From d7ddd2a2835c68351e78232356bcd765c44e43e3 Mon Sep 17 00:00:00 2001 From: Jonas Schwartz Date: Fri, 15 May 2026 09:07:15 +0200 Subject: [PATCH] feat: add FARO_API_KEY build secret for source-map upload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Wires a new optional FARO_API_KEY through the reusable workflow chain so service repos can upload Grafana Faro source maps during their Docker build, mirroring the existing SENTRY_AUTH_TOKEN plumbing exactly: - `deploy-generic-v2.yml`: declare FARO_API_KEY as an optional secret input and forward it to the build component. - `component-build.yml`: declare FARO_API_KEY as an optional secret input and inject it into the `docker/build-push-action` secrets list so the Dockerfile can mount it as a BuildKit secret. Each downstream Dockerfile decides whether to consume it via `--mount=type=secret,id=FARO_API_KEY,required=false` — repos that haven't onboarded Faro see no behavior change because the secret is optional and the Docker mount is `required=false`. Caller-side usage in service repos: ```yaml secrets: # ... existing entries ... FARO_API_KEY: ${{ secrets.FARO_API_KEY }} ``` First consumer is `monorepo-typescript`'s frontend-hub deploy, which uses `@grafana/faro-rollup-plugin` in its Vite build. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/component-build.yml | 4 ++++ .github/workflows/deploy-generic-v2.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.github/workflows/component-build.yml b/.github/workflows/component-build.yml index 11f128b..4192552 100644 --- a/.github/workflows/component-build.yml +++ b/.github/workflows/component-build.yml @@ -70,6 +70,9 @@ on: SENTRY_AUTH_TOKEN: required: false description: "Sentry Auth Token, this value is injected into the secrets of a docker image" + FARO_API_KEY: + required: false + description: "Grafana Faro API key for source-map upload, this value is injected into the secrets of a docker image" AWS_CDN_ACCESS_KEY_ID: required: false description: "AWS CDN Secret Access ID, this value is injected into the secrets of a docker image" @@ -202,6 +205,7 @@ jobs: GHL_USERNAME=${{ secrets.GHL_USERNAME }} GHL_PASSWORD=${{ secrets.GHL_PASSWORD }} SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} + FARO_API_KEY=${{ secrets.FARO_API_KEY }} AWS_CDN_ACCESS_KEY_ID=${{ secrets.AWS_CDN_ACCESS_KEY_ID }} AWS_CDN_SECRET_ACCESS_KEY=${{ secrets.AWS_CDN_SECRET_ACCESS_KEY }} LOKALISE_TOKEN=${{ secrets.LOKALISE_TOKEN }} diff --git a/.github/workflows/deploy-generic-v2.yml b/.github/workflows/deploy-generic-v2.yml index 320df66..425598f 100644 --- a/.github/workflows/deploy-generic-v2.yml +++ b/.github/workflows/deploy-generic-v2.yml @@ -89,6 +89,9 @@ on: SENTRY_AUTH_TOKEN: required: false description: 'Sentry auth token, passed as Docker build secret' + FARO_API_KEY: + required: false + description: 'Grafana Faro API key for source-map upload, passed as Docker build secret' AWS_CDN_ACCESS_KEY_ID: required: false description: 'CDN access key ID for S3 access, injected into Docker image' @@ -168,6 +171,7 @@ jobs: AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} SLACK_APP_TOKEN: ${{ secrets.SLACK_APP_TOKEN }} SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} + FARO_API_KEY: ${{ secrets.FARO_API_KEY }} AWS_CDN_ACCESS_KEY_ID: ${{ secrets.AWS_CDN_ACCESS_KEY_ID }} AWS_CDN_SECRET_ACCESS_KEY: ${{ secrets.AWS_CDN_SECRET_ACCESS_KEY }} NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: ${{ secrets.NEXT_SERVER_ACTIONS_ENCRYPTION_KEY }}