From 3642f7c4b72388deaa24815e3021f6bfc498f02a Mon Sep 17 00:00:00 2001 From: Artur Signell Date: Thu, 12 Mar 2026 13:34:51 +0000 Subject: [PATCH 1/4] Switch preview from static build to DSPublisher dev server Replace the static build + serve approach with dspublisher's dev server for live content. Use Docker build secrets instead of ARG for the Vaadin pro key to avoid leaking it in image layers. Split Maven build so compile/prepare-frontend is cached separately from the license-gated build-frontend step. Increase VM memory to 1024mb for the dev server. --- .github/workflows/preview-deploy.yml | 10 ++++++++-- Dockerfile.preview | 21 +++++++++------------ 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/.github/workflows/preview-deploy.yml b/.github/workflows/preview-deploy.yml index 6a5a29dff6..e5af8a1585 100644 --- a/.github/workflows/preview-deploy.yml +++ b/.github/workflows/preview-deploy.yml @@ -34,6 +34,12 @@ jobs: env: FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }} + - name: Set Fly secrets + run: | + echo "${{ secrets.VAADIN_PRO_KEY }}" | flyctl secrets set VAADIN_PRO_KEY=- --app "${{ env.FLY_APP }}" --stage + env: + FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }} + - name: Generate fly.toml run: | cat > fly.toml < ~/.vaadin/proKey -RUN mvn compile vaadin:prepare-frontend vaadin:build-frontend -B -RUN npx -y @vaadin/dspublisher@3.0.0-alpha.13 --build - -FROM node:24-alpine - -RUN npm install -g serve +RUN mvn compile vaadin:prepare-frontend -B -COPY --from=build /app/dspublisher/out/public /app/public +RUN --mount=type=secret,id=VAADIN_PRO_KEY \ + mkdir -p ~/.vaadin && \ + echo "{\"username\":\"\",\"proKey\":\"$(cat /run/secrets/VAADIN_PRO_KEY)\"}" > ~/.vaadin/proKey && \ + mvn vaadin:build-frontend -B && \ + rm -f ~/.vaadin/proKey EXPOSE 8210 -CMD ["serve", "/app/public", "-l", "8210"] +CMD sh -c 'mkdir -p ~/.vaadin && echo "{\"username\":\"\",\"proKey\":\"$VAADIN_PRO_KEY\"}" > ~/.vaadin/proKey && HOST=0.0.0.0 npx -y @vaadin/dspublisher@3.0.0-alpha.14 --develop' From fff8d7e10d210376b3ebda0fcbf218f795bf3adc Mon Sep 17 00:00:00 2001 From: Artur Signell Date: Thu, 12 Mar 2026 13:34:51 +0000 Subject: [PATCH 2/4] Fix syntax --- .github/workflows/preview-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/preview-deploy.yml b/.github/workflows/preview-deploy.yml index e5af8a1585..15d9f1aee4 100644 --- a/.github/workflows/preview-deploy.yml +++ b/.github/workflows/preview-deploy.yml @@ -63,7 +63,7 @@ jobs: flyctl deploy \ --ha=false \ --remote-only \ - --build-secret id=VAADIN_PRO_KEY,value="${{ secrets.VAADIN_PRO_KEY }}" + --build-secret VAADIN_PRO_KEY="${{ secrets.VAADIN_PRO_KEY }}" env: FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }} From b011282a9d86d68d854ba5c261a9c5614f6b3a47 Mon Sep 17 00:00:00 2001 From: Artur Signell Date: Thu, 12 Mar 2026 13:34:51 +0000 Subject: [PATCH 3/4] Fix syntax --- Dockerfile.preview | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile.preview b/Dockerfile.preview index 6fcd117c50..739196ae3a 100644 --- a/Dockerfile.preview +++ b/Dockerfile.preview @@ -23,7 +23,9 @@ RUN mvn compile vaadin:prepare-frontend -B RUN --mount=type=secret,id=VAADIN_PRO_KEY \ mkdir -p ~/.vaadin && \ + echo "Secret length: $(wc -c < /run/secrets/VAADIN_PRO_KEY)" && \ echo "{\"username\":\"\",\"proKey\":\"$(cat /run/secrets/VAADIN_PRO_KEY)\"}" > ~/.vaadin/proKey && \ + cat ~/.vaadin/proKey | sed 's/pro-[a-z0-9-]*/pro-REDACTED/' && \ mvn vaadin:build-frontend -B && \ rm -f ~/.vaadin/proKey From 9f560e27c0162388c4bb80fc01a5e75385c3e180 Mon Sep 17 00:00:00 2001 From: Artur Signell Date: Sat, 14 Mar 2026 13:04:12 +0000 Subject: [PATCH 4/4] Split username/key from VAADIN_PRO_KEY secret The secret is in username/pro-key format. Parse it into separate username and proKey fields for the license checker JSON file. --- Dockerfile.preview | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile.preview b/Dockerfile.preview index 739196ae3a..1c3ab96d05 100644 --- a/Dockerfile.preview +++ b/Dockerfile.preview @@ -23,12 +23,13 @@ RUN mvn compile vaadin:prepare-frontend -B RUN --mount=type=secret,id=VAADIN_PRO_KEY \ mkdir -p ~/.vaadin && \ - echo "Secret length: $(wc -c < /run/secrets/VAADIN_PRO_KEY)" && \ - echo "{\"username\":\"\",\"proKey\":\"$(cat /run/secrets/VAADIN_PRO_KEY)\"}" > ~/.vaadin/proKey && \ - cat ~/.vaadin/proKey | sed 's/pro-[a-z0-9-]*/pro-REDACTED/' && \ + SECRET="$(cat /run/secrets/VAADIN_PRO_KEY)" && \ + USERNAME="${SECRET%%/*}" && \ + PROKEY="${SECRET#*/}" && \ + echo "{\"username\":\"$USERNAME\",\"proKey\":\"$PROKEY\"}" > ~/.vaadin/proKey && \ mvn vaadin:build-frontend -B && \ rm -f ~/.vaadin/proKey EXPOSE 8210 -CMD sh -c 'mkdir -p ~/.vaadin && echo "{\"username\":\"\",\"proKey\":\"$VAADIN_PRO_KEY\"}" > ~/.vaadin/proKey && HOST=0.0.0.0 npx -y @vaadin/dspublisher@3.0.0-alpha.14 --develop' +CMD sh -c 'mkdir -p ~/.vaadin && USERNAME="${VAADIN_PRO_KEY%%/*}" && PROKEY="${VAADIN_PRO_KEY#*/}" && echo "{\"username\":\"$USERNAME\",\"proKey\":\"$PROKEY\"}" > ~/.vaadin/proKey && HOST=0.0.0.0 npx -y @vaadin/dspublisher@3.0.0-alpha.14 --develop'