chore: improve sentry setup

.gitignore

@@ -31,3 +31,6 @@ coverage
 !.yarn/releases
 !.yarn/sdks
 !.yarn/versions
+
+# Sentry Config File
+.sentryclirc

.kontinuous/env/dev/templates/sentry.sealed-secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: 'true'
+  name: sentry
+spec:
+  encryptedData:
+    SENTRY_AUTH_TOKEN: AgB0+vei/m71QPjqmuo6v9pfgHRy8U9LCuVK2PHzkH5ul8tmgs04r2afwRs877iu+EP4NB6OtjXKG6AFCFmPusi6p35xl/IpqjdA/GlBC9Vwx914YDd46Hn+QoVqqDMmtvNxfuMxuxs5Zwro/5tMJMb6sU31Qyl/8p4Rne18EA2gje/WVK1a91HCb75o2sB0t/M5HgP+oP8Fj1yw1sqbIbnxHaIn4arf7NTEB3DSGrL4NpLtNN1ToQfL8UXH9vCmbLUjinHVSDm5Fkd67hPBqen0HkIdBIheU+LU7ygiiA5Bb470IuKxV9BuCey2CxSKDVNZBDfLuQAZ3uqF8plBoEtPLCeZ4Tda6KOvTnQ72Maj1YE3CLdOaLMtKQTi/Lt3ZcoBJvUEbGck+hmpEQq3QjwZMhmba8ZZX4Y8ymVpQd/LoJYhBM0ftel4kpK4oBlYEC612phPa+d+LywVkv+Vb3QQX4VOynAWhiuS+larg27H3dZ95kHZlzEgKdnUJ0WxfupoZEnyE7EXQ9aA1b+6Jg8GvCFoSCRuBG3WM7VmTCCzI7n/yjbKHTaPRqcLKA0pgvYNqyKiBemuKCRb+i/gzK8LqsdO8bJb3ZYl/H7ysqdWTvz0JLblg6lIMd/dDDjTJ5CWjF1q/RZWKiWigarirlNgnYdkK2iRaQ666KBRb3DoiexpAiBxx2iAsUDLWiVdHsZ8g9HB5xIbZTbyEuJZ56cKywwZvoTZNHXCKY2Ki74ArsKu9H9NiOwf9shgoDghXQc5AZskxzL7wkOyqhSvpjKC
+  template:
+    metadata:
+      annotations:
+        sealedsecrets.bitnami.com/cluster-wide: 'true'
+      name: sentry
+    type: Opaque

.kontinuous/env/preprod/templates/sentry.sealed-secret.yaml

@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/cluster-wide: 'true'
+  name: sentry
+spec:
+  encryptedData:
+    SENTRY_AUTH_TOKEN: AgB0+vei/m71QPjqmuo6v9pfgHRy8U9LCuVK2PHzkH5ul8tmgs04r2afwRs877iu+EP4NB6OtjXKG6AFCFmPusi6p35xl/IpqjdA/GlBC9Vwx914YDd46Hn+QoVqqDMmtvNxfuMxuxs5Zwro/5tMJMb6sU31Qyl/8p4Rne18EA2gje/WVK1a91HCb75o2sB0t/M5HgP+oP8Fj1yw1sqbIbnxHaIn4arf7NTEB3DSGrL4NpLtNN1ToQfL8UXH9vCmbLUjinHVSDm5Fkd67hPBqen0HkIdBIheU+LU7ygiiA5Bb470IuKxV9BuCey2CxSKDVNZBDfLuQAZ3uqF8plBoEtPLCeZ4Tda6KOvTnQ72Maj1YE3CLdOaLMtKQTi/Lt3ZcoBJvUEbGck+hmpEQq3QjwZMhmba8ZZX4Y8ymVpQd/LoJYhBM0ftel4kpK4oBlYEC612phPa+d+LywVkv+Vb3QQX4VOynAWhiuS+larg27H3dZ95kHZlzEgKdnUJ0WxfupoZEnyE7EXQ9aA1b+6Jg8GvCFoSCRuBG3WM7VmTCCzI7n/yjbKHTaPRqcLKA0pgvYNqyKiBemuKCRb+i/gzK8LqsdO8bJb3ZYl/H7ysqdWTvz0JLblg6lIMd/dDDjTJ5CWjF1q/RZWKiWigarirlNgnYdkK2iRaQ666KBRb3DoiexpAiBxx2iAsUDLWiVdHsZ8g9HB5xIbZTbyEuJZ56cKywwZvoTZNHXCKY2Ki74ArsKu9H9NiOwf9shgoDghXQc5AZskxzL7wkOyqhSvpjKC
+  template:
+    metadata:
+      annotations:
+        sealedsecrets.bitnami.com/cluster-wide: 'true'
+      name: sentry
+    type: Opaque

