Merge pull request 'Develop' (#1 ) from develop into main

Reviewed-on: #1
chore: migrate CI from GitHub Actions to Gitea Actions
2026-06-04 17:40:34 +08:00 · 2026-06-04 17:36:43 +08:00 · 2026-06-04 17:12:48 +08:00 · 2026-06-04 14:47:45 +08:00 · 2026-06-04 14:42:14 +08:00
14 changed files with 129 additions and 122 deletions
@@ -0,0 +1,72 @@
+name: Build and Deploy
+
+on:
+  release:
+    types: [published]
+
+env:
+  APP_NAME: delta-force-guide-server
+
+jobs:
+  build-and-release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21 (Corretto)
+        uses: actions/setup-java@v4
+        with:
+          java-version: 21
+          distribution: corretto
+          cache: gradle
+
+      - name: Build with Gradle
+        run: >
+          ./gradlew bootJar -x test
+          -PartefactVersion="${{ gitea.event.release.tag_name }}"
+          -PbuildChannel=stable
+
+      - name: Resolve JAR file path
+        id: jar
+        run: |
+          JAR_PATH=$(find build/libs -name '*.jar' | head -1)
+          echo "file=$JAR_PATH" >> "$GITHUB_OUTPUT"
+
+      - name: Upload JAR to Gitea Release
+        run: |
+          TAG="${{ gitea.event.release.tag_name }}"
+          FILE="${{ steps.jar.outputs.file }}"
+          ASSET_NAME="${APP_NAME}-${TAG}.jar"
+          curl -X POST \
+            -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
+            -H "Content-Type: multipart/form-data" \
+            -F "attachment=@${FILE};filename=${ASSET_NAME}" \
+            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/${{ gitea.event.release.id }}/assets?name=${ASSET_NAME}"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Generate image tags
+        id: meta
+        run: |
+          DOCKERHUB_USER="${{ secrets.DOCKER_HUB_USERNAME }}"
+          REPO_NAME=$(echo "${{ gitea.repository.name }}" | tr '[:upper:]' '[:lower:]')
+          echo "tag_version=${DOCKERHUB_USER}/${REPO_NAME}:${{ gitea.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
+          echo "tag_latest=${DOCKERHUB_USER}/${REPO_NAME}:latest" >> "$GITHUB_OUTPUT"
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile.ci
+          build-args: JAR_FILE=${{ steps.jar.outputs.file }}
+          push: true
+          tags: |
+            ${{ steps.meta.outputs.tag_version }}
+            ${{ steps.meta.outputs.tag_latest }}
@@ -1,86 +0,0 @@
-name: Build and Deploy
-
-on:
-  release:
-    types: [published]
-
-env:
-  APP_NAME: delta-force-guide-server
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
-
-jobs:
-  # ================================================================
-  # Single Job: Build, Upload JAR to Release, and Push to GHCR
-  # ================================================================
-  build-and-release:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      packages: write
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up JDK 21 (Corretto)
-        uses: actions/setup-java@v4
-        with:
-          java-version: 21
-          distribution: corretto
-          cache: gradle
-
-      - name: Set up Gradle
-        uses: gradle/actions/setup-gradle@v4
-
-      # 使用 Release Tag 做为 Gradle 属性传入
-      - name: Build with Gradle
-        run: ./gradlew bootJar -x test -PartefactVersion="${{ github.event.release.tag_name }}"
-
-      - name: Resolve JAR file path
-        id: jar
-        run: |
-          JAR_PATH=$(find build/libs -name '*.jar' | head -1)
-          echo "file=$JAR_PATH" >> "$GITHUB_OUTPUT"
-
-      # 上传 JAR 包到 GitHub Release 中
-      - name: Upload JAR to GitHub Release
-        uses: svenstaro/upload-release-action@v2
-        with:
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          file: ${{ steps.jar.outputs.file }}
-          asset_name: ${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.jar
-          tag: ${{ github.event.release.tag_name }}
-          overwrite: true
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      # 登录到 GitHub Container Registry (GHCR)
-      - name: Log in to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # 镜像打标签准备
-      - name: Generate image tags
-        id: meta
-        run: |
-          OWNER_LC=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
-          REPO_LC=$(echo "${{ github.event.repository.name }}" | tr '[:upper:]' '[:lower:]')
-          echo "tag_version=ghcr.io/$OWNER_LC/$REPO_LC:${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
-          echo "tag_latest=ghcr.io/$OWNER_LC/$REPO_LC:latest" >> "$GITHUB_OUTPUT"
-
-      # 构建并上传镜像到 GHCR
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          file: Dockerfile.ci
-          build-args: JAR_FILE=${{ steps.jar.outputs.file }}
-          push: true
-          tags: |
-            ${{ steps.meta.outputs.tag_version }}
-            ${{ steps.meta.outputs.tag_latest }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
@@ -5,6 +5,8 @@ plugins {
 }

