.forgejo/test.txt

@@ -1,4 +1 @@
 test
-test
-ci test Sat Mar 28 11:26:45 +07 2026
-test Sat Mar 28 14:46:11 +07 2026

.forgejo/workflows/docker-build.yml

@@ -3,24 +3,70 @@ name: Build & Push Docker Image
 on:
   push:
     branches: [main, master]
+    tags: ['v*']
   workflow_dispatch:
+    inputs:
+      api_url:
+        description: 'API URL for frontend build'
+        required: false
+        default: 'http://ut.khoavo.myds.me:8981/api'
+        type: string
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: docker:host
     steps:
+      - name: Tools check
+        run: |
+          echo "Docker: $(docker --version)"
+          echo "Git: $(git --version)"
+
       - name: Checkout
         run: |
           cd /tmp
           rm -rf kv-tube
-          git clone https://vndangkhoa:b14bc4938aeb5f4014fa15186985a0a625f7e9b4@nas:3050/vndangkhoa/kv-tube.git
+          git clone https://vndangkhoa:Thieugia19@git.khoavo.myds.me/vndangkhoa/kv-tube.git
           cd kv-tube
           git checkout ${GITEA_SHA:-main}
+          echo "Checked out: $(git rev-parse --short HEAD)"
+
+      - name: Login to registry
+        run: echo "Thieugia19" | docker login git.khoavo.myds.me -u vndangkhoa --password-stdin
 
       - name: Build and push
         run: |
           cd /tmp/kv-tube
           SHA_SHORT=$(git rev-parse --short HEAD)
           IMAGE="git.khoavo.myds.me/vndangkhoa/kv-tube"
-          docker build -t ${IMAGE}:${SHA_SHORT} .
-          docker push ${IMAGE}:${SHA_SHORT}
+          TAGS="${IMAGE}:${SHA_SHORT}"
+          if [ "${GITEA_REF}" = "refs/heads/main" ] || [ "${GITEA_REF}" = "refs/heads/master" ]; then
+            TAGS="${TAGS},${IMAGE}:main"
+          fi
+          if echo "${GITEA_REF}" | grep -q "refs/tags/v"; then
+            VERSION=${GITEA_REF#refs/tags/v}
+            TAGS="${TAGS},${IMAGE}:${VERSION},${IMAGE}:latest"
+          fi
+          echo "Building tags: ${TAGS}"
+
+          TAG_ARGS=""
+          IFS=',' read -ra TAG_ARRAY <<< "${TAGS}"
+          for tag in "${TAG_ARRAY[@]}"; do
+            TAG_ARGS="${TAG_ARGS} -t ${tag}"
+          done
+
+          docker build \
+            ${TAG_ARGS} \
+            --build-arg NEXT_PUBLIC_API_URL=${{ gitea.event.inputs.api_url || 'http://ut.khoavo.myds.me:8981/api' }} \
+            .
+
+          for tag in "${TAG_ARRAY[@]}"; do
+            echo "Pushing ${tag}..."
+            docker push "${tag}"
+          done
+
+      - name: Verify
+        run: docker images | grep kv-tube
+
+      - name: Cleanup
+        if: always()
+        run: rm -rf /tmp/kv-tube

