From 79df3b7ce2f79d5d487aa94f6a12e031a03bcfd2 Mon Sep 17 00:00:00 2001
From: Karl Heinz Struggl <karl.struggl@sentry.io>
Date: Fri, 27 Sep 2024 10:42:52 +0200
Subject: [PATCH 1/3] adds config+action to warn about risky PR changes

---
 .github/file-filters.yml                      |  4 ++
 .../workflows/changes-in-high-risk-code.yml   | 49 +++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 .github/file-filters.yml
 create mode 100644 .github/workflows/changes-in-high-risk-code.yml

diff --git a/.github/file-filters.yml b/.github/file-filters.yml
new file mode 100644
index 00000000000..823f3b5032c
--- /dev/null
+++ b/.github/file-filters.yml
@@ -0,0 +1,4 @@
+# This is used by the action https://github.com/dorny/paths-filter
+
+high_risk_code: &high_risk_code
+  - ".github/file-filters.yml"
diff --git a/.github/workflows/changes-in-high-risk-code.yml b/.github/workflows/changes-in-high-risk-code.yml
new file mode 100644
index 00000000000..e4bdffbfd36
--- /dev/null
+++ b/.github/workflows/changes-in-high-risk-code.yml
@@ -0,0 +1,49 @@
+name: Changes In High Risk Code
+on:
+  pull_request:
+
+# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  files-changed:
+    name: Detect changed files
+    runs-on: ubuntu-latest
+    # Map a step output to a job output
+    outputs:
+      high_risk_code: ${{ steps.changes.outputs.high_risk_code }}
+      high_risk_code_files: ${{ steps.changes.outputs.high_risk_code_files }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Get changed files
+        id: changes
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        with:
+          token: ${{ github.token }}
+          filters: .github/file-filters.yml
+
+          # Enable listing of files matching each filter.
+          # Paths to files will be available in `${FILTER_NAME}_files` output variable.
+          list-files: csv
+
+  validate-high-risk-code:
+    if: needs.files-changed.outputs.high_risk_code == 'true'
+    needs: files-changed
+    runs-on: ubuntu-latest
+    steps:
+      - name: Comment on PR to notify of changes in high risk files
+        uses: actions/github-script@v7
+        env:
+          high_risk_code: ${{ needs.files-changed.outputs.high_risk_code_files }}
+        with:
+          script: |
+            const highRiskFiles = process.env.high_risk_code;
+            const fileList = highRiskFiles.split(',').map(file => `- [ ] ${file}`).join('\n');
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: `### 🚨 Detected changes in high risk code 🚨 \n High-risk code can easily blow up and is hard to test. We had severe bugs in the past. Be extra careful when changing these files, and have an extra careful look at these:\n ${fileList}`
+            })

From 91c5f859759818c098b75cd6f203d6f3b91672f7 Mon Sep 17 00:00:00 2001
From: Karl Heinz Struggl <karl.struggl@sentry.io>
Date: Fri, 27 Sep 2024 10:51:41 +0200
Subject: [PATCH 2/3] updates wording of warning PR comment

---
 .github/workflows/changes-in-high-risk-code.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/changes-in-high-risk-code.yml b/.github/workflows/changes-in-high-risk-code.yml
index e4bdffbfd36..64decbe48f2 100644
--- a/.github/workflows/changes-in-high-risk-code.yml
+++ b/.github/workflows/changes-in-high-risk-code.yml
@@ -45,5 +45,5 @@ jobs:
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
-              body: `### 🚨 Detected changes in high risk code 🚨 \n High-risk code can easily blow up and is hard to test. We had severe bugs in the past. Be extra careful when changing these files, and have an extra careful look at these:\n ${fileList}`
+              body: `### 🚨 Detected changes in high risk code 🚨 \n High-risk code has higher potential to break the SDK and may be hard to test. To prevent severe bugs, apply the rollout process for releasing such changes and be extra careful when changing and reviewing these files:\n ${fileList}`
             })

From c1c8fef6ebebf9c0fa554474b8cde6f6ed952043 Mon Sep 17 00:00:00 2001
From: Stefano <stefano.siano@sentry.io>
Date: Fri, 11 Oct 2024 17:55:50 +0200
Subject: [PATCH 3/3] added risky files

---
 .github/file-filters.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/file-filters.yml b/.github/file-filters.yml
index 823f3b5032c..2b81e2f0b6d 100644
--- a/.github/file-filters.yml
+++ b/.github/file-filters.yml
@@ -1,4 +1,12 @@
 # This is used by the action https://github.com/dorny/paths-filter
 
 high_risk_code: &high_risk_code
-  - ".github/file-filters.yml"
+  # Transport classes
+  - "sentry/src/main/java/io/sentry/transport/AsyncHttpTransport.java"
+  - "sentry/src/main/java/io/sentry/transport/HttpConnection.java"
+  - "sentry/src/main/java/io/sentry/transport/QueuedThreadPoolExecutor.java"
+  - "sentry/src/main/java/io/sentry/transport/RateLimiter.java"
+  - "sentry-apache-http-client-5/src/main/java/io/sentry/transport/apache/ApacheHttpClientTransport.java"
+
+  # Class used by hybrid SDKs
+  - "sentry-android-core/src/main/java/io/sentry/android/core/InternalSentrySdk.java"