Skip to content

feat(spotlight): Extract SpotlightIntegration to separate module #5064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
romtsn wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat(spotlight): Extract SpotlightIntegration to separate module #5064

romtsn wants to merge 5 commits into from

Conversation

@romtsn
Copy link
Member

@romtsn romtsn commented Jan 28, 2026

📜 Description

Move SpotlightIntegration to a new sentry-spotlight module to allow
excluding it from release builds, preventing insecure HTTP URLs from
appearing in APKs and triggering security scanner warnings.

This change:

  • Creates new sentry-spotlight module with SpotlightIntegration
  • Uses reflection-based loading in SentryOptions to conditionally
    load SpotlightIntegration when the module is available
  • Adds AndroidManifest support for Spotlight configuration via
    io.sentry.spotlight.enabled and io.sentry.spotlight.url
  • Removes hardcoded fallback URL from OtelInternalSpanDetectionUtil
  • Makes NoOpSentryExecutorService public with @Internal annotation
  • Registers sentry-spotlight package in SentryIntegrationPackageStorage

Breaking Change: Users who enable Spotlight must now add the
io.sentry:sentry-spotlight dependency to their project.

💡 Motivation and Context

Fixes #3259
Fixes #3690

💚 How did you test it?

Existing tests

📝 Checklist

  • I added GH Issue ID & Linear ID
  • I added tests to verify the changes.
  • No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled.
  • I updated the docs if needed.
  • I updated the wizard if needed.
  • Review from the native team if needed.
  • [] No breaking change or entry added to the changelog.
  • No breaking change for hybrid SDKs or communicated to hybrid SDKs.

🔮 Next steps

  • Release new package
  • Add it to release registry
  • Update .craft.yml to get auto-releases
  • Update README with the new package
  • Update docs

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

New Features ✨

  • (distribution) Add install_groups support by runningcode in #5062
  • (spotlight) Extract SpotlightIntegration to separate module by romtsn in #5064

Bug Fixes 🐛

  • Establish native exception mechanisms by supervacuus in #5052

Internal Changes 🔧

Deps

  • Bump urllib3 from 2.6.0 to 2.6.3 in the pip group across 1 directory by dependabot in #5003
  • Update Native SDK to v0.12.4 by github-actions in #5061
  • Bump getsentry/github-workflows/.github/workflows/updater.yml from 2 to 3 by dependabot in #4884
  • Bump actions/cache from 4 to 5 by dependabot in #4997
  • Bump github/codeql-action from 4.31.10 to 4.31.11 by dependabot in #5057
  • Bump getsentry/craft from 2.19.0 to 2.20.0 by dependabot in #5058

Other

  • (android) Update targetSdk to API 36 (Android 16) by markushi in #5016
  • (ci) Write permission for statuses in changelog preview by supervacuus in #5053

🤖 This preview updates automatically when you update the PR.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

Messages
📖 Do not forget to update Sentry-docs with your feature once the pull request gets approved.

Generated by 🚫 dangerJS against d55fab3

@github-actions
Copy link
Contributor

github-actions bot commented Jan 28, 2026
edited
Loading

Performance metrics 🚀

  Plain With Sentry Diff
Startup time 274.93 ms 334.36 ms 59.43 ms
Size 1.58 MiB 2.19 MiB 619.18 KiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
fc5ccaf 276.52 ms 370.46 ms 93.93 ms
e59e22a 374.68 ms 442.14 ms 67.46 ms
fcec2f2 357.47 ms 447.32 ms 89.85 ms
dba088c 328.51 ms 423.79 ms 95.28 ms
fc5ccaf 279.11 ms 353.34 ms 74.23 ms
b03edbb 352.20 ms 423.69 ms 71.49 ms
ee747ae 396.82 ms 441.67 ms 44.86 ms
2387c2c 317.04 ms 354.60 ms 37.56 ms
fcec2f2 314.96 ms 373.66 ms 58.70 ms
d15471f 302.62 ms 353.84 ms 51.22 ms

App size

Revision Plain With Sentry Diff
fc5ccaf 1.58 MiB 2.13 MiB 557.54 KiB
e59e22a 1.58 MiB 2.20 MiB 635.34 KiB
fcec2f2 1.58 MiB 2.12 MiB 551.50 KiB
dba088c 1.58 MiB 2.13 MiB 558.99 KiB
fc5ccaf 1.58 MiB 2.13 MiB 557.54 KiB
b03edbb 1.58 MiB 2.13 MiB 557.32 KiB
ee747ae 1.58 MiB 2.10 MiB 530.95 KiB
2387c2c 1.58 MiB 2.13 MiB 559.54 KiB
fcec2f2 1.58 MiB 2.12 MiB 551.50 KiB
d15471f 1.58 MiB 2.13 MiB 559.54 KiB

Previous results on branch: rz/fix/spotlight-insecure-url

Startup times

Revision Plain With Sentry Diff
e3de960 320.22 ms 388.88 ms 68.66 ms
01f0c4b 311.54 ms 366.76 ms 55.21 ms
76153f6 307.83 ms 352.64 ms 44.81 ms

App size

Revision Plain With Sentry Diff
e3de960 1.58 MiB 2.19 MiB 619.17 KiB
01f0c4b 1.58 MiB 2.19 MiB 619.16 KiB
76153f6 1.58 MiB 2.19 MiB 619.17 KiB

@romtsn romtsn force-pushed the rz/fix/spotlight-insecure-url branch from c000776 to f93665c Compare January 28, 2026 22:20
cursor[bot]
cursor bot reviewed Jan 28, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@adinauer adinauer Awaiting requested review from adinauer adinauer is a code owner

@markushi markushi Awaiting requested review from markushi markushi is a code owner

@lcian lcian Awaiting requested review from lcian lcian is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ability to enable Spotlight from AndroidManifest.xml Security warning because of insecure HTTP URL in release artifact

2 participants

@romtsn