Error stack trace not deobfuscated when using codepush bundle (Hermes + codepush)

[brainbicycle]

OS:

• [ ] Windows
• [x] MacOS
• [ ] Linux

Platform:

• [x] iOS
• [ ] Android

SDK:

• [x] @sentry/react-native (>= 1.0.0)
• [ ] react-native-sentry (<= 0.43.2)

SDK version: 5.9.1

react-native version: 0.70.13

Are you using Expo?

• [ ] Yes
• [x] No

Are you using sentry.io or on-premise?

• [x] sentry.io (SaaS)
• [ ] on-premise

If you are using sentry.io, please post a link to your issue so we can take a look:

~Link to issue~

Apologies wrong issue, this is the correct one: Link to issue

Configuration:

(@sentry/react-native)

Sentry.init({
    dsn: sentryDSN,
    release: eigenSentryReleaseName(),
    dist: DeviceInfo.getBuildNumber(),
    enableAutoSessionTracking: true,
    autoSessionTracking: true,
    enableWatchdogTerminationTracking: false,
    ...props,
  })

---

I have following issue:

When downloading and running a codepush bundle in our application errors generated are showing up with their stack traces not deobfuscated in sentry.

Steps to reproduce:

• Step 1 - set the codepush release name in the project to be consumed in sentry init
• Step 2 - bundle javascript and sourcemaps - using command yarn bundle:ios
• Step 3 - upload the bundle to codepush
• Step 4 - create a corresponding release and upload sourcemaps to sentry
• Step 5 - download the bundle in beta
• Step 6 - trigger a sentry error
• Step 7 - find the error in sentry and observe the stack trace

Extra context:

• you can see the current codepush bundling + upload process here: https://github.com/artsy/eigen/blob/93f05cb59aec5e8cde141d1ab6184f6d2a2a6c26/fastlane/Fastfile#L585
• I have tried 2 methods: using the bundling + sourcemap creation that happens automatically when running the codepush appcenter codepush release-react command and uploading those to sentry and using our own bundle and sourcemap creation command and uploading those to sentry, neither seem to work as intended.
• When triggering an error from the beta without a codepush bundle the stack trace shows up as expected: https://artsynet.sentry.io/issues/4459370240/?project=5867225

Actual result:

The error shows up in sentry attached to the correct release but with a stack trace referencing app:///main.jsbundle rather than the deobfuscated code.

Expected result:

The error shows up in sentry with a clean stack trace referencing our deobfuscated code:

[krystofwoldrich]

Hi, thank you for the message and all the details and links.

At first glance, the linked issue and its release don't have a source map uploaded only the Hermes bundle. I'm looking closer into why that is.

[krystofwoldrich]

After checking the appcenter command you linked I'veleive the source maps are simply not generated. Based on the appcenter cli code you have to include --sourcemap-output followed by a filepath of the source map or --sourcemap-output-dir followed by a dir path.

See https://github.com/getsentry/sentry-docs/pull/7791 on how you can set the paths and update the sentry-cli upload command.

[brainbicycle]

hey, thanks for the quick reply! Apologies, I linked the wrong event, this is the correct one: https://artsynet.sentry.io/issues/4445800999/events/1497fa1b7a2e487fa39c44fdd7acef5b/?project=5867225

You can see in this event, and the associated release: https://artsynet.sentry.io/releases/codepush-staging-8.20.0-2023.09.08.13/?project=5867225 there is a sourcemap attached but the stack trace is still showing obfuscated.

The sourcemap is generated in the yarn bundle:ios command above the line linked.

[krystofwoldrich]

@brainbicycle Thanks for the extra links. I see what's happening.

yarn bundle:ios creates Hermes bundle and source map which is then uploaded to Sentry. But this Bundle is not the same as the one generated by the appcenter codepush command.

Emitting source maps in Hermes bundles has side effects. If Hermes bytecode bundle is created without a source map, the compiler includes Hermes debug information in the bundle and then the packager source maps must be used to symbolicate the js stack trace. If Hermes bundle is created with source map the Hermes debug information is stripped and the Hermes Composed source map must be used.

You are uploading the Composed Source Map but the bundle distributed by CodePush is with Hermes Debug Information and therefore requires Packager Source Map.

To fix this you can add the source map and output flags to the CodePush command.

-c ../dist I believe this flag is ignored by the CodePush command. It doesn't use the bundle from the folder. It always generates a new one -> https://github.com/microsoft/appcenter-cli/blob/7b637743eec2fd4e960823bfa76fe568c4f5e4ff/src/commands/codepush/release-react.ts#L246

[brainbicycle]

thanks for taking a look @krystofwoldrich ! I updated our appcenter upload command to generate and use that bundle and sourcemap I believe. Here is the updated script: https://github.com/artsy/eigen/blob/99e418754373d27c7a7a898f348917f8f17a11b1/fastlane/Fastfile#L330

This was the command output when running the lane: appcenter codepush release-react --token <REDACTED> --app mobile-artsy/Eigen --deployment-name Staging --development false --description "'test sentry again - yellow'" --mandatory --target-binary-version 8.21.0 --output-dir ./build --sourcemap-output ./build/CodePush/main.jsbundle.map

However it seems the generated error still is not deobfuscated correctly sorry to say: https://artsynet.sentry.io/issues/4445800999/events/latest/?project=5867225

[krystofwoldrich]

@brainbicycle Thanks for the update, it looks like the dist that is reported in the event and the dist for which the source map is uploaded don't match.

2023.09.14.16 is reported but source maps are uploaded for 2023.09.14.12

[brainbicycle]

🤦 I should have known it was something silly, thanks so much for taking a look!

Working now as intended! https://artsynet.sentry.io/issues/4480297313/?project=5867225