Skip to content

review: document the Sentry OTLP secrets as a hard install prerequisite#254

Merged
jwbron merged 2 commits into
mainfrom
review-otlp-secrets-docs
Jul 13, 2026
Merged

review: document the Sentry OTLP secrets as a hard install prerequisite#254
jwbron merged 2 commits into
mainfrom
review-otlp-secrets-docs

Conversation

@jwbron

@jwbron jwbron commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Summary

Follow-up to reviewer feedback on #241 (comment): a consuming repo that installs the reviewer without the two Sentry OTLP secrets does not degrade gracefully. The compiled lock feeds the empty GH_AW_OTEL_SENTRY_ENDPOINT into the MCP gateway's OTLP config, whose schema requires a non-empty URL, so the agent job dies at startup with no useful pointer to the cause (observed on the first run of #241).

A graceful skip-when-empty would need upstream gh-aw support; until then the fix is documentation:

  • workflows/review/README.md: GH_AW_OTEL_SENTRY_ENDPOINT and GH_AW_OTEL_SENTRY_AUTHORIZATION added to the "Required secrets / variables" section, with the failure mode and the workaround (comment out the observability: block in the installed review.md as a local edit, which gh aw update preserves, and recompile).
  • workflows/review/review.md: the same warning added to the comment on the observability: block itself, where an installer actually encounters it.

Changeset included (patch; prose only, no behavior change).

Testing

  • vitest suite passes; version-sync.test.ts in particular (no version literals added to review.md).
  • Comment-only change to the shared prompt, so the compiled artifact in consuming repos is unaffected until they pull the release.

Follow-up to review feedback on #241: a consuming repo without
GH_AW_OTEL_SENTRY_ENDPOINT / GH_AW_OTEL_SENTRY_AUTHORIZATION does not
degrade gracefully. The compiled lock feeds the empty endpoint into the
MCP gateway's OTLP config, whose schema requires a non-empty URL, and the
agent job dies at startup (observed on the first run of #241). A graceful
skip would need upstream gh-aw support; until then the fix is prose: list
the two secrets in the README's required-secrets section and warn at the
observability block itself, with the workaround (comment the block out in
the installed review.md as a preserved local edit and recompile).
@changeset-bot

changeset-bot Bot commented Jul 10, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 68a9fc3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
review Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@khan-actions-bot khan-actions-bot requested review from a team, jaredly and jeresig and removed request for a team July 10, 2026 18:43
@khan-actions-bot khan-actions-bot requested a review from a team July 10, 2026 19:47
@github-actions

Copy link
Copy Markdown
Contributor

Review Guidance

github-actions (1 file)
File Reason
review.md The shared reviewer prompt whose content defines reviewer behavior in every consuming repo (High-risk by tier). This change is comment-only inside the observability: block, so it is inert and touches no executable prompt text or frontmatter security surface — flagged only so a human confirms that.

Common patterns

2 files: The same hard-required-secrets warning was added in both the README required-secrets section and the review.md observability: block comment (missing secret compiles to an empty value, the OTLP config schema rejects it, the job dies at startup; workaround is to comment out the block and recompile).

Excluded from review (1 file)

Not individually reviewed — generated, formatting-only, or fully explained by a common pattern above:

  • .changeset/review-otlp-secrets-docs.md — pattern-only
Low-confidence advisory notes (2)
  • workflows/review/review.md:144 — The documented failure is a graceful-degradation gap whose durable fix is upstream in gh-aw (skip an empty OTLP endpoint instead of rejecting it); the docs are a reasonable stopgap. Consider filing and linking an upstream issue so the "hard-required" caveat can eventually be removed. (The PR description already notes upstream support would be needed.)
  • workflows/review/README.md:212 — Before settling on the manual "comment out the block and recompile" remediation, it may be worth testing whether an expression fallback to a schema-valid dummy endpoint (e.g. ${{ secrets.GH_AW_OTEL_SENTRY_ENDPOINT || '(otlp.invalid/redacted)' }}) compiles and degrades gracefully; unverifiable from this repo since the OTLP schema lives upstream.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved — no blocking issues found.

@jwbron jwbron merged commit 82aed74 into main Jul 13, 2026
9 checks passed
@jwbron jwbron deleted the review-otlp-secrets-docs branch July 13, 2026 18:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants