Skip to main content

A unified interface for source code management providers

Project description

Introduction

The SCM (Source Code Management) platform is a vendor-agnostic abstraction layer for interacting with source code management service-providers such as GitHub, GitLab, and Bitbucket. It decouples Sentry's product features from service-provider-specific APIs by presenting a single, declarative interface for both reading and writing SCM resources and for reacting to SCM webhook events.

Goals

  1. Service-provider independence. Product code should never import a service-provider's client or parse a service-provider's response format directly. All interactions should flow through a common interface. Adding new service-providers should not require changes to existing implementations.
  2. Declarative usage. Callers should describe what they want (e.g. "create a pull request") not how to accomplish it. Initialization, authentication, rate limiting, and response mapping are handled internally.
  3. Fair access. All use cases should be given fair access to a service-provider without any one implementation starving the rest. Referrer-based quota allocation policies prevents any single use case from exhausting the service-provider's API quota.
  4. Centrally enforced access controls. Access controls must be strictly and consistently enforced across all SCM service-providers to prevent unprivileged access to sensitive customer data. The security model should be implemented once and applied universally.
  5. Observable. Every outbound action and every inbound webhook listener automatically records success/failure metrics, emits traces, and reports errors and logs to Sentry. The health of the SCM platform should always be knowable.
  6. Extensible. The SCM platform should be maximally and trivially extensible. As core infrastructure it should mutate as business needs change and not ossify a particular implementation.

Features

The platform exposes three subsystems:

  • Actions — outbound SCM operations initiated by Sentry code. The SourceCodeManager class provides 70+ methods covering comments, reactions, pull requests, branches, git objects, reviews, and check runs. With more actions planned to be added as we port more use cases.
  • Actions RPC - outbound SCM commands exposed over the network. The SourceCodeManager is fully available over the network. This enables usage of the SCM for services outside the monolith.
  • Event Stream — inbound webhook processing. SCM service-providers push events which are deserialized into typed, provider-neutral dataclasses (CheckRunEvent, CommentEvent, PullRequestEvent) which are then dispatched to registered listener functions.

Why

Ad-hoc usage of a SCM service-provider's API client tightly couples your application code to that provider. Ad-hoc management of access controls increases Sentry's security vulnerability surface area (specifically IDOR vulnerabilities). And ad hoc use of API clients can lead to resource exhaustion, starving critical product features of quota without consideration.

You should not need to care about any of these things. These problems should be solved once and managed for you. It should be impossible for you to perform an action which violates a security boundary. It should be impossible for your usage of the SCM to break another feature's SLO. The less you have to think about, the more you can focus on solving the business case.

The SCM solves all the problems you don't want to care about.

Getting Started

We have extensive documentation both inline in the Sentry codebase and on the Sentry developer documentation portal. If you're interested in expanding your SCM usage or in enabling new service-providers for a limited amount of effort take a took at the SCM platform.

Releasing a New Version

  1. On the getsentry/scm-platform repository page click the Actions tab.
  2. On the left-hand side click the release workflow.
  3. Click Run workflow, choose a bump type (patch, minor, or major), and run it. The next version is calculated automatically from the current version in pyproject.toml.
  4. The workflow will create a release branch and PR via getsentry/action-prepare-release. After completion it will return a URL to an issue on getsentry/publish.
  5. On the getsentry/publish issue immediately set the accepted label.
  6. A pull request will be opened on getsentry/pypi.
  7. Edit the file in GitHub and place python>=3.13 on the line immediately following the changed line.
  8. The PR will merge automatically. When it's merged your new version is available for use.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentry_scm-0.27.0.tar.gz (71.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentry_scm-0.27.0-py3-none-any.whl (78.4 kB view details)

Uploaded Python 3

File details

Details for the file sentry_scm-0.27.0.tar.gz.

File metadata

  • Download URL: sentry_scm-0.27.0.tar.gz
  • Upload date:
  • Size: 71.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.11.2

File hashes

Hashes for sentry_scm-0.27.0.tar.gz
Algorithm Hash digest
SHA256 b2aa9f7855c7c13ca2c7e72d5c3f1227ddc40a5b3fb9a43d62bf5d6efe4a87b2
MD5 0826908197d8fa06bb679704b73789d8
BLAKE2b-256 76931e2de1c03c3af87f33ee3f5dd9c37dffe3e1ba6ef29d1a55abbf241bdf6f

See more details on using hashes here.

File details

Details for the file sentry_scm-0.27.0-py3-none-any.whl.

File metadata

  • Download URL: sentry_scm-0.27.0-py3-none-any.whl
  • Upload date:
  • Size: 78.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.11.2

File hashes

Hashes for sentry_scm-0.27.0-py3-none-any.whl
Algorithm Hash digest
SHA256 68dbbcb5d650bfdf40323584071a20a429aba445409cd6d63caf3acea22ab8bd
MD5 783dfbfe0d5970faa0f62e563bd32d3d
BLAKE2b-256 3344f25706ca04ed62bef5bbd2f6b743bec53e0d62a9f332aca5089c68d3a008

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page