Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ref(admin): Upload sourcemaps to Sentry for the admin tool #4441

Merged
merged 7 commits into from
Jul 31, 2023
Merged

ref(admin): Upload sourcemaps to Sentry for the admin tool #4441

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
232982c
ref(admin): Upload sourcemaps to Sentry for the admin tool
evanh Jun 29, 2023
61793a1
add separate workflow for sourcemaps
evanh Jul 4, 2023
55dfd06
Use a dedicated sourcemap workflow to manually build the files instea…
evanh Jul 4, 2023
9518b2d
Merge branch 'master' into evanh/fix/add-frontend-sourcemaps
evanh Jul 4, 2023
f4bc7fa
merge
evanh Jul 4, 2023
ad73366
Merge branch 'master' into evanh/fix/add-frontend-sourcemaps
evanh Jul 11, 2023
ae26e93
Merge branch 'master' into evanh/fix/add-frontend-sourcemaps
evanh Jul 18, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ jobs:
IMG_CACHE: ghcr.io/getsentry/snuba:${{ matrix.arch }}-latest
IMG_VERSIONED: ghcr.io/getsentry/snuba:${{ matrix.arch }}-${{ github.sha }}
SHOULD_BUILD_ADMIN_UI: ${{ matrix.arch == 'arm64' && 'false' || 'true' }}
ADMIN_SOURCEMAP_KEY: ${{ secrets.SNUBA_SENTRY_SOURCEMAP_KEY }}
NODE_VERSION: 19.x
steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -42,6 +43,7 @@ jobs:
--build-arg BUILDKIT_INLINE_CACHE=1 \
--build-arg SHOULD_BUILD_ADMIN_UI="$SHOULD_BUILD_ADMIN_UI" \
--build-arg SHOULD_BUILD_RUST=false \
--build-arg ADMIN_SOURCEMAP_KEY="$ADMIN_SOURCEMAP_KEY" \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as written this value will be in the image -- if it's actually secret this will leak the secret

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't think of that. How would you recommend doing this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think getsentry does this through the deploy pipeline -- I'm not entirely sure would have to check that

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking that too, but our images are built during CI, and I need this value during the build steps I think.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the value an actual secret? if not then we can just inline it

does it need to be in the source?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should be a secret? It's an internal integration API key for our Sentry projects. It would allow anyone with the key at minimum to upload files to our internal projects (that's what I plan to do with it).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use docker build --secret id=mysecret,env=MYSECRET .?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that will help here -- the value is exposed in ENV and appears to get baked in by webpack

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe I can have a separate step that builds webpack outside of the docker image just to get the sourcemaps uploaded. I don't need this value after the image is built.

--platform linux/${{ matrix.arch }} \
--tag "$IMG_VERSIONED" \
--target application \
Expand Down
2 changes: 2 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ RUN set -ex; \
# Install nodejs and yarn and build the admin UI
FROM build_base AS build_admin_ui
ARG SHOULD_BUILD_ADMIN_UI=true
ARG ADMIN_SOURCEMAP_KEY=unknown
ENV SENTRY_AUTH_TOKEN=$ADMIN_SOURCEMAP_KEY
ENV NODE_VERSION=19

COPY ./snuba/admin ./snuba/admin
Expand Down
6 changes: 1 addition & 5 deletions snuba/admin/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,4 @@ this will start the yarn debug server and live reload your javascript changes. I

# Releasing new javascript

At time of writing, we check the compiled javscript bundle into source code (yes it's not great, if you want to fix it please do). Run this before checking in your JS changes:

```
make build-admin
```
The admin tool is automatically built as part of our normal CI flow.
1 change: 1 addition & 0 deletions snuba/admin/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
},
"dependencies": {
"@sentry/react": "^7.56.0",
"@sentry/webpack-plugin": "^2.4.0",
"@types/react": "^18.0.20",
"@types/react-dom": "^18.2.6",
"jest-dom": "^4.0.0",
Expand Down
11 changes: 11 additions & 0 deletions snuba/admin/webpack.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
const path = require('path');
const { sentryWebpackPlugin } = require("@sentry/webpack-plugin");

module.exports = (env) => ({
entry: './static/index.tsx',
Expand All @@ -18,4 +19,14 @@ module.exports = (env) => ({
filename: 'bundle.js',
path: path.resolve(__dirname, 'dist'),
},
devtool: "source-map", // Source map generation must be turned on
plugins: [
sentryWebpackPlugin({
org: process.env.SENTRY_ORGANIZATION,
project: process.env.SENTRY_PROJECT,
// Auth tokens can be obtained from https://sentry.io/settings/account/api/auth-tokens/
// and need `project:releases` and `org:read` scopes
authToken: process.env.SENTRY_AUTH_TOKEN,
}),
],
})
Loading
Loading