fix: creation des releases dans sentry (#3481)

mission-apprentissage · Jan 11, 2024 · f98e823 · f98e823
1 parent 0897d23
commit f98e823
Show file tree

Hide file tree

Showing 13 changed files with 853 additions and 733 deletions.
diff --git a/.bin/commands.sh b/.bin/commands.sh
@@ -18,6 +18,8 @@ function Help() {
    echo "  seed:apply                                 Apply seed to a database"
    echo "  deploy:log:encrypt                         Encrypt Github ansible logs"
    echo "  deploy:log:dencrypt                        Decrypt Github ansible logs"
+   echo "  sentry:release                             Create sentry release for existing docker image"
+   echo "  sentry:deploy                              Notify deployment to sentry for existing sentry release"
    echo
    echo
 }
@@ -42,6 +44,14 @@ function release:app() {
   "${SCRIPT_DIR}/release-app.sh" "$@"
 }
 
+function sentry:release() {
+  "${SCRIPT_DIR}/sentry-release.sh" "$@"
+}
+
+function sentry:deploy() {
+  "${SCRIPT_DIR}/sentry-deploy.sh" "$@"
+}
+
 function deploy() {
   "${SCRIPT_DIR}/deploy-app.sh" "$@"
 }

diff --git a/.bin/scripts/sentry-deploy.sh b/.bin/scripts/sentry-deploy.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -euo pipefail
+
+export VERSION="${1:?"Veuillez préciser la version"}"
+shift 1
+
+export ENVIRONMENT="${1:?"Veuillez préciser l'environement"}";
+shift;
+
+if [[ -z "${ANSIBLE_VAULT_PASSWORD_FILE:-}" ]]; then
+  ansible_extra_opts+=("--vault-password-file" "${SCRIPT_DIR}/get-vault-password-client.sh")
+else
+  echo "Récupération de la passphrase depuis l'environnement variable ANSIBLE_VAULT_PASSWORD_FILE" 
+fi
+
+readonly VAULT_FILE="${ROOT_DIR}/.infra/vault/vault.yml"
+
+SENTRY_DSN=$(ansible-vault view "${ansible_extra_opts[@]}" "$VAULT_FILE" | yq '.vault.SERVER_SENTRY_DSN')
+SENTRY_AUTH_TOKEN=$(ansible-vault view "${ansible_extra_opts[@]}" "$VAULT_FILE" | yq '.vault.SENTRY_AUTH_TOKEN')
+
+docker run \
+  --platform=linux/amd64 \
+  --rm \
+  -it \
+  --entrypoint /bin/sh \
+  -e SENTRY_AUTH_TOKEN="${SENTRY_AUTH_TOKEN}" \
+  -e SENTRY_DSN="${SENTRY_DSN}" \
+  ghcr.io/mission-apprentissage/mna_tdb_server:${VERSION} \
+  /app/server/sentry-deploy-server.sh "${ENVIRONMENT}" 
diff --git a/.bin/scripts/sentry-release.sh b/.bin/scripts/sentry-release.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -euo pipefail
+
+export VERSION="${1:?"Veuillez préciser la version"}"
+shift 1
+
+export COMMIT_ID="${1:?"Veuillez préciser le commit ID"}"
+shift 1
+
+if [[ -z "${ANSIBLE_VAULT_PASSWORD_FILE:-}" ]]; then
+  ansible_extra_opts+=("--vault-password-file" "${SCRIPT_DIR}/get-vault-password-client.sh")
+else
+  echo "Récupération de la passphrase depuis l'environnement variable ANSIBLE_VAULT_PASSWORD_FILE" 
+fi
+
+readonly VAULT_FILE="${ROOT_DIR}/.infra/vault/vault.yml"
+
+SENTRY_DSN=$(ansible-vault view "${ansible_extra_opts[@]}" "$VAULT_FILE" | yq '.vault.SERVER_SENTRY_DSN')
+SENTRY_AUTH_TOKEN=$(ansible-vault view "${ansible_extra_opts[@]}" "$VAULT_FILE" | yq '.vault.SENTRY_AUTH_TOKEN')
+
+docker run \
+  --platform=linux/amd64 \
+  --rm \
+  -it \
+  --entrypoint /bin/sh \
+  -e SENTRY_AUTH_TOKEN="${SENTRY_AUTH_TOKEN}" \
+  -e SENTRY_DSN="${SENTRY_DSN}" \
+  ghcr.io/mission-apprentissage/mna_tdb_server:${VERSION} \
+  /app/server/sentry-release-server.sh "mission-apprentissage/flux-retour-cfas" "${COMMIT_ID}" 
diff --git a/.bin/zsh-completion b/.bin/zsh-completion
@@ -17,6 +17,8 @@ _mna-tdb_completion() {
    "seed\:apply:'Apply seed to a database'"
    "deploy\:log\:encrypt:'Encrypt Github ansible logs'"
    "deploy\:log\:dencrypt:'Decrypt Github ansible logs'"
+   "sentry\:release:'Create sentry release for existing docker image'"
+   "sentry\:deploy:'Notify deployment to sentry for existing sentry release'"
   )
 
   # Set completion behavior based on the current word

diff --git a/.dockerignore b/.dockerignore
@@ -25,7 +25,6 @@
 
 .git/
 .infra
-!.infra/sentry/release-server.sh
 **/.local
 **/dist
 **/coverage

diff --git a/.github/workflows/_deploy.yml b/.github/workflows/_deploy.yml
@@ -77,6 +77,11 @@ jobs:
           ANSIBLE_REMOTE_USER: deploy
           ANSIBLE_BECOME_PASS: ${{ secrets.DEPLOY_PASS }}
 
+      - name: Notify sentry deployment
+        run: .bin/mna-tdb sentry:deploy "${{ inputs.app_version }}" "${{ inputs.environment }}"
+        env:
+          ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
+
       - name: Encrypt Error log on failure
         run: .bin/mna-tdb deploy:log:encrypt
         if: failure()

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -71,6 +71,22 @@ jobs:
         id: get-version
         run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT"
 
+  sentry-release:
+    if: needs.release.outputs.VERSION != needs.release.outputs.PREV_VERSION
+    needs: ["release"]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v4
+
+      - name: Create vault pwd file
+        run: echo ${{ secrets.VAULT_PWD }} > .infra/.vault_pwd.txt
+
+      - name: Create sentry release
+        run: .bin/mna-tdb sentry:release "${{ needs.release.outputs.VERSION }}" "${{ github.sha }}"
+        env:
+          ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
+
   docker-scout:
     if: needs.release.outputs.VERSION != needs.release.outputs.PREV_VERSION
     concurrency:

diff --git a/.infra/sentry/release-server.sh b/.infra/sentry/release-server.sh
-Original file line number
+Diff line change
@@ Expand Up / @@ -25,7 +25,6 @@ @@
     .git/
     .infra
-    !.infra/sentry/release-server.sh
     **/.local
     **/dist
     **/coverage
@@ Expand Down @@