Add github package

yunomix2834 · yunomix2834 · commit e487326c58f2 · 2025-09-18T01:10:02.000+07:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,6 +1,5 @@
 version: 2
 updates:
-  # Dependabot maven có thể chạy ở root của multi-module project
   - package-ecosystem: "maven"
     directory: "/"
     schedule:
@@ -12,28 +11,18 @@ updates:
     labels: [ "dependencies", "maven", "backend" ]
     groups:
       spring-bom:
-        patterns:
-          - "org.springframework.boot:*"
-          - "org.springframework.cloud:*"
+        patterns: [ "org.springframework.boot:*","org.springframework.cloud:*" ]
         update-types: [ "minor", "patch" ]
       grpc-protobuf:
-        patterns:
-          - "io.grpc:*"
-          - "com.google.protobuf:*"
+        patterns: [ "io.grpc:*","com.google.protobuf:*" ]
         update-types: [ "minor", "patch" ]
       mapping-and-utils:
-        patterns:
-          - "org.projectlombok:*"
-          - "org.mapstruct:*"
+        patterns: [ "org.projectlombok:*","org.mapstruct:*" ]
         update-types: [ "minor", "patch" ]
       test-stack:
-        patterns:
-          - "org.jacoco:*"
-          - "org.sonarsource.scanner.maven:sonar-maven-plugin"
-          - "org.apache.maven.plugins:*"
+        patterns: [ "org.jacoco:*","org.sonarsource.scanner.maven:sonar-maven-plugin","org.apache.maven.plugins:*" ]
         update-types: [ "minor", "patch" ]
 
-  # ========= FileService (.NET / NuGet) =========
   - package-ecosystem: "nuget"
     directory: "/FileService"
     schedule:
@@ -45,7 +34,6 @@ updates:
     labels: [ "dependencies", "nuget", "backend" ]
     open-pull-requests-limit: 10
 
-  # ========= Dockerfiles & Compose (thư mục /docker) =========
   - package-ecosystem: "docker"
     directory: "/docker"
     schedule:
@@ -56,23 +44,18 @@ updates:
     target-branch: "main"
     labels: [ "dependencies", "docker" ]
     open-pull-requests-limit: 10
+    registries: [ dockerhub, ghcr ]
     groups:
       nginx-node-base:
-        patterns:
-          - "nginx"
-          - "node"
+        patterns: [ "nginx", "node" ]
         update-types: [ "minor", "patch" ]
       dotnet-base:
-        patterns:
-          - "mcr.microsoft.com/dotnet/*"
+        patterns: [ "mcr.microsoft.com/dotnet/*" ]
         update-types: [ "minor", "patch" ]
       jre-maven:
-        patterns:
-          - "eclipse-temurin:*"
-          - "maven:*"
+        patterns: [ "eclipse-temurin:*", "maven:*" ]
         update-types: [ "minor", "patch" ]
 
-  # ========= Dockerfiles ở root =========
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
@@ -83,8 +66,8 @@ updates:
     target-branch: "main"
     labels: [ "dependencies", "docker" ]
     open-pull-requests-limit: 10
+    registries: [ dockerhub, ghcr ]
 
-  # ========= GitHub Actions =========
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
@@ -95,3 +78,15 @@ updates:
     target-branch: "main"
     labels: [ "dependencies", "github-actions" ]
     open-pull-requests-limit: 10
+
+registries:
+  dockerhub:
+    type: docker-registry
+    url: https://index.docker.io/v1/
+    username: ${{secrets.DOCKERHUB_USER}}
+    password: ${{secrets.DOCKERHUB_TOKEN}}
+  ghcr:
+    type: docker-registry
+    url: https://ghcr.io
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
diff --git a/.github/workflows/coding-service-publish.yml b/.github/workflows/coding-service-publish.yml
@@ -2,10 +2,8 @@ name: Build & Push coding-service
 
 on:
   push:
-    branches:
-      - main
-    tags:
-      - 'v*.*.*'
+    branches: [ main ]
+    tags: [ 'v*.*.*' ]
     paths:
       - 'coding-service/**'
       - 'docker/java-service-coding.Dockerfile'
@@ -25,35 +23,52 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
 
