Android Appcenter builds started failing on: Task :app:createBundleReleaseUatJsAndAssets_SentryUpload FAILED because of 403

[JeffreyVanelderenACA]

Environment

• react-native: 0.72.5
• Platform: Android

@sentry-internal/tracing@7.73.0 @sentry/browser@7.73.0 @sentry/cli@2.21.2 @sentry/core@7.73.0 @sentry/hub@7.73.0 @sentry/integrations@7.73.0 @sentry/react-native@5.11.1 @sentry/react@7.73.0 @sentry/replay@7.73.0 @sentry/types@7.73.0 @sentry/utils@7.73.0

Steps to Reproduce

Nothing changed in our code, but builds started failing since yesterday (February the 1st)

Expected Result

Builds succeeding like before. I also tried rotating the auth.token in the sentry.properties files but no luck. (auth.token from properties file is probably unrelated to the token in the 403 call during build)

There are also user auth tokens, but I'm not sure if we ever had one of those and if one is needed during our build step? Are those tokens used for the api call we now get a 403 error on?

Actual Result

error: API request failed
  caused by: sentry reported an error: You do not have permission to perform this action. (http status: 403)

Logs

> Task :app:createBundleReleaseUatJsAndAssets_SentryUpload_XXX@XXX+XXX FAILED
Copy `debugId` from packager source map to Hermes source map...
Packager source map does not have `debugId`.
Check generated source map for Debug ID: /Users/runner/work/1/s/android/app/build/generated/sourcemaps/react/releaseUat/index.android.bundle.map does not contain 'debugId' nor 'debug_id'.

Sentry Source Maps upload will include the release name and dist.
Sentry-CLI arguments: [/Users/runner/work/1/s/node_modules/@sentry/cli/bin/sentry-cli, react-native, gradle, --bundle, /Users/runner/work/1/s/android/app/build/generated/assets/createBundleReleaseUatJsAndAssets/index.android.bundle, --sourcemap, /Users/runner/work/1/s/android/app/build/generated/sourcemaps/react/releaseUat/index.android.bundle.map, --release, XXX@XXX+XXX, --dist, 1706714128]
Processing react-native sourcemaps for Sentry upload.
> Analyzing 2 sources
  INFO    2024-01-31 15:54:00.114979 +00:00 Loaded file referenced by SENTRY_PROPERTIES (/Users/runner/work/1/s/android/sentry.properties)
error: API request failed
  caused by: sentry reported an error: You do not have permission to perform this action. (http status: 403)

Add --log-level=[info|debug] or export SENTRY_LOG_LEVEL=[info|debug] to see more output.
Please attach the full debug log to all bug reports.
> Rewriting sources
> Adding source map references

> Task :app:createBundleReleaseUatJsAndAssets_SentryUploadCleanUp SKIPPED

FAILURE: Build failed with an exception.

* Where:
Script '/Users/runner/work/1/s/node_modules/@sentry/react-native/sentry.gradle' line: 143

* What went wrong:
Execution failed for task ':app:createBundleReleaseUatJsAndAssets_SentryUpload_XXX@XXX+XXX'.
> Process 'command '/Users/runner/work/1/s/node_modules/@sentry/cli/bin/sentry-cli'' finished with non-zero exit value 1

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/8.0.1/userguide/command_line_interface.html#sec:command_line_warnings
583 actionable tasks: 559 executed, 24 up-to-date

BUILD FAILED in 18m 14s
Error: /Users/runner/work/1/s/android/gradlew failed with return code: 1
    at ChildProcess.<anonymous> (/Users/runner/work/_tasks/Gradle_8d8eebd8-2b94-4c97-85af-839254cc6da4/1.128.0/node_modules/vsts-task-lib/toolrunner.js:569:30)
    at emitTwo (events.js:106:13)
    at ChildProcess.emit (events.js:191:7)
    at maybeClose (internal/child_process.js:920:16)
    at Socket.<anonymous> (internal/child_process.js:351:11)
    at emitOne (events.js:96:13)
    at Socket.emit (events.js:188:7)
    at Pipe._handle.close [as _onclose] (net.js:509:12)
##[error]Error: /Users/runner/work/1/s/android/gradlew failed with return code: 1
##[section]Finishing: Gradle Task

[szokeasaurusrex]

Hi @JeffreyVanelderenACA, you are correct, the Sentry CLI uses a different auth token from what auth.token in the sentry.properties file (I believe the sentry.properties file is only used by the Sentry-Java SDK).

The Sentry CLI searches for the auth token in a different file, .sentryclirc. The easiest way to correct any problems you are facing is to simply run the sentry-cli login command – the command should automatically correct your auth token configuration. Please make sure you run the command from the same directory that you are running the build from.

If you still have trouble after running sentry-cli login, please upgrade to the latest Sentry CLI version, and try sentry-cli login again.

If, after all of the above, you are still struggling, please let me know!

[ramnavan]

@szokeasaurusrex - What should be the value in sentry.properties if not the organization auth token - which is what sentry-cli login enables you to create.

[JeffreyVanelderenACA]

@szokeasaurusrex Hi, I was able to run the sentry-cli command and retrieve the token. I also upgraded Sentry to the latest version. The .sentryclirc file is now also created during my build phase, and it looks like the issues are fixed. Apparently, the customer changed its paid plan with Sentry and we think it might've caused these 403's to occur.

The only thing I think is weird is that we've never had the .sentryclirc file with a user token, and now we need it to be able to build. Do you happen to know if that is a requirement that's needed now for Sentry?

[szokeasaurusrex]

@JeffreyVanelderenACA glad to hear you were able to fix the problem! I will go ahead and close the issue since everything is working now.

The only thing I think is weird is that we've never had the .sentryclirc file with a user token, and now we need it to be able to build. Do you happen to know if that is a requirement that's needed now for Sentry?

Source map upload has always required providing an auth token. There are several ways to provide the auth token to the Sentry CLI. One of the ways to provide the auth token is by adding it to .sentryclirc, which is what the sentry-cli login command does automatically, but you can also export it as the SENTRY_AUTH_TOKEN environment variable or pass it as a command-line argument (--auth-token) when calling the CLI. You can read more details about each of these methods on the relevant docs page.

You were likely using one of these alternative methods previously, otherwise your sourcemap uploads would have never worked.

[szokeasaurusrex]

What should be the value in sentry.properties if not the organization auth token - which is what sentry-cli login enables you to create.

@ramnavan Your question is a bit vague, could you please explain exactly what you would like to know?

What I can mention is that sentry.properties is separate from the Sentry CLI, as sentry.properties is used for configuring the Sentry Java SDK. Many values can be set in sentry.properties, please see our docs page on configuring Sentry-Java for more information.

sentry-cli login helps you to create an auth token and save it to the .sentryclirc file, which stores configuration options for the Sentry CLI.