Skip to content

Commit 0845ded

Browse files
vaadin-botpeholmst
vaadin-bot
and
peholmst
authored
Use secrets instead of command line arguments to pass license key (#4577) (#4578)
* Use secrets instead of command line arguments to pass license key * Add examples for Powershell and Bash Co-authored-by: Petter Holmström <petter@vaadin.com>
1 parent 4dd1839 commit 0845ded

File tree

1 file changed

+27
-72
lines changed

1 file changed

+27
-72
lines changed

articles/getting-started/build.adoc

Lines changed: 27 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -56,104 +56,59 @@ This command builds your application in production mode and produces a Docker im
5656

5757
=== Building with Commercial Components
5858

59-
If your application uses commercial components, you need a <<flow/configuration/licenses#,licence key>>.
59+
If your application uses commercial components, you need a <</flow/configuration/licenses#,licence key>>.
6060

61-
When building locally with Maven, the Vaadin Maven plugin detects the license automatically. For Docker builds, you must pass the key explicitly:
62-
63-
[source,terminal]
64-
----
65-
docker build -t my-application:latest --build-arg VAADIN_PRO_KEY="<your-key>"
66-
----
67-
68-
.A Peek Under the Hood
69-
[NOTE]
70-
====
71-
The `--build-arg` option works because the provided `Dockerfile` in the walking skeleton already defines and forwards the `VAADIN_PRPO_KEY` argument:
72-
73-
[source,docker]
74-
----
75-
ARG VAADIN_PRO_KEY
76-
ENV VAADIN_PRO_KEY=${VAADIN_PRO_KEY}
77-
----
78-
79-
The `ARG` instruction declares a build-time argument, while the `ENV` instruction makes it available as an environment variable inside the container during the build.
80-
====
81-
82-
==== Create a Script
83-
84-
Manually copying the key each time can be inconvenient. You can automate this by creating a shell or PowerShell script that retrieves the key from `$HOME/.vaadin/proKey`:
61+
When building locally with Maven, the Vaadin Maven plugin detects the license automatically. For Docker builds, you must pass the key explicitly as a secret:
8562

8663
[.example]
8764
--
88-
.build.sh
8965
[source,bash,subs="+attributes"]
9066
----
9167
<source-info group="macOS / Linux"></source-info>
92-
#!/usr/bin/env bash
93-
VAADIN_PRO_KEY=""
94-
PRO_KEY_FILE="$HOME/.vaadin/proKey"
95-
DOCKER_TAG=""
96-
97-
if [ $# -gt 0 ]; then
98-
DOCKER_TAG="$1"
99-
else
100-
echo "Usage: ./build.sh <tag-name>"
101-
exit 1
102-
fi
103-
104-
if [ -f "$PRO_KEY_FILE" ]; then
105-
if VAADIN_PRO_KEY=$(jq -r '.proKey // empty' "$PRO_KEY_FILE" 2>/dev/null) && [ -n "$VAADIN_PRO_KEY" ]; then
106-
echo "Found Vaadin Pro key"
107-
else
108-
echo "Could not parse Vaadin Pro key from $PRO_KEY_FILE" >&2
109-
fi
110-
else
111-
echo "No Vaadin Pro key found at $PRO_KEY_FILE (continuing without it)"
112-
fi
113-
114-
docker build -t "$DOCKER_TAG" ${VAADIN_PRO_KEY:+--build-arg VAADIN_PRO_KEY="$VAADIN_PRO_KEY"} .
68+
docker build -t my-application:latest --secret id=proKey,src=$HOME/.vaadin/proKey .
11569
----
11670

117-
.build.ps1
11871
[source,powershell,subs="+attributes"]
11972
----
12073
<source-info group="Windows"></source-info>
121-
param([Parameter(Mandatory)][string]$DockerTag)
122-
123-
$ErrorActionPreference = "Stop"
124-
$ProKeyPath = Join-Path $env:USERPROFILE ".vaadin" "proKey"
125-
$VaadinProKey = ""
126-
127-
if (Test-Path $ProKeyPath) {
128-
$JsonObject = Get-Content $ProKeyPath -Raw | ConvertFrom-Json
129-
$VaadinProKey = $JsonObject.proKey
130-
if ($VaadinProKey) {
131-
Write-Host "Found Vaadin Pro key"
132-
} else {
133-
Write-Host "Could not parse Vaadin Pro key from $ProKeyPath"
134-
}
135-
} else {
136-
Write-Host "No Vaadin Pro key found at $ProKeyPath (continuing without it)"
137-
}
138-
139-
docker build -t "$DockerTag" @(if ($VaadinProKey) { "--build-arg", "VAADIN_PRO_KEY=$VaadinProKey" }) .
74+
docker build -t my-application:latest --secret "id=proKey,src=$($env:USERPROFILE)\.vaadin\proKey" .
14075
----
14176
--
14277

143-
Run the script with the desired Docker tag:
78+
If you need to use an offline key, you can pass it like this:
14479

14580
[.example]
14681
--
14782
[source,bash,subs="+attributes"]
14883
----
14984
<source-info group="macOS / Linux"></source-info>
150-
./build.sh my-application:latest
85+
docker build -t my-application:latest --secret id=offlineKey,src=$HOME/.vaadin/offlineKey .
15186
----
15287

15388
[source,powershell,subs="+attributes"]
15489
----
15590
<source-info group="Windows"></source-info>
156-
./build.ps1 my-application:latest
91+
docker build -t my-application:latest --secret "id=offlineKey,src=$($env:USERPROFILE)\.vaadin\offlineKey" .
15792
----
15893
--
15994

95+
.A Peek Under the Hood
96+
[NOTE]
97+
====
98+
The `--secret` option works because the provided `Dockerfile` in the walking skeleton mounts the files, parses them and passes them on to Maven:
99+
100+
[source,docker]
101+
----
102+
# (Previous build steps omitted for brevity)
103+
# ...
104+
105+
RUN --mount=type=cache,target=/root/.m2 \
106+
--mount=type=secret,id=proKey \
107+
--mount=type=secret,id=offlineKey \
108+
sh -c 'PRO_KEY=$(jq -r ".proKey // empty" /run/secrets/proKey 2>/dev/null || echo "") && \
109+
OFFLINE_KEY=$(cat /run/secrets/offlineKey 2>/dev/null || echo "") && \
110+
./mvnw clean package -Pproduction -DskipTests -Dvaadin.proKey=${PRO_KEY} -Dvaadin.offlineKey=${OFFLINE_KEY}'
111+
----
112+
113+
For more information about build secrets in Docker, see the https://docs.docker.com/build/building/secrets/[Docker documentation].
114+
====

0 commit comments

Comments
 (0)