-
-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathinstall
More file actions
executable file
·276 lines (236 loc) · 9.43 KB
/
install
File metadata and controls
executable file
·276 lines (236 loc) · 9.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
#!/bin/bash
set -euo pipefail
RED='\033[0;31m'
MUTED='\033[0;2m'
NC='\033[0m'
# Sentry error telemetry — fire-and-forget error reporting via envelope API.
# Uses the CLI's public write-only DSN. No PII collected.
# Opt-out: SENTRY_CLI_NO_TELEMETRY=1
SENTRY_DSN_KEY="1188a86f3f8168f089450587b00bca66"
SENTRY_INGEST="https://o1.ingest.us.sentry.io"
SENTRY_PROJECT_ID="4510776311808000"
# Generate a UUID for the event. Tries /proc, uuidgen, then awk fallback.
gen_uuid() {
if [[ -r /proc/sys/kernel/random/uuid ]]; then
cat /proc/sys/kernel/random/uuid
elif command -v uuidgen >/dev/null 2>&1; then
uuidgen | tr '[:upper:]' '[:lower:]'
else
awk 'BEGIN{srand();for(i=1;i<=32;i++)printf "%c",substr("0123456789abcdef",int(rand()*16)+1,1);print ""}'
fi
}
# Send an error event to Sentry. Runs in a subshell in the background so it
# never blocks installation or propagates failures.
# Usage: report_error "message" "step-name"
report_error() {
# Respect the same opt-out as the CLI binary
[[ "${SENTRY_CLI_NO_TELEMETRY:-}" == "1" ]] && return 0
(
set +e # Telemetry must never fail the script
local msg="${1:-unknown error}"
local step="${2:-unknown}"
local event_id
event_id=$(gen_uuid | tr -d '-')
local timestamp
timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ" 2>/dev/null || echo "")
# Escape a value for safe JSON string interpolation
_esc() { printf '%s' "$1" | sed 's/\\/\\\\/g;s/"/\\"/g' | tr '\n' ' '; }
local json_msg; json_msg=$(_esc "$msg")
local json_step; json_step=$(_esc "$step")
local json_channel; json_channel=$(_esc "${requested_version:-stable}")
local json_version; json_version=$(_esc "${version:-unknown}")
local envelope
envelope=$(printf '%s\n%s\n%s' \
"{\"event_id\":\"${event_id}\",\"dsn\":\"https://${SENTRY_DSN_KEY}@o1.ingest.us.sentry.io/${SENTRY_PROJECT_ID}\"}" \
'{"type":"event"}' \
"{\"event_id\":\"${event_id}\",\"timestamp\":\"${timestamp}\",\"platform\":\"other\",\"level\":\"error\",\"logger\":\"install\",\"server_name\":\"install-script\",\"message\":{\"formatted\":\"${json_msg}\"},\"tags\":{\"os\":\"${os:-unknown}\",\"arch\":\"${arch:-unknown}\",\"channel\":\"${json_channel}\",\"step\":\"${json_step}\",\"install.version\":\"${json_version}\"},\"contexts\":{\"runtime\":{\"name\":\"bash\",\"version\":\"${BASH_VERSION:-unknown}\"}}}")
curl -sf --max-time 2 \
-H "Content-Type: application/x-sentry-envelope" \
-H "X-Sentry-Auth: Sentry sentry_key=${SENTRY_DSN_KEY},sentry_version=7" \
-d "$envelope" \
"${SENTRY_INGEST}/api/${SENTRY_PROJECT_ID}/envelope/" \
>/dev/null 2>&1
) &
}
# Print error message, report to Sentry, and exit.
# Usage: die "message" "step-name"
die() {
echo -e "${RED}$1${NC}" >&2
report_error "$1" "${2:-unknown}"
wait 2>/dev/null || true # Let the background curl finish; ignore its exit status
exit 1
}
# Catch unexpected failures from set -e / pipefail (e.g., gunzip failing)
trap 'die "Unexpected failure at line $LINENO" "trap"' ERR
usage() {
cat <<EOF
Sentry CLI Installer
Usage: install [options]
Options:
-h, --help Display this help message
-v, --version <version> Install a specific version (e.g., 0.2.0) or "nightly"
--no-modify-path Don't modify shell config files (.zshrc, .bashrc, etc.)
--no-completions Don't install shell completions
Environment Variables:
SENTRY_INSTALL_DIR Override the installation directory
Examples:
curl -fsSL https://cli.sentry.dev/install | bash
curl -fsSL https://cli.sentry.dev/install | bash -s -- --version nightly
curl -fsSL https://cli.sentry.dev/install | bash -s -- --version 0.2.0
SENTRY_INSTALL_DIR=~/.local/bin curl -fsSL https://cli.sentry.dev/install | bash
EOF
}
requested_version=""
no_modify_path=false
no_completions=false
while [[ $# -gt 0 ]]; do
case "$1" in
-h|--help) usage; exit 0 ;;
-v|--version)
if [[ -n "${2:-}" ]]; then
requested_version="$2"
shift 2
else
die "Error: --version requires a version argument" "args"
fi
;;
--no-modify-path)
no_modify_path=true
shift
;;
--no-completions)
no_completions=true
shift
;;
*) shift ;;
esac
done
# Detect OS
case "$(uname -s)" in
Darwin*) os="darwin" ;;
Linux*) os="linux" ;;
MINGW*|MSYS*|CYGWIN*) os="windows" ;;
*) die "Unsupported OS: $(uname -s)" "detect-os" ;;
esac
# Detect architecture
arch=$(uname -m)
case "$arch" in
x86_64) arch="x64" ;;
aarch64|arm64) arch="arm64" ;;
*) die "Unsupported architecture: $arch" "detect-arch" ;;
esac
# Validate supported combinations
suffix=""
if [[ "$os" == "windows" ]]; then
suffix=".exe"
if [[ "$arch" != "x64" ]]; then
die "Unsupported: windows-$arch (only windows-x64 is supported)" "detect-arch"
fi
fi
# Download binary to a temp location
tmpdir="${TMPDIR:-${TMP:-${TEMP:-/tmp}}}"
tmp_binary="${tmpdir}/sentry-install-$$${suffix}"
version=""
