search

getsentry / sentry-cli

A command line utility to work with Sentry.
https://docs.sentry.io/cli/
BSD 3-Clause "New" or "Revised" License
898 stars 221 forks source link

Sentry CLI Xcode build phase fails silently #1915

Closed lionel-alves closed 8 months ago

lionel-alves commented 8 months ago

Environment

What version of the CLI and what OS are you running?

macOS 14.1 Xcode 15.2 (15C500b) Sentry CLI 2.26.0

Steps to Reproduce

Related to https://github.com/getsentry/sentry-cli/issues/1895

Execute the following command in the run build script build phase.

sentry-cli debug-files upload --include-sources "$DWARF_DSYM_FOLDER_PATH"

I was able to reproduce this issue en 2.26.0 and 2.21.3 as well.

Expected Result

The command should finish uploading debug files in the background.

Actual Result

The command stopped after going to the background without any error, no files were uploaded.

Logs

When filing a bug report, please attach debug logs, either by using --log-level=debug flag or SENTRY_LOG_LEVEL=debug environment variable.

Before going to the background:

  DEBUG   2024-01-24 22:15:21.475418 +01:00 sentry-cli version: 2.21.3, platform: "darwin", architecture: "arm64"
  INFO    2024-01-24 22:15:21.475577 +01:00 sentry-cli was invoked with the following command line: "sentry-cli" "debug-files" "upload" "--include-sources" "/Users/.../Library/Developer/Xcode/DerivedData/...-hczxkiymbkgecveoyxfadvexicxk/Build/Products/Debug-iphonesimulator"
  INFO    2024-01-24 22:15:21.475587 +01:00 Issuing a command for Organization: ... Project: ...
Continuing in background.

Not sure how to get the logs after that.

szokeasaurusrex commented 8 months ago

Thank you for reporting! It would be extremely helpful to get the logs from the background, though. Perhaps @krystofwoldrich would know how you can obtain the logs, since he was able to include them on #1895

krystofwoldrich commented 8 months ago

@lionel-alves Thank you for testing it with the older CLI version.

But you should be able to find the file in $TMPDIR, after running the Build Phase, the file name is a UUID v4.

szokeasaurusrex commented 8 months ago

@lionel-alves We just released version 2.27.0, which includes the #1920 change that @krystofwoldrich mentioned above. This change will print the log output file path when the CLI goes into the background.

Please share the background logs with us, so we can investigate your issue.

lionel-alves commented 8 months ago

@szokeasaurusrex @krystofwoldrich Here is what I am getting:

