diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml index 91ecbbe2854..5eb853acf25 100644 --- a/.github/workflows/ci_cd.yml +++ b/.github/workflows/ci_cd.yml @@ -180,6 +180,8 @@ jobs: - name: Build image `${{ matrix.image }}` uses: docker/build-push-action@v6 + env: + SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} with: context: ${{ matrix.context }} target: ${{ matrix.target }} @@ -203,6 +205,8 @@ jobs: FRONTEND_PNPM_VERSION=${{ steps.prepare-build-args.outputs.frontend_pnpm_version }} PGCLI_VERSION=${{ steps.prepare-build-args.outputs.pgcli_version }} ${{ matrix.build-args || '' }} + secrets: | + id=sentry_auth_token,env=SENTRY_AUTH_TOKEN - name: Upload image `${{ matrix.image }}` id: upload-img diff --git a/frontend/Dockerfile b/frontend/Dockerfile index e1a05e3cf8d..bd80800f558 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -3,8 +3,6 @@ # Automatically build image using Node.js version specified in `package.json`. ARG FRONTEND_NODE_VERSION -ARG SENTRY_AUTH_TOKEN -ARG SEMANTIC_VERSION ################### # Node.js builder # @@ -12,6 +10,9 @@ ARG SEMANTIC_VERSION FROM docker.io/node:${FRONTEND_NODE_VERSION}-alpine AS builder +ARG SEMANTIC_VERSION +ARG SENTRY_AUTH_TOKEN + # Install system packages needed to build on macOS RUN apk add --no-cache --virtual .gyp python3 make g++ \ && corepack enable pnpm @@ -46,10 +47,10 @@ ENV NODE_ENV=production # Increase memory limit for the build process (necessary for i18n routes) ENV NODE_OPTIONS="--max_old_space_size=4096" ENV SEMANTIC_VERSION=${SEMANTIC_VERSION} -ENV SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN} - -RUN pnpm build +# Use BuildKit secret for SENTRY_AUTH_TOKEN +RUN --mount=type=secret,id=sentry_auth_token \ + sh -c "export SENTRY_AUTH_TOKEN=$(cat /run/secrets/sentry_auth_token) && pnpm build" ############ # Nuxt app # ############ diff --git a/frontend/package.json b/frontend/package.json index 4e3f9637d51..ab1b6a26943 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -7,9 +7,9 @@ "scripts": { "predev": "pnpm install && pnpm i18n:en", "dev": "run-p dev:only 'i18n:en --watch'", - "dev:only": "nuxt dev --host 0.0.0.0", + "dev:only": "npx nuxi dev --host 0.0.0.0", "dev:secure": "LOCAL_SSL=enabled pnpm dev", - "build": "NODE_ENV=production nuxt build", + "build": "npx nuxi build", "build:clean": "rm -rf .nuxt", "docker:build": "docker build . -t openverse-frontend:latest", "docker:run": "docker run --rm -it -p 127.0.0.1:8443:8443/tcp openverse-frontend:latest",