add build config

Author: mattdjenkinson

.github/workflows/build-authui.yml

@@ -11,6 +11,7 @@ on:
 
 jobs:
   build-and-push:
+    environment: ${{ github.event_name == 'release' && 'production' || 'staging' }}
     permissions:
       contents: read
       packages: write
@@ -20,50 +21,52 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    - name: Log in to GitHub Container Registry
-      uses: docker/login-action@v3.4.0
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3.4.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-    - name: Extract metadata
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ghcr.io/datum-cloud/auth-ui
-        tags: |
-          type=ref,event=pr,suffix=-{{commit_date 'YYYYMMDD-HHmmss'}},prefix=v0.0.0-
-          type=ref,event=pr,prefix=v0.0.0-
-          type=ref,event=branch,suffix=-{{commit_date 'YYYYMMDD-HHmmss'}},prefix=v0.0.0-
-          type=ref,event=branch,prefix=v0.0.0-
-          type=semver,pattern=v{{version}}
-          type=semver,pattern=v{{major}}.{{minor}}
-          type=semver,pattern=v{{major}}
-          type=sha,prefix=v0.0.0-
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/datum-cloud/auth-ui
+          tags: |
+            type=ref,event=pr,suffix=-{{commit_date 'YYYYMMDD-HHmmss'}},prefix=v0.0.0-
+            type=ref,event=pr,prefix=v0.0.0-
+            type=ref,event=branch,suffix=-{{commit_date 'YYYYMMDD-HHmmss'}},prefix=v0.0.0-
+            type=ref,event=branch,prefix=v0.0.0-
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
+            type=sha,prefix=v0.0.0-
 
-    - name: Build Auth UI Docker image
-      run: make login_standalone_build
+      - name: Build Auth UI Docker image
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+        run: make login_standalone_build
+
+      - name: Tag and push image to GHCR
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+          LABELS: ${{ steps.meta.outputs.labels }}
+          IMAGE_VERSION: ${{ steps.meta.outputs.version }}
+        run: |
+          IMAGE="zitadel-login:${IMAGE_VERSION}"
+          echo "Pushing $IMAGE with tags: $TAGS"
+          # Convert tags (newline or comma separated) into space-separated list
+          for TAG in $(echo "$TAGS" | tr '\n' ' '); do
+            echo "Tagging $IMAGE as $TAG"
+            docker tag "$IMAGE" "$TAG"
+            echo "Pushing $TAG"
+            docker push "$TAG"
+          done
 
-    - name: Tag and push image to GHCR
-      env:
-        TAGS: ${{ steps.meta.outputs.tags }}
-        LABELS: ${{ steps.meta.outputs.labels }}
-        IMAGE_VERSION: ${{ steps.meta.outputs.version }}
-      run: |
-        IMAGE="zitadel-login:${IMAGE_VERSION}"
-        echo "Pushing $IMAGE with tags: $TAGS"
-        # Convert tags (newline or comma separated) into space-separated list
-        for TAG in $(echo "$TAGS" | tr '\n' ' '); do
-          echo "Tagging $IMAGE as $TAG"
-          docker tag "$IMAGE" "$TAG"
-          echo "Pushing $TAG"
-          docker push "$TAG"
-        done
-  
   publish-kustomize-bundles:
     # Add explicit dependency so that the kustomize bundles only get published
     # if the container image has been built successfully. This helps prevent
@@ -80,4 +83,4 @@ jobs:
       bundle-path: config
       image-overlays: config/base
       image-name: ghcr.io/datum-cloud/auth-ui
-    secrets: inherit 
+    secrets: inherit

Makefile

@@ -14,6 +14,7 @@ export GID := $(id -g)
 export LOGIN_TEST_ACCEPTANCE_BUILD_CONTEXT := $(LOGIN_DIR)apps/login-test-acceptance
 
 export DOCKER_METADATA_OUTPUT_VERSION ?= local
+export SENTRY_AUTH_TOKEN ?=
 export LOGIN_TAG ?= zitadel-login:${DOCKER_METADATA_OUTPUT_VERSION}
 export LOGIN_TEST_UNIT_TAG := login-test-unit:${DOCKER_METADATA_OUTPUT_VERSION}
 export LOGIN_TEST_INTEGRATION_TAG := login-test-integration:${DOCKER_METADATA_OUTPUT_VERSION}

apps/login/next-env.d.ts

@@ -1,6 +1,6 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
-import "./.next/dev/types/routes.d.ts";
+import "./.next/types/routes.d.ts";
 
 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/app/api-reference/config/typescript for more information.

apps/login/next.config.ts

@@ -100,10 +100,6 @@ export default withSentryConfig(withNextIntl(nextConfig), {
   project: "auth-ui",
   sentryUrl: process.env.NEXT_PUBLIC_SENTRY_URL,
 
-  reactComponentAnnotation: {
-    enabled: true,
-  },
-
   // Only print logs for uploading source maps in CI
   silent: !process.env.CI,
 
@@ -121,5 +117,4 @@ export default withSentryConfig(withNextIntl(nextConfig), {
 
 
   authToken: process.env.SENTRY_AUTH_TOKEN,
-  
 });

apps/login/src/components/consent.tsx

@@ -56,7 +56,7 @@ export function ConsentScreen({
         )}
         {scopes?.map((s) => {
           const translationKey = `device.scope.${s}`;
-          const description = t(translationKey, null);
+          const description = t(translationKey);
 
           // Check if the key itself is returned and provide a fallback
           const resolvedDescription =

docker-bake.hcl

@@ -148,6 +148,7 @@ target "login-standalone" {
   contexts = {
     login-client = "target:login-client"
   }
+  secret = ["id=sentry_auth_token,env=SENTRY_AUTH_TOKEN"]
 }
 
 target "login-standalone-out" {

dockerfiles/login-standalone.Dockerfile

@@ -7,7 +7,9 @@ RUN cp -r ../out/json/* .
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
     pnpm install --frozen-lockfile
 RUN cp -r ../out/full/* .
-RUN pnpm exec turbo run build:login:standalone
+RUN --mount=type=secret,id=sentry_auth_token,required=false \
+    if [ -s /run/secrets/sentry_auth_token ]; then export SENTRY_AUTH_TOKEN="$(cat /run/secrets/sentry_auth_token)"; fi; \
+    pnpm exec turbo run build:login:standalone
 
 FROM scratch AS login-standalone-out
 COPY --from=login-standalone-builder /build/docker/apps/login/.next/standalone /