feat(distribution): Add dedicated distribution auth token property#1007
Merged
Conversation
Add distributionAuthToken property to DistributionExtension to decouple distribution authentication from the main org auth token for improved security separation. Changes: - Add distributionAuthToken property to DistributionExtension - Update GenerateDistributionPropertiesTask to use distributionAuthToken from extension - Add fallback to SENTRY_DISTRIBUTION_AUTH_TOKEN environment variable - Update all existing tests to use the new property - Add tests for distributionAuthToken property and environment variable fallback 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
runningcode
requested review from
adinauer,
chromy,
lcian,
markushi,
rbro112,
romtsn and
stefanosiano
as code owners
Contributor
|
runningcode
commented
Oct 13, 2025
runningcode
commented
Oct 13, 2025
| objects.setProperty(String::class.java).convention(emptySet()) | ||
|
|
||
| /** Auth token used for distribution operations. */ | ||
| val authToken: Property<String> = |
Contributor
Author
There was a problem hiding this comment.
There’s also sentry.authToken (this is sentry.distribution.authToken). This could be confusing since the names may shadow each other. Open to naming suggestions.
Simplify the distribution auth token implementation by using Gradle's convention mechanism:
- Rename distributionAuthToken to authToken for simplicity
- Set convention to System.getenv("SENTRY_DISTRIBUTION_AUTH_TOKEN")
- Remove explicit fallback logic in GenerateDistributionPropertiesTask
- Update tests to reflect the simpler convention-based approach
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
runningcode
force-pushed
the
no/distribution-auth-token
branch
from
a1bbd20 to
93d2d6e
Compare
chromy
reviewed
Oct 13, 2025
chromy
left a comment
chromy
left a comment
Contributor
There was a problem hiding this comment.
lgtm w/ one comment re tests
Add tests to ensure: - distribution.authToken takes precedence over main authToken - No fallback to main authToken when distribution authToken is not set This ensures proper security separation between distribution and main auth tokens. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a dedicated
authTokenproperty toDistributionExtensionto decouple distribution authentication from the main org auth token. This provides better security separation by allowing distribution operations to use a separate token with potentially different permissions.Changes
authTokenproperty toDistributionExtensionwithSENTRY_DISTRIBUTION_AUTH_TOKENenvironment variable as the default conventionGenerateDistributionPropertiesTaskto useauthTokenfrom the distribution extensionauthTokenproperty behavior and environment variable conventionImplementation Details
The implementation uses Gradle's convention mechanism to provide a clean fallback to the environment variable. The
authTokenproperty hasSystem.getenv("SENTRY_DISTRIBUTION_AUTH_TOKEN")as its default convention, eliminating the need for explicit fallback logic in the task.Usage
Users can configure the distribution auth token in two ways:
Via Gradle extension (overrides environment variable):
sentry { distribution { authToken.set("your-distribution-token") } }Via environment variable (used by default):
export SENTRY_DISTRIBUTION_AUTH_TOKEN=your-distribution-token#skip-changelog
🤖 Generated with Claude Code