squid/blog
1
2
Fork 2
Code Issues 15 Pull Requests Actions Projects 1 Releases 22 Wiki Activity

BLOG-261 Fix Supply Sentry auth token to frontend build to enable log and sourcemap uploads (#265)
All checks were successful
Frontend CI / build (push) Successful in 1m20s
Details
Auto Comment On PR / add_improve_comment (pull_request) Successful in 13s
Details
PR Title Check / pr-title-check (pull_request) Successful in 16s
Details

Browse Source 
### Description

#### Summary

This resolves the issue where Sentry logs and source maps were failing to upload during the deployment pipeline (BLOG-261). The core problem was that the frontend build environment lacked the necessary authentication credentials to communicate with the Sentry API. I've updated the deployment workflow to pass the `SENTRY_AUTH_TOKEN` from our CI secrets into the Docker build context, and updated the frontend Dockerfile to securely mount and utilize this token during the build phase. A minor descriptive adjustment was also made to our pre-commit config.

#### Key Changes

* **`.gitea/workflows/deployment.yaml`**: Injected the `SENTRY_AUTH_TOKEN` into the build container's secrets configuration.
* **`frontend/Dockerfile`**: Configured secure secret mounting (`--mount=type=secret`) to read `SENTRY_AUTH_TOKEN` and expose it as an environment variable specifically during the `pnpm run build` execution.
* **`.pre-commit-config.yaml`**: Renamed the `frontend-lint` hook from "frontend lint" to "frontend lint & check" to better reflect its underlying script behavior.

#### Testing/Review Notes
* Trigger a deployment build in the CI/CD pipeline to test the workflow changes.
* Check the build logs for the frontend container; verify that the Sentry plugin successfully detects the token and uploads the sourcemaps/releases without throwing an authentication error.
* Ensure no token leakage occurs in the standard CI output logs or the final compiled Docker image layers.

### Package Changes

_No response_

### Screenshots

_No response_

### Reference

Resolves #261.

### Checklist

- [x] A milestone is set
- [x] The related issuse has been linked to this branch

Reviewed-on: #265
Co-authored-by: squid <squid@squidspirit.com>
Co-committed-by: squid <squid@squidspirit.com>
This commit was merged in pull request #265.
This commit is contained in:
Squid Yu
2026-04-04 17:11:02 +08:00
committed by Gitea Server
parent 6f14a33215
commit d506254955
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/deployment.yaml
View File

@@ -30,6 +30,8 @@ jobs:
push: true
provenance: false
context: ./frontend
secrets: |
SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
cache-from: type=registry,ref=${{ vars.REGISTRY }}/${{ vars.IMAGE_REPO_FRONTEND }}:buildcache
cache-to: type=registry,ref=${{ vars.REGISTRY }}/${{ vars.IMAGE_REPO_FRONTEND }}:buildcache,mode=max
tags: |

2
.pre-commit-config.yaml
View File

@@ -14,7 +14,7 @@ repos:
pass_filenames: false
files: ^backend/
- id: frontend-lint
name: frontend lint
name: frontend lint & check
language: script
entry: ./script/pre-commit/frontend-lint.sh
pass_filenames: false

4
frontend/Dockerfile
View File

@@ -12,7 +12,9 @@ FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN pnpm run build
RUN --mount=type=secret,id=SENTRY_AUTH_TOKEN \
SENTRY_AUTH_TOKEN="$(cat /run/secrets/SENTRY_AUTH_TOKEN 2>/dev/null || true)" \
pnpm run build
FROM base AS runner
WORKDIR /app