-      - name: Set up QEMU (multi-arch)
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Derive IMAGE_TAG
+      - name: Derive tags (Docker Hub + GHCR)
+        id: meta
         run: |
+          OWNER_LC="${GITHUB_REPOSITORY_OWNER,,}"
+          echo "OWNER_LC=$OWNER_LC" >> $GITHUB_ENV
           if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
-            echo "IMAGE_TAG=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
+            TAG="${GITHUB_REF_NAME#v}"
           else
-            echo "IMAGE_TAG=${GITHUB_SHA::12}" >> $GITHUB_ENV
+            TAG="${GITHUB_SHA::12}"
           fi
+          echo "IMAGE_TAG=${TAG}" >> $GITHUB_ENV
+
+          HUB="${{ secrets.DOCKERHUB_USER }}/codecampus-coding-service:${TAG}"
+          GHCR="ghcr.io/${OWNER_LC}/codecampus-coding-service:${TAG}"
+          if [ "${GITHUB_REF_TYPE}" = "tag" ] || [ "${GITHUB_REF_NAME}" = "main" ]; then
+            HUB="${HUB}"$'\n'"${{ secrets.DOCKERHUB_USER }}/codecampus-coding-service:latest"
+            GHCR="${GHCR}"$'\n'"ghcr.io/${OWNER_LC}/codecampus-coding-service:latest"
+          fi
+          echo "tags=${HUB}"$'\n'"${GHCR}" >> $GITHUB_OUTPUT
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build & Push coding-service
-        env:
-          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-          IMAGE_TAG: ${{ env.IMAGE_TAG }}
-          DOCKER_PLATFORMS: linux/amd64
-        run: |
-          chmod +x ./build-image-coding-github.sh
-          ./build-image-coding-github.sh coding-service
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docker/java-service-coding.Dockerfile
+          build-args: |
+            MODULE=coding-service
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,39 @@
+name: Dependabot Auto-merge
+
+on:
+  pull_request_target:
+    types: [ opened, synchronize, reopened, ready_for_review ]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  automerge:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch Dependabot metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-approve patch/minor
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-patch' ||
+          steps.meta.outputs.update-type == 'version-update:semver-minor'
+        uses: hmarr/auto-approve-action@v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable PR auto-merge (squash) for patch/minor
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-patch' ||
+          steps.meta.outputs.update-type == 'version-update:semver-minor'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -130,15 +130,21 @@ jobs:
               docker-compose "$@"
             fi
           }
-
-          # docker login (nếu có)
+          
+          # docker login Docker Hub (nếu có)
           if [ -n "${DOCKERHUB_USER:-}" ] && [ -n "${DOCKERHUB_TOKEN:-}" ]; then
             echo "docker login Docker Hub..."
             echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin
           else
             echo "Thiếu DOCKERHUB_USER/DOCKERHUB_TOKEN trong .env (image public thì vẫn OK)."
           fi
-
+          
+          # docker login GHCR (nếu có)
+          if [ -n "${GHCR_USERNAME:-}" ] && [ -n "${GHCR_TOKEN:-}" ]; then
+            echo "docker login GHCR..."
+            echo "$GHCR_TOKEN" | docker login ghcr.io -u "$GHCR_USERNAME" --password-stdin
+          fi
+          
           echo "Hạ tầng (idempotent)..."
           compose -f docker-compose.prod-infra.yml --env-file .env up -d
 
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -35,29 +35,53 @@ jobs:
           - org-service
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
 
-      - name: Set up QEMU (multi-arch)
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Derive IMAGE_TAG
+      - name: Derive tags (Docker Hub + GHCR)
+        id: meta
         run: |
+          OWNER_LC="${GITHUB_REPOSITORY_OWNER,,}"
+          echo "OWNER_LC=$OWNER_LC" >> $GITHUB_ENV
+          MOD="${{ matrix.module }}"
           if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
-            echo "IMAGE_TAG=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
+            TAG="${GITHUB_REF_NAME#v}"
           else
-            echo "IMAGE_TAG=${GITHUB_SHA::12}" >> $GITHUB_ENV
+            TAG="${GITHUB_SHA::12}"
+          fi
+          echo "IMAGE_TAG=${TAG}" >> $GITHUB_ENV
+
+          HUB="${{ secrets.DOCKERHUB_USER }}/codecampus-${MOD}:${TAG}"
+          GHCR="ghcr.io/${OWNER_LC}/codecampus-${MOD}:${TAG}"
+          if [ "${GITHUB_REF_TYPE}" = "tag" ] || [ "${GITHUB_REF_NAME}" = "main" ]; then
+            HUB="${HUB}"$'\n'"${{ secrets.DOCKERHUB_USER }}/codecampus-${MOD}:latest"
+            GHCR="${GHCR}"$'\n'"ghcr.io/${OWNER_LC}/codecampus-${MOD}:latest"
           fi
+          echo "tags=${HUB}"$'\n'"${GHCR}" >> $GITHUB_OUTPUT
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build & Push ${{ matrix.module }}
-        env:
-          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
-          IMAGE_TAG: ${{ env.IMAGE_TAG }}
-          DOCKER_PLATFORMS: linux/amd64
-        run: |
-          chmod +x ./build-image-github.sh
-          ./build-image-github.sh ${{ matrix.module }}
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docker/java-service.Dockerfile
+          build-args: |
+            MODULE=${{ matrix.module }}
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/.github/workflows/file-service-publish.yml b/.github/workflows/file-service-publish.yml
