chore: Automated releases & bake SB version into code

[brendan-kellam]

This PR automates releases via the release-sourcebot.yml action and bakes the Sourcebot version into code (as opposed to using a build argument).

Why bake the version in code?

Many users of Sourcebot build their own images from the Dockerfile, resulting in the version build arg not being set. In PostHog, we just see version "unknown", which isn't very helpful.

Summary by CodeRabbit

• Refactor

  • Centralized version management system replacing distributed environment-based versioning.

• Chores

  • Updated CI/CD workflows to automate version generation and tracking.
  • Modified release process to generate and commit version configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The change migrates version management from runtime environment variables (NEXT_PUBLIC_SOURCEBOT_VERSION) to a build-time-generated TypeScript constant (SOURCEBOT_VERSION). The release workflow now generates a version.ts file during release, exported across backend and frontend. Docker build args shift from the web version to Sentry release identifiers.

Changes

Cohort / File(s)	Summary
Environment schema cleanup .env.development, packages/shared/src/env.client.ts	Removed NEXT_PUBLIC_SOURCEBOT_VERSION from environment definitions and schema validation
CI/CD workflow updates .github/workflows/_gcp-deploy.yml, .github/workflows/ghcr-publish.yml, .github/workflows/release-sourcebot.yml	Modified GCP deploy to use SENTRY_RELEASE; added workflow_call trigger to ghcr-publish; added version.ts generation and publish job to release workflow
Docker and runtime Dockerfile, entrypoint.sh	Replaced NEXT_PUBLIC_SOURCEBOT_VERSION with SENTRY_RELEASE in Docker; updated entrypoint to extract version from generated version.ts file
Shared package exports packages/shared/src/version.ts, packages/shared/src/index.client.ts, packages/shared/src/index.server.ts	Added new version.ts module with SOURCEBOT_VERSION constant; exported from both client and server entry points
Backend version usage packages/backend/src/instrument.ts, packages/backend/src/posthog.ts	Updated Sentry and PostHog initialization to import and use SOURCEBOT_VERSION from shared package
Frontend version usage packages/web/src/app/[domain]/components/settingsDropdown.tsx, packages/web/src/app/api/(server)/version/route.ts, packages/web/src/app/layout.tsx, packages/web/src/ee/features/audit/auditService.ts, packages/web/src/lib/posthog.ts	Updated UI and API routes to source version from SOURCEBOT_VERSION import instead of environment variables

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• CI/CD workflow changes: Verify that SENTRY_RELEASE build arg integration works correctly and that the new publish job properly reuses ghcr-publish workflow with version parameter
• Docker changes: Confirm SENTRY_RELEASE is correctly propagated across web, backend, and runner stages and Sentry integration remains functional
• Shared package exports: Ensure version.ts generation in release workflow produces valid TypeScript syntax and exports are correctly wired in client and server entry points
• Import consistency: Verify all import paths reference @sourcebot/shared and that SOURCEBOT_VERSION is available in all expected contexts (backend and frontend)

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'chore: Automated releases & bake SB version into code' accurately summarizes the main changes: introducing automated release workflows and moving version management from Docker build args to code-level constants.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[brendan-kellam]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

.github/workflows/ghcr-publish.yml (1)

77-86: Consider adding SENTRY_RELEASE build argument.

The Dockerfile now expects a SENTRY_RELEASE build argument (as seen in the _gcp-deploy.yml workflow), but this workflow doesn't pass it. This means GHCR-published images won't have Sentry release tracking, while GCP deployments will.

🔎 Apply this diff to add SENTRY_RELEASE build argument:

       - name: Build Docker image
         id: build
         uses: docker/build-push-action@v6
         with:
           context: .
           labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            SENTRY_RELEASE=${{ inputs.version || github.ref_name }}
           cache-from: type=gha,scope=${{ env.PLATFORM_PAIR }}
           cache-to: type=gha,mode=max,scope=${{ env.PLATFORM_PAIR }}
           platforms: ${{ matrix.platform }}
           outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true,annotation.org.opencontainers.image.description=Blazingly fast code search

entrypoint.sh (1)

74-74: POSIX sh compatibility: echo -e is non-standard.

The echo -e flag is not POSIX-compliant and may not work in all sh implementations. Since the shebang specifies #!/bin/sh, consider using printf instead for better portability.

🔎 Apply this diff for POSIX compliance:

-echo -e "\e[34m[Info] Sourcebot version: $SOURCEBOT_VERSION\e[0m"
+printf "\e[34m[Info] Sourcebot version: %s\e[0m\n" "$SOURCEBOT_VERSION"

 # (and for line 179)
-        echo -e "\e[34m[Info] Upgraded from version $PREVIOUS_VERSION to $SOURCEBOT_VERSION\e[0m"
+        printf "\e[34m[Info] Upgraded from version %s to %s\e[0m\n" "$PREVIOUS_VERSION" "$SOURCEBOT_VERSION"

Based on learnings, Note: Many other echo -e statements exist throughout this file (lines 15, 17, etc.), so this is a broader pattern. You may want to address all instances in a separate refactor.

