Skip to content

feat(observability): Sentry release tracking, source maps, and end-to-end DSN plumbing #734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
senamakel merged 2 commits into from
Apr 22, 2026
Merged

feat(observability): Sentry release tracking, source maps, and end-to-end DSN plumbing #734

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6e87f58
ci(release): bake Sentry DSN into shipped tauri bundle
CodeGhost21 Apr 21, 2026
e28e963
feat(observability): Sentry release tracking + source maps (#405)
CodeGhost21 Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/workflows/release-packages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,21 @@ jobs:
sudo apt-get install -y --no-install-recommends \
pkg-config libssl-dev build-essential cmake

- name: Verify Sentry DSN is present
shell: bash
env:
OPENHUMAN_SENTRY_DSN: ${{ vars.OPENHUMAN_SENTRY_DSN }}
run: |
Comment on lines +63 to +67
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In GitHub Actions, are environment-level configuration variables in the varscontext available to a job that does not declareenvironment:?

💡 Result:

No, environment-level configuration variables in the vars context are not available to a job that does not declare environment:. They become available only after the environment is declared in the job.

Citations:

🏁 Script executed:

cd .github/workflows && cat -n release-packages.yml | sed -n '60,85p'

Repository: tinyhumansai/openhuman

Length of output: 1472

🏁 Script executed:

cd .github/workflows && grep -n "build-cli-linux-arm64:" release-packages.yml -A 5

Repository: tinyhumansai/openhuman

Length of output: 250

Add environment: Production to job or DSN verification will fail.

The build-cli-linux-arm64 job at line 38 does not declare an environment: field. Both the verification step (lines 63–67) and the build step (line 81) reference vars.OPENHUMAN_SENTRY_DSN. In GitHub Actions, environment-level configuration variables are only available to jobs that explicitly declare the corresponding environment. If the DSN is configured only as a Production environment variable, this job will not access it, causing the verification to fail.

🔧 Proposed fix 
  build-cli-linux-arm64:
    name: Build Linux arm64 CLI tarball
    runs-on: ubuntu-24.04-arm
+   environment: Production
    steps:
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release-packages.yml around lines 63 - 67, The job
"build-cli-linux-arm64" lacks an environment declaration so the Verify Sentry
DSN step cannot access the environment-scoped variable OPENHUMAN_SENTRY_DSN;
update the job definition for build-cli-linux-arm64 to include environment:
Production (so steps like "Verify Sentry DSN" that reference
env.OPENHUMAN_SENTRY_DSN and later build steps can read the DSN).

# Sentry DSN is baked into the binary at compile time via
# `option_env!`. Missing DSN here means the arm64 CLI silently
# ships without error reporting — fail the job instead.
if [ -z "${OPENHUMAN_SENTRY_DSN}" ]; then
echo "::error::vars.OPENHUMAN_SENTRY_DSN is empty — the Linux arm64 CLI would ship without error reporting."
echo "Configure the repository / environment variable before re-running the release."
exit 1
fi
echo "OPENHUMAN_SENTRY_DSN is set (length=${#OPENHUMAN_SENTRY_DSN})"

- name: Build CLI binary and package tarball
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
6 changes: 6 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -538,6 +538,12 @@ jobs:
OPENHUMAN_APP_ENV: ${{ inputs.build_target == 'staging' && 'staging' || 'production' }}
VITE_OPENHUMAN_APP_ENV: ${{ inputs.build_target == 'staging' && 'staging' || 'production' }}
VITE_BACKEND_URL: ${{ needs.prepare-build.outputs.base_url }}
# Re-declare Vite env so tauri.conf.json's `beforeBuildCommand`
# (`vite build`) bakes Sentry + debug flags into the final bundle.
# The earlier explicit `yarn build` step ran with these, but the
# rebuild triggered here would strip them and ship a DSN-less UI.
VITE_SENTRY_DSN: ${{ vars.VITE_SENTRY_DSN }}
VITE_DEBUG: ${{ vars.VITE_DEBUG }}
MACOSX_DEPLOYMENT_TARGET: ${{ matrix.settings.platform == 'macos-latest' && '10.15' || '' }}
TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD || secrets.UPDATER_PRIVATE_KEY_PASSWORD }}
TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY || secrets.UPDATER_PRIVATE_KEY }}
Expand Down
Loading