hrms-bangkok/hrms-edm
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Merge branch 'development'

Browse source 
* development:
  build docker hub
  fix: roles
  chore(ci/cd): add local ci/cd workflow
This commit is contained in:
Warunee Tamkoo 2026-01-07 20:30:25 +07:00
commit 2df4543e21
5 changed files with 178 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

49
.forgejo/workflows/build.yml Normal file
View file

@ -0,0 +1,49 @@
name: Build
on:
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+*"
workflow_dispatch:
env:
REGISTRY: ${{ vars.CONTAINER_REGISTRY }}
REGISTRY_USERNAME: ${{ vars.CONTAINER_REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }}
CONTAINER_IMAGE_NAME: ${{ vars.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_IMAGE_OWNER }}/${{ vars.CONTAINER_IMAGE_NAME }}
IMAGE_VERSION: build
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
config-inline: |
[registry."${{ env.REGISTRY }}"]
ca=["/etc/ssl/certs/ca-certificates.crt"]
- name: Tag Version
run: |
if [[ "${{ github.event_name }}" == "push" ]]; then
echo "IMAGE_VERSION=${{ github.ref_name }}" | sed 's/v//g' >> $GITHUB_ENV
else
echo "IMAGE_VERSION=${{ env.IMAGE_VERSION }}-${{ github.run_number }}" >> $GITHUB_ENV
fi
- name: Login in to registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Build and push docker image
uses: docker/build-push-action@v3
with:
platforms: linux/amd64
context: ./Services
file: ./Services/Dockerfile
tags: ${{ env.CONTAINER_IMAGE_NAME }}:latest,${{ env.CONTAINER_IMAGE_NAME }}:${{ env.IMAGE_VERSION }}
push: true

29
.forgejo/workflows/deploy.yml Normal file
View file

@ -0,0 +1,29 @@
name: Build
on:
workflow_dispatch:
inputs:
version:
description: "Version to deploy"
type: string
required: false
default: "latest"
env:
IMAGE_VERSION: build
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Remote Deploy
uses: appleboy/ssh-action@v1.2.1
with:
host: ${{ vars.SSH_DEPLOY_HOST }}
port: ${{ vars.SSH_DEPLOY_PORT }}
username: ${{ secrets.SSH_DEPLOY_USER }}
password: ${{ secrets.SSH_DEPLOY_PASSWORD }}
script: |
cd ~/repo
./replace-env.sh APP_EDM "${{ inputs.version }}"
./deploy.sh hrms-edm

91
.github/workflows/build.yaml vendored Normal file
View file

@ -0,0 +1,91 @@
name: build to DockerHub
run-name: build ${{ github.actor }}
on:
push:
tags:
- "checkin-[0-9]+.[0-9]+.[0-9]+"
workflow_dispatch:
env:
DOCKERHUB_REGISTRY: docker.io
IMAGE_NAME: hrms-edm
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Generate Version
id: gen_ver
run: |
if [[ $GITHUB_REF == 'refs/heads/'* ]]; then
BRANCH_NAME="${GITHUB_REF##*/}"
IMAGE_VER="$BRANCH_NAME-$(date +%Y%m%d)-${GITHUB_SHA::7}"
else
IMAGE_VER="pr-${GITHUB_SHA::7}"
fi
echo "{\"version\":\"$IMAGE_VER\", \"date\":\"$(date +"%Y-%m-%d_%T")\",\"ref\":\"$GITHUB_REF\", \"sha\":\"$GITHUB_SHA\" }" > ./Services/server/src/version.json
echo "image_ver=$IMAGE_VER" >> $GITHUB_OUTPUT
echo "Build version: $IMAGE_VER"
cat ./Services/server/src/version.json
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push to DockerHub
uses: docker/build-push-action@v3
with:
context: ./Services
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ steps.gen_ver.outputs.image_ver }}
${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest
cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:buildcache
cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
- name: Notify Discord Success
if: success()
run: |
curl -H "Content-Type: application/json" \
-X POST \
-d '{
"embeds": [{
"title": "✅ Build Success!",
"description": "**Details:**\n- Image: `${{ secrets.DOCKERHUB_USERNAME }}/${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Branch: `${{ github.ref_name }}`\n- Built by: `${{github.actor}}`",
"color": 3066993,
"footer": {
"text": "Build Notification",
"icon_url": "https://example.com/success-icon.png"
},
"timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"
}]
}' \
${{ secrets.DISCORD_WEBHOOK }}
- name: Notify Discord Failure
if: failure()
run: |
curl -H "Content-Type: application/json" \
-X POST \
-d '{
"embeds": [{
"title": "❌ Build Failed!",
"description": "**Details:**\n- Image: `${{ secrets.DOCKERHUB_USERNAME }}/${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Branch: `${{ github.ref_name }}`\n- Attempted by: `${{github.actor}}`",
"color": 15158332,
"footer": {
"text": "Build Notification",
"icon_url": "https://example.com/failure-icon.png"
},
"timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'"
}]
}' \
${{ secrets.DISCORD_WEBHOOK }}

10
Services/client/src/router/index.ts
View file

@ -34,7 +34,10 @@ const router = createRouter({
if (token) {
const roles = getRole()
if (token && roles.includes('admin')) {
if (
token &&
(roles.includes('admin') || roles.includes('SUPER_ADMIN'))
) {
return next()
}
@ -45,7 +48,10 @@ const router = createRouter({
const token = await getToken()
const roles = getRole()
if (token && roles.includes('admin')) {
if (
token &&
(roles.includes('admin') || roles.includes('SUPER_ADMIN'))
) {
return next()
}

6
Services/client/src/services/KeyCloakService.ts
View file

@ -39,11 +39,7 @@ export function getUsername(): string {
export function getRole(): string[] {
const decoded = keycloak.tokenParsed
if (decoded && decoded.resource_access && decoded.azp) {
return decoded.roles
}
return []
return decoded?.roles ?? decoded?.role ?? []
}
export function isLoggedIn() {