 val artefactVersion: String by project
+val buildChannel: String by project
+val vendor: String by project

 group = "com.onixbyte.helix"
 version = artefactVersion
@@ -61,6 +63,16 @@ dependencies {
    testRuntimeOnly(libs.junit.launcher)
 }

+tasks.processResources {
+    filesMatching("application.yaml") {
+        expand(
+            "appVersion" to artefactVersion,
+            "channel" to buildChannel,
+            "vendor" to vendor
+        )
+    }
+}
+
 tasks.test {
    useJUnitPlatform()
 }
@@ -1,10 +1,10 @@
 package com.onixbyte.deltaforceguide.config;

-import com.onixbyte.deltaforceguide.properties.WebhookProperties;
+import com.onixbyte.deltaforceguide.properties.GitHubWebhookProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Configuration;

@Configuration
-@EnableConfigurationProperties(WebhookProperties.class)
+@EnableConfigurationProperties({GitHubWebhookProperties.class})
 public class WebhookConfig {
 }
@@ -18,6 +18,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

 import java.time.Duration;
+import java.time.LocalDateTime;

 /**
 * REST controller for user authentication endpoints (login, logout).
@@ -43,12 +44,14 @@ public class AuthController {
    @PostMapping("/login")
    public ResponseEntity<UserResponse> login(@Validated @RequestBody LoginRequest request) {
        var user = authService.login(request);
+        var currentTime = LocalDateTime.now();
        var accessToken = tokenClient.generateToken(user);
        var accessTokenCookie = cookieService.buildCookie(CookieName.ACCESS_TOKEN, accessToken);
+        var cookieMaxAge = accessTokenCookie.getMaxAge();

        return ResponseEntity.ok()
                .header(HttpHeaders.SET_COOKIE, accessTokenCookie.toString())
-                .body(UserResponse.from(user));
+                .body(UserResponse.from(user, currentTime.plus(cookieMaxAge)));
    }

    @RequiresAuth
@@ -2,6 +2,8 @@ package com.onixbyte.deltaforceguide.domain.dto;

 import com.onixbyte.deltaforceguide.domain.entity.User;

+import java.time.LocalDateTime;
+
 /**
 * Response DTO for a user account, including associated credentials.
 *
@@ -10,13 +12,15 @@ import com.onixbyte.deltaforceguide.domain.entity.User;
 public record UserResponse(
        Long id,
        String username,
-        String email
+        String email,
+        LocalDateTime expiration
 ) {
-    public static UserResponse from(User user) {
+    public static UserResponse from(User user, LocalDateTime expiration) {
        return new UserResponse(
                user.getId(),
                user.getUsername(),
-                user.getEmail()
+                user.getEmail(),
+                expiration
        );
    }
 }
@@ -48,7 +48,7 @@ public class GitHubWebhookInterceptor implements HandlerInterceptor {
                    "Request body is not readable");
        }

-        var secret = webhookManager.github().secret();
+        var secret = webhookManager.secret();
        if (secret == null || secret.isBlank()) {
            log.debug("No GitHub webhook secret configured, skipping signature verification");
            return true;
@@ -64,7 +64,7 @@ public class GitHubWebhookInterceptor implements HandlerInterceptor {

        var body = req.getBodyString();
        try {
-            var computed = "sha256=" + CryptoUtil.hmacSha256(secret, body);
+            var computed = "sha256=" + CryptoUtil.hmacSha256(body, secret);

            if (!MessageDigest.isEqual(
                    computed.getBytes(StandardCharsets.UTF_8),
@@ -18,6 +18,10 @@ public class AppManager {
     * @return the version string of this application
     */
    public String getVersion() {
-        return appProperties.version();
+        return "v%s-%s by @%s".formatted(
+                appProperties.version(),
+                appProperties.channel(),
+                appProperties.vendor()
+        );
    }
 }
@@ -1,21 +1,24 @@
 package com.onixbyte.deltaforceguide.manager;

 import com.onixbyte.deltaforceguide.properties.GitHubWebhookProperties;
-import com.onixbyte.deltaforceguide.properties.WebhookProperties;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

