feat(infra) : branche le SDK Sentry (back + front) vers GlitchTip + CA racine MALIO
Auto Tag Develop / tag (push) Successful in 14s
Auto Tag Develop / tag (push) Successful in 14s
Error tracking centralise : remontee des erreurs back (Symfony) et front (Nuxt) vers l'instance GlitchTip auto-hebergee. DSN vides par defaut => SDK inerte. Backend : - sentry/sentry-symfony ^5.10, bundle enregistre prod-only - config/packages/sentry.yaml : handler Monolog niveau ERROR+, ignore 4xx/AccessDenied, pas d'APM, release = %app.version% - .env : bloc SENTRY_DSN documente (vide => inerte) Frontend : - @sentry/nuxt ^10.61, module charge uniquement si NUXT_PUBLIC_SENTRY_DSN defini - runtimeConfig.public.sentry + source maps (hidden) + options d'upload - sentry.client.config.ts : init cote client gardee par if (dsn) Deploiement : - Dockerfile : ARG Sentry au build front (prefixe inline du RUN, token non persiste) + CA racine interne MALIO (update-ca-certificates) pour le handshake HTTPS GlitchTip back - build-docker.yml : --build-arg depuis les secrets Gitea - .env.prod.example : SENTRY_DSN (back, runtime)
This commit is contained in:
Matthieu
@@ -11,3 +11,7 @@ JWT_TOKEN_TTL=86400
|
||||
JWT_COOKIE_TTL=86400
|
||||
|
||||
CORS_ALLOW_ORIGIN='^http://starseed\.malio-dev\.fr$'
|
||||
|
||||
# Sentry / GlitchTip — error tracking backend (projet "starseed-api").
|
||||
# Runtime, prod only. Vide/absent => SDK inerte (rien envoye).
|
||||
# SENTRY_DSN=https://<cle>@<host-ou-IP>:<port>/<id-projet>
|
||||
|
||||
+23
-2
@@ -30,21 +30,42 @@ COPY frontend/package.json frontend/package-lock.json ./
|
||||
RUN npm ci
|
||||
|
||||
COPY frontend/ ./
|
||||
|
||||
# Error tracking → GlitchTip (build-time). Vides par defaut => module Sentry inerte
|
||||
# et aucun upload de source maps. Fournis par la CI via --build-arg (secrets Gitea).
|
||||
# Passes en prefixe inline du RUN (pas en ENV) pour ne pas persister le token dans
|
||||
# une couche d'image.
|
||||
ARG NUXT_PUBLIC_SENTRY_DSN=""
|
||||
ARG SENTRY_URL=""
|
||||
ARG SENTRY_ORG=""
|
||||
ARG SENTRY_PROJECT=""
|
||||
ARG SENTRY_AUTH_TOKEN=""
|
||||
|
||||
ENV CI=1 \
|
||||
NUXT_TELEMETRY_DISABLED=1 \
|
||||
NUXT_PUBLIC_API_BASE=/api \
|
||||
NUXT_PUBLIC_APP_BASE=/
|
||||
RUN npm run generate
|
||||
RUN NUXT_PUBLIC_SENTRY_DSN="$NUXT_PUBLIC_SENTRY_DSN" \
|
||||
SENTRY_URL="$SENTRY_URL" \
|
||||
SENTRY_ORG="$SENTRY_ORG" \
|
||||
SENTRY_PROJECT="$SENTRY_PROJECT" \
|
||||
SENTRY_AUTH_TOKEN="$SENTRY_AUTH_TOKEN" \
|
||||
npm run generate
|
||||
|
||||
# --- Stage 3: Production image ---
|
||||
FROM php:8.4-fpm AS production
|
||||
|
||||
RUN apt-get update && apt-get install -y \
|
||||
libicu-dev libpq-dev libpng-dev libzip-dev libxml2-dev \
|
||||
nginx supervisor \
|
||||
nginx supervisor ca-certificates \
|
||||
&& docker-php-ext-install -j$(nproc) intl pdo_pgsql zip gd opcache \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# CA racine interne MALIO (auto-signee) — permet au SDK Sentry/HttpClient de