.kontinuous/env/prod/templates/sentry.sealed-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  annotations:
+    sealedsecrets.bitnami.com/namespace-wide: 'true'
+  name: sentry
+  namespace: secretariat
+spec:
+  encryptedData:
+    SENTRY_AUTH_TOKEN: AgCg6EpuN96oZQ1zbCfciq9w63htn3GtqMwQB5COwLocovcJTk42Z3c1aDp7zkZpDS0rVgUt5zcQuEVoWoZExQOyfmQPxRbFGQnXqbFGYTcekc9mZ1qRTr9Vzl26YQ7OsVegEv+tCX5Njzgm/vrGPHQCQBZQKtVNSzH5ihhu79UNS1G5U6gXhlYzOFEAjQAzKP9UfHcd1lkXfVx9bm0dpnJPyWPjMyJvC7RfAd9SGNJwDuGsGeUH/zbn5XuLHblqV6XvUD4YX/9cBxMvCzcHAwQCrruTxeogoLRXAzWXZye/RqSV/AQ4fPRP0fK+rxzF6sOumP3T7Zmb31/Rb0zv0kozbavdhcsX71nZbMUXJVFNuTqpT24JoMSJnsc/U9vNyya65IDjs18BVsJl2+x01Oc143W/irLzilh7lNriP+YqUcpjoZK9RHtNfyNTJ8ffFd/M3wlvE55WAmTvSzcTivV8oubvM3nREUDihaMGwRSsW24d84Gr3VBM8KlZlm7XEIazmeS7Xt62w/Xgj88b7UWP0+YLH5PlIZnMnoQPVDhnyAOIMAGmp97VVw4AogfuaqZqgQkn+LCTC/DTz68u7vpWSsNRxw835CxaEKB55GT4WpgtGbAvttufeDfvMMrPNswFv8uoI4Ae0a/lb5kKjZOlZIF/dYxu4vJScUFkic6df78NBMLIoX9aB5U/PQPOBLl92vlGDrPzckq+oQMDZmdT5rHPeogjFHHi3AQQOd3gqacq1TV8RGPGryK5vZu4c4Ddop2FK2roqqRabIwlzSI/
+  template:
+    metadata:
+      annotations:
+        sealedsecrets.bitnami.com/namespace-wide: 'true'
+      name: sentry
+    type: Opaque

.kontinuous/env/prod/values.yaml

@@ -31,6 +31,5 @@ jobs:
       with:
         imagePackage: app
         buildArgs:
-          NEXT_PUBLIC_HASURA_URL: "https://hasura-{{ .Values.global.host }}/v1/graphql"
           NEXT_PUBLIC_MATOMO_SITE_ID: "82"
           NEXT_PUBLIC_MATOMO_URL: "https://matomo.fabrique.social.gouv.fr/"

.kontinuous/values.yaml

@@ -28,7 +28,15 @@ jobs:
       with:
         imagePackage: app
         buildArgs:
-          NEXT_PUBLIC_HASURA_URL: "https://hasura-{{ .Values.global.host }}/v1/graphql"
+          NEXT_PUBLIC_HASURA_URL:
+            "https://hasura-{{ .Values.global.host }}/v1/graphql"
+          NEXT_PUBLIC_SENTRY_DSN: "https://[email protected]/85"
+          NEXT_PUBLIC_SENTRY_ENVIRONMENT: "{{ .Values.global.env }}"
+          NEXT_PUBLIC_SENTRY_RELEASE: "{{ .Values.global.imageTag }}"
+        secrets:
+          sentry_auth_token:
+            secretName: sentry
+            secretKey: SENTRY_AUTH_TOKEN
 
