diff --git a/.dockerignore b/.dockerignore index 66de9b8f1..0342846f0 100644 --- a/.dockerignore +++ b/.dockerignore @@ -10,3 +10,4 @@ README.md api-node/node_modules api-node/dist api-node/.env +.env \ No newline at end of file diff --git a/Dockerfile.nestjs b/Dockerfile.nestjs index 6376d697e..5a2421e36 100644 --- a/Dockerfile.nestjs +++ b/Dockerfile.nestjs @@ -27,7 +27,9 @@ ENV \ WORKDIR /work/api-node # Build the application -RUN yarn build:ci +RUN --mount=type=secret,id=SENTRY_AUTH_TOKEN \ + export SENTRY_AUTH_TOKEN=$(cat /run/secrets/SENTRY_AUTH_TOKEN) && \ + yarn build # Set ownership RUN chown -R registry:registry ./ diff --git a/cloudbuild.yaml b/cloudbuild.yaml index beb383452..530a03d03 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -2,6 +2,7 @@ steps: - name: 'gcr.io/cloud-builders/docker' args: [ 'build', + "--secret", "id=SENTRY_AUTH_TOKEN,env=SENTRY_AUTH_TOKEN", '-f', 'Dockerfile.nestjs', '-t', 'us-central1-docker.pkg.dev/$PROJECT_ID/sentry-release-registry/image:latest', '-t', 'us-central1-docker.pkg.dev/$PROJECT_ID/sentry-release-registry/image:$COMMIT_SHA', @@ -25,3 +26,7 @@ steps: images: [ 'us-central1-docker.pkg.dev/$PROJECT_ID/sentry-release-registry/image:$COMMIT_SHA', ] +availableSecrets: + secretManager: + - versionName: projects/294472738882/secrets/release-registry-oauth-token + env: 'SENTRY_AUTH_TOKEN' \ No newline at end of file