Track Sentry Releases from RWX

Sentry's sentry-cli connects your RWX release pipeline to Sentry's release management. It creates a release in Sentry, associates the commits that make up the release, optionally uploads source maps, and records each deploy, so errors are linked back to the version of your code that produced them.

Prerequisites

1. Install a repository integration in Sentry so commit metadata can be associated with releases.

2. Create an internal integration in Sentry under Settings > Developer Settings > New Internal Integration with Release: Admin and Organization: Read permissions, and copy the generated auth token.

3. Store the auth token as a secret in an RWX vault. For example, in the default vault:

   rwx vaults secrets set sentry-auth-token=sntrys_...
   

   CopyCopied!

   You'll reference it from a run as ${{ secrets.sentry-auth-token }}.

Create a release on every deploy

Run sentry-cli after a successful deploy to create a release, associate its commits, and record the deploy. Each run creates a new release named after the commit SHA by default.

This example runs on every push to GitHub, after a hypothetical deploy task succeeds:

on:
  github:
    push:
      init:
        commit-sha: ${{ event.git.sha }}

base:
  image: ubuntu:24.04
  config: rwx/base 1.0.2

tasks:
  - key: code
    call: git/clone 2.0.7
    with:
      repository: https://github.com/YOUR-ORG/YOUR-REPO.git
      ref: ${{ init.commit-sha }}
      github-token: ${{ github.token }}
      preserve-git-dir: true

  - key: deploy
    use: code
    run: ./bin/deploy

  - key: sentry-cli
    run: |
      mkdir -p bin
      curl -sL https://sentry.io/get-cli/ | INSTALL_DIR=$PWD/bin bash
      echo "$PWD/bin" > $RWX_ENV/PATH

  - key: sentry-release
    use: [code, sentry-cli]
    after: deploy
    run: |
      export SENTRY_RELEASE=$(sentry-cli releases propose-version)
      sentry-cli releases new -p $SENTRY_PROJECT $SENTRY_RELEASE
      sentry-cli releases set-commits $SENTRY_RELEASE --auto
      sentry-cli releases finalize $SENTRY_RELEASE
      sentry-cli deploys new -e $SENTRY_ENVIRONMENT
    env:
      SENTRY_AUTH_TOKEN: ${{ secrets.sentry-auth-token }}
      SENTRY_ORG: your-org-slug
      SENTRY_PROJECT: your-project-slug
      SENTRY_ENVIRONMENT: production

A few things worth noting:

• preserve-git-dir: true keeps the .git directory so sentry-cli releases set-commits --auto can read commit history.
• The get-cli script detects the architecture automatically, so the same task works on both x86_64 and arm64 base images.
• By installing the CLI in a separate task, the installation will be cached and reused across runs.
• RWX automatically merges $PATH across use dependencies, so any task that depends on sentry-cli can call sentry-cli by name. See environment variables for details.
• Using after on the sentry-release task means it only runs when deploy succeeds — you don't want to record a release that didn't actually ship.

Upload source maps

If your application ships source maps, upload them between set-commits and finalize so Sentry can apply them to incoming events:

- key: sentry-release
  use: [code, sentry-cli, build]
  after: deploy
  run: |
    export SENTRY_RELEASE=$(sentry-cli releases propose-version)
    sentry-cli releases new -p $SENTRY_PROJECT $SENTRY_RELEASE
    sentry-cli releases set-commits $SENTRY_RELEASE --auto
    sentry-cli sourcemaps upload --release $SENTRY_RELEASE ./dist
    sentry-cli releases finalize $SENTRY_RELEASE
    sentry-cli deploys new -e $SENTRY_ENVIRONMENT
  env:
    SENTRY_AUTH_TOKEN: ${{ secrets.sentry-auth-token }}
    SENTRY_ORG: your-org-slug
    SENTRY_PROJECT: your-project-slug
    SENTRY_ENVIRONMENT: production

Replace ./dist with the directory that contains your built assets and source maps.

Reference

• sentry-cli documentation
• Sentry releases documentation