.github/workflows/ci.yml

@@ -0,0 +1,114 @@
+name: CI
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+  workflow_dispatch:
+    inputs:
+      api_url:
+        description: 'API URL'
+        required: false
+        default: 'http://ut.khoavo.myds.me:8981/api'
+        type: string
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install ruff mypy bandit types-requests
+          pip install -r requirements.txt
+      
+      - name: Run Ruff
+        run: ruff check . --output-format=github
+      
+      - name: Run MyPy
+        run: mypy app/ config.py --ignore-missing-imports
+        continue-on-error: true
+      
+      - name: Run Bandit
+        run: bandit -r app/ -x app/routes/api --skip B101,B311
+        continue-on-error: true
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pytest pytest-cov
+      
+      - name: Run tests
+        run: pytest tests/ -v --tb=short
+        continue-on-error: true
+
+  build:
+    runs-on: ubuntu-latest
+    needs: [lint, test]
+    if: startsWith(github.ref, 'refs/tags/')
+    
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into Docker Hub
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Log into Forgejo Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.khoavo.myds.me
+          username: ${{ secrets.FORGEJO_USERNAME }}
+          password: ${{ secrets.FORGEJO_PASSWORD }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            docker.io/${{ github.repository }}
+            git.khoavo.myds.me/${{ github.repository }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/tags/v*' }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            NEXT_PUBLIC_API_URL=${{ github.event.inputs.api_url || 'http://ut.khoavo.myds.me:8981/api' }}

.github/workflows/docker-publish.yml

@@ -0,0 +1,56 @@
+name: Docker Build & Push
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+    inputs:
+      api_url:
+        description: 'API URL'
+        required: false
+        default: 'http://ut.khoavo.myds.me:8981/api'
+        type: string
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into Forgejo Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.khoavo.myds.me
+          username: ${{ secrets.FORGEJO_USERNAME }}
+          password: ${{ secrets.FORGEJO_PASSWORD }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: git.khoavo.myds.me/vndangkhoa/kv-tube
+          tags: |
+            type=semver,pattern={{version}}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/tags/v*' }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          build-args: |
+            NEXT_PUBLIC_API_URL=${{ github.event.inputs.api_url || 'http://ut.khoavo.myds.me:8981/api' }}

docker-compose.forgejo.yml

@@ -1,52 +1,42 @@
 services:
-  forgejo:
-    image: codeberg.org/forgejo/forgejo:7.0.16
+  server:
+    image: codeberg.org/forgejo/forgejo:9
     container_name: forgejo
     environment:
       - USER_UID=1026
       - USER_GID=100
       - GITEA__database__DB_TYPE=sqlite3
       - TZ=Asia/Ho_Chi_Minh
-      - GITEA__actions__ENABLED=true
-      - INSTALL_LOCK=true
-      - FORGEJO__server__ROOT_URL=http://nas:3050/
     restart: always
+    networks:
+      - forgejo_custom_net
     volumes:
-      - ./forgejo-data:/data
+      - ./data:/data
     ports:
       - "3050:3000"
       - "2222:22"
-    networks:
-      - kv-tube_default
 
-  forgejo-runner:
-    image: code.forgejo.org/forgejo/runner:latest
+  runner:
+    image: code.forgejo.org/forgejo/runner:6.0.1
     container_name: forgejo_runner
     restart: always
     user: "0:0"
     privileged: true
     depends_on:
-      - forgejo
+      - server
+    networks:
+      - forgejo_custom_net
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./forgejo-runner-data:/data
-    entrypoint:
-      - sh
-      - -c
-      - |
-        if [ ! -f /data/.runner ]; then
-          forgejo-runner register --no-interactive \
-            --instance http://forgejo:3000 \
-            --token d5XKhmpu4lTR7P516juCjEes6QsI4qFvVean3zqT \
-            --name synology-runner \
-            --labels ubuntu-latest,ubuntu-22.04,docker:host
-        fi
-        forgejo-runner daemon
+      - ./runner-data:/data
+    entrypoint: >
+      sh -c "if [ ! -f /data/.runner ]; then forgejo-runner register --no-interactive --instance http://server:3000 --token xP3IdP05YPJJZ504z7UzK90njFFzQnX4d77cJiCN --name synology-runner --labels ubuntu-latest:docker://node:20-bookworm,ubuntu-22.04:docker://node:20-bookworm,docker:host; fi; forgejo-runner daemon"
     environment:
       - TZ=Asia/Ho_Chi_Minh
-    networks:
-      - kv-tube_default
-
+      
 networks:
-  kv-tube_default:
-    external: true
+  forgejo_custom_net:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.38.0.0/24