Skip to content

feat: Integrate dynamic API key injection#1551

Open
willum070 wants to merge 14 commits into
mainfrom
update-vite-config-apikeys
Open

feat: Integrate dynamic API key injection#1551
willum070 wants to merge 14 commits into
mainfrom
update-vite-config-apikeys

Conversation

@willum070

@willum070 willum070 commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator

🔑 feat: Enable Dynamic API Key Injection & Restore Playwright Tests

This PR accomplishes the following:

  • API Key Placeholders: Replaces hardcoded API keys with a placeholder ("GOOGLE_MAPS_API_KEY") in all sample files where API keys are defined.
  • Dynamic Vite Injection: Updates vite.config.js with a new pre-enforced code-transform plugin. During local builds, this works alongside the existing html-transform plugin to scan JS/TS/HTML code for the "GOOGLE_MAPS_API_KEY" placeholder and dynamically injects the API key loaded from the local .env file or CI environment.
  • Test Environment Keys (JS_MAPS_DEV_KEY): Pipes the repository's dedicated development key (${{ secrets.JS_MAPS_DEV_KEY }}) into the CI runner during automated tests (tests.yml). This ensures the vite.config.js plugins correctly inject the dev key during test builds.
  • Production Environment Keys (JS_MAPS_PROD_KEY): Pipes the repository's production API key (${{ secrets.JS_MAPS_PROD_KEY }}) into the global environment block of the release.yml workflow. This ensures the Vite plugins inject the production key into the final dist/ HTML and JS artifacts when building public samples for the documentation.
  • Restores & Fixes Playwright Tests: Re-enables the Playwright End-to-End test suite (e2e/samples.spec.ts). Resolves a critical bug where vite preview was spawning background zombie processes and causing GitHub Actions to hang indefinitely by rewriting the test runner to execute the underlying vite/bin/vite.js Node script directly.

These changes provide the following benefits:

  • Decoupling the API key from source code makes it much easier to update and greatly improves security.
  • The API key placeholder means that our raw sample code no longer exposes an actual API key, helping prevent casual abuse.
  • We now strictly separate our API key usage: contributors use their own local key, automated tests use JS_MAPS_DEV_KEY, and public releases use JS_MAPS_PROD_KEY. Since our production API key no longer has local port restrictions, this isolation greatly enhances security and prepares us to make life much more difficult for scrapers.

@willum070 willum070 requested a review from a team as a code owner July 10, 2026 20:11
@willum070 willum070 requested a review from chrisjshull July 10, 2026 20:12
@willum070 willum070 changed the title Update vite config apikeys feat: Integrate dynamic API key injection Jul 10, 2026
@willum070 willum070 force-pushed the update-vite-config-apikeys branch 2 times, most recently from 5af9ba7 to 0a1b736 Compare July 10, 2026 23:44
@willum070 willum070 force-pushed the update-vite-config-apikeys branch from 4b534d5 to 41e0831 Compare July 11, 2026 00:07
@willum070 willum070 force-pushed the update-vite-config-apikeys branch from f89c5c0 to 0ccb1f0 Compare July 13, 2026 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant