feat: add sentry-release deploy task

charts/tekton-pipelines/Chart.yaml

@@ -6,7 +6,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.35
+version: 0.1.36-dev.2
 
 
 maintainers:
@@ -120,3 +120,18 @@ description: |
   - name: kaniko_extra_args
     value: --build-arg=BASE_IMAGE=965067289393.dkr.ecr.us-west-2.amazonaws.com/saritasa/legacy/php:php71-smart-screen-base
   ```
+
+  Chart has possibility to perform `Sentry` releases if it is needed, you can configure it by updating below settings
+  in values.yaml:
+
+  ```yaml
+  sentry:
+    enabled: true
+    authTokenSecret: "sentry-auth-token"  # auth token to connect to Sentry API (change it if you have custom value)
+    authTokenSecretKey: "auth-token"      # key for auth token in `authTokenSecret` secret (change it if you have custom value)
+    org: "saritasa"                       # name of your Sentry organization (change it if you have custom value)
+    url: https://sentry.saritasa.rocks/   # Sentry url (change it if you have custom value)
+  ```
+
+  After configuring these values, you will have an extra step `sentry-release` after `argocd-deploy` one for buildpacks and kaniko
+  builds.

charts/tekton-pipelines/README.md

@@ -31,7 +31,7 @@ saritasa-tekton-pipelines
 
 ## `chart.version`
 
-![Version: 0.1.35](https://img.shields.io/badge/Version-0.1.35-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 0.1.36-dev.2](https://img.shields.io/badge/Version-0.1.36--dev.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 ## Maintainers
 
@@ -142,6 +142,21 @@ to specific project trigger-binding:
   value: --build-arg=BASE_IMAGE=965067289393.dkr.ecr.us-west-2.amazonaws.com/saritasa/legacy/php:php71-smart-screen-base
 ```
 
+Chart has possibility to perform `Sentry` releases if it is needed, you can configure it by updating below settings
+in values.yaml:
+
+```yaml
+sentry:
+  enabled: true
+  authTokenSecret: "sentry-auth-token"  # auth token to connect to Sentry API (change it if you have custom value)
+  authTokenSecretKey: "auth-token"      # key for auth token in `authTokenSecret` secret (change it if you have custom value)
+  org: "saritasa"                       # name of your Sentry organization (change it if you have custom value)
+  url: https://sentry.saritasa.rocks/   # Sentry url (change it if you have custom value)
+```
+
+After configuring these values, you will have an extra step `sentry-release` after `argocd-deploy` one for buildpacks and kaniko
+builds.
+
 ## `chart.valuesTable`
 
 | Key | Type | Default | Description |
@@ -188,13 +203,19 @@ to specific project trigger-binding:
 | images.kubeval | string | `"public.ecr.aws/saritasa/kubeval:0.16.1"` | kubeval image - validate Kubernetes manifests |
 | images.kustomize | string | `"registry.k8s.io/kustomize/kustomize:v5.0.0"` | kustomize cli |
 | images.python | string | `"saritasallc/python3:0.4"` | python image |
+| images.sentry_cli | string | `"getsentry/sentry-cli:2.19.1"` | sentry cli image - needs to prepare Sentry releases |
 | images.slack | string | `"cloudposse/slack-notifier:0.4.0"` | slack notifier |
 | images.yamlfix | string | `"public.ecr.aws/saritasa/yamlfix:1.8.1"` | yamlfix image - format yaml files |
 | kaniko.enabled | bool | `false` | should we enable the kaniko pipeline |
 | podTemplate | object | see values.yaml | default configuration to be added into each pod created by tekton engine we want to plave them in a specific node with added tolerations/taints. |
 | podTemplate.nodeSelector | object | `{"ci":"true"}` | node selector for pods spawned by tekton |
 | podTemplate.tolerations | list | `[{"effect":"NoSchedule","key":"ci","operator":"Equal","value":"true"}]` | tolerations |
 | saritasa-tekton.enabled | bool | `false` | should we configure dependency chart here. |
+| sentry.authTokenSecret | string | `"sentry-auth-token"` |  |
+| sentry.authTokenSecretKey | string | `"auth-token"` |  |
+| sentry.enabled | bool | `false` |  |
+| sentry.org | string | `"saritasa"` |  |
+| sentry.url | string | `"https://sentry.saritasa.rocks/"` |  |
 | wordpress.enabled | bool | `false` | should we enable the wordpress pipeline |
 
