diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml index 91ecbbe2854..cc2bd97cb89 100644 --- a/.github/workflows/ci_cd.yml +++ b/.github/workflows/ci_cd.yml @@ -181,6 +181,9 @@ jobs: - name: Build image `${{ matrix.image }}` uses: docker/build-push-action@v6 with: + # The Sentry auth token is only set for the production release of the frontend (on push to main or manual release). + secrets: | + ${{ matrix.image == 'frontend' && ((github.event_name == 'push' && github.repository == 'WordPress/openverse') || (github.event_name == 'workflow_dispatch' && inputs.perform_deploy)) && format('sentry_auth_token={0}', secrets.SENTRY_AUTH_TOKEN) || '' }} context: ${{ matrix.context }} target: ${{ matrix.target }} push: false @@ -191,7 +194,6 @@ jobs: outputs: type=docker,dest=/tmp/${{ matrix.image }}.tar build-contexts: ${{ matrix.build-contexts }} build-args: | - SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} SEMANTIC_VERSION=${{ needs.get-image-tag.outputs.image_tag }} OV_PDM_VERSION=${{ steps.prepare-build-args.outputs.ov_pdm_version }} CATALOG_PY_VERSION=${{ steps.prepare-build-args.outputs.catalog_py_version }} @@ -798,7 +800,6 @@ jobs: with: setup_python: false install_recipe: node-install - locales: "test" - name: Run check recipe run: just ${{ matrix.recipe }} diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 6e20f5080de..bf25a6a88be 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -10,6 +10,8 @@ ARG FRONTEND_NODE_VERSION FROM docker.io/node:${FRONTEND_NODE_VERSION}-alpine AS builder +ARG SEMANTIC_VERSION + # Install system packages needed to build on macOS RUN apk add --no-cache --virtual .gyp python3 make g++ \ && corepack enable pnpm @@ -35,7 +37,7 @@ ENV SKIP_PRE_COMMIT=true # Get rid of the lockfile as it won't be accurate for the build without workspace. # Then install dependencies, and in the process: # - fix the missing lockfile by writing a new one -RUN pnpm install && pnpm i18n +RUN pnpm install # disable telemetry when building the app ENV NUXT_TELEMETRY_DISABLED=1 @@ -43,8 +45,17 @@ ENV NODE_ENV=production # Increase memory limit for the build process (necessary for i18n routes) ENV NODE_OPTIONS="--max_old_space_size=4096" +ENV SEMANTIC_VERSION=${SEMANTIC_VERSION} + +# Use the Sentry auth token secret to send the sourcemaps to Sentry only if the secret is provided +RUN --mount=type=secret,id=sentry_auth_token,mode=0444 \ + sh -c 'if [ -f /run/secrets/sentry_auth_token ]; then \ + SENTRY_AUTH_TOKEN="$(cat /run/secrets/sentry_auth_token)"; \ + echo "Using Sentry Auth Token: $SENTRY_AUTH_TOKEN"; \ + else \ + echo "No Sentry Auth Token provided"; \ + fi' && pnpm build -RUN pnpm build ############ # Nuxt app # diff --git a/frontend/nuxt.config.ts b/frontend/nuxt.config.ts index e8ef52fb170..ff450e7a3ef 100644 --- a/frontend/nuxt.config.ts +++ b/frontend/nuxt.config.ts @@ -131,6 +131,16 @@ export default defineNuxtConfig({ sourceMapsUploadOptions: { org: "openverse", project: "openverse-frontend", + /** + * This token is only used in the CI to upload source maps to Sentry when building the production + * image of the frontend. + */ + authToken: process.env.SENTRY_AUTH_TOKEN, + }, + unstable_sentryBundlerPluginOptions: { + release: { + name: process.env.SEMANTIC_VERSION, + }, }, }, sourcemap: { diff --git a/frontend/package.json b/frontend/package.json index 4e3f9637d51..ab1b6a26943 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -7,9 +7,9 @@ "scripts": { "predev": "pnpm install && pnpm i18n:en", "dev": "run-p dev:only 'i18n:en --watch'", - "dev:only": "nuxt dev --host 0.0.0.0", + "dev:only": "npx nuxi dev --host 0.0.0.0", "dev:secure": "LOCAL_SSL=enabled pnpm dev", - "build": "NODE_ENV=production nuxt build", + "build": "npx nuxi build", "build:clean": "rm -rf .nuxt", "docker:build": "docker build . -t openverse-frontend:latest", "docker:run": "docker run --rm -it -p 127.0.0.1:8443:8443/tcp openverse-frontend:latest", diff --git a/justfile b/justfile index 6cc9bf999d6..b96e718a9e2 100644 --- a/justfile +++ b/justfile @@ -48,7 +48,6 @@ node-install: pnpm i pnpm --filter './packages/js/*' run build pnpm prepare:nuxt - just frontend/run i18n:en # Set up locales for the frontend