     build-hasura:
       use: build

.talismanrc

@@ -1,4 +1,14 @@
 fileignoreconfig:
+- filename: .kontinuous/env/dev/templates/sentry.sealed-secret.yaml
+  checksum: 6b3eb493305a8c3d24402c99d7a20b01b6650e7fedb2782648c539a70adc4088
+- filename: .kontinuous/env/preprod/templates/sentry.sealed-secret.yaml
+  checksum: fae95a0f658c5920845516eb04659cac883418d135a4bce54615236e47da8df1
+- filename: .kontinuous/env/prod/templates/sentry.sealed-secret.yaml
+  checksum: ef7c23320a02ca66f8a10755bccabc2a487973e9581a4408ed3f4c8685f921f7
+- filename: .kontinuous/values.yaml
+  checksum: 1d67b52046f6e850ff38f806000aa8bb1329cb1f7e6314fbec89bea2009709e3
+- filename: Dockerfile
+  checksum: 14c30aedc55e0f61364c26cf84c28596973f6951f4e0322f2f2693ec84ff513c
 - filename: packages/hasura/migrations/default/1691156416829_alter_table_public_users_add_column_disabled/down.sql
   checksum: cac3e070c06c7c7fbd6821009fef546e452a38184ac6539ccca609be4a82bd8b
 - filename: packages/hasura/migrations/default/1691156416829_alter_table_public_users_add_column_disabled/up.sql

Dockerfile

@@ -4,22 +4,32 @@ WORKDIR /app
 
 # Rebuild the source code only when needed
 FROM base AS builder
+
+# install deps
+COPY yarn.lock .yarnrc.yml ./
+COPY .yarn .yarn
+RUN yarn fetch --immutable
+
+COPY . .
+
+# build time args
 ARG NEXT_PUBLIC_HASURA_URL
 ENV NEXT_PUBLIC_HASURA_URL $NEXT_PUBLIC_HASURA_URL
 ARG NEXT_PUBLIC_MATOMO_URL
 ENV NEXT_PUBLIC_MATOMO_URL $NEXT_PUBLIC_MATOMO_URL
 ARG NEXT_PUBLIC_MATOMO_SITE_ID
 ENV NEXT_PUBLIC_MATOMO_SITE_ID $NEXT_PUBLIC_MATOMO_SITE_ID
+ARG NEXT_PUBLIC_SENTRY_ENVIRONMENT
+ENV NEXT_PUBLIC_SENTRY_ENVIRONMENT $NEXT_PUBLIC_SENTRY_ENVIRONMENT
+ARG NEXT_PUBLIC_SENTRY_RELEASE
+ENV NEXT_PUBLIC_SENTRY_RELEASE $NEXT_PUBLIC_SENTRY_RELEASE
+ARG NEXT_PUBLIC_SENTRY_DSN
+ENV NEXT_PUBLIC_SENTRY_DSN $NEXT_PUBLIC_SENTRY_DSN
 ENV NEXT_TELEMETRY_DISABLED 1
 
-# install deps
-COPY yarn.lock .yarnrc.yml ./
-COPY .yarn .yarn
-RUN yarn fetch --immutable
-
 # build
-COPY . .
-RUN yarn build
+RUN --mount=type=secret,id=sentry_auth_token export SENTRY_AUTH_TOKEN="$(cat /run/secrets/sentry_auth_token)"; \
+  yarn build
 
 # Production image, copy all the files and run next
 FROM base AS runner
@@ -30,11 +40,9 @@ ENV NEXT_TELEMETRY_DISABLED 1
 RUN addgroup --system --gid 1001 nodejs && \
   adduser --system --uid 1001 nextjs
 
-# You only need to copy next.config.js if you are NOT using the default configuration
 COPY --from=builder /app/next.config.js ./
 COPY --from=builder /app/public ./public
 
-# Automatically leverage output traces to reduce image size
 COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
 

next.config.js

@@ -50,7 +50,7 @@ const headers = [
   { key: "Reporting-Endpoints", value: "endpoint='/api/report'" },
 ]
 
-module.exports = {
+const nextConfig = {
   swcMinify: true,
   optimizeFonts: false,
   reactStrictMode: true,
@@ -59,11 +59,6 @@ module.exports = {
     domains: ["avatars.githubusercontent.com", "secure.gravatar.com"],
     contentSecurityPolicy: "default-src 'self'; script-src 'none'; sandbox;",
   },
-  sentry: {
-    hideSourceMaps: true,
-    disableClientWebpackPlugin: true,
-    disableServerWebpackPlugin: true,
-  },
   output: "standalone",
   env: {
     NEXT_PUBLIC_APP_VERSION: version,
@@ -82,4 +77,20 @@ module.exports = {
   },
 }
 
