diff --git a/.github/actions/containerize/action.yml b/.github/actions/containerize/action.yml index d3f00424d..52a2ff08b 100644 --- a/.github/actions/containerize/action.yml +++ b/.github/actions/containerize/action.yml @@ -76,10 +76,11 @@ runs: GIT_SHA=${{ github.sha }} SCOPE=${{inputs.scope}} APP_PATH=${{inputs.app-path}} - SENTRY_AUTH_TOKEN=${{ inputs.sentry-token }} SENTRY_ORG=${{inputs.sentry-org}} SENTRY_PROJECT=${{inputs.sentry-project}} PORT=${{inputs.app-port}} + secrets: | + sentry_token=${{ inputs.sentry-token }} - name: Output Build Name id: get-build-name shell: bash diff --git a/Dockerfile b/Dockerfile index 0cd82b7c3..8206b865f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,6 @@ ARG SCOPE ARG APP_PATH ARG PORT ARG GIT_SHA -ARG SENTRY_AUTH_TOKEN ARG SENTRY_ORG ARG SENTRY_PROJECT @@ -36,7 +35,6 @@ ARG SCOPE ARG APP_PATH ARG PORT ARG GIT_SHA -ARG SENTRY_AUTH_TOKEN ARG SENTRY_ORG ARG SENTRY_PROJECT @@ -60,7 +58,6 @@ ARG SCOPE ARG APP_PATH ARG PORT ARG GIT_SHA -ARG SENTRY_AUTH_TOKEN ARG SENTRY_ORG ARG SENTRY_PROJECT @@ -95,7 +92,8 @@ RUN pnpx @sentry/cli sourcemaps inject pruned/dist RUN mv ./.prisma.tmp pruned/node_modules/.prisma | true # If sentry project was passed, upload the source maps -RUN if [ -n "$SENTRY_PROJECT" ] ; then pnpx @sentry/cli sourcemaps upload pruned/dist --release ${GIT_SHA} --auth-token ${SENTRY_AUTH_TOKEN} --org ${SENTRY_ORG} --project ${SENTRY_PROJECT} ; fi +RUN --mount=type=secret,id=sentry_token \ + if [ -n "$SENTRY_PROJECT" ] ; then pnpx @sentry/cli sourcemaps upload pruned/dist --release ${GIT_SHA} --auth-token $(cat /run/secrets/sentry_token) --org ${SENTRY_ORG} --project ${SENTRY_PROJECT} ; fi #---------------------------------------- # Docker build step that: @@ -118,7 +116,7 @@ RUN chown -R nodejs:nodejs /app USER nodejs ENV NODE_ENV=production -ENV PORT $PORT +ENV PORT=${PORT} ENV GIT_SHA=${GIT_SHA} ENV RELEASE_SHA=${GIT_SHA}