fix: sentry secret (#1657)

* fix: sentry secret * fix: if no token * fix: env variable * change config * merci adrien
SocialGouv · Sep 15, 2023 · f281871 · f281871
1 parent a94fdb9
commit f281871
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 6 deletions.
diff --git a/.kontinuous/env/prod/templates/dashboard.sealed-secret.yaml b/.kontinuous/env/prod/templates/dashboard.sealed-secret.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/namespace-wide: "true"
+  name: dashboard
+  namespace: mano
+spec:
+  encryptedData:
+    SENTRY_AUTH_TOKEN: AgCYmBko6+0bjL94Ok4xU0pQHeE8Ft45OzMHLlxOrK5bSXlwOK67SjFBlWLVcbnv8Hy8N+aUNRxMHD7dhD5yAyEDRWLTJUt6JojLP8f4OkX1hkt4nDI0pubzD5GRQTjLGnfS0mLHB5iIjbWc8gi2fnVx5TblhhmbbcPh8CEH12thKqFnI7TONLs3PVaieT2WTpWE8ZaxokngcERns/cEHJEuf6+744ee0QDgFNeaDxDWsrfcAUCHHo974QaYNhBI2qUxYXPnsiXyynS35f0HDJ3rVwtoQIwQYiM9YzD3BUMxK0evzGl6lciFEsq/69OK0PxFwClBndCyBVcThaKG4ikqgtQUZ1lW8QTdP8jN7k6sU/3sv9g+QkBqEc30YzVqbGjxpt1x5xIIjUu2Ub/NQ1T0KnC98I50DlN/48BWkoepDaWBGZEJ+5hPXwMQ9sF93jvBpF8dti/9Wv1dpcWxKqTNiPqosZ8A+Dt0nP/AVwxji7uLkXX7Df3KDZ0eLamEWO+Lth1a1D2IuYeYQoXk/H/XHvQxBEXKbOmx/g0KiuOMyl1c2pBT/R3A9GNasrV2dI3efcjsaopbtafsbDu5XvSsZt/1A3y4rGW6pEMYh4acr4WrF1X0EXT80n+jLSSCg0M7heMrbrChb4d680V5tPkMfvzNk6D8kVnK/QLmRp/FOjkF300/xR6+41TvbD3cg1z9ONY3N0rRoGp3nP5o1RPXYUQdBvGikOVA6dmUtY7X9SlB0J2MQTEctoabeW630D1vziZ6nV8/ozZn/eH017uu
+  template:
+    metadata:
+      annotations:
+        sealedsecrets.bitnami.com/namespace-wide: "true"
+      name: dashboard
+    type: Opaque
diff --git a/.kontinuous/env/prod/values.yaml b/.kontinuous/env/prod/values.yaml
@@ -44,3 +44,13 @@ oauth2-proxy:
   additionalArgs:
     - --skip-auth-route
     - ^/public/.*,^/app/dist/.*,^/api/public/.*,^/api/session/.*,^/app/assets/.*
+
+jobs:
+  ~chart: jobs
+  runs:
+    build-dashboard:
+      with:
+        secrets:
+          sentry_auth_token:
+            secretName: dashboard
+            secretKey: SENTRY_AUTH_TOKEN
diff --git a/dashboard/Dockerfile b/dashboard/Dockerfile
@@ -14,13 +14,14 @@ RUN yarn --frozen-lockfile
 COPY dashboard/. .
 
 ENV NODE_ENV=production
-ARG SENTRY_AUTH_TOKEN
-ENV SENTRY_AUTH_TOKEN=$SENTRY_AUTH_TOKEN
-ENV SENTRY_ORG=incubateur
-ENV SENTRY_URL=https://sentry.fabrique.social.gouv.fr/
-ENV SENTRY_PROJECT=mano
 
-RUN yarn build
+RUN --mount=type=secret,id=sentry_auth_token \
+    yarn build; \
+    if [ -f "/run/secrets/sentry_auth_token" ]; then \
+        export SENTRY_AUTH_TOKEN=$(cat /run/secrets/sentry_auth_token); \
+        yarn sentry:sourcemaps; \
+    fi
+
 
 FROM ghcr.io/socialgouv/docker/nginx4spa:7.0.1