Skip to content

feat(spotlight): Extract SpotlightIntegration to separate module #5064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
romtsn merged 9 commits into from
Jan 29, 2026
Merged

feat(spotlight): Extract SpotlightIntegration to separate module #5064

romtsn merged 9 commits into from
Jan 29, 2026

Conversation

@romtsn
Copy link
Member

@romtsn romtsn commented Jan 28, 2026

📜 Description

Move SpotlightIntegration to a new sentry-spotlight module to allow
excluding it from release builds, preventing insecure HTTP URLs from
appearing in APKs and triggering security scanner warnings.

This change:

  • Creates new sentry-spotlight module with SpotlightIntegration
  • Uses reflection-based loading in SentryOptions to conditionally
    load SpotlightIntegration when the module is available
  • Adds AndroidManifest support for Spotlight configuration via
    io.sentry.spotlight.enabled and io.sentry.spotlight.url
  • Removes hardcoded fallback URL from OtelInternalSpanDetectionUtil
  • Makes NoOpSentryExecutorService public with @Internal annotation
  • Registers sentry-spotlight package in SentryIntegrationPackageStorage

Breaking Change: Users who enable Spotlight must now add the
io.sentry:sentry-spotlight dependency to their project.

💡 Motivation and Context

Fixes #3259
Fixes #3690

💚 How did you test it?

Existing tests

📝 Checklist

  • I added GH Issue ID & Linear ID
  • I added tests to verify the changes.
  • No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled.
  • I updated the docs if needed.
  • I updated the wizard if needed.
  • Review from the native team if needed.
  • [] No breaking change or entry added to the changelog.
  • No breaking change for hybrid SDKs or communicated to hybrid SDKs.

🔮 Next steps

  • Release new package
  • Add it to release registry
  • Update .craft.yml to get auto-releases
  • Update README with the new package
  • Update docs

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

  • (distribution) Add install_groups support by runningcode in #5062
  • (spotlight) Extract SpotlightIntegration to separate module by romtsn in #5064

Bug Fixes 🐛

  • Establish native exception mechanisms by supervacuus in #5052

Internal Changes 🔧

Deps

  • Bump urllib3 from 2.6.0 to 2.6.3 in the pip group across 1 directory by dependabot in #5003
  • Update Native SDK to v0.12.4 by github-actions in #5061
  • Bump getsentry/github-workflows/.github/workflows/updater.yml from 2 to 3 by dependabot in #4884
  • Bump actions/cache from 4 to 5 by dependabot in #4997
  • Bump github/codeql-action from 4.31.10 to 4.31.11 by dependabot in #5057
  • Bump getsentry/craft from 2.19.0 to 2.20.0 by dependabot in #5058

Other

  • (android) Update targetSdk to API 36 (Android 16) by markushi in #5016
  • (ci) Write permission for statuses in changelog preview by supervacuus in #5053
  • (samples) Convert main screen to Jetpack Compose by markushi in #5017

🤖 This preview updates automatically when you update the PR.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

Messages
📖 Do not forget to update Sentry-docs with your feature once the pull request gets approved.

Generated by 🚫 dangerJS against 9d9efad

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

Performance metrics 🚀

  Plain With Sentry Diff
Startup time 336.82 ms 382.19 ms 45.37 ms
Size 1.58 MiB 2.19 MiB 619.17 KiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
fc5ccaf 322.49 ms 405.25 ms 82.76 ms
e59e22a 329.74 ms 383.31 ms 53.57 ms
ae7fed0 293.84 ms 380.22 ms 86.38 ms
fcec2f2 314.96 ms 373.66 ms 58.70 ms
dba088c 320.59 ms 361.29 ms 40.70 ms
b03edbb 314.90 ms 350.22 ms 35.33 ms
ee747ae 358.21 ms 389.41 ms 31.20 ms
b6702b0 395.86 ms 409.98 ms 14.12 ms
fcec2f2 328.91 ms 387.75 ms 58.84 ms
dcc6bbf 382.58 ms 462.13 ms 79.54 ms

App size

Revision Plain With Sentry Diff
fc5ccaf 1.58 MiB 2.13 MiB 557.54 KiB
e59e22a 1.58 MiB 2.20 MiB 635.34 KiB
ae7fed0 1.58 MiB 2.12 MiB 551.77 KiB
fcec2f2 1.58 MiB 2.12 MiB 551.50 KiB
dba088c 1.58 MiB 2.13 MiB 558.99 KiB
b03edbb 1.58 MiB 2.13 MiB 557.32 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
b6702b0 1.58 MiB 2.12 MiB 551.79 KiB
fcec2f2 1.58 MiB 2.12 MiB 551.50 KiB
dcc6bbf 1.58 MiB 2.12 MiB 553.10 KiB

Previous results on branch: rz/fix/spotlight-insecure-url

Startup times

Revision Plain With Sentry Diff
c69dea4 274.93 ms 334.36 ms 59.43 ms
01f0c4b 311.54 ms 366.76 ms 55.21 ms
e3de960 320.22 ms 388.88 ms 68.66 ms
76153f6 307.83 ms 352.64 ms 44.81 ms

App size

Revision Plain With Sentry Diff
c69dea4 1.58 MiB 2.19 MiB 619.18 KiB
01f0c4b 1.58 MiB 2.19 MiB 619.16 KiB
e3de960 1.58 MiB 2.19 MiB 619.17 KiB
76153f6 1.58 MiB 2.19 MiB 619.17 KiB

@romtsn romtsn force-pushed the rz/fix/spotlight-insecure-url branch from c000776 to f93665c Compare January 28, 2026 22:20
markushi
markushi approved these changes Jan 29, 2026
View reviewed changes
sentry[bot]
sentry bot reviewed Jan 29, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 29, 2026
View reviewed changes
@romtsn romtsn enabled auto-merge (squash) January 29, 2026 15:12
cursor[bot]
cursor bot reviewed Jan 29, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

@romtsn romtsn merged commit 0eaac1e into main Jan 29, 2026
62 of 63 checks passed
@romtsn romtsn deleted the rz/fix/spotlight-insecure-url branch January 29, 2026 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@markushi markushi markushi approved these changes

@adinauer adinauer Awaiting requested review from adinauer adinauer is a code owner

@lcian lcian Awaiting requested review from lcian lcian is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ability to enable Spotlight from AndroidManifest.xml Security warning because of insecure HTTP URL in release artifact

3 participants

@romtsn @markushi