sentry-cli: Broken source file after uploading sourcemaps

Environment

v2.15.1

Steps to Reproduce

Uploading sourcemaps produces a broken source file.

Screenshot 2023-03-17 at 7 43 58 PM

This is a very severe error as it prevented the page from loading. Rolling back to v2.14.4 fixed the issue, I suspect that some source code modifications when adding debug ids caused this.

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Reactions: 1
  • Comments: 17 (10 by maintainers)

Most upvoted comments

There are two things here. One is that we need to reconsider how we do the injection. The other is that this was in a minor release. This was missed because the assumption was made that an org had to be feature flagged in to use the new debug ID based upload but the injection was already turned on by default in all cases. We will do a postmortem here and also investigate alternatives to how we do the injections.

+3
mitsuhiko on Mar 20, 2023

Issues with incorrect injection should be resolved.

+1
loewenheim on Apr 17, 2023

Hi everyone! Another update from our team.

We went through this incident recently to figure out what happened, and this is our conclusion:

We have feature-flags in place for this whole feature, both in our backend code, and in other places of sentry-cli. The companion sentry-cli inject command is completely hidden for example. When integrating that code path into the sentry-cli upload command, it should have been feature-flagged as well. The injection was not meant to be turned on by default. This was a major oversight that slipped past us, and we are sorry this has caused such pain for our users.

We were pushing for a working prototype to test and dogfood, to validate that our ideas are actually working as intended. In this phase of the development, we did not consider every use case. For example, SRI was not on our radar so far.

Some of the confusion might also come from the fact that this has been an almost “secret” initiative, with only some internal documentation around it. We should have involved our customers and the broader JS tools community earlier in the planning.

To remedy this situation, we have prepared a public (Sentry) RFC to solicit feedback and discussion: https://github.com/getsentry/rfcs/pull/81 This document explains what problems we like to solve, and why we need to modify files prior to deployment, and what the snippet does that we inject.

We would love to hear your feedback on this proposal, and would like to learn more about how you deploy your JS code. Based on the feedback in this thread, I have expanded the proposal with a discussion around what SRI is and how it factors into all of this. I’m sure I have not anticipated all the edge-cases, and there sure are more gaps to fill. Please provide your feedback and help us understanding this better.

+1
Swatinem on Mar 23, 2023
Read more comments on GitHub
← sentry-cli: [Breaking change] React Native symbol upload iOS now requires version name parameter
sentry-cli: Cannot upload Debug Symbol using Xcode Build phase →