From f2818713e49b07f3cf35a5a27324e982d10043ae Mon Sep 17 00:00:00 2001
From: Arnaud Ambroselli <31724752+arnaudambro@users.noreply.github.com>
Date: Fri, 15 Sep 2023 09:47:12 +0200
Subject: [PATCH] fix: sentry secret (#1657)

* fix: sentry secret

* fix: if no token

* fix: env variable

* change config

* merci adrien
---
 .../prod/templates/dashboard.sealed-secret.yaml  | 16 ++++++++++++++++
 .kontinuous/env/prod/values.yaml                 | 10 ++++++++++
 dashboard/Dockerfile                             | 13 +++++++------
 3 files changed, 33 insertions(+), 6 deletions(-)
 create mode 100644 .kontinuous/env/prod/templates/dashboard.sealed-secret.yaml

diff --git a/.kontinuous/env/prod/templates/dashboard.sealed-secret.yaml b/.kontinuous/env/prod/templates/dashboard.sealed-secret.yaml
new file mode 100644
index 000000000..ebc4cbd93
--- /dev/null
+++ b/.kontinuous/env/prod/templates/dashboard.sealed-secret.yaml
@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/namespace-wide: "true"
+  name: dashboard
+  namespace: mano
+spec:
+  encryptedData:
+    SENTRY_AUTH_TOKEN: AgCYmBko6+0bjL94Ok4xU0pQHeE8Ft45OzMHLlxOrK5bSXlwOK67SjFBlWLVcbnv8Hy8N+aUNRxMHD7dhD5yAyEDRWLTJUt6JojLP8f4OkX1hkt4nDI0pubzD5GRQTjLGnfS0mLHB5iIjbWc8gi2fnVx5TblhhmbbcPh8CEH12thKqFnI7TONLs3PVaieT2WTpWE8ZaxokngcERns/cEHJEuf6+744ee0QDgFNeaDxDWsrfcAUCHHo974QaYNhBI2qUxYXPnsiXyynS35f0HDJ3rVwtoQIwQYiM9YzD3BUMxK0evzGl6lciFEsq/69OK0PxFwClBndCyBVcThaKG4ikqgtQUZ1lW8QTdP8jN7k6sU/3sv9g+QkBqEc30YzVqbGjxpt1x5xIIjUu2Ub/NQ1T0KnC98I50DlN/48BWkoepDaWBGZEJ+5hPXwMQ9sF93jvBpF8dti/9Wv1dpcWxKqTNiPqosZ8A+Dt0nP/AVwxji7uLkXX7Df3KDZ0eLamEWO+Lth1a1D2IuYeYQoXk/H/XHvQxBEXKbOmx/g0KiuOMyl1c2pBT/R3A9GNasrV2dI3efcjsaopbtafsbDu5XvSsZt/1A3y4rGW6pEMYh4acr4WrF1X0EXT80n+jLSSCg0M7heMrbrChb4d680V5tPkMfvzNk6D8kVnK/QLmRp/FOjkF300/xR6+41TvbD3cg1z9ONY3N0rRoGp3nP5o1RPXYUQdBvGikOVA6dmUtY7X9SlB0J2MQTEctoabeW630D1vziZ6nV8/ozZn/eH017uu
+  template:
+    metadata:
+      annotations:
+        sealedsecrets.bitnami.com/namespace-wide: "true"
+      name: dashboard
+    type: Opaque
diff --git a/.kontinuous/env/prod/values.yaml b/.kontinuous/env/prod/values.yaml
index a8b8692d6..ea3b52e2c 100644
--- a/.kontinuous/env/prod/values.yaml
+++ b/.kontinuous/env/prod/values.yaml
@@ -44,3 +44,13 @@ oauth2-proxy:
   additionalArgs:
     - --skip-auth-route
     - ^/public/.*,^/app/dist/.*,^/api/public/.*,^/api/session/.*,^/app/assets/.*
+
+jobs:
+  ~chart: jobs
+  runs:
+    build-dashboard:
+      with:
+        secrets:
+          sentry_auth_token:
+            secretName: dashboard
+            secretKey: SENTRY_AUTH_TOKEN
diff --git a/dashboard/Dockerfile b/dashboard/Dockerfile
index 0a0ea5902..bfc9b96e2 100644
--- a/dashboard/Dockerfile
+++ b/dashboard/Dockerfile
@@ -14,13 +14,14 @@ RUN yarn --frozen-lockfile
 COPY dashboard/. .
 
 ENV NODE_ENV=production
-ARG SENTRY_AUTH_TOKEN
-ENV SENTRY_AUTH_TOKEN=$SENTRY_AUTH_TOKEN
-ENV SENTRY_ORG=incubateur
-ENV SENTRY_URL=https://sentry.fabrique.social.gouv.fr/
-ENV SENTRY_PROJECT=mano
 
-RUN yarn build
+RUN --mount=type=secret,id=sentry_auth_token \
+    yarn build; \
+    if [ -f "/run/secrets/sentry_auth_token" ]; then \
+        export SENTRY_AUTH_TOKEN=$(cat /run/secrets/sentry_auth_token); \
+        yarn sentry:sourcemaps; \
+    fi
+
 
 FROM ghcr.io/socialgouv/docker/nginx4spa:7.0.1