Skip to content

chore: Added cron job to check for upstream changes to vendored in code #5000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
jamescrosswell wants to merge 2 commits into
base: main
Choose a base branch
from
+125 −0
Draft

chore: Added cron job to check for upstream changes to vendored in code #5000

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
576d280
chore: Added cron job to check for upstream changes to vendored in code
jamescrosswell Mar 11, 2026
ae0aa16
Fixed job and extracted script from job (to make it easier to test)
jamescrosswell Mar 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions .github/workflows/watch-upstream.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: Watch Upstream Changes

on:
# Run weekly on Monday mornings.
schedule:
- cron: "0 6 * * 1"
# Allow manual triggering for testing or on-demand checks.
workflow_dispatch:

jobs:
check-upstream:
name: ${{ matrix.name }}
runs-on: ubuntu-latest
permissions:
issues: write
strategy:
fail-fast: false
matrix:
include:
- name: dotnet/android - assembly-store-reader-mk2
repo: dotnet/android
path: tools/assembly-store-reader-mk2
local_path: src/Sentry.Android.AssemblyReader/
steps:
- uses: actions/checkout@v4

- name: Check for upstream changes
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
shell: bash
run: |
scripts/watch-upstream.sh "${{ matrix.repo }}" "${{ matrix.path }}" "${{ matrix.local_path }}"
92 changes: 92 additions & 0 deletions scripts/watch-upstream.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
#!/usr/bin/env bash
# Usage: watch-upstream.sh <upstream-repo> <upstream-path> <local-path>
#
# Checks whether the given path in an upstream GitHub repo has a new commit
# since the last time we created a tracking issue. If so, opens a GitHub issue
# in this repo (identified by GH_REPO or inferred by gh from git context).
#
# Required env vars:
# GH_TOKEN — GitHub token (set automatically in Actions; use `gh auth token` locally)
#
# Optional env vars (set automatically in GitHub Actions):
# GH_REPO — target repo for issue creation, e.g. getsentry/sentry-dotnet
# GITHUB_SERVER_URL — e.g. https://github.com (defaults to https://github.com)
# GITHUB_RUN_ID — included in the issue footer when present

set -euo pipefail

if [ $# -ne 3 ]; then
echo "Usage: $0 <upstream-repo> <upstream-path> <local-path>" >&2
exit 1
fi

UPSTREAM_REPO="$1"
UPSTREAM_PATH="$2"
LOCAL_PATH="$3"
UPSTREAM_URL="https://github.com/${UPSTREAM_REPO}/tree/main/${UPSTREAM_PATH}"
GITHUB_SERVER_URL="${GITHUB_SERVER_URL:-https://github.com}"

echo "Checking upstream: ${UPSTREAM_REPO}/${UPSTREAM_PATH}"

# Get the latest commit SHA affecting the tracked path.
LATEST_SHA=$(gh api "repos/${UPSTREAM_REPO}/commits?path=${UPSTREAM_PATH}&per_page=1" \
--jq '.[0].sha')
LATEST_SHORT="${LATEST_SHA:0:7}"
echo "Latest upstream commit: ${LATEST_SHA} (${LATEST_SHORT})"

# Avoid creating duplicate issues: skip if any issue (open or closed) already
# tracks this exact upstream commit SHA. The SHA in the title makes it unique.
ISSUE_LABEL="upstream-watch"
EXISTING_ISSUE=$(gh issue list \
--label "$ISSUE_LABEL" \
--state all \
--search "\"${UPSTREAM_REPO} ${UPSTREAM_PATH} @ ${LATEST_SHORT}\"" \
--json number,title \
--jq '.[0].number // empty')

if [ -n "$EXISTING_ISSUE" ]; then
echo "An issue (#${EXISTING_ISSUE}) already tracks upstream commit ${LATEST_SHORT} for ${UPSTREAM_REPO}/${UPSTREAM_PATH}. Skipping."
exit 0
fi

echo "No existing issue found for commit ${LATEST_SHORT}. Creating one..."

# Ensure the label exists (idempotent).
gh label create "$ISSUE_LABEL" \
--description "Upstream vendored code has changed — review required" \
--color "E4E669" 2>/dev/null || true

COMMIT_URL="https://github.com/${UPSTREAM_REPO}/commit/${LATEST_SHA}"
HISTORY_URL="https://github.com/${UPSTREAM_REPO}/commits/main/${UPSTREAM_PATH}"

if [ -n "${GITHUB_RUN_ID:-}" ] && [ -n "${GITHUB_REPOSITORY:-}" ]; then
FOOTER="> _Automatically opened by the [Watch Upstream Changes](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}) workflow._"
else
FOOTER="> _Manually triggered via watch-upstream.sh._"
fi

gh issue create \
--title "Upstream change detected: ${UPSTREAM_REPO} ${UPSTREAM_PATH} @ ${LATEST_SHORT}" \
--label "$ISSUE_LABEL" \
--body "## Upstream Change Detected

The code at [\`${UPSTREAM_REPO}/${UPSTREAM_PATH}\`](${UPSTREAM_URL}) has a new commit since our last review.

| | |
|---|---|
| **Latest commit** | [\`${LATEST_SHORT}\`](${COMMIT_URL}) |
| **Path history** | [View history](${HISTORY_URL}) |

Our vendored copy lives in \`${LOCAL_PATH}\`. We modified the upstream code significantly,
so a direct merge is unlikely to be appropriate — but the commit above may reveal logic
changes worth porting.

### What to do

1. Review the [upstream commit](${COMMIT_URL}) and [path history](${HISTORY_URL}).
2. If no action is needed, close this issue with a note explaining why.
3. If changes should be ported, create a follow-up task and close this issue once the work is tracked.

${FOOTER}"

echo "Issue created successfully."
Loading