docs: update application configuration example

feat: add OCI labels and README push for Docker Hub
Add OCI standard labels to Dockerfile.ci and push README.md to Docker Hub image page via docker-pushrm in CI workflow.
2026-06-08 13:32:16 +08:00 · 2026-06-05 10:20:15 +08:00 · 2026-06-05 09:40:12 +08:00 · 2026-06-05 09:30:28 +08:00 · 2026-06-05 09:14:37 +08:00 · 2026-06-05 08:58:55 +08:00
15 changed files with 152 additions and 158 deletions
@@ -0,0 +1,85 @@
 name: Build and Deploy
 on:
  release:
    types: [published]
 env:
  APP_NAME: delta-force-guide-server
 jobs:
  build-and-release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Set up JDK 21 (Corretto)
        uses: actions/setup-java@v4
        with:
          java-version: 21
          distribution: corretto
          cache: gradle
      - name: Build with Gradle
        run: >
          ./gradlew bootJar -x test
          -PartefactVersion="${{ gitea.event.release.tag_name }}"
          -PbuildChannel=stable
          -Pvendor=${{ vars.VENDOR }}
      - name: Resolve JAR file path
        id: jar
        run: |
          JAR_PATH=$(find build/libs -name '*.jar' | head -1)
          echo "file=$JAR_PATH" >> "$GITHUB_OUTPUT"
      - name: Upload JAR to Gitea Release
        run: |
          TAG="${{ gitea.event.release.tag_name }}"
          FILE="${{ steps.jar.outputs.file }}"
          ASSET_NAME="${APP_NAME}-${TAG}.jar"
          curl -X POST \
            -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
            -H "Content-Type: multipart/form-data" \
            -F "attachment=@${FILE};filename=${ASSET_NAME}" \
            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/${{ gitea.event.release.id }}/assets?name=${ASSET_NAME}"
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      - name: Generate image tags
        id: meta
        run: |
          DOCKERHUB_USER="${{ vars.DOCKER_HUB_USERNAME }}"
          echo "tag_version=${DOCKERHUB_USER}/${APP_NAME}:${{ gitea.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
          echo "tag_latest=${DOCKERHUB_USER}/${APP_NAME}:latest" >> "$GITHUB_OUTPUT"
      - name: Build and push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile.ci
          build-args: |
            JAR_FILE=${{ steps.jar.outputs.file }}
            IMAGE_VERSION=${{ gitea.event.release.tag_name }}
            IMAGE_VENDOR=${{ vars.VENDOR }}
            BUILD_DATE=${{ gitea.event.release.published_at }}
          push: true
          tags: |
            ${{ steps.meta.outputs.tag_version }}
            ${{ steps.meta.outputs.tag_latest }}
      - name: Push README to Docker Hub
        run: >
          docker run --rm
          -v "$(pwd)/README.md:/workspace/README.md:ro"
          -e DOCKER_USER="${{ vars.DOCKER_HUB_USERNAME }}"
          -e DOCKER_PASS="${{ secrets.DOCKER_HUB_TOKEN }}"
          chko/docker-pushrm:latest
          "${{ vars.DOCKER_HUB_USERNAME }}/${{ env.APP_NAME }}"
@@ -1,86 +0,0 @@
 name: Build and Deploy
 on:
  release:
    types: [published]
 env:
  APP_NAME: delta-force-guide-server
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 jobs:
  # ================================================================
  # Single Job: Build, Upload JAR to Release, and Push to GHCR
  # ================================================================
  build-and-release:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write
    steps:
      - uses: actions/checkout@v4
      - name: Set up JDK 21 (Corretto)
        uses: actions/setup-java@v4
        with:
          java-version: 21
          distribution: corretto
          cache: gradle
      - name: Set up Gradle
        uses: gradle/actions/setup-gradle@v4
      # 使用 Release Tag 做为 Gradle 属性传入
      - name: Build with Gradle
        run: ./gradlew bootJar -x test -PartefactVersion="${{ github.event.release.tag_name }}"
      - name: Resolve JAR file path
        id: jar
        run: |
          JAR_PATH=$(find build/libs -name '*.jar' | head -1)
          echo "file=$JAR_PATH" >> "$GITHUB_OUTPUT"
      # 上传 JAR 包到 GitHub Release 中
      - name: Upload JAR to GitHub Release
        uses: svenstaro/upload-release-action@v2
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          file: ${{ steps.jar.outputs.file }}
          asset_name: ${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.jar
          tag: ${{ github.event.release.tag_name }}
          overwrite: true
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      # 登录到 GitHub Container Registry (GHCR)
      - name: Log in to GHCR
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      # 镜像打标签准备
      - name: Generate image tags
        id: meta
        run: |
          OWNER_LC=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
          REPO_LC=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]')
          echo "tag_version=ghcr.io/$OWNER_LC/$REPO_LC:${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
          echo "tag_latest=ghcr.io/$OWNER_LC/$REPO_LC:latest" >> "$GITHUB_OUTPUT"
      # 构建并上传镜像到 GHCR
      - name: Build and push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile.ci
          build-args: JAR_FILE=${{ steps.jar.outputs.file }}
          push: true
          tags: |
            ${{ steps.meta.outputs.tag_version }}
            ${{ steps.meta.outputs.tag_latest }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
@@ -1,34 +0,0 @@
 variables:
  GRADLE_OPTS: -Dorg.gradle.daemon=false
  DOCKER_HOST: unix:///var/run/docker.sock
 stages:
  - release
 release:
  stage: release
  image: amazoncorretto:21-alpine
  cache:
    key: gradle
    paths:
      - .gradle/wrapper
      - .gradle/caches
  before_script:
    - chmod +x gradlew
    - apk add --no-cache docker-cli
  script:
    - ./gradlew bootJar -x test -PartefactVersion="$CI_COMMIT_TAG"
    - JAR_FILE=$(find build/libs -name '*.jar' | head -1)
    - echo "Building Docker image for tag $CI_COMMIT_TAG with JAR $JAR_FILE"
    - docker build
        -f Dockerfile.ci
        --build-arg JAR_FILE="$JAR_FILE"
        -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
        .