Also applies to: 179-179

packages/web/src/app/api/(server)/version/route.ts (1)

4-9: Update comment and reconsider caching strategy.

The comment (lines 4-8) is now outdated. It refers to SOURCEBOT_VERSION as an environment variable, but it's now a TypeScript constant imported at build time.

Since SOURCEBOT_VERSION is a build-time constant (not runtime), the route could theoretically be cached. However:

• If you regenerate version.ts and rebuild, the constant will update correctly
• Keeping force-dynamic might be safer to prevent any edge cases

🔎 Update the comment to reflect the new approach:

-// Note: In Next.JS 14, GET methods with no params are cached by default at build time.
-// This creates issues since environment variables (like SOURCEBOT_VERSION) are
-// not available until runtime. To work around this, we fore the route to be
-// dynamic and evaluate on each request.
-// @see: https://nextjs.org/docs/14/app/building-your-application/routing/route-handlers#caching
+// Note: SOURCEBOT_VERSION is now a build-time constant imported from @sourcebot/shared.
+// We keep force-dynamic to ensure this endpoint always returns the current build's version,
+// though caching would technically work since the constant is baked in at build time.
 export const dynamic = "force-dynamic";

Also note the typo in line 6: "fore" should be "force".

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 00eb3e0 and b569199.

📒 Files selected for processing (17)

• .env.development (0 hunks)
• .github/workflows/_gcp-deploy.yml (1 hunks)
• .github/workflows/ghcr-publish.yml (2 hunks)
• .github/workflows/release-sourcebot.yml (3 hunks)
• Dockerfile (3 hunks)
• entrypoint.sh (5 hunks)
• packages/backend/src/instrument.ts (1 hunks)
• packages/backend/src/posthog.ts (2 hunks)
• packages/shared/src/env.client.ts (0 hunks)
• packages/shared/src/index.client.ts (1 hunks)
• packages/shared/src/index.server.ts (1 hunks)
• packages/shared/src/version.ts (1 hunks)
• packages/web/src/app/[domain]/components/settingsDropdown.tsx (2 hunks)
• packages/web/src/app/api/(server)/version/route.ts (2 hunks)
• packages/web/src/app/layout.tsx (2 hunks)
• packages/web/src/ee/features/audit/auditService.ts (1 hunks)
• packages/web/src/lib/posthog.ts (2 hunks)

💤 Files with no reviewable changes (2)

• packages/shared/src/env.client.ts
• .env.development

🧰 Additional context used

🧬 Code graph analysis (5)

packages/shared/src/version.ts (2)

packages/shared/src/index.client.ts (1)

• SOURCEBOT_VERSION (6-6)

packages/shared/src/index.server.ts (1)

• SOURCEBOT_VERSION (51-51)

packages/web/src/app/api/(server)/version/route.ts (3)

packages/shared/src/index.client.ts (1)

• SOURCEBOT_VERSION (6-6)

packages/shared/src/index.server.ts (1)

• SOURCEBOT_VERSION (51-51)

packages/shared/src/version.ts (1)

• SOURCEBOT_VERSION (2-2)

packages/backend/src/posthog.ts (3)

packages/shared/src/index.client.ts (1)

• SOURCEBOT_VERSION (6-6)

packages/shared/src/index.server.ts (1)

• SOURCEBOT_VERSION (51-51)

packages/shared/src/version.ts (1)

• SOURCEBOT_VERSION (2-2)

packages/web/src/lib/posthog.ts (3)

packages/shared/src/index.client.ts (1)

• SOURCEBOT_VERSION (6-6)

packages/shared/src/index.server.ts (1)

• SOURCEBOT_VERSION (51-51)

packages/shared/src/version.ts (1)

• SOURCEBOT_VERSION (2-2)

packages/web/src/app/[domain]/components/settingsDropdown.tsx (3)

packages/shared/src/index.client.ts (1)

• SOURCEBOT_VERSION (6-6)

packages/shared/src/index.server.ts (1)

• SOURCEBOT_VERSION (51-51)

packages/shared/src/version.ts (1)

• SOURCEBOT_VERSION (2-2)

🪛 Shellcheck (0.11.0)

entrypoint.sh

[warning] 74-74: In POSIX sh, echo flags are undefined.

(SC3037)

---

[warning] 179-179: In POSIX sh, echo flags are undefined.

