From 576d28002d4f254f3cd666facc9aa8ac31ee7d9a Mon Sep 17 00:00:00 2001 From: James Crosswell Date: Wed, 11 Mar 2026 15:28:49 +1300 Subject: [PATCH 1/2] chore: Added cron job to check for upstream changes to vendored in code Resolves #4995 - #4995 --- .github/workflows/watch-upstream.yml | 94 ++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 .github/workflows/watch-upstream.yml diff --git a/.github/workflows/watch-upstream.yml b/.github/workflows/watch-upstream.yml new file mode 100644 index 0000000000..fe9a96e4ff --- /dev/null +++ b/.github/workflows/watch-upstream.yml @@ -0,0 +1,94 @@ +name: Watch Upstream Changes + +on: + # Run weekly on Monday mornings. + schedule: + - cron: "0 6 * * 1" + # Allow manual triggering for testing or on-demand checks. + workflow_dispatch: + +jobs: + check-upstream: + name: ${{ matrix.name }} + runs-on: ubuntu-latest + permissions: + issues: write + strategy: + fail-fast: false + matrix: + include: + - name: dotnet/android - assembly-store-reader-mk2 + repo: dotnet/android + path: tools/assembly-store-reader-mk2 + local_path: src/Sentry.Android.AssemblyReader/ + steps: + - name: Check for upstream changes + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + shell: bash + run: | + set -euo pipefail + + UPSTREAM_REPO="${{ matrix.repo }}" + UPSTREAM_PATH="${{ matrix.path }}" + LOCAL_PATH="${{ matrix.local_path }}" + UPSTREAM_URL="https://github.com/${UPSTREAM_REPO}/tree/main/${UPSTREAM_PATH}" + + echo "Checking upstream: $UPSTREAM_REPO/$UPSTREAM_PATH" + + # Get the latest commit SHA affecting the tracked path. + LATEST_SHA=$(gh api "repos/${UPSTREAM_REPO}/commits?path=${UPSTREAM_PATH}&per_page=1" \ + --jq '.[0].sha') + LATEST_SHORT="${LATEST_SHA:0:7}" + echo "Latest upstream commit: $LATEST_SHA ($LATEST_SHORT)" + + # Avoid creating duplicate issues: skip if any issue (open or closed) already + # tracks this exact upstream commit SHA. The SHA in the title makes it unique. + ISSUE_LABEL="upstream-watch" + EXISTING_ISSUE=$(gh issue list \ + --label "$ISSUE_LABEL" \ + --state all \ + --search "\"${UPSTREAM_REPO} ${UPSTREAM_PATH} @ ${LATEST_SHORT}\"" \ + --json number,title \ + --jq '.[0].number // empty') + + if [ -n "$EXISTING_ISSUE" ]; then + echo "An issue (#${EXISTING_ISSUE}) already tracks upstream commit ${LATEST_SHORT} for ${UPSTREAM_REPO}/${UPSTREAM_PATH}. Skipping." + exit 0 + fi + + echo "No existing issue found for commit ${LATEST_SHORT}. Creating one..." + + # Ensure the label exists (idempotent). + gh label create "$ISSUE_LABEL" \ + --description "Upstream vendored code has changed — review required" \ + --color "E4E669" 2>/dev/null || true + + COMMIT_URL="https://github.com/${UPSTREAM_REPO}/commit/${LATEST_SHA}" + HISTORY_URL="https://github.com/${UPSTREAM_REPO}/commits/main/${UPSTREAM_PATH}" + + gh issue create \ + --title "Upstream change detected: ${UPSTREAM_REPO} ${UPSTREAM_PATH} @ ${LATEST_SHORT}" \ + --label "$ISSUE_LABEL" \ + --body "## Upstream Change Detected + +The code at [\`${UPSTREAM_REPO}/${UPSTREAM_PATH}\`](${UPSTREAM_URL}) has a new commit since our last review. + +| | | +|---|---| +| **Latest commit** | [\`${LATEST_SHORT}\`](${COMMIT_URL}) | +| **Path history** | [View history](${HISTORY_URL}) | + +Our vendored copy lives in \`${LOCAL_PATH}\`. We modified the upstream code significantly, +so a direct merge is unlikely to be appropriate — but the commit above may reveal logic +changes worth porting. + +### What to do + +1. Review the [upstream commit](${COMMIT_URL}) and [path history](${HISTORY_URL}). +2. If no action is needed, close this issue with a note explaining why. +3. If changes should be ported, create a follow-up task and close this issue once the work is tracked. + +> _Automatically opened by the [Watch