marcel/familienarchiv
1
0
Fork 0
Code Issues 105 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: wire VITE_SENTRY_DSN as Docker build arg so frontend errors reach GlitchTip #645

New Issue
Closed
opened 2026-05-20 09:53:07 +02:00 by marcel · 0 comments
marcel commented 2026-05-20 09:53:07 +02:00
Owner
Copy Link

Problem

The frontend Sentry SDK is integrated (hooks.client.ts, hooks.server.ts) and reads import.meta.env.VITE_SENTRY_DSN. However, VITE_SENTRY_DSN is a Vite build-time variable — Vite bakes it into the bundle at npm run build. Because the frontend Dockerfile build stage has no ARG VITE_SENTRY_DSN, the variable is undefined at build time and the SDK initialises with enabled: false.

Result: no frontend errors ever reach GlitchTip project #1, even though the SDK code is there.

This was discovered while working on #641 (backend Sentry + JSON logging).

Root Cause

Three places all need to be wired together:

  1. frontend/Dockerfile — build stage has no ARG VITE_SENTRY_DSN / ENV VITE_SENTRY_DSN
  2. docker-compose.prod.yml — frontend build.args does not include VITE_SENTRY_DSN
  3. .gitea/workflows/nightly.yml — env file writer does not include VITE_SENTRY_DSN secret

Fix

frontend/Dockerfile (build stage)

ARG VITE_SENTRY_DSN
ENV VITE_SENTRY_DSN=$VITE_SENTRY_DSN

Add before RUN npm run build.

docker-compose.prod.yml (frontend service)

build:
  context: ./frontend
  target: production
  args:
    VITE_SENTRY_DSN: ${VITE_SENTRY_DSN:-}

.gitea/workflows/nightly.yml (env file writer)

VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}

Required Action After Merge

Set Gitea repository secret VITE_SENTRY_DSN = https://758169b5be8e4d799d09aaca4215036d@glitchtip.archiv.raddatz.cloud/1

Acceptance Criteria

  • After nightly deploy, frontend JS errors surface in GlitchTip project #1
  • VITE_SENTRY_DSN is absent from the production image layer (build arg, not runtime env)
  • Deploy succeeds when VITE_SENTRY_DSN secret is not yet set (empty fallback :-)
## Problem The frontend Sentry SDK is integrated (`hooks.client.ts`, `hooks.server.ts`) and reads `import.meta.env.VITE_SENTRY_DSN`. However, `VITE_SENTRY_DSN` is a **Vite build-time variable** — Vite bakes it into the bundle at `npm run build`. Because the frontend `Dockerfile` build stage has no `ARG VITE_SENTRY_DSN`, the variable is `undefined` at build time and the SDK initialises with `enabled: false`. Result: no frontend errors ever reach GlitchTip project #1, even though the SDK code is there. This was discovered while working on #641 (backend Sentry + JSON logging). ## Root Cause Three places all need to be wired together: 1. `frontend/Dockerfile` — build stage has no `ARG VITE_SENTRY_DSN` / `ENV VITE_SENTRY_DSN` 2. `docker-compose.prod.yml` — frontend `build.args` does not include `VITE_SENTRY_DSN` 3. `.gitea/workflows/nightly.yml` — env file writer does not include `VITE_SENTRY_DSN` secret ## Fix ### `frontend/Dockerfile` (build stage) ```dockerfile ARG VITE_SENTRY_DSN ENV VITE_SENTRY_DSN=$VITE_SENTRY_DSN ``` Add before `RUN npm run build`. ### `docker-compose.prod.yml` (frontend service) ```yaml build: context: ./frontend target: production args: VITE_SENTRY_DSN: ${VITE_SENTRY_DSN:-} ``` ### `.gitea/workflows/nightly.yml` (env file writer) ```yaml VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }} ``` ## Required Action After Merge Set Gitea repository secret `VITE_SENTRY_DSN` = `https://758169b5be8e4d799d09aaca4215036d@glitchtip.archiv.raddatz.cloud/1` ## Acceptance Criteria - [ ] After nightly deploy, frontend JS errors surface in GlitchTip project #1 - [ ] `VITE_SENTRY_DSN` is absent from the production image layer (build arg, not runtime env) - [ ] Deploy succeeds when `VITE_SENTRY_DSN` secret is not yet set (empty fallback `:-`)
marcel added the devops label 2026-05-20 09:53:12 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
P0-critical
Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.
 P1-high
Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.
 P2-medium
Noticeable improvement; doesn't block anything; schedule opportunistically.
 P3-later
Cosmetic or parking-lot work; fine to stay open indefinitely.
 audit
Read-only audit / assessment work; produces a report rather than changing code
 bug
Something isn't working
 cleanup
Removal of dead code, vague comments, naming violations, and scratch artifacts
 collaboration
We want to extend the family archive to have more collaboration tools
 conversation
descoped
We will do that later
 devops
documentation
README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs
 epic
Marker for epic-level issues that group multiple child issues
 feature
file-upload
legibility
Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction
 notification
person
phase-1: security
Security hygiene — must be done first
 phase-2: container-images
Production-ready multi-stage Docker images
 phase-3: prod-compose
Production compose overlay + Caddy reverse proxy
 phase-4: spring-prod-profile
Spring Boot production configuration profile
 phase-5: backups
Database and object storage backup strategy
 phase-6: deployment-docs
.env.example, DEPLOYMENT.md, runbook
 phase-7: monitoring
Prometheus, Loki, Grafana, Alertmanager
 refactor
Code restructuring without behaviour change
 security
test
ui
UI/UX and accessibility issues
 user
No Label devops
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Jens marcel
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: marcel/familienarchiv#645
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?