getsentry · joshuarli · Mar 17, 2026 · Mar 13, 2026 · Mar 17, 2026 · Mar 17, 2026
@@ -0,0 +1,104 @@
+# Parallel dispatch that passes changed files for selective testing.
+# Runs alongside getsentry-dispatch.yml during rollout to validate that
+# selective testing produces correct results without affecting the existing
+# dispatch. Remove this once selective testing is validated and the changes
+# are folded into getsentry-dispatch.yml.
+name: getsentry dispatcher (selective testing)
+
+on:
+  # XXX: We are using `pull_request_target` instead of `pull_request` because we want
+  # this to run on forks.  It allows forks to access secrets safely by
+  # only running workflows from the main branch. Prefer to use `pull_request` when possible.
+  #
+  # See https://github.com/getsentry/sentry/pull/21600 for more details
+  pull_request_target:
+    types: [labeled, opened, reopened, synchronize]
+
+# disable all other special privileges
+permissions:
+  # needed for `actions/checkout` to clone the code
+  contents: read
+  # needed to remove the pull-request label
+  pull-requests: write
+
+jobs:
+  dispatch:
+    if: "github.event.action != 'labeled' || github.event.label.name == 'Trigger: getsentry tests'"
+    name: getsentry dispatch (selective)
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+
+      - name: permissions
+        run: |
+          python3 -uS .github/workflows/scripts/getsentry-dispatch-setup \
+              --repo-id ${{ github.event.repository.id }} \
+              --pr ${{ github.event.number }} \
+              --event ${{ github.event.action }} \
+              --username "$ARG_USERNAME" \
+              --label-names "$ARG_LABEL_NAMES"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # these can contain special characters
+          ARG_USERNAME: ${{ github.event.pull_request.user.login }}
+          ARG_LABEL_NAMES: ${{ toJSON(github.event.pull_request.labels.*.name) }}
+
+      - name: Check for file changes
+        uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0
+        id: changes
+        with:
+          token: ${{ github.token }}
+          filters: .github/file-filters.yml
+
+      - name: Get changed files for selective testing
+        id: changed-files
+        run: |
+          # pull_request_target checks out the base branch, so the fork's head
+          # SHA isn't available locally. Fetch the PR head ref first.
+          git fetch origin "pull/${{ github.event.number }}/head"
+          HEAD_SHA="${{ github.event.pull_request.head.sha }}"
+          BASE_SHA="${{ github.event.pull_request.base.sha }}"
+
+          CHANGED_FILES=$(git diff --name-only "$BASE_SHA"..."$HEAD_SHA" | tr '\n' ' ')
+          echo "Changed files: $CHANGED_FILES"
+          echo "sentry-changed-files=$CHANGED_FILES" >> "$GITHUB_OUTPUT"
+
+      - name: getsentry token
+        uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3.0.0
+        id: getsentry
+        with:
+          app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
+          private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}
+
+      - name: Wait for PR merge commit
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        id: mergecommit
+        with:
+          github-token: ${{ steps.getsentry.outputs.token }}
+          script: |
+            const { waitForMergeCommit } = await import(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/wait-for-merge-commit.js`);
+            await waitForMergeCommit({
+              github,
+              context,
+              core,
+            });
+
+      - name: Dispatch getsentry tests
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        env:
+          SENTRY_CHANGED_FILES: ${{ steps.changed-files.outputs.sentry-changed-files }}
+        with:
+          github-token: ${{ steps.getsentry.outputs.token }}
+          script: |
+            const { dispatch } = await import(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/getsentry-dispatch.js`);
+            await dispatch({
+              github,
+              context,
+              core,
+              mergeCommitSha: '${{ steps.mergecommit.outputs.mergeCommitSha }}',
+              fileChanges: ${{ toJson(steps.changes.outputs) }},
+              sentryChangedFiles: process.env.SENTRY_CHANGED_FILES,
+            });
@@ -13,7 +13,14 @@ const DISPATCHES = [
   },
 ];
 
-export async function dispatch({github, context, core, fileChanges, mergeCommitSha}) {
+export async function dispatch({
+  github,
+  context,
+  core,
+  fileChanges,
+  mergeCommitSha,
+  sentryChangedFiles,
+}) {
   core.startGroup('Dispatching request to getsentry.');
 
   await Promise.all(
@@ -26,6 +33,9 @@ export async function dispatch({github, context, core, fileChanges, mergeCommitS
         'sentry-sha': mergeCommitSha,
         // prSHA is the sha actions should post commit statuses too.
         'sentry-pr-sha': context.payload.pull_request.head.sha,
+
+        // Changed files for selective testing. Empty string means full suite.
+        'sentry-changed-files': sentryChangedFiles || '',
       };
 
       core.info(