feat: deploy to dockerhub

.docker/admin-server/Dockerfile

@@ -1,4 +1,4 @@
-FROM openjdk:21-jdk as builder
+FROM openjdk:21-jdk AS builder
 RUN microdnf install findutils
 
 WORKDIR /app
@@ -9,10 +9,23 @@ RUN chmod +x ./gradlew
 
 RUN ./gradlew :modules:admin-server:bootJar -x test -x allTests -x jsBrowserTest
 
-FROM openjdk:21-jdk as runner
+FROM openjdk:21-jdk AS runner
+RUN microdnf install curl
 
 WORKDIR /app
 
-COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.1.2-SNAPSHOT.jar ./admin-server-0.1.2.jar
+# Create logs directory and set permissions
+RUN mkdir -p /app/logs && \
+    chown -R 1002:0 /app/logs /app && \
+    chmod -R 775 /app/logs && \
+    chmod -R 755 /app
 
-ENTRYPOINT ["java", "-jar", "admin-server-0.1.2.jar"]
+COPY --from=builder /app/modules/admin-server/build/libs/admin-server-*.jar ./admin-server.jar
+HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:8080/status || exit 1
+
+# Create non-root user
+RUN useradd -r -u 1002 -g root admin-server
+USER admin-server
+
+ENTRYPOINT ["java"]
+CMD ["-XX:MaxRAMPercentage=75.0", "-XX:InitialRAMPercentage=50.0", "-XX:+UseG1GC", "-jar", "admin-server.jar"]

.docker/federation-server/Dockerfile

@@ -1,4 +1,4 @@
-FROM openjdk:21-jdk as builder
+FROM openjdk:21-jdk AS builder
 RUN microdnf install findutils
 
 WORKDIR /app
@@ -9,10 +9,17 @@ RUN chmod +x ./gradlew
 
 RUN ./gradlew :modules:federation-server:bootJar -x test -x allTests -x jsBrowserTest
 
-FROM openjdk:21-jdk as runner
+FROM openjdk:21-jdk AS runner
+RUN microdnf install curl
 
 WORKDIR /app
 
-COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.1.2-SNAPSHOT.jar ./federation-server-0.1.2.jar
+COPY --from=builder /app/modules/federation-server/build/libs/federation-server-*.jar ./federation-server.jar
+HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:8080/status || exit 1
 
-ENTRYPOINT ["java", "-jar", "federation-server-0.1.2.jar"]
+# Create non-root user
+RUN useradd -r -u 1001 -g root federation-server
+USER federation-server
+
+ENTRYPOINT ["java"]
+CMD ["-XX:MaxRAMPercentage=75.0", "-XX:InitialRAMPercentage=50.0", "-XX:+UseG1GC", "-jar", "federation-server.jar"]

