SplayfunityDE · Splayfery · Aug 13, 2025 · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025
diff --git a/.github/workflows/gradle-publish.yml b/.github/workflows/gradle-publish.yml
@@ -0,0 +1,165 @@
+# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
+# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
+
+name: Build and Deploy to Staging server
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  REMOTE_PATH: /opt/dockerfiles/web-backend
+  GHCR_USER: splayfery
+  TAGS: latest
+
+jobs:
+  build-and-publish:
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+
+    - name: Set up Coretto 21
+      uses: actions/setup-java@v3
+      with:
+        java-version: '21'
+        distribution: 'corretto'
+        server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
+        settings-path: ${{ github.workspace }} # location for the settings.xml file
+
+    - name: Cache Gradle packages
+      uses: actions/cache@v4
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+
+    - name: Build with Gradle
+      run: ./gradlew build --parallel --no-daemon --configuration-cache
+
+    - name: Set up QEMU (for ARM emulation)
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+      with:
+        install: true
+        driver: docker-container
+
+    - name: Log in to the Container registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Cleanup old latest images in GHCR
+      uses: actions/delete-package-versions@v5
+      continue-on-error: true
+      with:
+        package-name: web-backend
+        package-type: container
+        min-versions-to-keep: 1
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: ${{ env.TAGS }}
+
+    - name: Build and push multi-arch Docker image
+      id: push
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        platforms: linux/amd64,linux/arm64
+
+    - name: Generate artifact attestation
+      uses: actions/attest-build-provenance@v2
+      with:
+        subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+        subject-digest: ${{ steps.push.outputs.digest }}
+        push-to-registry: true
+
+  start-service:
+
+    runs-on: ubuntu-latest
+    needs: build-and-publish
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+
+    - name: Install SSH Key
+      uses: shimataro/ssh-key-action@v2
+      with:
+        key: ${{ secrets.SSH_PRIVATE_KEY }}
+        known_hosts: unnecessary
+
+    - name: Adding Known Hosts
+      run: ssh-keyscan -p ${{ secrets.PORT }} -H ${{ secrets.HOST }}  >> ~/.ssh/known_hosts  
+
+    - name: Configure SSH
+      run: |
+        mkdir -p ~/.ssh/
+        echo "$SSH_KEY" > ~/.ssh/staging.key
+        chmod 600 ~/.ssh/staging.key
+        cat >>~/.ssh/config <<END
+        Host staging
+          HostName $SSH_HOST
+          User $SSH_USER
+          IdentityFile ~/.ssh/staging.key
+          StrictHostKeyChecking no
+        END
+      env:
+        SSH_USER: ${{ secrets.USERNAME }}
+        SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+        SSH_HOST: ${{ secrets.HOST }}
+
+    - name: Set lowercase IMAGE_NAME
+      run: echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
+
+    - name: Sync Docker Compose File
+      run: rsync -avz docker-compose.yaml ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.REMOTE_PATH }}
+
+    - name: Deploy and Restart Container
+      run: |
+        ssh staging "
+          echo '${{ secrets.GHCR_TOKEN }}' | docker login ghcr.io -u ${{ env.GHCR_USER }} --password-stdin &&
+
+          # Stop running container
+          docker compose -f ${REMOTE_PATH}/docker-compose.yaml down || true &&
+
+          # Pull latest image
+          docker pull ${REGISTRY}/${IMAGE_NAME}:${{ env.TAGS }} &&
+
+          # Remove unused old images
+          docker image prune -af &&
+
+          # Start new container
+          docker compose -f ${REMOTE_PATH}/docker-compose.yaml up -d
+        "
diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
diff --git a/.gitignore b/.gitignore
@@ -10,4 +10,4 @@ logs/
 build/
 
 ### Security ###
-.env
+.env
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM amazoncorretto:21
 
 RUN mkdir /app
-COPY web-backend-1.0.0-SNAPSHOT.jar /app
+COPY build/libs/web-backend-1.0.0.jar /app
 