-module.exports = withSentryConfig(module.exports, { silent: true })
+const sentryWebpackPluginOptions = {
+  org: "incubateur",
+  project: "secretariat",
+  url: "https://sentry.fabrique.social.gouv.fr/",
+  release: process.env.NEXT_PUBLIC_SENTRY_RELEASE,
+}
+
+const sentryOptions = {
+  widenClientFileUpload: true,
+  hideSourceMaps: true,
+}
+
+module.exports = withSentryConfig(
+  nextConfig,
+  sentryWebpackPluginOptions,
+  sentryOptions
+)

package.json

@@ -13,7 +13,7 @@
   "dependencies": {
     "@octokit/rest": "19.0.5",
     "@octokit/types": "8.0.0",
-    "@sentry/nextjs": "7.32.1",
+    "@sentry/nextjs": "^7.84.0",
     "@socialgouv/matomo-next": "1.5.0",
     "date-fns": "2.28.0",
     "debounce-fn": "4.0.0",

sentry.client.config.js

@@ -1,19 +1,7 @@
-// This file configures the initialization of Sentry on the browser.
-// The config you add here will be used whenever a page is visited.
-// https://docs.sentry.io/platforms/javascript/guides/nextjs/
-
 import * as Sentry from "@sentry/nextjs"
 
-const SENTRY_DSN = process.env.SENTRY_DSN || process.env.NEXT_PUBLIC_SENTRY_DSN
-
 Sentry.init({
-  dsn:
-    SENTRY_DSN ||
-    "https://[email protected]/85",
-  // Adjust this value in production, or use tracesSampler for greater control
-  tracesSampleRate: 1.0,
-  // ...
-  // Note: if you want to override the automatic release value, do not set a
-  // `release` value here - use the environment variable `SENTRY_RELEASE`, so
-  // that it will also get attached to your source maps
+  release: process.env.NEXT_PUBLIC_SENTRY_RELEASE,
+  environment: process.env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
+  dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
 })

sentry.edge.config.js

@@ -1,19 +1,7 @@
-// This file configures the initialization of Sentry on the server.
-// The config you add here will be used whenever middleware or an Edge route handles a request.
-// https://docs.sentry.io/platforms/javascript/guides/nextjs/
-
 import * as Sentry from "@sentry/nextjs"
 
-const SENTRY_DSN = process.env.SENTRY_DSN || process.env.NEXT_PUBLIC_SENTRY_DSN
-
 Sentry.init({
-  dsn:
-    SENTRY_DSN ||
-    "https://[email protected]/85",
-  // Adjust this value in production, or use tracesSampler for greater control
-  tracesSampleRate: 1.0,
-  // ...
-  // Note: if you want to override the automatic release value, do not set a
-  // `release` value here - use the environment variable `SENTRY_RELEASE`, so
-  // that it will also get attached to your source maps
+  release: process.env.NEXT_PUBLIC_SENTRY_RELEASE,
+  environment: process.env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
+  dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
 })

sentry.server.config.js

@@ -1,19 +1,7 @@
-// This file configures the initialization of Sentry on the server.
-// The config you add here will be used whenever the server handles a request.
-// https://docs.sentry.io/platforms/javascript/guides/nextjs/
-
 import * as Sentry from "@sentry/nextjs"
 
-const SENTRY_DSN = process.env.SENTRY_DSN || process.env.NEXT_PUBLIC_SENTRY_DSN
-
 Sentry.init({
-  dsn:
-    SENTRY_DSN ||
-    "https://[email protected]/85",
-  // Adjust this value in production, or use tracesSampler for greater control
-  tracesSampleRate: 1.0,
-  // ...
-  // Note: if you want to override the automatic release value, do not set a
-  // `release` value here - use the environment variable `SENTRY_RELEASE`, so
-  // that it will also get attached to your source maps
+  release: process.env.NEXT_PUBLIC_SENTRY_RELEASE,
+  environment: process.env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
+  dsn: process.env.NEXT_PUBLIC_SENTRY_DSN,
 })