Merge branch 'main' of https://github.com/CapstoneProjectCMC/frontend

Fxdonad · Fxdonad · commit c6de209bafbd · 2025-09-18T14:09:25.000+07:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -10,48 +10,31 @@ updates:
     target-branch: "main"
     open-pull-requests-limit: 10
     labels: ["dependencies", "npm", "frontend"]
-    # CHỈ chặn nâng major Angular (v21+), vẫn cho phép 20.x
     ignore:
       - dependency-name: "@angular/*"
         update-types: ["version-update:semver-major"]
     groups:
       angular-core:
-        patterns:
-          - "@angular/*"
-          - "zone.js"
+        patterns: ["@angular/*", "zone.js"]
         update-types: ["minor", "patch"]
       tooling-and-tests:
-        patterns:
-          - "typescript"
-          - "karma*"
-          - "jasmine*"
-          - "@types/*"
-          - "cypress"
+        patterns: ["typescript","karma*","jasmine*","@types/*","cypress"]
         update-types: ["minor", "patch"]
       ui-and-md:
-        patterns:
-          - "highlight.js"
-          - "marked"
-          - "github-markdown-css"
-          - "apexcharts"
-          - "ng-apexcharts"
-          - "ngx-*"
+        patterns: ["highlight.js","marked","github-markdown-css","apexcharts","ng-apexcharts","ngx-*"]
         update-types: ["minor", "patch"]
       codemirror-suite:
-        patterns:
-          - "codemirror"
-          - "@codemirror/*"
+        patterns: ["codemirror","@codemirror/*"]
         update-types: ["minor", "patch"]
 
-
   # GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "monday"
-      time: "03:00"
-      timezone: "Asia/Bangkok"
+    time: "03:00"
+    timezone: "Asia/Bangkok"
     target-branch: "main"
     labels: ["dependencies", "github-actions"]
     open-pull-requests-limit: 10
@@ -67,18 +50,28 @@ updates:
     target-branch: "main"
     labels: ["dependencies", "docker"]
     open-pull-requests-limit: 10
+    registries:
+      - dockerhub
+      - ghcr
     groups:
       nginx-node-base:
-        patterns:
-          - "nginx"
-          - "node"
+        patterns: ["nginx","node"]
         update-types: ["minor", "patch"]
       dotnet-base:
-        patterns:
-          - "mcr.microsoft.com/dotnet/*"
+        patterns: ["mcr.microsoft.com/dotnet/*"]
         update-types: ["minor", "patch"]
       jre-maven:
-        patterns:
-          - "eclipse-temurin:*"
-          - "maven:*"
+        patterns: ["eclipse-temurin:*","maven:*"]
         update-types: ["minor", "patch"]
+
+registries:
+  dockerhub:
+    type: docker-registry
+    url: https://index.docker.io/v1/
+    username: ${{secrets.DOCKERHUB_USER}}
+    password: ${{secrets.DOCKERHUB_TOKEN}}
+  ghcr:
+    type: docker-registry
+    url: https://ghcr.io
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
diff --git a/.github/workflows/ci-sonar-angular.yml b/.github/workflows/ci-sonar-angular.yml
@@ -12,6 +12,7 @@ on:
       - "sonar-project.properties"
   pull_request:
 
+###
 permissions:
   contents: read
   pull-requests: write
@@ -31,7 +32,7 @@ jobs:
           fetch-depth: 0  # Sonar cần full history để tính blame
 
       - name: Set up JDK (for Sonar scanner)
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: temurin
           java-version: "21"
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,39 @@
+name: Dependabot Auto-merge
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  automerge:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch Dependabot metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-approve patch/minor
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-patch' ||
+          steps.meta.outputs.update-type == 'version-update:semver-minor'
+        uses: hmarr/auto-approve-action@v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable PR auto-merge (squash) for patch/minor
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-patch' ||
+          steps.meta.outputs.update-type == 'version-update:semver-minor'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash
diff --git a/.github/workflows/deploy-frontend.yml b/.github/workflows/deploy-frontend.yml
@@ -106,14 +106,20 @@ jobs:
             fi
           }
 
