From 4767bb1eeefd3c3ef57cdc1eed3c54371562918e Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Mon, 19 Jan 2026 15:44:52 +0700 Subject: [PATCH 01/13] build: add ci build image yml --- .github/pull_request_template.md | 33 +++++++++++++------------ .github/workflows/cd-build-image.yml | 37 ++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 16 deletions(-) create mode 100644 .github/workflows/cd-build-image.yml diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 2ae0a23..3ec3a65 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,26 +1,27 @@ ## What? -Explain the changes you've made -## Why? -The “why” tells us what business or engineering goal this change achieves -## How? - -## Testing? -[ ] Functional Testing - -[ ] Security -[ ] Performance + -[ ] Error Handling +## Why? -[ ] Code Quality + -[ ] Documentation +## How? -[ ] Database + -[ ] Deployment +## Testing? -[ ] Final Review +- [ ] Functional Testing +- [ ] Security +- [ ] Performance +- [ ] Error Handling +- [ ] Code Quality +- [ ] Documentation +- [ ] Database +- [ ] Deployment +- [ ] Final Review ## Anything Else? + + diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml new file mode 100644 index 0000000..2b718eb --- /dev/null +++ b/.github/workflows/cd-build-image.yml @@ -0,0 +1,37 @@ +name: CD + +on: + push: + branches: + - main + +jobs: + deploy: + name: Build & Deploy spacedf-backend + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + # Login to GHCR + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # Build & Push image + - name: Build & Push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: | + ghcr.io/${{ github.repository }}:latest + ghcr.io/${{ github.repository }}:${{ github.sha }} From b2eac22ca3e9650f70210b29c2b85a22b38ee3a9 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Mon, 19 Jan 2026 16:02:18 +0700 Subject: [PATCH 02/13] feat: add tag --- .github/workflows/cd-build-image.yml | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index 2b718eb..07668c8 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -1,13 +1,14 @@ -name: CD +name: Build & Publish Docker Image on: push: branches: - main + - dev jobs: deploy: - name: Build & Deploy spacedf-backend + name: Build & Deploy spacedf-backend Docker Image runs-on: ubuntu-latest permissions: @@ -26,12 +27,25 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + # Generate Docker metadata + - name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/${{ github.repository }} + tags: | + # main branch + type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} + type=sha + + # dev branch + type=raw,value=dev,enable=${{ github.ref == 'refs/heads/dev' }} + # Build & Push image - name: Build & Push Docker image uses: docker/build-push-action@v5 with: context: . push: true - tags: | - ghcr.io/${{ github.repository }}:latest - ghcr.io/${{ github.repository }}:${{ github.sha }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From 441291c809564ed30b8e24c50d3bcda5fc002f6f Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Mon, 19 Jan 2026 16:10:41 +0700 Subject: [PATCH 03/13] fix: add service path in dockerfile --- .github/workflows/cd-build-image.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index 07668c8..a7dbbbc 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -46,6 +46,7 @@ jobs: uses: docker/build-push-action@v5 with: context: . + file: ./auth-service/Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From 84dece697142e089d25a514f663f9a4c386b33f0 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Mon, 19 Jan 2026 16:25:45 +0700 Subject: [PATCH 04/13] fix: correct service path --- .github/workflows/cd-build-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index a7dbbbc..2da5880 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -46,7 +46,7 @@ jobs: uses: docker/build-push-action@v5 with: context: . - file: ./auth-service/Dockerfile + file: ./Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From a8d4e7cd93a073bef993b68fad336f2394a9008b Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Mon, 19 Jan 2026 17:20:24 +0700 Subject: [PATCH 05/13] fix: correct cd build image --- .github/workflows/cd-build-image.yml | 2 ++ Dockerfile | 26 +++++++++++++++----------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index 2da5880..3f36ab1 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -50,3 +50,5 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + secrets: | + GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index 21a3900..621fdaa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,25 @@ FROM python:3.10-alpine + ENV PYTHONUNBUFFERED=1 +ENV DJANGO_SETTINGS_MODULE="auth_service.settings" -# Allows docker to cache installed dependencies between builds -RUN apk add build-base libffi-dev curl -COPY ./auth-service/requirements.txt requirements.txt -RUN pip install -r requirements.txt -COPY ./django-common-utils django-common-utils -RUN pip install ../django-common-utils +RUN apk add --no-cache \ + build-base \ + libffi-dev \ + curl \ + git -# Adds our application code to the image -COPY ./auth-service auth-service +# Configure git to use GITHUB_TOKEN for private repo access +RUN git config --global credential.helper store && \ + git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" -WORKDIR /auth-service +RUN pip install --no-cache-dir \ + git+https://github.com/Space-DF/django-common-utils.git@dev -EXPOSE 80 +COPY . . +WORKDIR /app -ENV DJANGO_SETTINGS_MODULE="auth_service.settings" +RUN pip install -r requirements.txt RUN ["chmod", "+x", "./docker-entrypoint.sh"] From 0b9209a159659d10f6645be8e50b6ab9f848a514 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Mon, 19 Jan 2026 17:28:51 +0700 Subject: [PATCH 06/13] chore: change the secret to build args in dockerfile configuration --- .github/workflows/cd-build-image.yml | 2 +- Dockerfile | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index 3f36ab1..362cf1d 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -50,5 +50,5 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - secrets: | + build-args: | GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index 621fdaa..f4487ee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,15 +3,19 @@ FROM python:3.10-alpine ENV PYTHONUNBUFFERED=1 ENV DJANGO_SETTINGS_MODULE="auth_service.settings" +# Allow passing GITHUB_TOKEN as build arg for local builds +ARG GITHUB_TOKEN + RUN apk add --no-cache \ build-base \ libffi-dev \ curl \ git -# Configure git to use GITHUB_TOKEN for private repo access -RUN git config --global credential.helper store && \ - git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" +# Configure git to use GITHUB_TOKEN for private repo access (only if token is provided) +RUN if [ -n "$GITHUB_TOKEN" ]; then \ + git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"; \ + fi RUN pip install --no-cache-dir \ git+https://github.com/Space-DF/django-common-utils.git@dev From 84e189630cb2643f9ac82b4a84ecb3dbd7c77403 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Mon, 19 Jan 2026 17:57:32 +0700 Subject: [PATCH 07/13] fix: correct secret for building --- .github/workflows/cd-build-image.yml | 4 ++-- Dockerfile | 13 ++++--------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index 362cf1d..03c2727 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -50,5 +50,5 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - build-args: | - GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} + secrets: | + github_token=${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index f4487ee..ebc0f4e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,22 +3,17 @@ FROM python:3.10-alpine ENV PYTHONUNBUFFERED=1 ENV DJANGO_SETTINGS_MODULE="auth_service.settings" -# Allow passing GITHUB_TOKEN as build arg for local builds -ARG GITHUB_TOKEN - RUN apk add --no-cache \ build-base \ libffi-dev \ curl \ git -# Configure git to use GITHUB_TOKEN for private repo access (only if token is provided) -RUN if [ -n "$GITHUB_TOKEN" ]; then \ - git config --global url."https://x-access-token:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"; \ - fi +# Install private repo using BuildKit secret +RUN --mount=type=secret,id=github_token \ + pip install --no-cache-dir \ + git+https://$(cat /run/secrets/github_token)@github.com/Space-DF/django-common-utils.git@dev -RUN pip install --no-cache-dir \ - git+https://github.com/Space-DF/django-common-utils.git@dev COPY . . WORKDIR /app From 1120d67d9d331b7a82608fbc8f583e50e9d50fb6 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Mon, 19 Jan 2026 18:00:41 +0700 Subject: [PATCH 08/13] fix: add prefix for secret --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ebc0f4e..9299a57 