Add CI

Author: yunomix2834

.github/workflows/ci-sonar.yml

@@ -0,0 +1,45 @@
+name:
+  CI & SonarQube
+on:
+  push:
+    branches: [ "**" ]
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  build-test-and-analyze:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Sonar cần có full history để tính "blame"
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          cache: 'maven'
+
+      - name: Build & Test
+        run: mvn -B -DskipTests=false verify
+
+      - name: SonarQube Scan
+        env:
+          #          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          #          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+          SONAR_TOKEN: f3d4a7c57b1c39eaebcc3d05496d56ca407d7872
+          SONAR_HOST_URL: https://sonarcloud.io
+        run: |
+          if [ -z "$SONAR_TOKEN" ] || [ -z "$SONAR_HOST_URL" ]; then
+            echo "SONAR_* secrets chưa được cấu hình => bỏ qua phân tích Sonar."
+            exit 0
+          fi
+          mvn -B -DskipTests=true \
+            -Dsonar.coverage.jacoco.xmlReportPaths='**/target/site/**/jacoco*.xml' \
+            sonar:sonar

.github/workflows/docker-publish.yml

@@ -0,0 +1,64 @@
+name: Build & Push Docker Images
+
+on:
+  push:
+    branches: [ "main" ]
+    tags: [ "v*.*.*" ]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+concurrency:
+  group: docker-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-push:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        module:
+          - identity-service
+          - submission-service
+          - quiz-service
+          - coding-service
+          - ai-service
+          - search-service
+          - notification-service
+          - chat-service
+          - post-service
+          - profile-service
+          - payment-service
+          - gateway-service
+          - org-service
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU (multi-arch)
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Derive IMAGE_TAG
+        run: |
+          if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
+            echo "IMAGE_TAG=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
+          else
+            echo "IMAGE_TAG=${GITHUB_SHA::12}" >> $GITHUB_ENV
+          fi
+
+      - name: Build & Push ${{ matrix.module }}
+        env:
+          DOCKERHUB_USER: yunomix2834
+          DOCKERHUB_TOKEN: dckr_pat_jwDE4gMMqQZ7y3-e3dZFmsMDYKM
+          IMAGE_TAG: 0.1.0
+          DOCKER_PLATFORMS: linux/amd64                       # đổi thành "linux/amd64,linux/arm64" nếu muốn multi-arch
+        run: |
+          chmod +x ./build-image-github.sh
+          ./build-image-github.sh ${{ matrix.module }}

.github/workflows/qodana_code_quality.yml

@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+set -euo pipefail
+export DOCKER_BUILDKIT=1
+
+DOCKERHUB_USER="${DOCKERHUB_USER:-yunomix2834}"
+DOCKERHUB_TOKEN="${DOCKERHUB_TOKEN:-}"
+IMAGE_TAG="${IMAGE_TAG:-$(date +%Y%m%d.%H%M%S)}"
+DOCKER_PLATFORMS="${DOCKER_PLATFORMS:-linux/amd64}"
+
+DEFAULT_SERVICES=(
+  ai-service chat-service coding-service gateway-service identity-service
+  notification-service payment-service post-service profile-service
+  quiz-service search-service submission-service org-service
+)
+
+login() {
+  if [ -n "$DOCKERHUB_TOKEN" ]; then
+    log "Logging in Docker Hub as $DOCKERHUB_USER"
+    echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin
+  else
+    log "DOCKERHUB_TOKEN empty -> skip docker login (build will fail on --push if registry requires auth)"
+  fi
+}
+
+# Tự động bổ sung tag latest khi build trên nhánh main, và bổ sung tag theo tag Git
+extra_tags_args() {
+  local repo="$1"
+  local args=()
+
+  # Tag theo ref
+  if [ "${GITHUB_REF_TYPE:-}" = "tag" ] && [ -n "${GITHUB_REF_NAME:-}" ]; then
+    local version="${GITHUB_REF_NAME#v}"
+    args+=(-t "${repo}:${version}")
+  fi
+
+  # latest cho nhánh main
+  if [ "${GITHUB_REF_NAME:-}" = "main" ]; then
+    args+=(-t "${repo}:latest")
+  fi
+
+  printf '%s ' "${args[@]}"
+}
+
+
+build_push_java() {
+  local module="$1"
+  local repo="${DOCKERHUB_USER}/codecampus-${module}"
+
+  log "Building Java service: ${module}"
+  docker buildx build \
+    --platform "${DOCKER_PLATFORMS}" \
+    -f docker/java-service.Dockerfile \
+    --build-arg "MODULE=${module}" \
+    -t "${repo}:${IMAGE_TAG}" \
+    $(extra_tags_args "${repo}") \
+    --label "org.opencontainers.image.source=${GITHUB_SERVER_URL:-}/$([ -n "${GITHUB_REPOSITORY:-}" ] && echo "${GITHUB_REPOSITORY}")" \
+    --label "org.opencontainers.image.revision=${GITHUB_SHA:-}" \
+    --label "org.opencontainers.image.created=$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
+    --push .
+}
+
+
+main() {
+  login
+  log "Using DOCKER_PLATFORMS=${DOCKER_PLATFORMS}"
+  log "Using IMAGE_TAG=${IMAGE_TAG}"
+
+  # Lấy list services từ args hoặc env hoặc default
+  local services=()
+  if [ "$#" -gt 0 ]; then
+    services=("$@")
+  elif [ -n "${SERVICES:-}" ]; then
+    # shellcheck disable=SC2206
+    services=(${SERVICES})
+  else
+    services=("${DEFAULT_SERVICES[@]}")
+  fi
+
+  for svc in "${services[@]}"; do
+    build_push_java "${svc}"
+  done
+
+  log "All done."
+}
+
+main "$@"