feat: Add GitLab Autofix support and build infrastructure

.github/workflows/build-kencove.yml

@@ -0,0 +1,107 @@
+name: Build Kencove Sentry Image
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Image tag (e.g., v26.1.0-gitlab)'
+        required: false
+        default: ''
+
+env:
+  REGION: us-central1
+  PROJECT_ID: kencove-prod
+  REPOSITORY: kencove-docker-repo
+  IMAGE_NAME: sentry
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write  # For Workload Identity Federation
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.node-version'
+
+      - uses: pnpm/action-setup@v4
+
+      - uses: astral-sh/setup-uv@v4
+        with:
+          version: '0.8.2'
+
+      - name: Setup Python venv
+        run: |
+          uv venv
+          source .venv/bin/activate
+          echo "PATH=$PWD/.venv/bin:$PATH" >> $GITHUB_ENV
+
+      - name: Cache webpack
+        uses: actions/cache@v4
+        with:
+          path: .webpack_cache
+          key: webpack-${{ hashFiles('rspack.config.ts') }}
+
+      - name: Cache node_modules
+        uses: actions/cache@v4
+        id: node-cache
+        with:
+          path: node_modules
+          key: node-modules-${{ hashFiles('pnpm-lock.yaml') }}
+
+      - name: Install Node dependencies
+        if: steps.node-cache.outputs.cache-hit != 'true'
+        run: pnpm install --frozen-lockfile
+
+      - name: Build frontend
+        run: |
+          python3 -m tools.fast_editable --path .
+          python3 -m sentry.build.main
+        env:
+          WEBPACK_CACHE_PATH: .webpack_cache
+          NODE_OPTIONS: '--max-old-space-size=4096'
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: 'projects/103143301688/locations/global/workloadIdentityPools/github-pool/providers/github-provider'
+          service_account: 'github-actions@kencove-prod.iam.gserviceaccount.com'
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      - name: Configure Docker for Artifact Registry
+        run: gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet
+
+      - name: Determine image tag
+        id: tag
+        run: |
+          if [ -n "${{ github.event.inputs.tag }}" ]; then
+            echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
+          else
+            echo "tag=${{ github.sha }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Build and push Docker image
+        run: |
+          docker build \
+            -t ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} \
+            -t ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE_NAME }}:latest \
+            -f self-hosted/Dockerfile \
+            --build-arg SOURCE_COMMIT=${{ github.sha }} \
+            .
+
+          docker push ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}
+          docker push ${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE_NAME }}:latest
+
+      - name: Output image info
+        run: |
+          echo "## Build Complete" >> $GITHUB_STEP_SUMMARY
+          echo "Image: \`${{ env.REGION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}\`" >> $GITHUB_STEP_SUMMARY

AGENTS.md

@@ -53,3 +53,51 @@ For backend testing patterns and best practices, see `tests/AGENTS.md`.
 ## Frontend
 
 For frontend development patterns, commands, design system guidelines, and React testing best practices, see `static/AGENTS.md`.
+
+## Kencove Fork
+
+This is **kencove/sentry** - a fork of getsentry/sentry with custom modifications for our self-hosted deployment.
+
+### Key Modifications
+
+1. **GitLab Autofix Support** (`static/app/components/events/autofix/utils.tsx`)
+   - Added `'gitlab'` and `'integrations:gitlab'` to `supportedProviders` array
+   - Enables GitLab repositories for Seer Autofix feature
+
+### Building Custom Image
+
+Build and push to Google Artifact Registry:
+
+```bash
+# Using Cloud Build (recommended)
+./build-and-push.sh v26.1.0-gitlab
+
+# Local build only (no push)
+./build-and-push.sh --local
+
+# Using gcloud directly
+gcloud builds submit --config=cloudbuild.yaml .
+```
+
+Image location: `us-central1-docker.pkg.dev/kencove-prod/kencove-docker-repo/sentry`
+
+### Syncing with Upstream
+
+```bash
+# Add upstream remote
+git remote add upstream https://github.com/getsentry/sentry.git
+
+# Fetch and merge specific release
+git fetch upstream
+git checkout master
+git merge upstream/releases/26.1.0
+
+# Re-apply Kencove changes if needed
+# (GitLab support in static/app/components/events/autofix/utils.tsx)
+```
+
+### Related Repositories
+
+- **Seer AI Service**: [kencove/seer](https://github.com/kencove/seer) - GitLab repository client
+- **Helm Charts**: [kencove/charts](https://github.com/kencove/charts) - Deployment configuration
+- **Infra Clusters**: `~/projects/infra/clusters/helm/sentry/` - Deployment values