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN apk add --no-cache \ # Install private repo using BuildKit secret RUN --mount=type=secret,id=github_token \ pip install --no-cache-dir \ - git+https://$(cat /run/secrets/github_token)@github.com/Space-DF/django-common-utils.git@dev + git+https://x-access-token:$(cat /run/secrets/github_token)@github.com/Space-DF/django-common-utils.git@dev COPY . . From de95fa5e20c945d60a183c508531ddc0cd3dec89 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Tue, 20 Jan 2026 09:17:23 +0700 Subject: [PATCH 09/13] fix: change github token to pat --- .github/workflows/cd-build-image.yml | 2 +- Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index 03c2727..a35c987 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -51,4 +51,4 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} secrets: | - github_token=${{ secrets.GITHUB_TOKEN }} + github_token=${{ secrets.GH_PAT }} diff --git a/Dockerfile b/Dockerfile index 9299a57..ebc0f4e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ RUN apk add --no-cache \ # Install private repo using BuildKit secret RUN --mount=type=secret,id=github_token \ pip install --no-cache-dir \ - git+https://x-access-token:$(cat /run/secrets/github_token)@github.com/Space-DF/django-common-utils.git@dev + git+https://$(cat /run/secrets/github_token)@github.com/Space-DF/django-common-utils.git@dev COPY . . From 2b34bc196e72275818803145d27c37c0e5e5aeb1 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Tue, 20 Jan 2026 09:20:28 +0700 Subject: [PATCH 10/13] fix: correct path --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ebc0f4e..1f9d6be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN --mount=type=secret,id=github_token \ COPY . . WORKDIR /app -RUN pip install -r requirements.txt +RUN pip install -r ./requirements.txt RUN ["chmod", "+x", "./docker-entrypoint.sh"] From 5b8c3e90be18a94e22d774f582edc99888e91951 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Tue, 20 Jan 2026 09:26:27 +0700 Subject: [PATCH 11/13] fix: docker build for private django-common-utils dependency --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 1f9d6be..23b4fab 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,9 +15,9 @@ RUN --mount=type=secret,id=github_token \ git+https://$(cat /run/secrets/github_token)@github.com/Space-DF/django-common-utils.git@dev -COPY . . WORKDIR /app +COPY . . RUN pip install -r ./requirements.txt RUN ["chmod", "+x", "./docker-entrypoint.sh"] From a5e89dd5d9922f63d664623d5a27c537b2933ef4 Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Tue, 20 Jan 2026 11:05:28 +0700 Subject: [PATCH 12/13] build: update cd build image to release --- .github/workflows/cd-build-image.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index a35c987..47bd2f4 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -1,10 +1,8 @@ name: Build & Publish Docker Image on: - push: - branches: - - main - - dev + release: + types: [published] jobs: deploy: @@ -18,6 +16,8 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 + with: + ref: ${{ github.event.release.tag_name }} # Login to GHCR - name: Login to GHCR @@ -34,12 +34,9 @@ jobs: with: images: ghcr.io/${{ github.repository }} tags: | - # main branch - type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} - type=sha - - # dev branch - type=raw,value=dev,enable=${{ github.ref == 'refs/heads/dev' }} + type=semver,pattern={{version}},value=${{ github.event.release.tag_name }} + type=semver,pattern={{major}}.{{minor}},value=${{ github.event.release.tag_name }} + type=semver,pattern={{major}},value=${{ github.event.release.tag_name }} # Build & Push image - name: Build & Push Docker image From b8bc8db1e3fee9f4b7ebe4790b853d6116f79f6f Mon Sep 17 00:00:00 2001 From: lethanhdat762003 Date: Tue, 20 Jan 2026 12:52:10 +0700 Subject: [PATCH 13/13] build: update cd condition for releasing --- .github/workflows/cd-build-image.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cd-build-image.yml b/.github/workflows/cd-build-image.yml index 47bd2f4..d2b0aa0 100644 --- a/.github/workflows/cd-build-image.yml +++ b/.github/workflows/cd-build-image.yml @@ -6,6 +6,7 @@ on: jobs: deploy: + if: github.event.release.target_commitish == 'main' name: Build & Deploy spacedf-backend Docker Image runs-on: ubuntu-latest