Upstream Changes](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow._" + + echo "Issue created successfully." From ae0aa16e9d91e6b39165de557907f371d4fd845a Mon Sep 17 00:00:00 2001 From: James Crosswell Date: Wed, 11 Mar 2026 15:58:06 +1300 Subject: [PATCH 2/2] Fixed job and extracted script from job (to make it easier to test) --- .github/workflows/watch-upstream.yml | 69 ++------------------- scripts/watch-upstream.sh | 92 ++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 65 deletions(-) create mode 100755 scripts/watch-upstream.sh diff --git a/.github/workflows/watch-upstream.yml b/.github/workflows/watch-upstream.yml index fe9a96e4ff..ddbd686089 100644 --- a/.github/workflows/watch-upstream.yml +++ b/.github/workflows/watch-upstream.yml @@ -22,73 +22,12 @@ jobs: path: tools/assembly-store-reader-mk2 local_path: src/Sentry.Android.AssemblyReader/ steps: + - uses: actions/checkout@v4 + - name: Check for upstream changes env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} shell: bash run: | - set -euo pipefail - - UPSTREAM_REPO="${{ matrix.repo }}" - UPSTREAM_PATH="${{ matrix.path }}" - LOCAL_PATH="${{ matrix.local_path }}" - UPSTREAM_URL="https://github.com/${UPSTREAM_REPO}/tree/main/${UPSTREAM_PATH}" - - echo "Checking upstream: $UPSTREAM_REPO/$UPSTREAM_PATH" - - # Get the latest commit SHA affecting the tracked path. - LATEST_SHA=$(gh api "repos/${UPSTREAM_REPO}/commits?path=${UPSTREAM_PATH}&per_page=1" \ - --jq '.[0].sha') - LATEST_SHORT="${LATEST_SHA:0:7}" - echo "Latest upstream commit: $LATEST_SHA ($LATEST_SHORT)" - - # Avoid creating duplicate issues: skip if any issue (open or closed) already - # tracks this exact upstream commit SHA. The SHA in the title makes it unique. - ISSUE_LABEL="upstream-watch" - EXISTING_ISSUE=$(gh issue list \ - --label "$ISSUE_LABEL" \ - --state all \ - --search "\"${UPSTREAM_REPO} ${UPSTREAM_PATH} @ ${LATEST_SHORT}\"" \ - --json number,title \ - --jq '.[0].number // empty') - - if [ -n "$EXISTING_ISSUE" ]; then - echo "An issue (#${EXISTING_ISSUE}) already tracks upstream commit ${LATEST_SHORT} for ${UPSTREAM_REPO}/${UPSTREAM_PATH}. Skipping." - exit 0 - fi - - echo "No existing issue found for commit ${LATEST_SHORT}. Creating one..." - - # Ensure the label exists (idempotent). - gh label create "$ISSUE_LABEL" \ - --description "Upstream vendored code has changed — review required" \ - --color "E4E669" 2>/dev/null || true - - COMMIT_URL="https://github.com/${UPSTREAM_REPO}/commit/${LATEST_SHA}" - HISTORY_URL="https://github.com/${UPSTREAM_REPO}/commits/main/${UPSTREAM_PATH}" - - gh issue create \ - --title "Upstream change detected: ${UPSTREAM_REPO} ${UPSTREAM_PATH} @ ${LATEST_SHORT}" \ - --label "$ISSUE_LABEL" \ - --body "## Upstream Change Detected - -The code at [\`${UPSTREAM_REPO}/${UPSTREAM_PATH}\`](${UPSTREAM_URL}) has a new commit since our last review. - -| | | -|---|---| -| **Latest commit** | [\`${LATEST_SHORT}\`](${COMMIT_URL}) | -| **Path history** | [View history](${HISTORY_URL}) | - -Our vendored copy lives in \`${LOCAL_PATH}\`. We modified the upstream code significantly, -so a direct merge is unlikely to be appropriate — but the commit above may reveal logic -changes worth porting. - -### What to do - -1. Review the [upstream commit](${COMMIT_URL}) and [path history](${HISTORY_URL}). -2. If no action is needed, close this issue with a note explaining why. -3. If changes should be ported, create a follow-up task and close this issue once the work is tracked. - -> _Automatically opened by the [Watch Upstream Changes](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) workflow._" - - echo "Issue created successfully." + scripts/watch-upstream.sh "${{ matrix.repo }}" "${{ matrix.path }}" "${{ matrix.local_path }}" diff --git a/scripts/watch-upstream.sh b/scripts/watch-upstream.sh new file mode 100755 index 0000000000..565bd3d943 --- /dev/null +++ b/scripts/watch-upstream.