Update Dependabot

Author: yunomix2834

.github/dependabot.yml

@@ -1,4 +1,22 @@
 version: 2
+registries:
+  ghcr:
+    type: docker-registry
+    url: ghcr.io
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
+
+  dockerhub:
+    type: docker-registry
+    url: registry-1.docker.io
+    username: ${{secrets.DOCKERHUB_USER}}
+    password: ${{secrets.DOCKERHUB_TOKEN}}
+
+  github-maven:
+    type: maven-repository
+    url: https://maven.pkg.github.com/${{github.repository_owner}}/*
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
 updates:
   # (Angular app)
   - package-ecosystem: "npm"
@@ -10,40 +28,23 @@ updates:
     target-branch: "main"
     open-pull-requests-limit: 10
     labels: ["dependencies", "npm", "frontend"]
-    # CHỈ chặn nâng major Angular (v21+), vẫn cho phép 20.x
     ignore:
       - dependency-name: "@angular/*"
         update-types: ["version-update:semver-major"]
     groups:
       angular-core:
-        patterns:
-          - "@angular/*"
-          - "zone.js"
+        patterns: ["@angular/*", "zone.js"]
         update-types: ["minor", "patch"]
       tooling-and-tests:
-        patterns:
-          - "typescript"
-          - "karma*"
-          - "jasmine*"
-          - "@types/*"
-          - "cypress"
+        patterns: ["typescript", "karma*", "jasmine*", "@types/*", "cypress"]
         update-types: ["minor", "patch"]
       ui-and-md:
-        patterns:
-          - "highlight.js"
-          - "marked"
-          - "github-markdown-css"
-          - "apexcharts"
-          - "ng-apexcharts"
-          - "ngx-*"
+        patterns: ["highlight.js", "marked", "github-markdown-css", "apexcharts", "ng-apexcharts", "ngx-*"]
         update-types: ["minor", "patch"]
       codemirror-suite:
-        patterns:
-          - "codemirror"
-          - "@codemirror/*"
+        patterns: ["codemirror", "@codemirror/*"]
         update-types: ["minor", "patch"]
 
-
   # GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
@@ -59,6 +60,7 @@ updates:
   # Docker images (Nginx, Node…)
   - package-ecosystem: "docker"
     directory: "/docker"
+    registries: ["ghcr", "dockerhub"]
     schedule:
       interval: "weekly"
       day: "tuesday"
@@ -69,16 +71,5 @@ updates:
     open-pull-requests-limit: 10
     groups:
       nginx-node-base:
-        patterns:
-          - "nginx"
-          - "node"
-        update-types: ["minor", "patch"]
-      dotnet-base:
-        patterns:
-          - "mcr.microsoft.com/dotnet/*"
-        update-types: ["minor", "patch"]
-      jre-maven:
-        patterns:
-          - "eclipse-temurin:*"
-          - "maven:*"
+        patterns: ["nginx", "node"]
         update-types: ["minor", "patch"]

.github/workflows/dependabot-auto-merge.yml

@@ -0,0 +1,39 @@
+name: Dependabot Auto-merge (minor & patch)
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened, labeled]
+
+permissions:
+  contents: write
+  pull-requests: write
+  checks: read
+
+jobs:
+  auto-merge:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve PR (minor/patch)
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-minor' ||
+          steps.meta.outputs.update-type == 'version-update:semver-patch'
+        uses: peter-evans/approve-pull-request@v6
+        with:
+          pull-request-number: ${{ github.event.pull_request.number }}
+          review-message: "Auto-approved by workflow for minor/patch updates."
+
+      - name: Enable auto-merge (squash)
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-minor' ||
+          steps.meta.outputs.update-type == 'version-update:semver-patch'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash

.github/workflows/frontend-docker-publish.yml

@@ -19,6 +19,7 @@ permissions:
   packages: write
 
 env:
+  GHCR_REPO: ghcr.io/${{ github.repository_owner }}/codecampus-frontend
   DOCKER_REPO: ${{ secrets.DOCKERHUB_USER }}/codecampus-frontend
   DOCKERFILE_PATH: docker/angular-frontend.Dockerfile
   PLATFORMS: linux/amd64
@@ -41,19 +42,30 @@ jobs:
         id: meta
         run: |
           TAGS=""
+          TAGS_GHCR=""
           if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
             VERSION="${GITHUB_REF_NAME#v}"
             echo "IMAGE_TAG=${VERSION}" >> $GITHUB_ENV
             TAGS="${{ env.DOCKER_REPO }}:${VERSION}"
+            TAGS_GHCR="${{ env.GHCR_REPO }}:${VERSION}"
           else
             SHA_TAG="${GITHUB_SHA::12}"
             echo "IMAGE_TAG=${SHA_TAG}" >> $GITHUB_ENV
             TAGS="${{ env.DOCKER_REPO }}:${SHA_TAG}"
+            TAGS_GHCR="${{ env.GHCR_REPO }}:${SHA_TAG}"
             if [ "${GITHUB_REF_NAME}" = "main" ]; then
               TAGS="${TAGS},${{ env.DOCKER_REPO }}:latest"
+              TAGS_GHCR="${TAGS_GHCR},${{ env.GHCR_REPO }}:latest"
             fi
           fi
-          echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+          echo "tags=${TAGS},${TAGS_GHCR}" >> $GITHUB_OUTPUT
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
@@ -71,3 +83,4 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+