When firearmId is absent from the YAML block, resolveFirearmId falls back
to firearmName lookup via FirearmRepository.findByName(). If both are
present, firearmId takes precedence.
Only issues submitted by users in the allowed-users list are processed.
An empty or null list allows all senders (no filtering). Checks
sender.login from the webhook payload against the configured list.
GitLab webhook has been superseded by the GitHub webhook implementation.
Remove WebhookController (formerly GitLabWebhookController),
GitLabWebhookRequest DTO, and GitLabWebhookInterceptor.
WebhookService parses YAML-fenced issue body, filters by "weapon-mod"
label, deduplicates via Redis SETNX with 12h TTL, and delegates to
ModificationManager for single/batch creation.
GitHubWebhookController verifies X-GitHub-Event=issues and action=opened
before delegating to the service.
Register GitHubWebhookInterceptor for /webhooks/github in AppConfig.
Move create/batchCreate transactional logic from ModificationService into
a dedicated ModificationManager. Both ModificationService and WebhookService
delegate to the manager, respecting the Controller -> Service -> Manager
layering rule.
Verify X-Hub-Signature-256 header using CryptoUtil.hmacSha256 from
onixbyte crypto-toolbox. Signature check is skipped when no secret is
configured. Uses MessageDigest.isEqual for constant-time comparison.
Replace GitLabWebhookProperties with GitHubWebhookProperties (secret, allowed-users).
Update WebhookProperties and WebhookManager to use GitHub-only configuration.
Add app.webhook.github defaults to application.yaml.
Replace GitHubIssueLabeledWebhookRequest with GitHubIssueRequest.
Add number and repository fields for dedup key construction.
Add Jackson @JsonNaming/@JsonIgnoreProperties for GitHub payload deserialisation.
Add GitHubWebhookHeader constants for webhook header names.
Revert the main-branch-only rule since $CI_COMMIT_BRANCH is unset for tag
pipelines. The --provenance=false removal remains as the fix for legacy builder.
- Add MIT LICENCE file
- Add comprehensive README with tech stack, API overview, and architecture docs
- Add example production configuration template
- Remove gradle.properties in favour of build-time version injection
@
Set the environment variable FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 to true
to force the workflow and runner to execute all JavaScript actions using
Node.js 24. This resolves the future deprecation warning for Node.js 20.
Update build-and-deploy.yml workflow to:
1. Run single job 'build-and-release' to bypass artifact transfers.
2. Build JAR with -PartefactVersion parameter.
3. Upload the compiled JAR asset directly into GitHub Releases.
4. Build and push the Docker image directly to GitHub Container Registry (ghcr.io).
Merge build, package, and deploy stages into a single 'release' job. By building
the jar and running docker commands in the same container using local docker socket,
we completely bypass the need for GitLab artifact uploading/downloading. This significantly
reduces network overhead and speeds up release deployment.
Remove artifacts uploading from the build stage. Since we use a shared
docker socket on the same runner host, the package stage can access the
locally built jar file directly without needing gitlab coordinator upload/download.
Add `--provenance=false` flag to `docker build` command. This stops Docker BuildKit
from generating OCI Referrers/attestations, which are not correctly parsed by GitLab
Container Registry and cause the UI to display 0B size and "missing manifest digest" errors.
Replace custom registry variables with GitLab's predefined CI_REGISTRY,
CI_REGISTRY_IMAGE, and CI_REGISTRY_USER to ensure the built-in CI_JOB_TOKEN
has correct push permissions.
Replace DinD services with unix:///var/run/docker.sock socket binding to
fix "Cannot connect to Docker daemon" errors. Add -PartefactVersion
parameter to Gradle build for release version tracking.
Replace the full CI pipeline (build → image → push → SSH deploy on every branch)
with a focused release workflow: build JAR on tag push, package Docker image
tagged with the release tag, and push to registry.onixbyte.cn.
siujamo
siujamo