|
||||
# joindre les services HTTPS internes (ex. GlitchTip sur logs.malio-dev.fr).
|
||||
COPY infra/prod/malio-dev-root-ca.crt /usr/local/share/ca-certificates/malio-dev-root-ca.crt
|
||||
RUN update-ca-certificates
|
||||
|
||||
# PHP production config
|
||||
RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
|
||||
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFZzCCA0+gAwIBAgIUOiZigxwgIgtLipnLnu4eSgItc5MwDQYJKoZIhvcNAQEL
|
||||
BQAwQzELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU1BTElPLURFVjEgMB4GA1UEAwwX
|
||||
TUFMSU8tREVWIExvY2FsIFJvb3QgQ0EwHhcNMjYwNjI1MTYxMjIwWhcNMzYwNjIy
|
||||
MTYxMjIwWjBDMQswCQYDVQQGEwJGUjESMBAGA1UECgwJTUFMSU8tREVWMSAwHgYD
|
||||
VQQDDBdNQUxJTy1ERVYgTG9jYWwgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggIPADCCAgoCggIBALqHXVWEae9aKtveLfSpxYy9RS0Aslw2Ls9+LWI33lpMRs02
|
||||
QssE9wquf3WGjz8NnHUWl5RM0QHC0DOCCddcbnRBciDRJeTaU43IGdNg+TSY+7aM
|
||||
3t/jysZrpc/eu/udlIs7npCPaOGnRiuGN68Fkf9Q70FtmaASpusUe7J3jKDinznr
|
||||
R2hARplO4OF01tFauu039A4yudLrZTUFTldicuZ6a5U3NhajgfNZA+pyJqvL3tLT
|
||||
lXG3KupPD9BsbWe4zSM96CmyHM22QNlcL+M5XG5+EtDtM07tkDcyxFOsREjQHvSQ
|
||||
NH+7h6G/QBHHKkYJhdyiuvpj6b5tEJBM2PVgy1T2JX5TuOBOLx6HvHLbNjUY/JI5
|
||||
0sIjnHbeybQCOfnKNAwidtnqjAfVg+XJ9UZCiGJOeRJOdN5isvvqEKydsX4ouCTj
|
||||
89kwBbfCJeCS6BiadvNFUwnM0PksV0ovnOiUEEAPHRiP74jZ3IvH95BEwiZzyLpy
|
||||
tXiJMW7cJMaqlT3jNwq3P00irfrpJNy4S1Mg2cBQh5ucv+PcMBfQT8YiarzlTQJo
|
||||
saksh/2C43WH+qIFAL2aeD+rKReVBZcGa1XOBI8FUJTu3rLd37+iS4N2BUKq4fWo
|
||||
FttuX5NOfeU3BRDLlCJ2AXau7o0czVy896R9iZTfBJC95QWD07PdHgoctuexAgMB
|
||||
AAGjUzBRMB0GA1UdDgQWBBRNU0WsMg/pqo5XF/WXx78GrAzD5TAfBgNVHSMEGDAW
|
||||
gBRNU0WsMg/pqo5XF/WXx78GrAzD5TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
|
||||
DQEBCwUAA4ICAQBFXsuT7Rm2oJBlWT/RsJtmWr95NoFLHovVDycgM8Vjm+E8hv/m
|
||||
AcSjPjZDmXQLOrN31T/XUAs0nURHxSFgVzdIKpq2gOlGgHkZRMAW/iTON9Cqjn81
|
||||
Arjp5fjAJyFkoCiT3eTOElpteF4NhL8xMFaOg1Y2CEfOYO9OZR7Z38HdB6IArVwr
|
||||
W3Dxq3DPtarCeo1k8SHJmJzUduYCltV8urB43gIiI2Hqd7aAlpkTfDhruKxxr7sJ
|
||||
3/TpemJDCN9m8XMv2QvxqpMwH6EXg/7oqit5k0MvD445f3xt9vZydmV/x6F7u/A/
|
||||
gJitN+ixA4AKv7Lw210vaupiChqdY+78TXgLoPJ2/l2QPWG/R7Fb4yNZ2rEd6lyt
|
||||
KLPxHDcdZetFnyqyaoB2SNtLx9hNUE5G3udU6DkNhDfQlDhqEG4f7GAInOu/cMWE
|
||||
2uiIUEjcGSLM+XrrTFRc1tdXy6hnu+sw5ckvhwJ+kjah/pVGz21/y5a0p42AUznI
|
||||
iN7HBV8YaSkeJLvBPnfakUAat1R98e0l72DucHe8RF44NmZCywpaUBsTpNy+bO2f
|
||||
atqp4/ZEGJJlJ38rLv9bAuwr6d8x6T+m0oHknqtJHcWfO0kr4l3Lxsd8mRpGgmBe
|
||||
zOjqjrat4vSc04Rqic4UV2IEoWCiSS/TSiBx8JAB6Ck0+YR9dUgXVQsFFg==
|
||||
-----END CERTIFICATE-----
|
||||
Reference in New Issue
Block a user