    - docker tag "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" "$CI_REGISTRY_IMAGE:latest"
    - echo "Pushing image $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
    - docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
    - docker push "$CI_REGISTRY_IMAGE:latest"
  rules:
    - if: $CI_COMMIT_TAG
@@ -2,6 +2,18 @@ FROM amazoncorretto:21-alpine
 WORKDIR /app
 ARG JAR_FILE
 ARG IMAGE_VERSION=dev
 ARG IMAGE_VENDOR=OnixByte
 ARG BUILD_DATE
 COPY ${JAR_FILE} app.jar
 LABEL org.opencontainers.image.title="delta-force-guide-server" \
      org.opencontainers.image.description="REST API backend for managing Delta Force game firearm builds and modifications" \
      org.opencontainers.image.version="${IMAGE_VERSION}" \
      org.opencontainers.image.vendor="${IMAGE_VENDOR}" \
      org.opencontainers.image.source="https://git.onixbyte.com/onixbyte/delta-force-guide-server" \
      org.opencontainers.image.licenses="MIT" \
      org.opencontainers.image.created="${BUILD_DATE}"
 ENTRYPOINT ["java", "-jar", "app.jar"]
@@ -5,6 +5,8 @@ plugins {
 }
 val artefactVersion: String by project
 val buildChannel: String by project
 val vendor: String by project
 group = "com.onixbyte.helix"
 version = artefactVersion
@@ -61,6 +63,16 @@ dependencies {
    testRuntimeOnly(libs.junit.launcher)
 }
 tasks.processResources {
    filesMatching("application.yaml") {
        expand(
            "appVersion" to artefactVersion,
            "channel" to buildChannel,
            "vendor" to vendor
        )
    }
 }
 tasks.test {
    useJUnitPlatform()
 }
@@ -9,15 +9,19 @@ spring:
      host: localhost
      port: 6379
      database: 0
-      # password: 6hLFVqfGPviTYukn # Uncomment if password is necessary
+      # password: qwerty # Uncomment if password is necessary
 logging:
  pattern:
    # dateformat: dd MMM yyyy HH:mm:ss.SSS # Modify this for custom date format.
 app:
-  common:
+  cookie:
-    version: 1.3.0.8-dev # Application version, you can change to any version you like, used for communication with frontend.
+    http-only: true
    secure: false
    same-site: none
    path: '/'
    max-age: P1D
  cors:
    allowed-origins: # Cross-origin allowed origins
      - "http://localhost:5173" # Dev server for vite.
@@ -41,12 +45,10 @@ app:
    issuer: dfguide.local # Issuer host
    secret: qwertyuiopasdfghjklzxcvbnm123456 # JWT singing secret, a 32-byte long or longer string is recommended
    valid-time: PT2H # JWT valid duration
-  cookie: # Cookie settings.
+  webhook:
-    http-only: true
+    github:
-    secure: false
+      secret: 123456
-    same-site: lax
+      allowed-users: [ octotcat, onixbyte ]
    path: '/'
    max-age: PT2H
 springdoc:
  api-docs:
@@ -1,10 +1,10 @@
 package com.onixbyte.deltaforceguide.config;
-import com.onixbyte.deltaforceguide.properties.WebhookProperties;
+import com.onixbyte.deltaforceguide.properties.GitHubWebhookProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
@Configuration
-@EnableConfigurationProperties(WebhookProperties.class)
+@EnableConfigurationProperties({GitHubWebhookProperties.class})
 public class WebhookConfig {
 }
@@ -48,7 +48,7 @@ public class GitHubWebhookInterceptor implements HandlerInterceptor {
                    "Request body is not readable");
        }
-        var secret = webhookManager.github().secret();
+        var secret = webhookManager.secret();
        if (secret == null || secret.isBlank()) {
            log.debug("No GitHub webhook secret configured, skipping signature verification");
            return true;
@@ -18,6 +18,10 @@ public class AppManager {
     * @return the version string of this application
     */
    public String getVersion() {
-        return appProperties.version();
+        return "v%s-%s by @%s".formatted(
                appProperties.version(),
                appProperties.channel(),
                appProperties.vendor()
        );
    }
 }
@@ -1,21 +1,24 @@
 package com.onixbyte.deltaforceguide.manager;
 import com.onixbyte.deltaforceguide.properties.GitHubWebhookProperties;
 import com.onixbyte.deltaforceguide.properties.WebhookProperties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import java.util.List;
@Component
 public class WebhookManager {
-    private final WebhookProperties webhookProperties;
+    private final GitHubWebhookProperties gitHubWebhookProperties;
-    @Autowired
+    public WebhookManager(GitHubWebhookProperties gitHubWebhookProperties) {
-    public WebhookManager(WebhookProperties webhookProperties) {
+        this.gitHubWebhookProperties = gitHubWebhookProperties;
        this.webhookProperties = webhookProperties;
    }
-    public GitHubWebhookProperties github() {
+    public String secret() {
-        return webhookProperties.github();
+        return gitHubWebhookProperties.secret();
    }
    public List<String> allowedUsers() {
        return gitHubWebhookProperties.allowedUsers();
    }
 }
@@ -4,6 +4,8 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties(prefix = "app.common")
 public record AppProperties(
-        String version
+        String version,
        String channel,
        String vendor
 ) {
 }
@@ -1,7 +1,10 @@
 package com.onixbyte.deltaforceguide.properties;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import java.util.List;
@ConfigurationProperties(prefix = "app.webhook.github")
 public record GitHubWebhookProperties(
        String secret,
        List<String> allowedUsers
@@ -1,9 +0,0 @@
 package com.onixbyte.deltaforceguide.properties;
 import org.springframework.boot.context.properties.ConfigurationProperties;
@ConfigurationProperties(prefix = "app.webhook")
 public record WebhookProperties(
        GitHubWebhookProperties github
 ) {
 }
@@ -172,7 +172,7 @@ public class WebhookService {
    private boolean isAllowedSender(
            GitHubWebhookSender sender
    ) {
-        var allowedUsers = webhookManager.github().allowedUsers();
+        var allowedUsers = webhookManager.allowedUsers();
        if (allowedUsers == null || allowedUsers.isEmpty()) {
            return true;
        }
@@ -39,13 +39,13 @@ mybatis:
  type-handlers-package: com.onixbyte.deltaforceguide.mapper.handler
  mapper-locations: classpath:/mapper/*.xml
 app:
  webhook:
    github:
      secret: ${GITHUB_WEBHOOK_SECRET:}
      allowed-users: []
 logging:
  level:
    org.hibernate:
      orm.connections.pooling: off
 app:
  common:
    version: ${appVersion}
    channel: ${channel}
    vendor: ${vendor}
Author	SHA1	Message	Date
siujamo	a2469c7573	docs: update application configuration example Build and Deploy / build-and-release (release) Failing after 5m14s Details	2026-06-08 13:32:16 +08:00
siujamo	62fcce3005	feat: add OCI labels and README push for Docker Hub Add OCI standard labels to Dockerfile.ci and push README.md to Docker Hub image page via docker-pushrm in CI workflow.	2026-06-05 10:20:15 +08:00
siujamo	c18a108a2b	ci: fix build error Build and Deploy / build-and-release (release) Successful in 14m20s Details	2026-06-05 09:40:12 +08:00
siujamo	fb2732508a	ci: fix build error Build and Deploy / build-and-release (release) Failing after 11m24s Details	2026-06-05 09:30:28 +08:00
siujamo	ceac8a3f8c	ci: fix build error Build and Deploy / build-and-release (release) Failing after 11m22s Details	2026-06-05 09:14:37 +08:00
siujamo	f8c0e3e8b6	ci: fix build error Build and Deploy / build-and-release (release) Failing after 11m36s Details	2026-06-05 08:58:55 +08:00
siujamo	a065b60cae	chore: migrate CI from GitHub Actions to Gitea Actions Replace GitHub Actions workflow with Gitea Actions, and switch container registry from GHCR to Docker Hub.	2026-06-04 17:36:43 +08:00
siujamo	17cd87c702	feat: inject build-time variables via Gradle processResources Replace hardcoded AppProperties values with Gradle ${} placeholders, allowing version/channel/vendor to be configured via gradle.properties or -P flags at build time. Also refactor webhook configuration to flatten the properties hierarchy by removing the intermediate WebhookProperties wrapper.	2026-06-04 17:12:48 +08:00