# Clean up temp binary on failure (setup handles cleanup on success)
trap 'rm -f "$tmp_binary"' EXIT
if [[ "$requested_version" == "nightly" ]]; then
# Nightly build: download from GHCR via OCI blob protocol.
# No jq needed — parse JSON with awk.
# ghcr.io blob downloads redirect to Azure Blob Storage. curl -L would
# forward the Authorization header to Azure, which returns 404. Instead,
# extract the redirect URL and follow it without the auth header.
echo -e "${MUTED}Fetching nightly build from GHCR...${NC}"
# Step 1: Get anonymous pull token
GHCR_TOKEN=$(curl -sf \
"https://ghcr.io/token?scope=repository:getsentry/cli:pull" \
| awk -F'"' '{for(i=1;i<=NF;i++) if($i=="token"){print $(i+2);exit}}')
if [[ -z "$GHCR_TOKEN" ]]; then
die "Failed to get GHCR token" "ghcr-token"
fi
# Step 2: Fetch the OCI manifest for the :nightly tag
MANIFEST=$(curl -sf \
-H "Authorization: Bearer $GHCR_TOKEN" \
-H "Accept: application/vnd.oci.image.manifest.v1+json" \
"https://ghcr.io/v2/getsentry/cli/manifests/nightly")
if [[ -z "$MANIFEST" ]]; then
die "Failed to fetch nightly manifest from GHCR" "ghcr-manifest"
fi
# Step 3: Extract version from manifest annotation
version=$(echo "$MANIFEST" \
| awk -F'"' '{for(i=1;i<=NF;i++) if($i=="version"){print $(i+2);exit}}')
if [[ -z "$version" ]]; then
die "Failed to extract version from nightly manifest" "ghcr-version"
fi
echo -e "${MUTED}Installing nightly sentry ${version}...${NC}"
# Step 4: Find the blob digest for this platform's .gz file.
# Each OCI layer has "digest" before "org.opencontainers.image.title".
# Track the last-seen digest and print it when the target filename matches.
# This avoids sed newline replacement which differs between GNU and BSD.
gz_filename="sentry-${os}-${arch}${suffix}.gz"
digest=$(echo "$MANIFEST" \
| awk -F'"' -v target="$gz_filename" '{
for(i=1;i<=NF;i++){
if($i=="digest") d=$(i+2)
if($i=="org.opencontainers.image.title"&&$(i+2)==target){print d;exit}
}
}')
if [[ -z "$digest" ]]; then
die "No nightly build found for ${gz_filename}" "ghcr-digest"
fi
# Step 5: Get the redirect URL from the blob endpoint (don't use -L: auth
# header must NOT be forwarded to the Azure Blob Storage redirect target)
redir_url=$(curl -s -w '\n%{redirect_url}' -o /dev/null \
-H "Authorization: Bearer $GHCR_TOKEN" \
"https://ghcr.io/v2/getsentry/cli/blobs/${digest}" | tail -1)
if [[ -z "$redir_url" ]]; then
die "Failed to get blob redirect URL from GHCR" "ghcr-redirect"
fi
# Step 6: Download the .gz blob and decompress (without auth header)
curl -sf "$redir_url" | gunzip > "$tmp_binary"
else
# Stable build: resolve version and download from GitHub Releases.
if [[ -z "$requested_version" ]]; then
version=$(curl -fsSL https://api.github.com/repos/getsentry/cli/releases/latest \
| sed -n 's/.*"tag_name": *"\([^"]*\)".*/\1/p')
if [[ -z "$version" ]]; then
die "Failed to fetch latest version" "gh-version"
fi
else
version="$requested_version"
fi
# Strip leading 'v' if present (releases use version without 'v' prefix)
version="${version#v}"
filename="sentry-${os}-${arch}${suffix}"
url="https://github.com/getsentry/cli/releases/download/${version}/${filename}"
echo -e "${MUTED}Downloading sentry v${version}...${NC}"
# Try gzip-compressed download first (~60% smaller, ~37 MB vs ~99 MB).
# gunzip is POSIX and available on all Unix systems.
# Falls back to raw binary if the .gz asset doesn't exist yet.
if curl -fsSL "${url}.gz" 2>/dev/null | gunzip > "$tmp_binary" 2>/dev/null; then
: # Compressed download succeeded
else
curl -fsSL --progress-bar "$url" -o "$tmp_binary"
fi
fi
chmod +x "$tmp_binary"
# Delegate installation and configuration to the binary itself.
# setup --install handles: directory selection, binary placement, PATH,
# completions, agent skills, and the welcome message.
# --channel persists the release channel so future `sentry cli upgrade`
# calls track the same channel without requiring a flag.
if [[ "$requested_version" == "nightly" ]]; then
channel="nightly"
else
channel="stable"
fi
setup_args="--install --method curl --channel $channel"
if [[ "$no_modify_path" == "true" ]]; then
setup_args="$setup_args --no-modify-path"
fi
if [[ "$no_completions" == "true" ]]; then
setup_args="$setup_args --no-completions"
fi
# Remove trap — setup will handle temp cleanup on success
trap - EXIT
# shellcheck disable=SC2086
"$tmp_binary" cli setup $setup_args