build-and-push.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+# Build and push Kencove Sentry image to Google Artifact Registry
+#
+# Usage:
+#   ./build-and-push.sh                    # Build with commit SHA tag
+#   ./build-and-push.sh v26.1.0-gitlab     # Build with custom tag
+#   ./build-and-push.sh --local            # Build locally without pushing
+
+set -euo pipefail
+
+# Configuration
+PROJECT_ID="${PROJECT_ID:-kencove-prod}"
+REGION="${REGION:-us-central1}"
+REPOSITORY="${REPOSITORY:-kencove-docker-repo}"
+IMAGE_NAME="${IMAGE_NAME:-sentry}"
+TAG="${1:-$(git rev-parse --short HEAD)}"
+
+FULL_IMAGE="${REGION}-docker.pkg.dev/${PROJECT_ID}/${REPOSITORY}/${IMAGE_NAME}"
+
+echo "=== Kencove Sentry Build ==="
+echo "Image: ${FULL_IMAGE}:${TAG}"
+echo "Commit: $(git rev-parse HEAD)"
+echo ""
+
+if [[ "${1:-}" == "--local" ]]; then
+    echo "Building locally (not pushing)..."
+    docker build \
+        -t "${IMAGE_NAME}:${TAG}" \
+        -t "${IMAGE_NAME}:latest" \
+        -f self-hosted/Dockerfile.kencove \
+        --build-arg SOURCE_COMMIT="$(git rev-parse HEAD)" \
+        --progress=plain \
+        .
+    echo ""
+    echo "Local build complete: ${IMAGE_NAME}:${TAG}"
+    exit 0
+fi
+
+# Check if using Cloud Build or local Docker
+if command -v gcloud &> /dev/null && [[ "${USE_CLOUD_BUILD:-true}" == "true" ]]; then
+    echo "Using Cloud Build..."
+    gcloud builds submit \
+        --config=cloudbuild.yaml \
+        --substitutions="_TAG=${TAG}" \
+        --project="${PROJECT_ID}" \
+        .
+else
+    echo "Using local Docker build + push..."
+
+    # Configure Docker for GAR
+    gcloud auth configure-docker "${REGION}-docker.pkg.dev" --quiet
+
+    # Build
+    docker build \
+        -t "${FULL_IMAGE}:${TAG}" \
+        -t "${FULL_IMAGE}:latest" \
+        -f self-hosted/Dockerfile.kencove \
+        --build-arg SOURCE_COMMIT="$(git rev-parse HEAD)" \
+        --progress=plain \
+        .
+
+    # Push
+    docker push "${FULL_IMAGE}:${TAG}"
+    docker push "${FULL_IMAGE}:latest"
+fi
+
+echo ""
+echo "=== Build Complete ==="
+echo "Image: ${FULL_IMAGE}:${TAG}"
+echo ""
+echo "To use in Helm values:"
+echo "  images:"
+echo "    sentry:"
+echo "      repository: ${FULL_IMAGE}"
+echo "      tag: \"${TAG}\""

cloudbuild.yaml

@@ -0,0 +1,57 @@
+# Cloud Build configuration for kencove/sentry
+# Builds custom Sentry image with GitLab Autofix support
+#
+# Usage:
+#   gcloud builds submit --config=cloudbuild.yaml .
+#
+# Or with custom tag:
+#   gcloud builds submit --config=cloudbuild.yaml --substitutions=_TAG=v26.1.0-gitlab .
+#
+# Trigger on push:
+#   gcloud builds triggers create github \
+#     --repo-name=sentry --repo-owner=kencove \
+#     --branch-pattern="^master$" \
+#     --build-config=cloudbuild.yaml
+
+substitutions:
+  _REGION: us-central1
+  _REPOSITORY: kencove-docker-repo
+  _IMAGE_NAME: sentry
+  _TAG: ${COMMIT_SHA}
+
+options:
+  machineType: E2_HIGHCPU_32
+  diskSizeGb: 200
+  logging: CLOUD_LOGGING_ONLY
+
+steps:
+  # Build using multi-stage Dockerfile that handles both frontend and runtime
+  - name: 'gcr.io/cloud-builders/docker'
+    id: 'build-image'
+    args:
+      - 'build'
+      - '-t'
+      - '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/${_IMAGE_NAME}:${_TAG}'
+      - '-t'
+      - '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/${_IMAGE_NAME}:latest'
+      - '-f'
+      - 'self-hosted/Dockerfile.kencove'
+      - '--build-arg'
+      - 'SOURCE_COMMIT=${COMMIT_SHA}'
+      - '--progress=plain'
+      - '.'
+
+  # Push to Artifact Registry
+  - name: 'gcr.io/cloud-builders/docker'
+    id: 'push-image'
+    args:
+      - 'push'
+      - '--all-tags'
+      - '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/${_IMAGE_NAME}'
+    waitFor: ['build-image']
+
+images:
+  - '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/${_IMAGE_NAME}:${_TAG}'
+  - '${_REGION}-docker.pkg.dev/$PROJECT_ID/${_REPOSITORY}/${_IMAGE_NAME}:latest'
+
+timeout: 3600s  # 1 hour - Sentry build is slow