(SC3037)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (17)

.github/workflows/ghcr-publish.yml (2)

10-15: LGTM! Workflow reusability added.

The workflow_call trigger with a configurable version input enables the release workflow to invoke this publish job with a specific version tag.

---

49-49: Checkout behavior correctly uses version input with fallback to branch/tag name.

The version input format is already correctly matched between workflows. The release workflow passes v${{ inputs.version }} to ghcr-publish, ensuring the tag format (e.g., "v4.10.5") aligns with the checkout action's expectations and the workflow's tag filter pattern v*.*.*.

.github/workflows/_gcp-deploy.yml (1)

67-67: LGTM! Sentry release tracking updated.

The build argument correctly switches from NEXT_PUBLIC_SOURCEBOT_VERSION to SENTRY_RELEASE, using github.ref_name to track the deployed version in Sentry.

entrypoint.sh (1)

167-167: LGTM! Telemetry and version tracking updated correctly.

The entrypoint script correctly:

• Sends the new SOURCEBOT_VERSION in install events (line 167)
• Sends upgrade events with from/to version tracking (line 188)
• Persists the version in the install tracking file (line 197)

Also applies to: 188-188, 197-197

Dockerfile (2)

72-73: LGTM! Sentry release tracking properly configured.

The SENTRY_RELEASE build argument is correctly added to both the web-builder and backend-builder stages, replacing the previous NEXT_PUBLIC_SOURCEBOT_VERSION for Sentry release tracking.

Also applies to: 114-115

---

133-139: LGTM! Sourcemap upload updated for SENTRY_RELEASE.

The conditional sourcemap upload correctly:

• Checks for SENTRY_RELEASE instead of the old version variable
• Uses $SENTRY_RELEASE in both inject and upload commands
• Maintains proper conditional logic for OSS builds (only uploads if SENTRY_SMUAT is present)

packages/web/src/ee/features/audit/auditService.ts (1)

4-4: LGTM! Version tracking migrated to shared constant.

The audit service correctly imports and uses SOURCEBOT_VERSION from @sourcebot/shared, replacing the previous environment variable approach. This ensures consistent version tracking across audit logs.

Also applies to: 10-10

packages/web/src/app/api/(server)/version/route.ts (1)

1-1: LGTM! Version endpoint updated to use shared constant.

The route correctly imports and returns SOURCEBOT_VERSION from @sourcebot/shared.

Also applies to: 13-13

packages/shared/src/index.client.ts (1)

5-7: LGTM! Version constant exported for client-side usage.

The export correctly exposes SOURCEBOT_VERSION from the version module, enabling client-side components to access the build version. The .js extension follows TypeScript module resolution conventions.

packages/shared/src/version.ts (1)

1-2: No action needed. The file is correctly managed by the release workflow.

The release workflow (release-sourcebot.yml) intentionally generates and commits version.ts as part of the release process. The current hardcoded version reflects the output of the last release execution. This is the correct approach—the file is updated automatically during releases and committed to track the released version in version control.

Likely an incorrect or invalid review comment.

packages/backend/src/instrument.ts (1)

2-2: LGTM!

Clean migration from environment variable to the centralized SOURCEBOT_VERSION constant for Sentry release tracking. The import correctly pulls from @sourcebot/shared which re-exports the version constant.

Also applies to: 10-10

packages/shared/src/index.server.ts (1)

47-52: LGTM!

The new export for SOURCEBOT_VERSION follows the existing export pattern and correctly uses the .js extension for ESM compatibility.

packages/backend/src/posthog.ts (1)

1-1: LGTM!

Clean consolidation of imports and consistent migration to SOURCEBOT_VERSION for telemetry event properties.

Also applies to: 26-26

packages/web/src/app/[domain]/components/settingsDropdown.tsx (1)

35-35: LGTM!

The client component correctly imports SOURCEBOT_VERSION from @sourcebot/shared, which re-exports it via the client entry point. The version display in the settings dropdown is clean and consistent with the PR's migration goal.

Also applies to: 170-170

packages/web/src/lib/posthog.ts (1)

2-2: LGTM!

Consistent migration to SOURCEBOT_VERSION for server-side PostHog event tracking, matching the pattern used in the backend posthog module.

Also applies to: 100-100

packages/web/src/app/layout.tsx (1)

9-9: LGTM!

Clean consolidation of imports and correct usage of SOURCEBOT_VERSION for the PostHogProvider prop. The server component correctly resolves the import from @sourcebot/shared.

Also applies to: 45-45

.github/workflows/release-sourcebot.yml (1)

96-104: LGTM!

The publish job correctly:

• Depends on the release job completing first
• Passes the version with the v prefix to match the tag format
• Requests appropriate permissions for container registry publishing