Add sentry (#13)

* Also: use sonarqube-scan-action
digitalservicebund · Dec 17, 2024 · e2d1507 · e2d1507
1 parent 5c12283
commit e2d1507
Show file tree

Hide file tree

Showing 7 changed files with 586 additions and 82 deletions.
diff --git a/.github/workflows/frontend-jobs.yml b/.github/workflows/frontend-jobs.yml
@@ -173,23 +173,6 @@ jobs:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         with:
           projectBaseDir: ./frontend
-      # - name: Install SonarScanner
-      #   uses: digitalservicebund/setup-sonarscanner@3ade23691f865c02dce6b46452947a0e7944196e # v1.0.0
-      # - name: Scan with SonarQube
-      #   env:
-      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      #   run: |
-      #     npm run coverage
-      #     sonar-scanner
-      #   working-directory: ./frontend
-      # - name: Check SonarQube Quality Gate
-      #   uses: sonarsource/sonarqube-quality-gate-action@424137db1fae80e9eb279829995166f2f44bc8df
-      #   with:
-      #     scanMetadataReportFile: frontend/.scannerwork/report-task.txt
-      #   timeout-minutes: 3
-      #   env:
-      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       - name: Send status to Slack
         # Third-party action, pin to commit SHA!
         # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions

diff --git a/.talismanrc b/.talismanrc
@@ -6,18 +6,19 @@ fileignoreconfig:
     checksum: 921432fe344ffab3de5f502c7144f9d67b07ed2e34ed6b53cdca521cba30813c
 
 allowed_patterns:
-  # SHA-pinned versions of GitHub actions
+  # allow these specific patterns that include hex encoded text
   - "uses: aquasecurity/trivy-action@cf990b19d84bbbe1eb8833659989a7c1029132e3"
   - "uses: digitalservicebund/notify-on-failure-gha@814d0c4b2ad6a3443e89c991f8657b10126510bf"
   - "uses: digitalservicebund/setup-sonarscanner@3ade23691f865c02dce6b46452947a0e7944196e"
   - "uses: digitalservicebund/talisman-secrets-scan-action@9a4cb85589e29a62b4546eb566119753a5680aeb"
   - "uses: sonarsource/sonarqube-quality-gate-action@424137db1fae80e9eb279829995166f2f44bc8df"
-  # patterns with "secret"
+  - "dsn: 'https://[email protected]/4508482613084160'"
+  # allow these specific patterns with the term "secret"
   - secrets-scan-with-talisman
   - "secrets: inherit"
   - "SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}"
   - "# scan for secrets that were published by mistake"
-  # patterns with "key"
+  # allow these specific patterns with the term "key"
   - "key: modules-"
   - "key:.+runner.os"
   - "key: npm-cache"

diff --git a/frontend/.gitignore b/frontend/.gitignore
@@ -31,3 +31,6 @@ coverage
 
 test-results/
 playwright-report/
+
+# Sentry Config File
+.env.sentry-build-plugin