feat(core): Add disableAutoUpload option to Expo plugin
#6195
5 issues
Medium
Switching `disableAutoUpload` from `true` back to `false` leaves uploads permanently disabled until `--clean` prebuild - `packages/core/plugin/src/withSentry.ts:71`
Once disableAutoUpload: true is applied and then changed to false, neither the Android shouldSentryAutoUploadGeneral override nor the iOS export SENTRY_DISABLE_AUTO_UPLOAD=true injection is removed on subsequent prebuilds, so uploads remain silently disabled. Consider adding removal logic, or at minimum documenting that --clean is required when toggling this flag.
Also found at:
packages/core/plugin/src/withSentryAndroid.ts:52packages/core/plugin/src/withSentryIOS.ts:70-79
`disableAutoUpload: false` does not remove the override injected by a prior `disableAutoUpload: true` run - `packages/core/plugin/src/withSentry.ts:21`
Once expo prebuild is run with disableAutoUpload: true, the shouldSentryAutoUploadGeneral = { -> return false } line is permanently baked into build.gradle. Re-running prebuild with disableAutoUpload: false silently does nothing โ uploads remain disabled, violating user expectations.
Also found at:
packages/core/plugin/src/withSentryAndroid.ts:42-49packages/core/test/expo-plugin/modifyAppBuildGradle.test.ts:61-63packages/core/test/expo-plugin/modifyXcodeProject.test.ts:3
`export SENTRY_DISABLE_AUTO_UPLOAD=true` is never removed from Xcode build phases when `disableAutoUpload` toggles back to `false` - `packages/core/plugin/src/withSentryIOS.ts:70-76`
After running prebuild with disableAutoUpload: true, changing to disableAutoUpload: false and re-running prebuild silently keeps export SENTRY_DISABLE_AUTO_UPLOAD=true in both Xcode build phases, so auto-upload remains disabled.
Also found at:
packages/core/plugin/src/withSentryIOS.ts:46-52packages/core/test/expo-plugin/modifyXcodeProject.test.ts:3packages/core/test/expo-plugin/modifyXcodeProject.test.ts:133-137
`shouldSentryAutoUploadGeneral` override never removed when `disableAutoUpload` is toggled back to `false`
In withSentryAndroid.ts, modifyAppBuildGradle only injects project.ext.shouldSentryAutoUploadGeneral = { -> return false } โ it never removes it. Switching from disableAutoUpload: true to false and re-running prebuild leaves the override in build.gradle, permanently disabling Android source-map uploads.
Low
Misleading 'script already exists' warning emitted after successfully injecting SENTRY_DISABLE_AUTO_UPLOAD into existing iOS bundle script - `packages/core/plugin/src/withSentry.ts:76`
In modifyExistingXcodeBuildScript (withSentryIOS.ts), when the bundle phase already contains sentry-xcode.sh and disableAutoUpload=true, addDisableAutoUploadToExistingScript(script) is invoked and may actually mutate script.shellScript to inject export SENTRY_DISABLE_AUTO_UPLOAD=true. However, the subsequent warnOnce("The latest 'sentry-xcode.sh' script already exists...") runs unconditionally, telling the user nothing was done even though a real change was made. The fix is to return after the injection (or only warn when no mutation occurred).
4 skills analyzed
| Skill | Findings | Duration | Cost |
|---|---|---|---|
| security-review | 0 | 22.5s | $0.18 |
| code-review | 1 | 3m 9s | $1.01 |
| find-bugs | 4 | 7m 17s | $2.12 |
| gha-security-review | 0 | 7.5s | $0.09 |
โฑ 10m 55s ยท 890.3k in / 77.0k out ยท $3.39