TF-4269 Enable sentry for iOS

[dab246]

Issue

#4269

Blocker

• TF-4268 Enable sentry for Android #4270

Resolved

Summary by CodeRabbit

• New Features

  • iOS NSE: Sentry integrated for improved error reporting and user-context handling; Sentry config persisted to secure storage.
  • Notification handling: skips extra processing when app is active and reports failures to Sentry.

• Chores

  • CI: unified, platform-aware debug-symbol uploads for iOS (dSYMs + Dart symbols) and Android (mapping + Dart symbols); uploads are non-blocking and release creation is idempotent.
  • Version bumped to 0.28.3-rc03.

• Documentation

  • Added ADR documenting iOS symbol automation.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Consolidates Sentry symbol upload CI into a platform-aware GitHub Actions step (iOS and Android), makes release creation idempotent, and treats missing artifacts as warnings. Adds SentryConfig serialization (toJson) and a key constant, persists SentryConfig to iOS Keychain, introduces iOS NSE Sentry model and SentryManager, integrates Sentry into the Notification Service and sharing session model, updates Fastlane/Xcode to emit Dart symbols and iOS dSYMs, pins Sentry/HybridSDK for an NSE target in the Podfile, and renames keychain save APIs to support saving Sentry config.

Possibly related PRs

• TF-4268 Cache Sentry config for FCM background re-initialization  #4443: Modifies core Sentry configuration handling and persistence; overlaps with SentryConfig additions and keychain persistence.
• TF-4268 Automate Sentry symbol upload for Android release builds  #4442: Adds CI Android-only Sentry artifact uploads; this change generalizes and extends that workflow to handle both Android and iOS.

Suggested reviewers

• hoangdat
• tddang-linagora

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 45.45% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'TF-4269 Enable sentry for iOS' clearly and directly describes the main change in the changeset: enabling Sentry integration for iOS. It is specific, concise, and accurately reflects the primary objective.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch features/tf-4269-enable-sentry-for-ios

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

This PR has been deployed to https://linagora.github.io/tmail-flutter/4271.

[tddang-linagora]

---

https://github.com/linagora/tmail-flutter/blob/features/tf-4268-enable-sentry-for-android/lib/main/utils/ios_sharing_manager.dart

All logs in this file are warning log, but all information in this file that is saved to keychain is essential for NSE to handle incoming notification in background. If one ever fails, it will be invisible to both developers and users, making the push notification breaks silently.

• Consider update the logs to error in necessary places.

---

[dab246]

• Consider update the logs to error in necessary places.

Added

The base branch was changed.

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (1)

ios/Podfile (1)

41-47: Consider adding a safeguard for Sentry/HybridSDK version drift.

The hard-coded pin on line 46 (version 8.56.2) is currently correct for sentry_flutter 9.8.0. However, if sentry_flutter is upgraded to require a different HybridSDK version, this pin can become stale and cause silent conflicts during pod install. Adding a CI check (e.g., comparing the pin against the resolved version in Podfile.lock) or documenting an upgrade procedure would help prevent this maintenance gap.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@ios/Podfile` around lines 41 - 47, The Podfile currently hard-pins pod
'Sentry/HybridSDK', '8.56.2' inside target 'TwakeMailNSE' which can drift from
the version required by sentry_flutter; add a safeguard by implementing a CI
validation that reads the pinned version in the Podfile (pod 'Sentry/HybridSDK',
'8.56.2') and compares it to the resolved Sentry/HybridSDK entry in Podfile.lock
(or the CocoaPods resolver output), failing the build if they differ, and/or add
a small README entry next to the target block describing the required upgrade
steps for sentry_flutter and how to update the HybridSDK pin.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release.yaml:
- Around line 118-168: Parallel matrix legs both call sentry-cli releases new
"$SENTRY_RELEASE" and sentry-cli releases finalize "$SENTRY_RELEASE", causing
duplicate releases and race conditions; fix by making release
creation/finalization idempotent or moving them out of the matrix: either (A)
before calling sentry-cli releases new use sentry-cli releases info
"$SENTRY_RELEASE" -q and only call releases new if that check fails, and ensure
finalize runs only after all upload steps complete, or (B) move the
create/finalize steps into a dedicated non-matrix job that depends on the
Android/iOS symbol-upload jobs so uploads finish before sentry-cli releases
finalize is called.

