feat: sourcemap upload to GlitchTip in deploy.sh

WS-7 PR-3 commit 3, RFC §3.5. - deploy.sh: export VITE_SENTRY_RELEASE=crewli-app@<short-sha> before the Vite build so the release identifier is inlined into the bundle via import.meta.env. - New step 4a after the build: when SENTRY_AUTH_TOKEN and VITE_SENTRY_DSN_FRONTEND are present, upload sourcemaps via `npx @sentry/cli@latest sourcemaps upload` to project crewli-app with --url-prefix=~/assets/ matching Vite's default asset path. Soft-fails with a warning so deploy can still succeed if GlitchTip is unreachable. - Always run `find apps/app/dist -name '*.map' -delete` after upload (or after skipped upload). No public-mapped sources reach nginx — RFC §3.5 invariant. - .gitignore: defensive `apps/app/dist/**/*.map` exclusion (dist/ is already broadly ignored; this is belt-and-suspenders against accidental commits of build output). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 17:59:58 +02:00
parent 9247d89e4b
commit 17373da1a5
2 changed files with 30 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,8 @@ docs/.vitepress/cache
 # GlitchTip
 docker/glitchtip/.env
 backups/
+
+# WS-7 RFC §3.5: Vite sourcemaps are uploaded to GlitchTip and stripped
+# from dist/ before deploy. Defensive exclusion in case dist/ is ever
+# committed by mistake (it's already covered by `dist/` above).
+apps/app/dist/**/*.map
--- a/deploy.sh
+++ b/deploy.sh
@@ -94,6 +94,9 @@ else
 fi

 echo "→ Building frontend assets (apps/app)..."
+# WS-7 RFC §3.4 — release identifier is injected at build-time so Vite
+# inlines it into import.meta.env.VITE_SENTRY_RELEASE for the bundle.
+export VITE_SENTRY_RELEASE="crewli-app@$(git rev-parse --short HEAD)"
 npm run build -w apps/app

 if [ ! -f "apps/app/dist/index.html" ]; then
@@ -101,6 +104,28 @@ if [ ! -f "apps/app/dist/index.html" ]; then
    exit 1
 fi

+# ──────────────────────────────────────────
+# 4a. Sourcemap upload to GlitchTip + scrub from dist/
+# ──────────────────────────────────────────
+# WS-7 RFC §3.5: maps generated by Vite, uploaded to GlitchTip so stack
+# traces are readable in the UI, then DELETED from dist/ before nginx
+# serves them. No public-mapped sources on production.
+if [ -n "${SENTRY_AUTH_TOKEN:-}" ] && [ -n "${VITE_SENTRY_DSN_FRONTEND:-}" ]; then
+    SENTRY_ORG_VAL="${SENTRY_ORG:-crewli}"
+    echo "→ Uploading sourcemaps for release ${VITE_SENTRY_RELEASE} to project crewli-app..."
+    npx --yes @sentry/cli@latest sourcemaps upload \
+        --org "$SENTRY_ORG_VAL" \
+        --project crewli-app \
+        --release "$VITE_SENTRY_RELEASE" \
+        --url-prefix "~/assets/" \
+        apps/app/dist/assets || echo "⚠️  Sourcemap upload failed; continuing deploy."
+else
+    echo "→ SENTRY_AUTH_TOKEN or VITE_SENTRY_DSN_FRONTEND unset — skipping sourcemap upload."
+fi
+
+echo "→ Stripping *.map files from dist/ (RFC §3.5: no public-mapped sources)..."
+find apps/app/dist -name '*.map' -type f -delete
+
 # ──────────────────────────────────────────
 # 5. Run migrations
 # ──────────────────────────────────────────