  DEBUG   2024-02-01 11:25:46.334556 +01:00 request GET https://sentry.io/api/0/organizations/wave-ll/chunk-upload/
  DEBUG   2024-02-01 11:25:46.334655 +01:00 using token authentication
  DEBUG   2024-02-01 11:25:46.334701 +01:00 retry number 0, max retries: 0
  DEBUG   2024-02-01 11:25:46.391652 +01:00 > GET /api/0/organizations/wave-ll/chunk-upload/ HTTP/1.1
  DEBUG   2024-02-01 11:25:46.391698 +01:00 > Host: sentry.io
  DEBUG   2024-02-01 11:25:46.391777 +01:00 > Accept: */*
  DEBUG   2024-02-01 11:25:46.391822 +01:00 > Connection: TE
  DEBUG   2024-02-01 11:25:46.391883 +01:00 > TE: gzip
  DEBUG   2024-02-01 11:25:46.392021 +01:00 > User-Agent: sentry-cli/2.27.0
  DEBUG   2024-02-01 11:25:46.392612 +01:00 > Authorization: Bearer sntrys_e***
  DEBUG   2024-02-01 11:25:46.956526 +01:00 < HTTP/1.1 200 OK
  DEBUG   2024-02-01 11:25:46.956587 +01:00 < server: nginx
  DEBUG   2024-02-01 11:25:46.956611 +01:00 < date: Thu, 01 Feb 2024 10:25:46 GMT
  DEBUG   2024-02-01 11:25:46.956630 +01:00 < content-type: application/json
  DEBUG   2024-02-01 11:25:46.956646 +01:00 < vary: Accept-Encoding,Accept-Language, Cookie
  DEBUG   2024-02-01 11:25:46.956657 +01:00 < allow: GET, POST, HEAD, OPTIONS
  DEBUG   2024-02-01 11:25:46.956669 +01:00 < access-control-allow-methods: GET, POST, HEAD, OPTIONS
  DEBUG   2024-02-01 11:25:46.956687 +01:00 < access-control-allow-headers: X-Sentry-Auth, X-Requested-With, Origin, Accept, Content-Type, Authentication, Authorization, Content-Encoding, sentry-trace, baggage, X-CSRFToken
  DEBUG   2024-02-01 11:25:46.956699 +01:00 < access-control-expose-headers: X-Sentry-Error, X-Sentry-Direct-Hit, X-Hits, X-Max-Hits, Endpoint, Retry-After, Link
  DEBUG   2024-02-01 11:25:46.956709 +01:00 < access-control-allow-origin: *
  DEBUG   2024-02-01 11:25:46.956728 +01:00 < x-sentry-rate-limit-remaining: 39
  DEBUG   2024-02-01 11:25:46.956737 +01:00 < x-sentry-rate-limit-limit: 40
  DEBUG   2024-02-01 11:25:46.956754 +01:00 < x-sentry-rate-limit-reset: 1706783147
  DEBUG   2024-02-01 11:25:46.956769 +01:00 < x-sentry-rate-limit-concurrentremaining: 24
  DEBUG   2024-02-01 11:25:46.956782 +01:00 < x-sentry-rate-limit-concurrentlimit: 25
  DEBUG   2024-02-01 11:25:46.956794 +01:00 < content-language: en
  DEBUG   2024-02-01 11:25:46.956805 +01:00 < x-frame-options: deny
  DEBUG   2024-02-01 11:25:46.956818 +01:00 < x-content-type-options: nosniff
  DEBUG   2024-02-01 11:25:46.956828 +01:00 < x-xss-protection: 1; mode=block
  DEBUG   2024-02-01 11:25:46.956849 +01:00 < content-security-policy: base-uri 'none'; img-src blob: data: *; font-src * data:; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; object-src 'self'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; style-src 'unsafe-inline' *; media-src *; frame-ancestors 'self' *.sentry.io; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; default-src 'none'; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=c7ecde2f5e839a9609d84f9d2b3b10203d3e5285
  DEBUG   2024-02-01 11:25:46.956863 +01:00 < x-envoy-attempt-count: 1
  DEBUG   2024-02-01 11:25:46.956873 +01:00 < x-envoy-upstream-service-time: 456
  DEBUG   2024-02-01 11:25:46.956885 +01:00 < x-served-by: getsentry-web-rpc-production-59bf8999f7-zshkx
  DEBUG   2024-02-01 11:25:46.956901 +01:00 < x-sentry-proxy-url: http://10.2.0.67:8999/api/0/organizations/wave-ll/chunk-upload/
  DEBUG   2024-02-01 11:25:46.956912 +01:00 < x-served-by: getsentry-control-web-default-common-production-canary-86729nsb
  DEBUG   2024-02-01 11:25:46.956938 +01:00 < x-served-by: frontend-default-7f5bf75576-5zdwn
  DEBUG   2024-02-01 11:25:46.956949 +01:00 < strict-transport-security: max-age=31536000; includeSubDomains; preload
  DEBUG   2024-02-01 11:25:46.956962 +01:00 < via: 1.1 google
  DEBUG   2024-02-01 11:25:46.956974 +01:00 < Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  DEBUG   2024-02-01 11:25:46.956988 +01:00 < Transfer-Encoding: chunked
  DEBUG   2024-02-01 11:25:46.957922 +01:00 response status: 200
  DEBUG   2024-02-01 11:25:46.957941 +01:00 body: {"url":"organizations/wave-ll/chunk-upload/","chunkSize":8388608,"chunksPerRequest":64,"maxFileSize":2147483648,"maxRequestSize":33554432,"concurrency":8,"hashAlgorithm":"sha1","compression":["gzip"],"accept":["debug_files","release_files","pdbs","sources","bcsymbolmaps","il2cpp","portablepdbs","artifact_bundles","artifact_bundles_v2"]}
error: Operation not permitted (os error 1)
error: Failed to display Xcode dialog
  caused by: script error: execution error: Error: Error: A privilege violation occurred. (-10004)

  DEBUG   2024-02-01 11:25:47.064056 +01:00 skipping update nagger because session is not attended

FYI the file is created and deleted very quickly after, I had to use fswatch to get those logs.

szokeasaurusrex commented 8 months ago

Hey @lionel-alves we had an issue recently where someone received a similar "Operation not permitted" error message. The root cause of the issue was that the .sentryclirc configuration file that the Sentry CLI needed to access was not specified as an "input file" to the run script, and therefore Xcode blocked access to it (Xcode run scripts are sandboxed).

In your case, it might be that the Xcode sandbox is blocking access to the DSYM files. Could you try adding these to the run script's input files list, as I describe in this comment (of course, replacing .sentryclirc with the DSYM file path)?

lionel-alves commented 8 months ago

Hey @szokeasaurusrex, thanks for your feedback but I didn't use .sentryclirc (set all the arg directly in the command) for now. Adding --force-foreground let me see more logs in Xcode:

Sandbox: sentry-cli(77048) deny(1) file-read-data /.../Info.plist
Sandbox: sentry-cli(77048) deny(1) file-read-data /.../Library/Developer/Xcode/DerivedData/Wave-hczxkiymbkgecveoyxfadvexicxk/Build/Products/Debug-iphonesimulator/FirebaseAuthCombineSwift.o
Operation not permitted (os error 1)
szokeasaurusrex commented 8 months ago

thanks for your feedback but I didn't use .sentryclirc (set all the arg directly in the command) for now.

@lionel-alves, yes, I understand that you are not using .sentryclirc. As I already stated in my previous comment, I believe in your case that the cause is that the Xcode sandbox is blocking access to the DSYM files. The output you provided in your most recent comment confirms the Xcode sandbox is blocking the access.

As I additionally already stated in my previous comment, your problem is most likely going to be solved by adding the DSYM files to the Xcode run script's input file lists, similar to how I suggested adding the .sentryclirc file to the list on this comment. Of course, in your case, you need to replace .sentryclirc with the path to the DSYM files 😃

Hope that helps! Please let me know if you are still confused or have any other struggles

lionel-alves commented 8 months ago

Disabling ENABLE_USER_SCRIPT_SANDBOXING in the Build Settings fixes the issue for me.