From 10cd6be391f9915f928741ac4abb7fda3d6d23fd Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Thu, 25 Jun 2026 15:31:47 +0530 Subject: [PATCH 1/2] Hardcode Sentry DSN so crash reporting works in all builds The Sentry DSN was injected at build time via ldflags from a SENTRY_DSN secret. That value has been empty in released binaries since around v1.10, so crash reporting has effectively been disabled, and it cannot work at all for from-source builds such as Homebrew Core. A Sentry DSN is a public, write-only key that is safe to ship inside client binaries, so this hardcodes it as the default. The build-time injection is removed from the release pipeline so every build path (releases, Homebrew Core, and plain go build) reports to Sentry consistently. --- .github/workflows/release.yml | 1 - .goreleaser.yml | 1 - internal/instrumentation/instrumentation.go | 8 +++++++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ff329dc07..c2658e802 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,6 @@ jobs: workdir: 'auth0-cli' env: GITHUB_TOKEN: ${{ github.token }} - SENTRY_DSN: ${{ secrets.SENTRY_DSN }} # Homebrew Tap Process - name: Checkout Homebrew Tap Repo diff --git a/.goreleaser.yml b/.goreleaser.yml index 8540cbbd6..6e7dad18c 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -17,7 +17,6 @@ builds: - -X 'github.com/auth0/auth0-cli/internal/buildinfo.Revision={{.Commit}}' - -X 'github.com/auth0/auth0-cli/internal/buildinfo.BuildUser=goreleaser' - -X 'github.com/auth0/auth0-cli/internal/buildinfo.BuildDate={{.Date}}' - - -X 'github.com/auth0/auth0-cli/internal/instrumentation.SentryDSN={{.Env.SENTRY_DSN}}' archives: - name_template: '{{ .ProjectName }}_{{ .Version }}_{{ title .Os }}_{{ if eq .Arch "arm64" }}arm64{{ else }}x86_64{{ end }}' files: diff --git a/internal/instrumentation/instrumentation.go b/internal/instrumentation/instrumentation.go index 385ff91a4..77ba760d5 100644 --- a/internal/instrumentation/instrumentation.go +++ b/internal/instrumentation/instrumentation.go @@ -7,7 +7,13 @@ import ( "github.com/getsentry/sentry-go" ) -var SentryDSN string +// SentryDSN is the destination for crash reports. A Sentry DSN is a public, +// write-only key that is safe to ship inside client binaries, so we hardcode a +// default here. This ensures crash reporting works for builds that are not +// produced by our release pipeline (for example Homebrew Core, which builds +// from source and cannot inject build-time values). Release builds may still +// override this via ldflags. +var SentryDSN = "https://370df87d33df46cb90182dd80a50fdc4@o27592.ingest.sentry.io/5694458" // ReportException is designed to be called once as the CLI exits. We're // purposefully initializing a client all the time given this context. From a0246e64dbb829809364371a4e33fbd7c1cfd00a Mon Sep 17 00:00:00 2001 From: Kunal Dawar Date: Thu, 25 Jun 2026 17:16:00 +0530 Subject: [PATCH 2/2] Skip Sentry reporting for local/dev builds Reporting now keys off buildinfo.Version instead of the Sentry DSN. Local builds stamp the version as "dev" (and a plain go build leaves it empty), so ReportException returns early for those and panics re-panic with a real stack trace. Release and Homebrew Core builds carry a real version and continue to report. --- internal/instrumentation/instrumentation.go | 11 ++++ .../instrumentation/instrumentation_test.go | 62 +++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 internal/instrumentation/instrumentation_test.go diff --git a/internal/instrumentation/instrumentation.go b/internal/instrumentation/instrumentation.go index 77ba760d5..dadec5e49 100644 --- a/internal/instrumentation/instrumentation.go +++ b/internal/instrumentation/instrumentation.go @@ -5,6 +5,8 @@ import ( "time" "github.com/getsentry/sentry-go" + + "github.com/auth0/auth0-cli/internal/buildinfo" ) // SentryDSN is the destination for crash reports. A Sentry DSN is a public, @@ -22,6 +24,15 @@ func ReportException(err error) bool { return false } + // Skip crash reporting for local/development builds so that dev-time panics + // and errors are not shipped to Sentry. Release pipelines (goreleaser and + // Homebrew Core) stamp a real semantic version via ldflags, whereas a local + // `make build`/`make install` stamps "dev" and a plain `go build` leaves it + // empty. + if buildinfo.Version == "" || buildinfo.Version == "dev" { + return false + } + if err := sentry.Init(sentry.ClientOptions{Dsn: SentryDSN}); err != nil { return false } diff --git a/internal/instrumentation/instrumentation_test.go b/internal/instrumentation/instrumentation_test.go new file mode 100644 index 000000000..044f0ebc3 --- /dev/null +++ b/internal/instrumentation/instrumentation_test.go @@ -0,0 +1,62 @@ +package instrumentation + +import ( + "errors" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/auth0/auth0-cli/internal/buildinfo" +) + +func TestReportException(t *testing.T) { + tests := []struct { + name string + sentryDSN string + version string + want bool + }{ + { + name: "skips when Sentry DSN is empty", + sentryDSN: "", + version: "1.32.0", + want: false, + }, + { + name: "skips for a plain go build with no version", + sentryDSN: "https://public@o0.ingest.sentry.io/0", + version: "", + want: false, + }, + { + name: "skips for a local dev build", + sentryDSN: "https://public@o0.ingest.sentry.io/0", + version: "dev", + want: false, + }, + { + name: "reports for a real release build", + sentryDSN: "https://public@o0.ingest.sentry.io/0", + version: "1.32.0", + want: true, + }, + } + + originalDSN := SentryDSN + originalVersion := buildinfo.Version + t.Cleanup(func() { + SentryDSN = originalDSN + buildinfo.Version = originalVersion + }) + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + SentryDSN = test.sentryDSN + buildinfo.Version = test.version + + got := ReportException(errors.New("boom")) + + assert.Equal(t, test.want, got) + }) + } +}