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash +# Usage: watch-upstream.sh +# +# Checks whether the given path in an upstream GitHub repo has a new commit +# since the last time we created a tracking issue. If so, opens a GitHub issue +# in this repo (identified by GH_REPO or inferred by gh from git context). +# +# Required env vars: +# GH_TOKEN — GitHub token (set automatically in Actions; use `gh auth token` locally) +# +# Optional env vars (set automatically in GitHub Actions): +# GH_REPO — target repo for issue creation, e.g. getsentry/sentry-dotnet +# GITHUB_SERVER_URL — e.g. https://github.com (defaults to https://github.com) +# GITHUB_RUN_ID — included in the issue footer when present + +set -euo pipefail + +if [ $# -ne 3 ]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +UPSTREAM_REPO="$1" +UPSTREAM_PATH="$2" +LOCAL_PATH="$3" +UPSTREAM_URL="https://github.com/${UPSTREAM_REPO}/tree/main/${UPSTREAM_PATH}" +GITHUB_SERVER_URL="${GITHUB_SERVER_URL:-https://github.com}" + +echo "Checking upstream: ${UPSTREAM_REPO}/${UPSTREAM_PATH}" + +# Get the latest commit SHA affecting the tracked path. +LATEST_SHA=$(gh api "repos/${UPSTREAM_REPO}/commits?path=${UPSTREAM_PATH}&per_page=1" \ + --jq '.[0].sha') +LATEST_SHORT="${LATEST_SHA:0:7}" +echo "Latest upstream commit: ${LATEST_SHA} (${LATEST_SHORT})" + +# Avoid creating duplicate issues: skip if any issue (open or closed) already +# tracks this exact upstream commit SHA. The SHA in the title makes it unique. +ISSUE_LABEL="upstream-watch" +EXISTING_ISSUE=$(gh issue list \ + --label "$ISSUE_LABEL" \ + --state all \ + --search "\"${UPSTREAM_REPO} ${UPSTREAM_PATH} @ ${LATEST_SHORT}\"" \ + --json number,title \ + --jq '.[0].number // empty') + +if [ -n "$EXISTING_ISSUE" ]; then + echo "An issue (#${EXISTING_ISSUE}) already tracks upstream commit ${LATEST_SHORT} for ${UPSTREAM_REPO}/${UPSTREAM_PATH}. Skipping." + exit 0 +fi + +echo "No existing issue found for commit ${LATEST_SHORT}. Creating one..." + +# Ensure the label exists (idempotent). +gh label create "$ISSUE_LABEL" \ + --description "Upstream vendored code has changed — review required" \ + --color "E4E669" 2>/dev/null || true + +COMMIT_URL="https://github.com/${UPSTREAM_REPO}/commit/${LATEST_SHA}" +HISTORY_URL="https://github.com/${UPSTREAM_REPO}/commits/main/${UPSTREAM_PATH}" + +if [ -n "${GITHUB_RUN_ID:-}" ] && [ -n "${GITHUB_REPOSITORY:-}" ]; then + FOOTER="> _Automatically opened by the [Watch Upstream Changes](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}) workflow._" +else + FOOTER="> _Manually triggered via watch-upstream.sh._" +fi + +gh issue create \ + --title "Upstream change detected: ${UPSTREAM_REPO} ${UPSTREAM_PATH} @ ${LATEST_SHORT}" \ + --label "$ISSUE_LABEL" \ + --body "## Upstream Change Detected + +The code at [\`${UPSTREAM_REPO}/${UPSTREAM_PATH}\`](${UPSTREAM_URL}) has a new commit since our last review. + +| | | +|---|---| +| **Latest commit** | [\`${LATEST_SHORT}\`](${COMMIT_URL}) | +| **Path history** | [View history](${HISTORY_URL}) | + +Our vendored copy lives in \`${LOCAL_PATH}\`. We modified the upstream code significantly, +so a direct merge is unlikely to be appropriate — but the commit above may reveal logic +changes worth porting. + +### What to do + +1. Review the [upstream commit](${COMMIT_URL}) and [path history](${HISTORY_URL}). +2. If no action is needed, close this issue with a note explaining why. +3. If changes should be ported, create a follow-up task and close this issue once the work is tracked. + +${FOOTER}" + +echo "Issue created successfully."