-ENTRYPOINT ["java", "-jar", "/app/web-backend-1.0.0-SNAPSHOT.jar"]
+ENTRYPOINT ["java", "-jar", "/app/web-backend-1.0.0.jar"]
diff --git a/build.gradle b/build.gradle
@@ -0,0 +1,45 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This project uses @Incubating APIs which are subject to change.
+ */
+
+plugins {
+    id 'java'
+    id 'org.springframework.boot' version '3.5.4'
+    id 'io.spring.dependency-management' version '1.1.7'
+}
+
+java {
+    toolchain {
+        languageVersion = JavaLanguageVersion.of(21)
+    }
+}
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    implementation 'org.springframework.boot:spring-boot-starter-data-mongodb'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'io.jsonwebtoken:jjwt:0.2'
+    runtimeOnly libs.io.jsonwebtoken.jjwt.impl
+    runtimeOnly libs.io.jsonwebtoken.jjwt.jackson
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+    testImplementation 'org.springframework.security:spring-security-test'
+}
+
+group = 'de.splayfer'
+version = '1.0.0'
+description = 'web-backend'
+java.sourceCompatibility = JavaVersion.VERSION_21
+
+tasks.withType(JavaCompile) {
+    options.encoding = 'UTF-8'
+}
+
+tasks.withType(Javadoc) {
+    options.encoding = 'UTF-8'
+}
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -2,8 +2,6 @@ services:
   web-backend:
     image: ghcr.io/splayfunityde/web-backend:latest
     restart: always
-    volumes:
-      - /opt/dockerfiles/web-backend:/app
     env_file: .env
     ports:
       - 8080:8080
diff --git a/gradle.properties b/gradle.properties
@@ -0,0 +1,7 @@
+# This file was generated by the Gradle 'init' task.
+# https://docs.gradle.org/current/userguide/build_environment.html#sec:gradle_configuration_properties
+
+org.gradle.configuration-cache=true
+org.gradle.parallel=true
+org.gradle.caching=true
+
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -0,0 +1,20 @@
+# This file was generated by the Gradle 'init' task.
+# https://docs.gradle.org/current/userguide/platforms.html#sub::toml-dependencies-format
+
+[versions]
+io-jsonwebtoken-jjwt-api = "0.11.5"
+io-jsonwebtoken-jjwt-impl = "0.11.5"
+io-jsonwebtoken-jjwt-jackson = "0.11.5"
+org-springframework-boot-spring-boot-starter-data-mongodb = "3.5.0"
+org-springframework-boot-spring-boot-starter-security = "3.5.0"
+org-springframework-boot-spring-boot-starter-test = "3.5.0"
+org-springframework-boot-spring-boot-starter-web = "3.5.0"
+
+[libraries]
+io-jsonwebtoken-jjwt-api = { module = "io.jsonwebtoken:jjwt-api", version.ref = "io-jsonwebtoken-jjwt-api" }
+io-jsonwebtoken-jjwt-impl = { module = "io.jsonwebtoken:jjwt-impl", version.ref = "io-jsonwebtoken-jjwt-impl" }
+io-jsonwebtoken-jjwt-jackson = { module = "io.jsonwebtoken:jjwt-jackson", version.ref = "io-jsonwebtoken-jjwt-jackson" }
+org-springframework-boot-spring-boot-starter-data-mongodb = { module = "org.springframework.boot:spring-boot-starter-data-mongodb", version.ref = "org-springframework-boot-spring-boot-starter-data-mongodb" }
+org-springframework-boot-spring-boot-starter-security = { module = "org.springframework.boot:spring-boot-starter-security", version.ref = "org-springframework-boot-spring-boot-starter-security" }
+org-springframework-boot-spring-boot-starter-test = { module = "org.springframework.boot:spring-boot-starter-test", version.ref = "org-springframework-boot-spring-boot-starter-test" }
+org-springframework-boot-spring-boot-starter-web = { module = "org.springframework.boot:spring-boot-starter-web", version.ref = "org-springframework-boot-spring-boot-starter-web" }
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.0.0-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,4 +10,4 @@ logs/ @@
     build/
     ### Security ###
-    .env
+    .env