.github/workflows/auto-version.yml

@@ -0,0 +1,150 @@
+name: Auto Version
+
+on:
+  repository_dispatch:
+    types: [ trigger-version ]
+  pull_request:
+    types: [ closed ]
+
+jobs:
+  auto-version:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    if: github.event_name == 'repository_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get version info
+        id: get_version_info
+        run: |
+          git config --local user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+          git config --local user.name "${GITHUB_ACTOR}"
+          
+          # Handle both PR and push events for branch name
+          EVENT_NAME="${{ github.event_name }}"
+          if [[ "$EVENT_NAME" == "pull_request" ]]; then
+            BRANCH_NAME="${{ github.event.pull_request.head.ref }}"
+          else
+            BRANCH_NAME="${GITHUB_REF#refs/heads/}"
+          fi
+          
+          # Determine branch type prefix first
+          if [[ $BRANCH_NAME == "develop" ]]; then
+            PREFIX="dev"
+          elif [[ $BRANCH_NAME == "main" ]]; then
+            PREFIX="main"
+          elif [[ $BRANCH_NAME == feature/* ]]; then
+            PREFIX="feat"
+          elif [[ $BRANCH_NAME == hotfix/* ]]; then
+            PREFIX="fix"
+          elif [[ $BRANCH_NAME == release/* ]]; then
+            PREFIX="rel"
+          else
+            PREFIX="build"
+          fi
+          
+          # Get latest version tag globally, ignoring branch prefixes
+          echo "Available tags:"
+          if ! git tag --list | grep -q "^v"; then
+            echo "No version tags found, creating initial tag v0.0.1"
+            git tag -a "v0.0.1" -m "Initial version"
+            git push origin v0.0.1
+            LATEST_TAG="v0.0.1"
+          else
+            git tag --sort=-v:refname
+            echo "Filtered tags:"
+            git tag --sort=-v:refname | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+" || echo "No matching tags"
+            LATEST_TAG=$(git tag --sort=-v:refname | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+" | head -n1 || echo "v0.0.1")
+          fi
+          
+          COMMIT_SHA=$(git rev-parse --short HEAD)
+          PR_NUMBER=${{ github.event.pull_request.number }}
+          COMMIT_MSG=$(git log -1 --pretty=%B)
+          
+          # Version bump detection
+          if [[ $COMMIT_MSG == *"#major"* ]] || [[ $COMMIT_MSG == "BREAKING CHANGE:"* ]] || [[ $COMMIT_MSG == *"!"* ]]; then
+            echo "bump_type=major" >> $GITHUB_OUTPUT
+          elif [[ $COMMIT_MSG == *"#minor"* ]] || [[ $COMMIT_MSG == "feat:"* ]]; then
+            echo "bump_type=minor" >> $GITHUB_OUTPUT
+          elif [[ $COMMIT_MSG == *"#patch"* ]] || [[ $COMMIT_MSG == "fix:"* ]]; then
+            echo "bump_type=patch" >> $GITHUB_OUTPUT
+          else
+            echo "bump_type=auto" >> $GITHUB_OUTPUT
+          fi
+          
+          echo "latest_tag=${LATEST_TAG}" >> $GITHUB_OUTPUT
+          echo "commit_sha=${COMMIT_SHA}" >> $GITHUB_OUTPUT
+          echo "prefix=${PREFIX}" >> $GITHUB_OUTPUT
+          echo "pr_number=${PR_NUMBER}" >> $GITHUB_OUTPUT
+
+      - name: Bump version
+        id: bump_version
+        run: |
+          LATEST_TAG=${{ steps.get_version_info.outputs.latest_tag }}
+          COMMIT_SHA=${{ steps.get_version_info.outputs.commit_sha }}
+          PREFIX=${{ steps.get_version_info.outputs.prefix }}
+          PR_NUMBER=${{ steps.get_version_info.outputs.pr_number }}
+          BUMP_TYPE=${{ steps.get_version_info.outputs.bump_type }}
+          
+          # Remove 'v' prefix and split into array
+          VERSION=${LATEST_TAG#v}
+          IFS='.' read -ra VERSION_PARTS <<< "$VERSION"
+          
+          echo "current_version=${VERSION}" >> $GITHUB_OUTPUT
+          
+          # Version increment logic
+          case $BUMP_TYPE in
+            "major")
+              ((VERSION_PARTS[0]++))  # Increment major
+              VERSION_PARTS[1]=0      # Reset minor
+              VERSION_PARTS[2]=0      # Reset patch
+              ;;
+            "minor")
+              ((VERSION_PARTS[1]++))  # Increment minor
+              VERSION_PARTS[2]=0      # Reset patch
+              ;;
+            "patch")
+              ((VERSION_PARTS[2]++))  # Increment patch
+              ;;
+            "auto")
+              # Default behavior based on branch type
+              if [[ $PREFIX == "rel" ]]; then
+                ((VERSION_PARTS[1]++))  # Increment minor for release
+                VERSION_PARTS[2]=0      # Reset patch
+              else
+                ((VERSION_PARTS[2]++))  # Increment patch for everything else
+              fi
+              ;;
+          esac
+          
+          # Create new version string
+          if [[ -n $PR_NUMBER ]]; then
+            NEW_VERSION="v${VERSION_PARTS[0]}.${VERSION_PARTS[1]}.${VERSION_PARTS[2]}-${PREFIX}.pr${PR_NUMBER}.${COMMIT_SHA}"
+          else
+            NEW_VERSION="v${VERSION_PARTS[0]}.${VERSION_PARTS[1]}.${VERSION_PARTS[2]}-${PREFIX}.${COMMIT_SHA}"
+          fi
+          
+          echo "new_version=${NEW_VERSION}" >> $GITHUB_OUTPUT
+          
+          # Create tag for version tracking
+          git tag -a ${NEW_VERSION} -m "Release ${NEW_VERSION}"
+          git push origin ${NEW_VERSION}
+          
+          # Only update build.gradle.kts version on develop or main branch
+          if [[ $BRANCH_NAME == "develop" ]] || [[ $BRANCH_NAME == "main" ]]; then
+            VERSION_WITHOUT_V=${NEW_VERSION#v}
+            BASE_VERSION=$(echo $VERSION_WITHOUT_V | cut -d'-' -f1)
+            sed -i "s/version = \".*\"/version = \"$BASE_VERSION\"/" build.gradle.kts
+          
+            # Amend the current commit with the version update
+            git add build.gradle.kts
+            git commit --amend --no-edit
+            git push --force-with-lease origin HEAD
+          fi

.github/workflows/ci.yml

@@ -18,20 +18,6 @@ jobs:
           distribution: temurin
           java-version: 21
 
-      - name: Run database
-        run: docker compose -f docker-compose.yaml up db -d
-        env:
-          DATASOURCE_USER: ${{ secrets.DATASOURCE_USER }}
-          DATASOURCE_PASSWORD: ${{ secrets.DATASOURCE_PASSWORD }}
-          DATASOURCE_URL: ${{ secrets.DATASOURCE_URL }}
-
-      - name: Run local KMS database
-        run: docker compose -f docker-compose.yaml up local-kms-db -d
-        env:
-          DATASOURCE_USER: ${{ secrets.LOCAL_KMS_DATASOURCE_USER }}
-          DATASOURCE_PASSWORD: ${{ secrets.LOCAL_KMS_DATASOURCE_PASSWORD }}
-          DATASOURCE_URL: ${{ secrets.LOCAL_KMS_DATASOURCE_URL }}
-
       - name: Setup Gradle
         uses: gradle/actions/setup-gradle@v4
 
@@ -58,3 +44,10 @@ jobs:
           NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           KMS_PROVIDER: local
+
+      - name: Trigger Auto Version
+        if: success() && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/heads/feature/') || startsWith(github.ref, 'refs/heads/fix/') || startsWith(github.ref, 'refs/heads/release/'))
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          event-type: trigger-version