CapstoneProjectCMC · dependabot · Sep 17, 2025 · Sep 17, 2025 · Sep 17, 2025 · Sep 17, 2025
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,39 +1,77 @@
 version: 2
 updates:
-  # NPM (Angular app)
+  # (Angular app)
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
       time: "02:00"
       timezone: "Asia/Bangkok"
-    open-pull-requests-limit: 10
     target-branch: "main"
-    labels: ["dependencies", "npm"]
-    allow:
-      - dependency-type: "direct"
-      - dependency-type: "all"
+    open-pull-requests-limit: 10
+    labels: ["dependencies", "npm", "frontend"]
     ignore:
-      # ví dụ giữ cố định major của Angular 19
       - dependency-name: "@angular/*"
-        versions: [">=20"]
+        update-types: ["version-update:semver-major"]
+    groups:
+      angular-core:
+        patterns: ["@angular/*", "zone.js"]
+        update-types: ["minor", "patch"]
+      tooling-and-tests:
+        patterns: ["typescript","karma*","jasmine*","@types/*","cypress"]
+        update-types: ["minor", "patch"]
+      ui-and-md:
+        patterns: ["highlight.js","marked","github-markdown-css","apexcharts","ng-apexcharts","ngx-*"]
+        update-types: ["minor", "patch"]
+      codemirror-suite:
+        patterns: ["codemirror","@codemirror/*"]
+        update-types: ["minor", "patch"]
 
   # GitHub Actions
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
       day: "monday"
-      time: "03:00"
-      timezone: "Asia/Bangkok"
+    time: "03:00"
+    timezone: "Asia/Bangkok"
+    target-branch: "main"
     labels: ["dependencies", "github-actions"]
+    open-pull-requests-limit: 10
 
-  # Docker base images (Nginx, Node…)
+  # Docker images (Nginx, Node…)
   - package-ecosystem: "docker"
     directory: "/docker"
     schedule:
       interval: "weekly"
       day: "tuesday"
       time: "04:00"
       timezone: "Asia/Bangkok"
+    target-branch: "main"
     labels: ["dependencies", "docker"]
+    open-pull-requests-limit: 10
+    registries:
+      - dockerhub
+      - ghcr
+    groups:
+      nginx-node-base:
+        patterns: ["nginx","node"]
+        update-types: ["minor", "patch"]
+      dotnet-base:
+        patterns: ["mcr.microsoft.com/dotnet/*"]
+        update-types: ["minor", "patch"]
+      jre-maven:
+        patterns: ["eclipse-temurin:*","maven:*"]
+        update-types: ["minor", "patch"]
+
+registries:
+  dockerhub:
+    type: docker-registry
+    url: https://index.docker.io/v1/
+    username: ${{secrets.DOCKERHUB_USER}}
+    password: ${{secrets.DOCKERHUB_TOKEN}}
+  ghcr:
+    type: docker-registry
+    url: https://ghcr.io
+    username: ${{secrets.GHCR_USERNAME}}
+    password: ${{secrets.GHCR_TOKEN}}
diff --git a/.github/workflows/ci-sonar-angular.yml b/.github/workflows/ci-sonar-angular.yml
@@ -12,6 +12,7 @@ on:
       - "sonar-project.properties"
   pull_request:
 
+###
 permissions:
   contents: read
   pull-requests: write
@@ -31,7 +32,7 @@ jobs:
           fetch-depth: 0  # Sonar cần full history để tính blame
 
       - name: Set up JDK (for Sonar scanner)
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: temurin
           java-version: "21"

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,39 @@
+name: Dependabot Auto-merge
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  automerge:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Fetch Dependabot metadata
+        id: meta
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-approve patch/minor
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-patch' ||
+          steps.meta.outputs.update-type == 'version-update:semver-minor'
+        uses: hmarr/auto-approve-action@v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable PR auto-merge (squash) for patch/minor
+        if: |
+          steps.meta.outputs.update-type == 'version-update:semver-patch' ||
+          steps.meta.outputs.update-type == 'version-update:semver-minor'
+        uses: peter-evans/enable-pull-request-automerge@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          pull-request-number: ${{ github.event.pull_request.number }}
+          merge-method: squash
diff --git a/.github/workflows/deploy-frontend.yml b/.github/workflows/deploy-frontend.yml
@@ -106,14 +106,20 @@ jobs:
             fi
           }
 
-          # docker login (nếu có)
+          # docker login Docker Hub (nếu có)
           if [ -n "${DOCKERHUB_USER:-}" ] && [ -n "${DOCKERHUB_TOKEN:-}" ]; then
             echo "docker login Docker Hub..."
             echo "$DOCKERHUB_TOKEN" | docker login -u "$DOCKERHUB_USER" --password-stdin
           else
             echo "Thiếu DOCKERHUB_USER/DOCKERHUB_TOKEN trong .env (image public thì vẫn OK)."
           fi
 
