics@v1 + with: + name: ${{ matrix.name }} (${{ matrix.rn-architecture }}) + config: ./performance-tests/metrics-${{ matrix.platform }}.yml + sauce-user: ${{ secrets.SAUCE_USERNAME }} + sauce-key: ${{ secrets.SAUCE_ACCESS_KEY }} + + react-native-build: + name: Build RN ${{ matrix.rn-version }} ${{ matrix.rn-architecture }} ${{ matrix.engine }} ${{ matrix.platform }} ${{ matrix.build-type }} ${{ matrix.ios-use-frameworks }} + runs-on: ${{ matrix.runs-on }} + needs: [diff_check, auth_token_check] + if: ${{ needs.diff_check.outputs.skip_ci != 'true' && needs.auth_token_check.outputs.skip_ci != 'true' && !startsWith(github.ref, 'refs/heads/release/') }} + env: + RN_VERSION: ${{ matrix.rn-version }} + RN_ENGINE: ${{ matrix.engine }} + USE_FRAMEWORKS: ${{ matrix.ios-use-frameworks }} + PRODUCTION: ${{ matrix.build-type == 'production' && '1' || '0' }} + RCT_NEW_ARCH_ENABLED: ${{ matrix.rn-architecture == 'new' && '1' || '0' }} + SENTRY_DISABLE_AUTO_UPLOAD: 'false' + strategy: + fail-fast: false # keeps matrix running if one fails + matrix: + rn-version: ['0.65.3', '0.79.1'] + rn-architecture: ['legacy', 'new'] + platform: ['android', 'ios'] + build-type: ['production'] + ios-use-frameworks: ['no', 'static', 'dynamic'] + engine: ['hermes', 'jsc'] + include: + - platform: ios + rn-version: '0.79.1' + xcode-version: '16.2' + runs-on: macos-15 + - platform: ios + rn-version: '0.65.3' + xcode-version: '14.2' + runs-on: macos-13 + - platform: android + runs-on: ubuntu-latest + exclude: + # exclude JSC for new RN versions (keeping the matrix manageable) + - rn-version: '0.79.1' + engine: 'jsc' + # exclude all rn versions lower than 0.70.0 for new architecture + - rn-version: '0.65.3' + rn-architecture: 'new' + # exlude old rn version for use frameworks builds (to minimalize the matrix) + - rn-version: '0.65.3' + platform: 'ios' + ios-use-frameworks: 'static' + - rn-version: '0.65.3' + platform: 'ios' + ios-use-frameworks: 'dynamic' + # use frameworks is ios only feature + - platform: 'android' + ios-use-frameworks: 'static' + - platform: 'android' + ios-use-frameworks: 'dynamic' + # exclude new rn architecture and dynamic frameworks + - rn-architecture: 'new' + ios-use-frameworks: 'dynamic' + + steps: + - uses: actions/checkout@v4 + + - uses: ./.github/actions/disk-cleanup + if: ${{ matrix.platform == 'android' }} + + - name: Sentry Release + run: | + SENTRY_RELEASE_CANDIDATE=$(echo 'e2e/${{ github.ref }}' | perl -pe 's/\//-/g') + echo "SENTRY_RELEASE=$SENTRY_RELEASE_CANDIDATE" >> $GITHUB_ENV + + - name: Sentry Dist + run: | + SENTRY_DIST_CANDIDATE=${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-${GITHUB_SHA:0:8} + echo "SENTRY_DIST=$SENTRY_DIST_CANDIDATE" >> $GITHUB_ENV + + - name: Sentry Envs + run: | + echo "SENTRY_RELEASE=$SENTRY_RELEASE" + echo "SENTRY_DIST=$SENTRY_DIST" + + - run: sudo xcode-select -s /Applications/Xcode_${{ matrix.xcode-version }}.app/Contents/Developer + if: ${{ matrix.platform == 'ios' }} + + - run: npm i -g corepack + - uses: actions/setup-node@v4 + with: + node-version: 18 + cache: 'yarn' + cache-dependency-path: yarn.lock + + - uses: actions/setup-java@v4 + with: + java-version: ${{ matrix.rn-version == '0.65.3' && '11' || '17' }} + distribution: 'adopt' + + - name: Gradle cache + uses: gradle/gradle-build-action@v3 + + - name: Setup Global Tools + run: | + npm i -g yalc semver + + - name: Setup Global Xcode Tools + if: ${{ matrix.platform == 'ios' }} + run: which xcbeautify || brew install xcbeautify + + - name: Install JS Dependencies + run: yarn install + + - name: Setup Plain RN ${{ matrix.rn-version }} App + run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --create + + # The old node has to be enabled after creating the test app + # to avoid issues with the old node version + - run: corepack disable + - uses: actions/setup-node@v4 + if: ${{ matrix.rn-version == '0.65.3' }} + with: + node-version: 16 + + - uses: ruby/setup-ruby@v1 + if: ${{ matrix.platform == 'ios' }} + with: + working-directory: dev-packages/e2e-tests/react-native-versions/${{ matrix.rn-version }}/RnDiffApp + ruby-version: '3.3.0' # based on what is used in the sample + bundler-cache: true # runs 'bundle install' and caches installed gems automatically + cache-version: 1 # cache the installed gems + + - name: Build Plain RN ${{ matrix.rn-version }} App + run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --build + + - name: Upload App + if: matrix.build-type == 'production' + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-app-package + path: dev-packages/e2e-tests/RnDiffApp.ap* + retention-days: 1 + + - name: Upload logs + if: ${{ always() }} + uses: actions/upload-artifact@v4 + with: + name: rn-build-logs-${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }} + path: dev-packages/e2e-tests/react-native-versions/${{ matrix.rn-version }}/RnDiffApp/ios/*.log + react-native-test: name: Test RN ${{ matrix.rn-version }} ${{ matrix.rn-architecture }} ${{ matrix.engine }} ${{ matrix.platform }} ${{ matrix.build-type }} ${{ matrix.ios-use-frameworks }} + needs: [react-native-build, diff_check] + if: ${{ needs.diff_check.outputs.skip_ci != 'true' }} runs-on: ${{ matrix.runs-on }} strategy: @@ -62,13 +329,90 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Create test file with dummy secret (TESTING ONLY) - if: ${{ always() }} + - name: Install Maestro + uses: dniHze/maestro-test-action@bda8a93211c86d0a05b7a4597c5ad134566fbde4 # pin@v1.0.0 + with: + version: ${{env.MAESTRO_VERSION}} + + - name: Install iDB Companion + if: ${{ matrix.platform == 'ios' }} + run: brew tap facebook/fb && brew install facebook/fb/idb-companion + + - uses: ./.github/actions/disk-cleanup + if: ${{ matrix.platform == 'android' }} + + - name: Setup Global Xcode Tools + if: ${{ matrix.platform == 'ios' }} + run: which xcbeautify || brew install xcbeautify + + - name: Download App Package + if: matrix.build-type == 'production' + uses: actions/download-artifact@v4 + with: + name: ${{ matrix.rn-version }}-${{ matrix.rn-architecture }}-${{ matrix.engine }}-${{ matrix.platform }}-${{ matrix.build-type }}-${{ matrix.ios-use-frameworks }}-app-package + path: dev-packages/e2e-tests + + - name: Enable Corepack + run: npm i -g corepack + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: 'yarn' + cache-dependency-path: yarn.lock + + - uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'adopt' + + - name: Gradle cache + uses: gradle/gradle-build-action@v3 + + - name: Setup KVM + if: ${{ matrix.platform == 'android' }} + shell: bash run: | - mkdir -p ./dev-packages/e2e-tests/maestro-logs - echo '{"test": "This contains the secret dummy-secret-12345 in the middle"}' > ./dev-packages/e2e-tests/maestro-logs/test-secret.json - echo 'Another line with dummy-secret-12345 here' > ./dev-packages/e2e-tests/maestro-logs/test-secret.txt - echo 'Created test files with dummy secret: dummy-secret-12345' + # check if virtualization is supported... + sudo apt install -y --no-install-recommends cpu-checker coreutils && echo "CPUs=$(nproc --all)" && kvm-ok + # allow access to KVM to run the emulator + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' \ + | sudo tee /etc/udev/rules.d/99-kvm4all.rules + sudo udevadm control --reload-rules + sudo udevadm trigger --name-match=kvm + + - name: Install JS Dependencies + run: yarn install + + - name: Run tests on Android + if: ${{ matrix.platform == 'android' }} + uses: reactivecircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # pin@v2.34.0 + with: + api-level: 30 + force-avd-creation: false + disable-animations: true + disable-spellchecker: true + target: 'aosp_atd' + channel: canary # Necessary for ATDs + emulator-options: > + -no-window + -no-snapshot-save + -gpu swiftshader_indirect + -noaudio + -no-boot-anim + -camera-back none + -camera-front none + -timezone US/Pacific + script: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test + + - uses: futureware-tech/simulator-action@dab10d813144ef59b48d401cd95da151222ef8cd # pin@v4 + if: ${{ matrix.platform == 'ios' }} + with: + model: ${{ env.IOS_DEVICE }} + os_version: ${{ env.IOS_VERSION }} + + - name: Run tests on iOS + if: ${{ matrix.platform == 'ios' }} + run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test - name: Redact sensitive data from logs if: ${{ always() }} From 5561ef68c4a7ed0b362566711ff0a31e8865e496 Mon Sep 17 00:00:00 2001 From: Krystof Woldrich <31292499+krystofwoldrich@users.noreply.github.com> Date: Mon, 2 Jun 2025 16:13:17 +0200 Subject: [PATCH 07/11] chore(e2e): Rename the workflow to avoid running the unsafe version (#4878) --- .github/workflows/{e2e.yml => e2e-v2.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{e2e.yml => e2e-v2.yml} (99%) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e-v2.yml similarity index 99% rename from .github/workflows/e2e.yml rename to .github/workflows/e2e-v2.yml index 41fe1e4fce..c0b828a963 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e-v2.yml @@ -1,4 +1,4 @@ -name: End-to-End Tests +name: End-to-End Tests V2 on: push: From 5542a0fd2d903619c411497256fb1fe934d32296 Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Mon, 2 Jun 2025 17:16:53 +0300 Subject: [PATCH 08/11] Redact token after maestro cli execution --- dev-packages/e2e-tests/cli.mjs | 41 +++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/dev-packages/e2e-tests/cli.mjs b/dev-packages/e2e-tests/cli.mjs index cb910ef938..d1f8631fbe 100755 --- a/dev-packages/e2e-tests/cli.mjs +++ b/dev-packages/e2e-tests/cli.mjs @@ -234,16 +234,35 @@ if (actions.includes('test')) { if (!sentryAuthToken) { console.log('Skipping maestro test due to unavailable or empty SENTRY_AUTH_TOKEN'); } else { - execSync( - `maestro test maestro \ - --env=APP_ID="${appId}" \ - --env=SENTRY_AUTH_TOKEN="${sentryAuthToken}" \ - --debug-output maestro-logs \ - --flatten-debug-output`, - { - stdio: 'inherit', - cwd: e2eDir, - }, - ); + try { + execSync( + `maestro test maestro \ + --env=APP_ID="${appId}" \ + --env=SENTRY_AUTH_TOKEN="${sentryAuthToken}" \ + --debug-output maestro-logs \ + --flatten-debug-output`, + { + stdio: 'inherit', + cwd: e2eDir, + }, + ); + } finally { + // Always redact sensitive data, even if the test fails + const redactScript = ` + if [[ "$(uname)" == "Darwin" ]]; then + find ./maestro-logs -type f -exec sed -i '' "s/${sentryAuthToken}/[REDACTED]/g" {} + + echo 'Redacted sensitive data from logs on MacOS' + else + find ./maestro-logs -type f -exec sed -i "s/${sentryAuthToken}/[REDACTED]/g" {} + + echo 'Redacted sensitive data from logs on Ubuntu' + fi + `; + + try { + execSync(redactScript, { stdio: 'inherit', shell: '/bin/bash' }); + } catch (error) { + console.warn('Failed to redact sensitive data from logs:', error.message); + } + } } } From b87d279dc818d09a94391a08a1d3bb3333ff7d6f Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Mon, 2 Jun 2025 17:20:14 +0300 Subject: [PATCH 09/11] Remove workflow redaction step --- .github/workflows/e2e-v2.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.github/workflows/e2e-v2.yml b/.github/workflows/e2e-v2.yml index c0b828a963..e7a4738921 100644 --- a/.github/workflows/e2e-v2.yml +++ b/.github/workflows/e2e-v2.yml @@ -414,19 +414,6 @@ jobs: if: ${{ matrix.platform == 'ios' }} run: ./dev-packages/e2e-tests/cli.mjs ${{ matrix.platform }} --test - - name: Redact sensitive data from logs - if: ${{ always() }} - run: | - if [[ "$(uname)" == "Darwin" ]]; then - find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ - sed -i '' "s/${SENTRY_AUTH_TOKEN}/[REDACTED]/g" {} + - echo 'Redacted sensitive data from logs on MacOS' - else - find ./dev-packages/e2e-tests/maestro-logs -type f -exec \ - sed -i "s/${SENTRY_AUTH_TOKEN}/[REDACTED]/g" {} + - echo 'Redacted sensitive data from logs on Ubuntu' - fi - - name: Upload logs if: ${{ always() }} uses: actions/upload-artifact@v4 From adca96e44d46458e4167b540a5130d672bf14041 Mon Sep 17 00:00:00 2001 From: Antonis Lilis Date: Mon, 2 Jun 2025 17:40:33 +0300 Subject: [PATCH 10/11] Add e2eDir dir in execSync --- dev-packages/e2e-tests/cli.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-packages/e2e-tests/cli.mjs b/dev-packages/e2e-tests/cli.mjs index d1f8631fbe..0448138861 100755 --- a/dev-packages/e2e-tests/cli.mjs +++ b/dev-packages/e2e-tests/cli.mjs @@ -259,7 +259,7 @@ if (actions.includes('test')) { `; try { - execSync(redactScript, { stdio: 'inherit', shell: '/bin/bash' }); + execSync(redactScript, { stdio: 'inherit', cwd: e2eDir, shell: '/bin/bash' }); } catch (error) { console.warn('Failed to redact sensitive data from logs:', error.message); } From 80eaf8dfd8232165da24341a5fdb14f3fbe43123 Mon Sep 17 00:00:00 2001 From: Krystof Woldrich <31292499+krystofwoldrich@users.noreply.github.com> Date: Mon, 2 Jun 2025 17:23:30 +0200 Subject: [PATCH 11/11] Update dev-packages/e2e-tests/cli.mjs --- dev-packages/e2e-tests/cli.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-packages/e2e-tests/cli.mjs b/dev-packages/e2e-tests/cli.mjs index 0448138861..c9281549f3 100755 --- a/dev-packages/e2e-tests/cli.mjs +++ b/dev-packages/e2e-tests/cli.mjs @@ -234,7 +234,7 @@ if (actions.includes('test')) { if (!sentryAuthToken) { console.log('Skipping maestro test due to unavailable or empty SENTRY_AUTH_TOKEN'); } else { - try { + try { execSync( `maestro test maestro \ --env=APP_ID="${appId}" \