-          # docker login (nếu có)
+          # docker login Docker Hub (nếu có)
           if [ -n "${DOCKERHUB_USER:-}" ] && [ -n "${DOCKERHUB_TOKEN:-}" ]; then
             echo "docker login Docker Hub..."
             echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin
           else
             echo "Thiếu DOCKERHUB_USER/DOCKERHUB_TOKEN trong .env (image public thì vẫn OK)."
           fi
 
+          # docker login GHCR (nếu có)
+          if [ -n "${GHCR_USERNAME:-}" ] && [ -n "${GHCR_TOKEN:-}" ]; then
+            echo "docker login GHCR..."
+            echo "$GHCR_TOKEN" | docker login ghcr.io -u "$GHCR_USERNAME" --password-stdin
+          fi
+
           echo "Pull image frontend tag ${IMAGE_TAG}…"
           compose -f docker-compose.prod-frontend.yml --env-file .env pull
 
diff --git a/.github/workflows/frontend-docker-publish.yml b/.github/workflows/frontend-docker-publish.yml
@@ -20,6 +20,7 @@ permissions:
 
 env:
   DOCKER_REPO: ${{ secrets.DOCKERHUB_USER }}/codecampus-frontend
+  GHCR_OWNER: ${{ github.repository_owner }}
   DOCKERFILE_PATH: docker/angular-frontend.Dockerfile
   PLATFORMS: linux/amd64
 
@@ -28,40 +29,59 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
 
-      - name: Set up Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Derive tags
+      - name: Derive tags (Docker Hub + GHCR)
         id: meta
+        shell: bash
         run: |
-          TAGS=""
+          set -euo pipefail
+
+          # Hạ lowercase owner (an toàn POSIX)
+          OWNER_LC="$(printf '%s' "${GHCR_OWNER}" | tr '[:upper:]' '[:lower:]')"
+          echo "OWNER_LC=${OWNER_LC}" >> "$GITHUB_ENV"
+
           if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
             VERSION="${GITHUB_REF_NAME#v}"
-            echo "IMAGE_TAG=${VERSION}" >> $GITHUB_ENV
-            TAGS="${{ env.DOCKER_REPO }}:${VERSION}"
+            echo "IMAGE_TAG=${VERSION}" >> "$GITHUB_ENV"
+            HUB="${DOCKER_REPO}:${VERSION}"
+            GHCR="ghcr.io/${OWNER_LC}/codecampus-frontend:${VERSION}"
           else
             SHA_TAG="${GITHUB_SHA::12}"
-            echo "IMAGE_TAG=${SHA_TAG}" >> $GITHUB_ENV
-            TAGS="${{ env.DOCKER_REPO }}:${SHA_TAG}"
+            echo "IMAGE_TAG=${SHA_TAG}" >> "$GITHUB_ENV"
+            HUB="${DOCKER_REPO}:${SHA_TAG}"
+            GHCR="ghcr.io/${OWNER_LC}/codecampus-frontend:${SHA_TAG}"
             if [ "${GITHUB_REF_NAME}" = "main" ]; then
-              TAGS="${TAGS},${{ env.DOCKER_REPO }}:latest"
+              HUB="${HUB}"$'\n'"${DOCKER_REPO}:latest"
+              GHCR="${GHCR}"$'\n'"ghcr.io/${OWNER_LC}/codecampus-frontend:latest"
             fi
           fi
-          echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+
+          # Xuất output "tags" dạng đa dòng
+          {
+            echo "tags<<__TAGS__"
+            printf '%s\n' "$HUB"
+            printf '%s\n' "$GHCR"
+            echo "__TAGS__"
+          } >> "$GITHUB_OUTPUT"
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Build & Push
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build & Push (Docker Hub + GHCR)
         uses: docker/build-push-action@v6
         with:
           context: .