 ----------------------------------------------

charts/tekton-pipelines/templates/_snippets.tpl

@@ -46,6 +46,14 @@
 - name: branch
   type: string
   description: git branch
+
+- name: project
+  type: string
+  description: name of the project, which component is deployed
+
+- name: component
+  type: string
+  description: name of the application component, which is deployed
 {{- end}}
 
 {{- define "trigger-template.defaultParams" -}}
@@ -256,3 +264,24 @@ finally:
       - name: status
         value: "$(tasks.deploy.status)"
 {{- end }}
+
+# ┌──────────────────────────────────────────────────────────────────────────────┐
+# │ Sentry release reusable snippet in various pipelines                         │
+# │                                                                              │
+# └──────────────────────────────────────────────────────────────────────────────┘
+{{- define "task.sentryRelease" -}}
+- name: sentry-release
+  taskRef:
+    name:  sentry-release
+  params:
+    - name: project
+      value: "$(params.project)"
+    - name: environment
+      value: "$(params.environment)"
+    - name: component
+      value: "$(params.component)"
+    - name: source_subpath
+      value: "$(params.source_subpath)"
+  runAfter:
+    - deploy
+{{- end }}

charts/tekton-pipelines/templates/buildpacks/pipelines/_buildpack.yaml

@@ -13,7 +13,7 @@ spec:
     {{ include "pipeline.defaultDockerKubernetesParams" . | nindent 4 }}
 
     - name: repository_submodules
-      type: "string"
+      type: string
       description: defines whether repository should be initialized with submodules or not (if false value is set, it means no repository submodules would be downloaded)
       default: "true"
 
@@ -162,6 +162,10 @@ spec:
       runAfter:
         - kustomize
 
+  {{ if .sentry.enabled }}
+    {{ include "task.sentryRelease" . | nindent 4 }}
+  {{ end }}
+
   {{ include "task.finalNotification" . | nindent 2 }}
 ---
 {{- end }}

charts/tekton-pipelines/templates/buildpacks/pipelines/buildpack.yaml

@@ -1,5 +1,5 @@
 {{- range $pipeline := .Values.buildpacks.generate }}
-{{$data := dict "pipeline" $pipeline "namespace" $.Release.Namespace }}
+{{$data := dict "pipeline" $pipeline "namespace" $.Release.Namespace "sentry" $.Values.sentry}}
 {{ if and $.Values.buildpacks.enabled $pipeline.enabled }}
 {{ include "pipeline.buildpack" $data }}
 {{ end }}

charts/tekton-pipelines/templates/common/tasks/sentry-release.yaml

@@ -0,0 +1,66 @@
+{{ if .Values.sentry.enabled }}
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: sentry-release
+  namespace: {{ .Release.Namespace }}
+
+spec:
+  description: >-
+    The task prepares and deploys sentry release for projects, which exist in Sentry.
+
+  params:
+    - name: project
+      type: string
+      description: name of the project, which component is deployed
+    - name: component
+      type: string
+      description: name of the application component, which is deployed
+    - name: environment
+      type: string
+      description: environment name of the app being built, i.e. dev/staging/prod
+    - name: source_subpath
+      type: string
+      description: a subpath within the `source` input where the source to build is located
+
+  stepTemplate:
+    env:
+      - name: SENTRY_AUTH_TOKEN
+        valueFrom:
+          secretKeyRef:
+            name: {{ .Values.sentry.authTokenSecret }}
+            key: {{ .Values.sentry.authTokenSecretKey }}
+      - name: SENTRY_ORG
+        value: {{ .Values.sentry.org }}
+      - name: SENTRY_URL
+        value: {{ .Values.sentry.url }}
+
+  steps:
+    - name: release
+      image: {{ .Values.images.sentry_cli }}
+      imagePullPolicy: {{ .Values.imagePullPolicy }}
+      script: |
+        #!/usr/bin/env bash
+        set +x
+
+        sentry-cli login
+        PROJECT=$(sentry-cli projects list | awk -v col=4 '{print $col}' | grep ^$(params.project)-$(params.component)$)
+        if [[ -z "${PROJECT}" ]]; then
+          echo "Didn't find '$(params.project)-$(params.component)' project in Sentry. Skip this step."
+          exit 0
+        fi
+
+        VERSION=$(sentry-cli releases propose-version)
+        sentry-cli releases new -p ${PROJECT} ${VERSION}
+        sentry-cli releases set-commits --auto --ignore-missing -p ${PROJECT} ${VERSION}
+
+        # needs to upload source maps for `frontend` projects
+        if [[ $(context.pipeline.name) == {{ .Values.buildpacks.generate.buildpackFrontendBuildPipeline.name }} ]]; then
+          echo "Upload source maps for `frontend` project"
+          sentry-cli releases files -p ${PROJECT} ${VERSION} upload-sourcemaps $(params.source_subpath)
+
+        fi
+
+        sentry-cli releases deploys -p ${PROJECT} ${VERSION} new -e $(params.environment)
+        sentry-cli releases finalize -p ${PROJECT} ${VERSION}'"
+{{ end }}

charts/tekton-pipelines/templates/kaniko/pipeline.yaml

@@ -28,6 +28,11 @@ spec:
       description: extra args to be passed into kaniko builder
       default: ''
 
+    - name: source_subpath
+      type: string
+      description: a subpath within the `source` input where the source to build is located.
+      default: ""
+
   workspaces:
     - name: source
 
@@ -98,6 +103,10 @@ spec:
       runAfter:
         - kustomize
 
+  {{ if .Values.sentry.enabled }}
+    {{ include "task.sentryRelease" . | nindent 4 }}
+  {{ end }}
+
   {{ include "task.finalNotification" . | nindent 2 }}
 
 {{ end }}

charts/tekton-pipelines/templates/kaniko/trigger-template.yaml

@@ -31,6 +31,10 @@ spec:
       default: ''
       description: additional arguments to pass to 'kaniko build' (similar to 'docker build')
 
+    - name: source_subpath
+      description: a subpath within the `source` input where the source to build is located.
+      default: ""
+
   resourcetemplates:
   - kind: PipelineRun
     apiVersion: tekton.dev/v1beta1
@@ -58,6 +62,12 @@ spec:
           value: "$(tt.params.kaniko_extra_args)"
         - name: repository_submodules
           value: "$(tt.params.repository_submodules)"
+        - name: source_subpath
+          value: "$(tt.params.source_subpath)"
+        - name: project
+          value: "$(tt.params.project)"
+        - name: component
+          value: "$(tt.params.component)"
 
       resources:
         {{- include "pipeline.defaultResources" . | nindent 8 }}

charts/tekton-pipelines/values.yaml

@@ -27,6 +27,8 @@ images:
   yamlfix: public.ecr.aws/saritasa/yamlfix:1.8.1    # https://lyz-code.github.io/yamlfix/
   # -- kubeval image - validate Kubernetes manifests
   kubeval: public.ecr.aws/saritasa/kubeval:0.16.1    # https://kubeval.instrumenta.dev/
+  # -- sentry cli image - needs to prepare Sentry releases
+  sentry_cli: getsentry/sentry-cli:2.19.1    # https://github.com/getsentry/sentry-cli/
 
 
 # ┌──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
@@ -381,3 +383,15 @@ podTemplate:
 saritasa-tekton:
   # -- should we configure dependency chart here.
   enabled: false
+
+
+# ┌──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
+# │ Sentry                                                                                                               │
+# │                                                                                                                      │
+# └──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
+sentry:
+  enabled: false
+  authTokenSecret: "sentry-auth-token"  # auth token to connect to Sentry API
+  authTokenSecretKey: "auth-token"
+  org: "saritasa"
+  url: https://sentry.saritasa.rocks/