From bf0cb09b4a42a35c8e88f736144aeab8dabadc99 Mon Sep 17 00:00:00 2001 From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com> Date: Tue, 9 Sep 2025 14:25:37 +0700 Subject: [PATCH 1/3] chore(ci/cd): add local ci/cd workflow --- .forgejo/workflows/build.yml | 49 +++++++++++++++++++++++++++++++++++ .forgejo/workflows/deploy.yml | 29 +++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 .forgejo/workflows/build.yml create mode 100644 .forgejo/workflows/deploy.yml diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml new file mode 100644 index 0000000..285a66a --- /dev/null +++ b/.forgejo/workflows/build.yml @@ -0,0 +1,49 @@ +name: Build + +on: + push: + tags: + - "v[0-9]+.[0-9]+.[0-9]+" + - "v[0-9]+.[0-9]+.[0-9]+*" + workflow_dispatch: + +env: + REGISTRY: ${{ vars.CONTAINER_REGISTRY }} + REGISTRY_USERNAME: ${{ vars.CONTAINER_REGISTRY_USERNAME }} + REGISTRY_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_PASSWORD }} + CONTAINER_IMAGE_NAME: ${{ vars.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_IMAGE_OWNER }}/${{ vars.CONTAINER_IMAGE_NAME }} + IMAGE_VERSION: build + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + with: + config-inline: | + [registry."${{ env.REGISTRY }}"] + ca=["/etc/ssl/certs/ca-certificates.crt"] + - name: Tag Version + run: | + if [[ "${{ github.event_name }}" == "push" ]]; then + echo "IMAGE_VERSION=${{ github.ref_name }}" | sed 's/v//g' >> $GITHUB_ENV + else + echo "IMAGE_VERSION=${{ env.IMAGE_VERSION }}-${{ github.run_number }}" >> $GITHUB_ENV + fi + - name: Login in to registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ env.REGISTRY_USERNAME }} + password: ${{ env.REGISTRY_PASSWORD }} + - name: Build and push docker image + uses: docker/build-push-action@v3 + with: + platforms: linux/amd64 + context: ./Services + file: ./Services/Dockerfile + tags: ${{ env.CONTAINER_IMAGE_NAME }}:latest,${{ env.CONTAINER_IMAGE_NAME }}:${{ env.IMAGE_VERSION }} + push: true diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml new file mode 100644 index 0000000..c9d999f --- /dev/null +++ b/.forgejo/workflows/deploy.yml @@ -0,0 +1,29 @@ +name: Build + +on: + workflow_dispatch: + inputs: + version: + description: "Version to deploy" + type: string + required: false + default: "latest" + +env: + IMAGE_VERSION: build + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Remote Deploy + uses: appleboy/ssh-action@v1.2.1 + with: + host: ${{ vars.SSH_DEPLOY_HOST }} + port: ${{ vars.SSH_DEPLOY_PORT }} + username: ${{ secrets.SSH_DEPLOY_USER }} + password: ${{ secrets.SSH_DEPLOY_PASSWORD }} + script: | + cd ~/repo + ./replace-env.sh APP_EDM "${{ inputs.version }}" + ./deploy.sh hrms-edm From 7c28d3f3aed726e6b68f4294fbfbec591c064983 Mon Sep 17 00:00:00 2001 From: Methapon2001 <61303214+Methapon2001@users.noreply.github.com> Date: Tue, 9 Sep 2025 15:01:33 +0700 Subject: [PATCH 2/3] fix: roles --- Services/client/src/router/index.ts | 10 ++++++++-- Services/client/src/services/KeyCloakService.ts | 6 +----- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/Services/client/src/router/index.ts b/Services/client/src/router/index.ts index e8ec4a4..32534ef 100644 --- a/Services/client/src/router/index.ts +++ b/Services/client/src/router/index.ts @@ -34,7 +34,10 @@ const router = createRouter({ if (token) { const roles = getRole() - if (token && roles.includes('admin')) { + if ( + token && + (roles.includes('admin') || roles.includes('SUPER_ADMIN')) + ) { return next() } @@ -45,7 +48,10 @@ const router = createRouter({ const token = await getToken() const roles = getRole() - if (token && roles.includes('admin')) { + if ( + token && + (roles.includes('admin') || roles.includes('SUPER_ADMIN')) + ) { return next() } diff --git a/Services/client/src/services/KeyCloakService.ts b/Services/client/src/services/KeyCloakService.ts index 6f89c5b..c261fa3 100644 --- a/Services/client/src/services/KeyCloakService.ts +++ b/Services/client/src/services/KeyCloakService.ts @@ -39,11 +39,7 @@ export function getUsername(): string { export function getRole(): string[] { const decoded = keycloak.tokenParsed - if (decoded && decoded.resource_access && decoded.azp) { - return decoded.roles - } - - return [] + return decoded?.roles ?? decoded?.role ?? [] } export function isLoggedIn() { From ac1d85f6724d4d1f0f854df8bfa22104ad103f8f Mon Sep 17 00:00:00 2001 From: waruneeauy Date: Wed, 7 Jan 2026 20:28:21 +0700 Subject: [PATCH 3/3] build docker hub --- .github/workflows/build.yaml | 91 ++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..450a2ed --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,91 @@ +name: build to DockerHub +run-name: build ${{ github.actor }} +on: + push: + tags: + - "checkin-[0-9]+.[0-9]+.[0-9]+" + workflow_dispatch: + +env: + DOCKERHUB_REGISTRY: docker.io + IMAGE_NAME: hrms-edm + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + + - name: Generate Version + id: gen_ver + run: | + if [[ $GITHUB_REF == 'refs/heads/'* ]]; then + BRANCH_NAME="${GITHUB_REF##*/}" + IMAGE_VER="$BRANCH_NAME-$(date +%Y%m%d)-${GITHUB_SHA::7}" + else + IMAGE_VER="pr-${GITHUB_SHA::7}" + fi + echo "{\"version\":\"$IMAGE_VER\", \"date\":\"$(date +"%Y-%m-%d_%T")\",\"ref\":\"$GITHUB_REF\", \"sha\":\"$GITHUB_SHA\" }" > ./Services/server/src/version.json + echo "image_ver=$IMAGE_VER" >> $GITHUB_OUTPUT + echo "Build version: $IMAGE_VER" + cat ./Services/server/src/version.json + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and push to DockerHub + uses: docker/build-push-action@v3 + with: + context: ./Services + platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ steps.gen_ver.outputs.image_ver }} + ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:latest + cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:buildcache,mode=max + + - name: Notify Discord Success + if: success() + run: | + curl -H "Content-Type: application/json" \ + -X POST \ + -d '{ + "embeds": [{ + "title": "✅ Build Success!", + "description": "**Details:**\n- Image: `${{ secrets.DOCKERHUB_USERNAME }}/${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Branch: `${{ github.ref_name }}`\n- Built by: `${{github.actor}}`", + "color": 3066993, + "footer": { + "text": "Build Notification", + "icon_url": "https://example.com/success-icon.png" + }, + "timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'" + }] + }' \ + ${{ secrets.DISCORD_WEBHOOK }} + + - name: Notify Discord Failure + if: failure() + run: | + curl -H "Content-Type: application/json" \ + -X POST \ + -d '{ + "embeds": [{ + "title": "❌ Build Failed!", + "description": "**Details:**\n- Image: `${{ secrets.DOCKERHUB_USERNAME }}/${{env.IMAGE_NAME}}`\n- Version: `${{ steps.gen_ver.outputs.image_ver }}`\n- Branch: `${{ github.ref_name }}`\n- Attempted by: `${{github.actor}}`", + "color": 15158332, + "footer": { + "text": "Build Notification", + "icon_url": "https://example.com/failure-icon.png" + }, + "timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'" + }] + }' \ + ${{ secrets.DISCORD_WEBHOOK }}