Update Dependabot

Author: yunomix2834

.github/dependabot.yml

@@ -1,4 +1,22 @@
 version: 2
+registries:
+  ghcr:
+    type: docker-registry
+    url: ghcr.io
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
+
+  dockerhub:
+    type: docker-registry
+    url: registry-1.docker.io
+    username: ${{secrets.DOCKERHUB_USER}}
+    password: ${{secrets.DOCKERHUB_TOKEN}}
+
+  github-maven:
+    type: maven-repository
+    url: https://maven.pkg.github.com/${{github.repository_owner}}/*
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
 updates:
   # Dependabot maven có thể chạy ở root của multi-module project
   - package-ecosystem: "maven"
@@ -12,25 +30,16 @@ updates:
     labels: [ "dependencies", "maven", "backend" ]
     groups:
       spring-bom:
-        patterns:
-          - "org.springframework.boot:*"
-          - "org.springframework.cloud:*"
+        patterns: [ "org.springframework.boot:*", "org.springframework.cloud:*" ]
         update-types: [ "minor", "patch" ]
       grpc-protobuf:
-        patterns:
-          - "io.grpc:*"
-          - "com.google.protobuf:*"
+        patterns: [ "io.grpc:*", "com.google.protobuf:*" ]
         update-types: [ "minor", "patch" ]
       mapping-and-utils:
-        patterns:
-          - "org.projectlombok:*"
-          - "org.mapstruct:*"
+        patterns: [ "org.projectlombok:*", "org.mapstruct:*" ]
         update-types: [ "minor", "patch" ]
       test-stack:
-        patterns:
-          - "org.jacoco:*"
-          - "org.sonarsource.scanner.maven:sonar-maven-plugin"
-          - "org.apache.maven.plugins:*"
+        patterns: [ "org.jacoco:*", "org.sonarsource.scanner.maven:sonar-maven-plugin", "org.apache.maven.plugins:*" ]
         update-types: [ "minor", "patch" ]
 
   # ========= FileService (.NET / NuGet) =========
@@ -57,19 +66,11 @@ updates:
     labels: [ "dependencies", "docker" ]
     open-pull-requests-limit: 10
     groups:
-      nginx-node-base:
-        patterns:
-          - "nginx"
-          - "node"
-        update-types: [ "minor", "patch" ]
       dotnet-base:
-        patterns:
-          - "mcr.microsoft.com/dotnet/*"
+        patterns: [ "mcr.microsoft.com/dotnet/*" ]
         update-types: [ "minor", "patch" ]
       jre-maven:
-        patterns:
-          - "eclipse-temurin:*"
-          - "maven:*"
+        patterns: [ "eclipse-temurin:*", "maven:*" ]
         update-types: [ "minor", "patch" ]
 
   # ========= Dockerfiles ở root =========
@@ -87,6 +88,7 @@ updates:
   # ========= GitHub Actions =========
   - package-ecosystem: "github-actions"
     directory: "/"
+    registries: [ "ghcr", "dockerhub" ]
     schedule:
       interval: "weekly"
       day: "monday"

.github/workflows/ci-sonar.yml

@@ -39,6 +39,21 @@ jobs:
             **/target/failsafe-reports/**
           if-no-files-found: ignore
 
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '21'
+          cache: maven
+          server-id: github
+          settings-path: ${{ github.workspace }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Publish to GitHub Packages
+        if: startsWith(github.ref, 'refs/tags/v')
+        run: |
+          mvn -B -DskipTests=true -s $GITHUB_WORKSPACE/settings.xml deploy
+
       - name: SonarQube / SonarCloud Scan
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }}

.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,39 @@
+name: Dependabot Auto-merge (minor & patch)
+
+on:
+  pull_request_target:
+    types: [ opened, synchronize, reopened, labeled ]
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  auto-merge:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve PR (minor/patch)
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-minor' ||
+          steps.meta.outputs.update-type == 'version-update:semver-patch'
+        uses: peter-evans/approve-pull-request@v6
+        with:
+          pull-request-number: ${{ github.event.pull_request.number }}
+          review-message: "Auto-approved by workflow for minor/patch updates."
+
+      - name: Enable auto-merge (squash)
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-minor' ||
+          steps.meta.outputs.update-type == 'version-update:semver-patch'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash

build-image-github.sh

@@ -6,6 +6,7 @@ DOCKERHUB_USER="${DOCKERHUB_USER:-yunomix2834}"
 DOCKERHUB_TOKEN="${DOCKERHUB_TOKEN:-}"
 IMAGE_TAG="${IMAGE_TAG:-$(date +%Y%m%d.%H%M%S)}"
 DOCKER_PLATFORMS="${DOCKER_PLATFORMS:-linux/amd64}"
+GITHUB_OWNER="${GITHUB_OWNER:-${GITHUB_REPOSITORY_OWNER:-}}"
 
 DEFAULT_SERVICES=(
   ai-service chat-service coding-service gateway-service identity-service
@@ -22,6 +23,14 @@ login() {
   else
     log "DOCKERHUB_TOKEN empty -> skip docker login (build will fail on --push if registry requires auth)"
   fi
+
+  # Login GHCR bằng GITHUB_TOKEN
+  if [ -n "${GITHUB_TOKEN:-}" ]; then
+    log "Logging in GHCR as ${GITHUB_ACTOR:-github-actions}"
+      echo "$GITHUB_TOKEN" | docker login ghcr.io -u "${GITHUB_ACTOR:-github-actions}" --password-stdin
+    else
+      log "GITHUB_TOKEN empty -> skip GHCR login"
+  fi
 }
 
 extra_tags_args() {
@@ -40,13 +49,16 @@ extra_tags_args() {
 build_push_java() {
   local module="$1"
   local repo="${DOCKERHUB_USER}/codecampus-${module}"
+  local repo_ghcr="ghcr.io/${GITHUB_OWNER}/codecampus-${module}"
   log "Building Java service: ${module}"
   docker buildx build \
     --platform "${DOCKER_PLATFORMS}" \
     -f docker/java-service.Dockerfile \
     --build-arg "MODULE=${module}" \
     -t "${repo}:${IMAGE_TAG}" \
+    -t "${repo_ghcr}:${IMAGE_TAG}" \
     $(extra_tags_args "${repo}") \
+    $(extra_tags_args "${repo_ghcr}") \
     --label "org.opencontainers.image.source=${GITHUB_SERVER_URL:-}/$([ -n "${GITHUB_REPOSITORY:-}" ] && echo "${GITHUB_REPOSITORY}")" \
     --label "org.opencontainers.image.revision=${GITHUB_SHA:-}" \
     --label "org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \

docker-compose.prod-services.yml

@@ -220,13 +220,6 @@ services:
       - chat-service
     networks: [ backend ]
 
-  frontend:
-    image: ${DOCKERHUB_USER}/codecampus-frontend:${IMAGE_TAG:-latest}
-    restart: unless-stopped
-    ports: [ "4200:80" ]
-    networks: [ backend ]
-
-
 ########################
 #   NETWORK & VOLUME    #
 ########################

pom.xml

@@ -113,6 +113,14 @@
         </dependencies>
     </dependencyManagement>
 
+    <distributionManagement>
+        <repository>
+            <id>github</id>
+            <name>GitHub Packages</name>
+            <url>https://maven.pkg.github.com/${project.groupId}/${project.artifactId}</url>
+        </repository>
+    </distributionManagement>
+
     <!-- Quản lý version plugin dùng chung -->
     <build>
         <pluginManagement>