+import java.util.List;
+
@Component
 public class WebhookManager {

-    private final WebhookProperties webhookProperties;
+    private final GitHubWebhookProperties gitHubWebhookProperties;

-    @Autowired
-    public WebhookManager(WebhookProperties webhookProperties) {
-        this.webhookProperties = webhookProperties;
+    public WebhookManager(GitHubWebhookProperties gitHubWebhookProperties) {
+        this.gitHubWebhookProperties = gitHubWebhookProperties;
    }

-    public GitHubWebhookProperties github() {
-        return webhookProperties.github();
+    public String secret() {
+        return gitHubWebhookProperties.secret();
+    }
+
+    public List<String> allowedUsers() {
+        return gitHubWebhookProperties.allowedUsers();
    }
 }
@@ -4,6 +4,8 @@ import org.springframework.boot.context.properties.ConfigurationProperties;

@ConfigurationProperties(prefix = "app.common")
 public record AppProperties(
-        String version
+        String version,
+        String channel,
+        String vendor
 ) {
 }
@@ -1,7 +1,10 @@
 package com.onixbyte.deltaforceguide.properties;

+import org.springframework.boot.context.properties.ConfigurationProperties;
+
 import java.util.List;

+@ConfigurationProperties(prefix = "app.webhook.github")
 public record GitHubWebhookProperties(
        String secret,
        List<String> allowedUsers
@@ -1,9 +0,0 @@
-package com.onixbyte.deltaforceguide.properties;
-
-import org.springframework.boot.context.properties.ConfigurationProperties;
-
-@ConfigurationProperties(prefix = "app.webhook")
-public record WebhookProperties(
-        GitHubWebhookProperties github
-) {
-}
@@ -73,8 +73,7 @@ public class WebhookService {
            return;
        }

-        @SuppressWarnings("unchecked")
-        var data = (Map<String, Object>) yaml.load(parsedYaml);
+        var data = yaml.<Map<String, Object>>load(parsedYaml);
        if (data == null) {
            log.warn("Empty YAML block in issue #{}", issue.number());
            return;
@@ -173,7 +172,7 @@ public class WebhookService {
    private boolean isAllowedSender(
            GitHubWebhookSender sender
    ) {
-        var allowedUsers = webhookManager.github().allowedUsers();
+        var allowedUsers = webhookManager.allowedUsers();
        if (allowedUsers == null || allowedUsers.isEmpty()) {
            return true;
        }
@@ -39,13 +39,13 @@ mybatis:
  type-handlers-package: com.onixbyte.deltaforceguide.mapper.handler
  mapper-locations: classpath:/mapper/*.xml

-app:
-  webhook:
-    github:
-      secret: ${GITHUB_WEBHOOK_SECRET:}
-      allowed-users: []
-
 logging:
  level:
    org.hibernate:
      orm.connections.pooling: off
+
+app:
+  common:
+    version: ${appVersion}
+    channel: ${channel}
+    vendor: ${vendor}
Author	SHA1	Message	Date
siujamo	4803ae78c9	Merge pull request 'Develop' (#1 ) from develop into main Build and Deploy / build-and-release (release) Failing after 15m51s Details Reviewed-on: #1	2026-06-04 17:40:34 +08:00
siujamo	a065b60cae	chore: migrate CI from GitHub Actions to Gitea Actions Replace GitHub Actions workflow with Gitea Actions, and switch container registry from GHCR to Docker Hub.	2026-06-04 17:36:43 +08:00
siujamo	17cd87c702	feat: inject build-time variables via Gradle processResources Replace hardcoded AppProperties values with Gradle ${} placeholders, allowing version/channel/vendor to be configured via gradle.properties or -P flags at build time. Also refactor webhook configuration to flatten the properties hierarchy by removing the intermediate WebhookProperties wrapper.	2026-06-04 17:12:48 +08:00
siujamo	4e2da0debc	feat: add expire time into login response	2026-06-04 14:47:45 +08:00
siujamo	0815d1d618	chore: optimise code style	2026-06-04 14:42:14 +08:00