Activity

Why

PR #171 assumed Coolify auto-injects SOURCE_COMMIT at build time. It doesn't — that variable name comes from docker push hooks, not Coolify's Dockerfile build flow. The staging deploy that just landed picked up release: 'dev' (the fallback), so every event will still arrive tagged dev and won't match the sourcemaps the Vite plugin uploaded under whatever Sentry thinks the real release is.

I confirmed this by docker exec-ing into the new staging container and finding e.SENTRY_RELEASE={id:\"dev\"} baked into the bundle.

Fix

Resolve the release inside vite.config.ts with a 3-step chain:

1. SOURCE_COMMIT (still useful if a future CI sets it)
2. git rev-parse --short=12 HEAD — .git is present in the Docker frontend-build stage via COPY . . (no .dockerignore filters it out) and present locally
3. 'dev' as a last-resort fallback

Uses execFileSync with a static argv (no shell, no interpolation — security skill flagged the original execSync call).

Verified

• npm run build locally → bundle contains tidylinker@57bd629905b2 (matches git rev-parse --short=12 HEAD).
• SENTRY_API_TOKEN is already on both staging and prod Coolify apps from earlier today, so the next build will upload sourcemaps bound to the real SHA.

Test plan

• Local smoke build → real SHA in bundle
• After merge: staging redeploys, inspect container, confirm tidylinker@<sha> in bundle (not dev)
• Sentry → Releases → confirm new release entry appears with uploaded artifacts
• Then prod deploy