Skip to content

Commit

Permalink
Try another setup
Browse files Browse the repository at this point in the history
  • Loading branch information
@obulat
obulat committed Dec 17, 2024
1 parent f790407 commit d87f201
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 7 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/ci_cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,6 +180,8 @@ jobs:

- name: Build image `${{ matrix.image }}`
uses: docker/build-push-action@v6
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
with:
context: ${{ matrix.context }}
target: ${{ matrix.target }}
Expand All @@ -203,6 +205,8 @@ jobs:
FRONTEND_PNPM_VERSION=${{ steps.prepare-build-args.outputs.frontend_pnpm_version }}
PGCLI_VERSION=${{ steps.prepare-build-args.outputs.pgcli_version }}
${{ matrix.build-args || '' }}
secrets: |
id=sentry_auth_token,env=SENTRY_AUTH_TOKEN
- name: Upload image `${{ matrix.image }}`
id: upload-img
Expand Down
11 changes: 6 additions & 5 deletions frontend/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,16 @@

# Automatically build image using Node.js version specified in `package.json`.
ARG FRONTEND_NODE_VERSION
ARG SENTRY_AUTH_TOKEN
ARG SEMANTIC_VERSION

###################
# Node.js builder #
###################

FROM docker.io/node:${FRONTEND_NODE_VERSION}-alpine AS builder

ARG SEMANTIC_VERSION
ARG SENTRY_AUTH_TOKEN

Check warning on line 14 in frontend/Dockerfile

View workflow job for this annotation

GitHub Actions / Build Docker images (frontend)

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "SENTRY_AUTH_TOKEN")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

# Install system packages needed to build on macOS
RUN apk add --no-cache --virtual .gyp python3 make g++ \
&& corepack enable pnpm
Expand Down Expand Up @@ -46,10 +47,10 @@ ENV NODE_ENV=production
# Increase memory limit for the build process (necessary for i18n routes)
ENV NODE_OPTIONS="--max_old_space_size=4096"
ENV SEMANTIC_VERSION=${SEMANTIC_VERSION}
ENV SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN}

RUN pnpm build

# Use BuildKit secret for SENTRY_AUTH_TOKEN
RUN --mount=type=secret,id=sentry_auth_token \
sh -c "export SENTRY_AUTH_TOKEN=$(cat /run/secrets/sentry_auth_token) && pnpm build"
############
# Nuxt app #
############
Expand Down
4 changes: 2 additions & 2 deletions frontend/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@
"scripts": {
"predev": "pnpm install && pnpm i18n:en",
"dev": "run-p dev:only 'i18n:en --watch'",
"dev:only": "nuxt dev --host 0.0.0.0",
"dev:only": "npx nuxi dev --host 0.0.0.0",
"dev:secure": "LOCAL_SSL=enabled pnpm dev",
"build": "NODE_ENV=production nuxt build",
"build": "npx nuxi build",
"build:clean": "rm -rf .nuxt",
"docker:build": "docker build . -t openverse-frontend:latest",
"docker:run": "docker run --rm -it -p 127.0.0.1:8443:8443/tcp openverse-frontend:latest",
Expand Down

0 comments on commit d87f201

Please sign in to comment.