+          # docker login GHCR (nếu có)
+          if [ -n "${GHCR_USERNAME:-}" ] && [ -n "${GHCR_TOKEN:-}" ]; then
+            echo "docker login GHCR..."
+            echo "$GHCR_TOKEN" | docker login ghcr.io -u "$GHCR_USERNAME" --password-stdin
+          fi
+
           echo "Pull image frontend tag ${IMAGE_TAG}…"
           compose -f docker-compose.prod-frontend.yml --env-file .env pull
 

diff --git a/.github/workflows/frontend-docker-publish.yml b/.github/workflows/frontend-docker-publish.yml
@@ -20,6 +20,7 @@ permissions:
 
 env:
   DOCKER_REPO: ${{ secrets.DOCKERHUB_USER }}/codecampus-frontend
+  GHCR_OWNER: ${{ github.repository_owner }}
   DOCKERFILE_PATH: docker/angular-frontend.Dockerfile
   PLATFORMS: linux/amd64
 
@@ -28,40 +29,59 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
 
-      - name: Set up Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Derive tags
+      - name: Derive tags (Docker Hub + GHCR)
         id: meta
+        shell: bash
         run: |
-          TAGS=""
+          set -euo pipefail
+
+          # Hạ lowercase owner (an toàn POSIX)
+          OWNER_LC="$(printf '%s' "${GHCR_OWNER}" | tr '[:upper:]' '[:lower:]')"
+          echo "OWNER_LC=${OWNER_LC}" >> "$GITHUB_ENV"
+
           if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
             VERSION="${GITHUB_REF_NAME#v}"
-            echo "IMAGE_TAG=${VERSION}" >> $GITHUB_ENV
-            TAGS="${{ env.DOCKER_REPO }}:${VERSION}"
+            echo "IMAGE_TAG=${VERSION}" >> "$GITHUB_ENV"
+            HUB="${DOCKER_REPO}:${VERSION}"
+            GHCR="ghcr.io/${OWNER_LC}/codecampus-frontend:${VERSION}"
           else
             SHA_TAG="${GITHUB_SHA::12}"
-            echo "IMAGE_TAG=${SHA_TAG}" >> $GITHUB_ENV
-            TAGS="${{ env.DOCKER_REPO }}:${SHA_TAG}"
+            echo "IMAGE_TAG=${SHA_TAG}" >> "$GITHUB_ENV"
+            HUB="${DOCKER_REPO}:${SHA_TAG}"
+            GHCR="ghcr.io/${OWNER_LC}/codecampus-frontend:${SHA_TAG}"
             if [ "${GITHUB_REF_NAME}" = "main" ]; then
-              TAGS="${TAGS},${{ env.DOCKER_REPO }}:latest"
+              HUB="${HUB}"$'\n'"${DOCKER_REPO}:latest"
+              GHCR="${GHCR}"$'\n'"ghcr.io/${OWNER_LC}/codecampus-frontend:latest"
             fi
           fi
-          echo "tags=${TAGS}" >> $GITHUB_OUTPUT
+
+          # Xuất output "tags" dạng đa dòng
+          {
+            echo "tags<<__TAGS__"
+            printf '%s\n' "$HUB"
+            printf '%s\n' "$GHCR"
+            echo "__TAGS__"
+          } >> "$GITHUB_OUTPUT"
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Build & Push
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build & Push (Docker Hub + GHCR)
         uses: docker/build-push-action@v6
         with:
           context: .

diff --git a/DockerFile b/DockerFile
@@ -0,0 +1,13 @@
+# Stage 1: build Angular app
+FROM node:20-alpine AS build
+WORKDIR /app
+COPY package*.json ./
+RUN npm install
+COPY . .
+RUN npm run build --prod
+
+# Stage 2: serve với Nginx
+FROM nginx:alpine
+COPY --from=build /app/dist/codecampus /usr/share/nginx/html
+# copy sẵn default nginx config nếu cần
+COPY nginx.conf /etc/nginx/conf.d/default.conf
diff --git a/config-local.json b/config-local.json
@@ -0,0 +1 @@
+{ "apiUrl": "http://localhost:8888/api" }
diff --git a/config-server.json b/config-server.json
@@ -0,0 +1 @@
+{ "apiUrl": "http://72.60.41.133:8888/api" }
diff --git a/docker-compose.prod-frontend.yml b/docker-compose.prod-frontend.yml
@@ -5,8 +5,13 @@ services:
     container_name: codecampus-frontend
     image: ${DOCKERHUB_USER}/codecampus-frontend:${IMAGE_TAG:-latest}
     restart: unless-stopped
-    ports: [ "4200:4200" ]
-    networks: [ backend ]
+    ports: ["4200:80"]
+    volumes:
+      # Dùng config local
+      - ./config-local.json:/usr/share/nginx/html/config.json
+      # Hoặc server
+      # - ./config-server.json:/usr/share/nginx/html/config.json
+    networks: [backend]
 
 networks:
   backend: