The Sentry Prevent CLI is responsible for uploading code coverage and test results to Sentry. It can be used directly or indirectly through our Sentry Prevent GitHub Action.
Note
The Codecov CLI is still around! We have moved the Codecov CLI's codebase into the codecov-cli sub-project in this repository because the Sentry Prevent CLI uses it as a backend and we wanted to keep the projects together in the getsentry organization. The Codecov CLI is still being maintained, improved, and published - just from this repository. See the sub-project's README for Codecov CLI specific information, the rest of this document will be about the Prevent CLI.
pip install sentry-prevent-cli
We build and publish binaries for Linux, MacOS, and Windows. See our GitHub Releases for the full list of OS/architecture combinations we build for. We'll use our macos binary for demonstration purposes here:
curl -o sentry-prevent-cli -L "https://github.com/getsentry/prevent-cli/releases/latest/download/sentry-prevent-cli_macos"
chmod +x sentry-prevent-cli
If you'd like, you may use Sigstore's Cosign to verify the integrity of your download against our provided Cosign bundles and identity details. For more information on Cosign along with installation instructions, see their documentation.
First get the appropriate Cosign bundle from our GitHub Release assets. Appending .bundle to the binary URL will get you the right file.
curl -O -L "https://github.com/getsentry/prevent-cli/releases/latest/download/sentry-prevent-cli_macos.bundle"
Then, use cosign to verify the binary:
cosign verify-blob sentry-prevent-cli \
--bundle sentry-prevent-cli_macos.bundle \
--certificate-identity-regexp="^https://github\.com/getsentry/prevent-cli/\.github/workflows/build\.yml@refs/heads/release/[0-9]+\.[0-9]+\.[0-9]+" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
The OIDC identity here is associated with the specific workflow run that signs the binary. If the verification succeeds, you can trust you've recieved the same binary we built in our GitHub Actions workflow.
Todo
Todo
Todo