ci(build): Add snapshot release workflow (#3212)

runningcode · claude · szokeasaurusrex · web-flow · commit a1e2592ec7ce · 2026-03-19T16:49:56.000+01:00
## Summary Adds a `workflow_dispatch`-triggered snapshot release pipeline that reuses the existing build workflow, enabling on-demand pre-release builds from any branch. For now we are only publishing to npm under the snapshot tag. ## Background We want to allow easy snapshot releases to ease internal testing as well as customer testing. ### What it does - **New `snapshot.yml` workflow**: Computes a semver-compliant snapshot version (e.g. `3.4.0-snapshot.20260312.abc1234`) by bumping the minor version from `Cargo.toml`, patches all version files via `scripts/bump-version.sh`, pushes a temporary snapshot branch, then triggers the build - **Makes `build.yml` callable**: Adds `workflow_call` inputs (`skip-signing`, `is-snapshot`, `checkout-ref`) so the snapshot workflow can reuse the full build matrix - **Skips unnecessary steps for snapshots**: macOS code signing/notarization, Python package builds, Docker image builds, and the release merge job are all conditionally skipped - **Publishes to npm under `snapshot` tag**: Platform-specific binary packages and the main `@sentry/cli` package are published with `--tag snapshot` so they don't affect the `latest` tag - **Cleans up after itself**: The temporary snapshot branch is deleted after publishing (or on failure) 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Daniel Szoke <7881302+szokeasaurusrex@users.noreply.github.com>
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,6 +4,14 @@ on:
   push:
     branches:
       - release/**
+  workflow_call:
+    inputs:
+      is-snapshot:
+        type: boolean
+        default: false
+      checkout-ref:
+        type: string
+        default: ''
 
 jobs:
   linux:
@@ -32,6 +40,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       - name: Add Rustup Target
         run: |
@@ -68,6 +78,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       - name: Add Rustup Target
         run: rustup target add ${{ matrix.target }}
@@ -155,6 +167,8 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       - name: Install `rcodesign`
         run: |
@@ -219,6 +233,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       # When rustup is updated, it tries to replace its binary, which on Windows is somehow locked.
       # This can result in the CI failure, see: https://github.com/rust-lang/rustup/issues/3029
@@ -251,6 +267,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # 6.2.0
         with:
@@ -280,10 +298,13 @@ jobs:
           if-no-files-found: 'error'
 
   python-base:
+    if: ${{ !inputs.is-snapshot }}
     name: python (base)
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
       - name: Add Rustup Target
         run: rustup target add x86_64-unknown-linux-musl
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # 6.2.0
@@ -297,11 +318,14 @@ jobs:
           if-no-files-found: 'error'
 
   python:
+    if: ${{ !inputs.is-snapshot }}
     name: python
     runs-on: ubuntu-24.04
     needs: [linux, sign-macos-binaries, windows, python-base]
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # 6.2.0
         with:
           python-version: '3.11'
@@ -328,6 +352,8 @@ jobs:
     needs: [linux, sign-macos-binaries, windows]
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
       - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # 6.2.0
         with:
           node-version: '20.10.0'
@@ -366,6 +392,7 @@ jobs:
           if-no-files-found: 'error'
 
   platform-specific-docker:
+    if: ${{ !inputs.is-snapshot }}
     name: Build Docker Image (${{ matrix.platform }})
     strategy:
       matrix:
@@ -380,6 +407,8 @@ jobs:
       packages: write
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # 4.0.0
@@ -402,6 +431,7 @@ jobs:
           cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
 
   multiarch-docker:
+    if: ${{ !inputs.is-snapshot }}
     name: Create Multi-Architecture Docker Image
     needs: platform-specific-docker
     runs-on: ubuntu-24.04
@@ -422,6 +452,7 @@ jobs:
             ghcr.io/${{ github.repository }}:${{ github.sha }}-arm64
 
   merge:
+    if: ${{ !inputs.is-snapshot }}
     name: Create Release Artifact
     runs-on: ubuntu-24.04
     needs: [linux, sign-macos-binaries, windows, npm-distributions, node, python]
diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
@@ -0,0 +1,117 @@
+name: Snapshot Release
+
+on:
+  push:
+    branches: [master]
+
+permissions:
+  contents: write
+
+jobs:
+  prepare:
+    name: Prepare Snapshot
+    runs-on: ubuntu-24.04
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+      ref: ${{ steps.push.outputs.ref }}
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+
+      # Computes a semver-compliant snapshot version based on the current
+      # version in Cargo.toml. The patch version is bumped so that the
+      # snapshot sorts higher than the current release but lower than the
+      # next real release. For example, if Cargo.toml has 3.3.1, the
+      # snapshot version will be 3.3.2-snapshot.20260312.abc1234.
+      - name: Compute snapshot version
+        id: version
+        run: |
+          CURRENT=$(cargo metadata --no-deps --format-version 1 \
+            | jq -er '(.workspace_default_members[0]) as $id | .packages[] | select(.id == $id) | .version')
+          MAJOR=$(echo "$CURRENT" | cut -d. -f1)
+          MINOR=$(echo "$CURRENT" | cut -d. -f2)
+          PATCH=$(echo "$CURRENT" | cut -d. -f3)
+          NEXT_PATCH=$((PATCH + 1))
+          DATE=$(date -u +%Y%m%d)
+          SHORT_SHA=$(git rev-parse --short HEAD)
+          VERSION="${MAJOR}.${MINOR}.${NEXT_PATCH}-snapshot.${DATE}.${SHORT_SHA}"
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          echo "current=$CURRENT" >> "$GITHUB_OUTPUT"
+          echo "Snapshot version: $VERSION"
+
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # 6.2.0
+        with:
+          node-version: '20.10.0'
+
+      - name: Bump versions
+        run: scripts/bump-version.sh "${{ steps.version.outputs.current }}" "${{ steps.version.outputs.version }}"
+
+      - name: Push snapshot branch
+        id: push
+        run: |
+          BRANCH="snapshot/${{ steps.version.outputs.version }}"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git checkout -b "$BRANCH"
+          git add -A
+          git commit -m "snapshot: ${{ steps.version.outputs.version }}"
+          git push origin "$BRANCH"
+          echo "ref=$BRANCH" >> "$GITHUB_OUTPUT"
+
+  build:
+    name: Build
+    needs: prepare
+    uses: ./.github/workflows/build.yml
+    with:
+      is-snapshot: true
+      checkout-ref: ${{ needs.prepare.outputs.ref }}
+    secrets: inherit
+
+  publish-npm:
+    name: Publish to npm
+    needs: [prepare, build]
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # 6.2.0
+        with:
+          node-version: '20.10.0'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Download npm binary distributions
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # 8.0.0
+        with:
+          name: artifact-npm-binary-distributions
+          path: npm-distributions
+
+      - name: Download node package
+        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # 8.0.0
+        with:
+          name: artifact-pkg-node
+          path: node-package
+
+      - name: Publish platform packages
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          for pkg in npm-distributions/*/*.tgz; do
+            echo "Publishing $pkg"
+            npm publish "$pkg" --tag snapshot
+          done
+
+      - name: Publish main package
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          npm publish node-package/*.tgz --tag snapshot
+
+  cleanup:
+    name: Cleanup
+    needs: [prepare, publish-npm]
+    if: always()
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Delete snapshot branch
+        if: needs.prepare.outputs.ref != ''
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh api -X DELETE "repos/${{ github.repository }}/git/refs/heads/${{ needs.prepare.outputs.ref }}"