In `@core/lib/utils/sentry/sentry_config.dart`:
- Around line 101-115: The SentryConfig.toJson() is missing the dist field so
distribution info isn't sent; update the Dart SentryConfig.toJson() to include
'dist': dist, ensure the SentryConfig class retains the dist property, and add a
matching optional dist property to the iOS NSE model (SentryConfig.swift) and
set options.dist = config.dist when initializing Sentry in the NSE
initialization code so NSE events carry the distribution value.

In `@ios/TwakeMailNSE/NotificationService.swift`:
- Around line 17-19: The NSE can reuse process memory and retain prior Sentry
user context; to prevent stale user attribution, clear the Sentry user at the
start of NotificationService.didReceive(_:withContentHandler:) and also during
cleanup in serviceExtensionTimeWillExpire(); call your Sentry clearing API
(e.g., SentryManager.shared.clearUser() or Sentry.setUser(nil)) before any new
event capture and ensure setSentryUser(...) is only called after a fresh valid
session is resolved.

In `@ios/TwakeMailNSE/Utils/SentryManager.swift`:
- Around line 53-63: The capture wrappers (SentryManager.capture(error:) and
capture(message:)) currently only enqueue events and can be lost if the
Notification Service Extension is suspended; after calling
SentrySDK.capture(error: ...) or SentrySDK.capture(message: ...), call
SentrySDK.flush(timeout:) with a short bounded timeout (e.g., 0.3 seconds) to
force delivery before the extension exits; keep the existing isInitialized
guard, perform the capture then immediately call SentrySDK.flush(timeout: 0.3)
(or a configurable short timeout) and ensure this flush is used in early-return
and serviceExtensionTimeWillExpire() paths to improve NSE delivery reliability.

In `@lib/features/mailbox_dashboard/presentation/sentry_ecosystem.dart`:
- Around line 47-49: The wrapper method _saveSentryConfigToKeychain is calling
IOSSharingManager.saveSentryConfigToKeychain without awaiting its Future, so
setUp may complete before the Keychain write finishes; change
_saveSentryConfigToKeychain to be async and await
IOSSharingManager.saveSentryConfigToKeychain when PlatformInfo.isIOS is true,
and do the same for the other equivalent call used later (the second invocation
around the setUp flow) so any errors are observed and the write completes before
setup returns.

---

Nitpick comments:
In `@ios/Podfile`:
- Around line 41-47: The Podfile currently hard-pins pod 'Sentry/HybridSDK',
'8.56.2' inside target 'TwakeMailNSE' which can drift from the version required
by sentry_flutter; add a safeguard by implementing a CI validation that reads
the pinned version in the Podfile (pod 'Sentry/HybridSDK', '8.56.2') and
compares it to the resolved Sentry/HybridSDK entry in Podfile.lock (or the
CocoaPods resolver output), failing the build if they differ, and/or add a small
README entry next to the target block describing the required upgrade steps for
sentry_flutter and how to update the HybridSDK pin.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 774b68cb-3aca-4e4c-a08e-37d96184208d

📥 Commits

Reviewing files that changed from the base of the PR and between e3dfadc and 8690f8d.

⛔ Files ignored due to path filters (1)

• ios/Podfile.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• .github/workflows/release.yaml
• core/lib/utils/sentry/sentry_config.dart
• docs/adr/0084-ios-sentry-dsym-dart-symbols-automation.md
• ios/Podfile
• ios/Runner.xcodeproj/project.pbxproj
• ios/TwakeMailNSE/Keychain/KeychainController.swift
• ios/TwakeMailNSE/Model/KeychainSharingSession.swift
• ios/TwakeMailNSE/Model/SentryConfig.swift
• ios/TwakeMailNSE/NotificationService.swift
• ios/TwakeMailNSE/Utils/SentryManager.swift
• ios/fastlane/Fastfile
• lib/features/mailbox_dashboard/presentation/controller/mailbox_dashboard_controller.dart
• lib/features/mailbox_dashboard/presentation/sentry_ecosystem.dart
• lib/features/push_notification/data/keychain/keychain_sharing_manager.dart
• lib/main/utils/ios_sharing_manager.dart
• test/features/push_notification/data/keychain/keychain_sharing_manager_test.dart

[codescene-delta-analysis]

Code Health Improved (1 files improve in Code Health)

Gates Passed
3 Quality Gates Passed

See analysis details in CodeScene

View Improvements

File	Code Health Impact	Categories Improved
NotificationService.swift	9.84 → 10.00	Bumpy Road Ahead

Quality Gate Profile: The Bare Minimum
Install CodeScene MCP: safeguard and uplift AI-generated code. Catch issues early with our IDE extension and CLI tool.