build: test github action

.github/actions/docker-buildx-push/action.yaml

@@ -0,0 +1,75 @@
+name: "Docker buildx and push"
+description: "Buildx and push the Docker image."
+
+inputs:
+  ghcr-token:
+    description: Token of current GitHub account in GitHub container registry.
+    required: false
+    default: ""
+  dockerhub-user:
+    description: "User name for the DockerHub account"
+    required: false
+    default: ""
+  dockerhub-token:
+    description: Token for the DockerHub account
+    required: false
+    default: ""
+  push:
+    description: Should push the docker image or not.
+    required: false
+    default: "false"
+  platforms:
+    description: Target platforms for building image
+    required: false
+    default: "linux/amd64,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x"
+  image-name:
+    description: The basic name of docker.
+    required: false
+    default: "portal-server"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Docker meta for Server
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          ghcr.io/${{ github.repository_owner }}/${{ inputs.image-name }}
+          lichong-a/${{ inputs.image-name }}
+        tags: |
+          type=schedule,pattern=nightly-{{date 'YYYYMMDD'}},enabled=${{ github.event_name == 'schedule' }}
+          type=ref,event=branch,enabled=${{ github.event_name == 'push' }}
+          type=ref,event=pr,enabled=${{ github.event_name == 'pull_request' }}
+          type=semver,pattern={{major}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{ version }}
+          type=sha,enabled=${{ github.event_name == 'push' }}
+        flavor: |
+          latest=false
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Login to GHCR
+      uses: docker/login-action@v3
+      if: inputs.ghcr-token != '' && github.event_name != 'pull_request'
+      with:
+        registry: ghcr.io
+        username: ${{ github.repository_owner }}
+        password: ${{ inputs.ghcr-token }}
+    - name: Login to DockerHub
+      if: inputs.dockerhub-token != '' && github.event_name != 'pull_request'
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.dockerhub-user }}
+        password: ${{ inputs.dockerhub-token }}
+    - name: Build and push
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: ./Dockerfile
+        platforms: ${{ inputs.platforms }}
+        labels: ${{ steps.meta.outputs.labels }}
+        tags: ${{ steps.meta.outputs.tags }}
+        push: ${{ (inputs.ghcr-token != '' || inputs.dockerhub-token != '') && inputs.push == 'true' }}

.github/actions/setup-env/action.yaml

@@ -0,0 +1,18 @@
+name: Setup Environment
+description: Setup environment to check and build Halo, including console and core projects.
+
+inputs:
+  java-version:
+    description: Java version.
+    required: false
+    default: "17"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Setup JDK
+      uses: actions/setup-java@v4
+      with:
+        distribution: "temurin"
+        cache: "gradle"
+        java-version: ${{ inputs.java-version }}

.github/workflows/main.yml

@@ -0,0 +1,53 @@
+name: portal-server
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+concurrency:
+  group: ${{github.workflow}} - ${{github.ref}}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  compile:
+    runs-on: ubuntu-latest
+    if: ${{ github.repository == 'lichong-a/portal-server' }}
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Setup Environment
+        uses: ./.github/actions/setup-env
+
+      - name: Build APP
+        run: ./gradlew clean && ./gradlew :starter:build
+
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: server-artifacts
+          path: starter/build/libs/portal-server*.jar
+          retention-days: 1
+
+      - name: Download Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: server-artifacts
+          path: starter/build/libs/portal-server*.jar
+
+      - name: Docker Buildx and Push
+        uses: ./.github/actions/docker-buildx-push
+        with:
+          image-name: ${{ github.event_name == 'release' && 'portal-server' || 'portal-server-dev' }}
+          ghcr-token: ${{ secrets.GITHUB_TOKEN }}
+          dockerhub-user: ${{ secrets.DOCKER_USERNAME }}
+          dockerhub-token: ${{ secrets.DOCKER_TOKEN }}
+          push: true
+          platforms: linux/amd64,linux/arm64/v8,linux/ppc64le,linux/s390x

Dockerfile

@@ -0,0 +1,12 @@
+FROM eclipse-temurin:21-jre
+
+WORKDIR application
+ARG JAR_FILE=starter/build/libs/portal-server*.jar
+COPY ${JAR_FILE} application.jar
+
+ENV JVM_OPTS="-Xmx512m -Xms2048m" \
+    TZ=Asia/Shanghai
+
+EXPOSE 8080
+
+ENTRYPOINT [ "sh", "-c", "java $JVM_OPTS -jar application.jar" ]

build.gradle

@@ -37,8 +37,8 @@ allprojects {
     compileJava.options.encoding = 'UTF-8'
     compileTestJava.options.encoding = 'UTF-8'
     javadoc.options.encoding = 'UTF-8'
-    sourceCompatibility = JavaVersion.VERSION_17
-    targetCompatibility = JavaVersion.VERSION_17
+    sourceCompatibility = JavaVersion.VERSION_21
+    targetCompatibility = JavaVersion.VERSION_21
 }
 
 subprojects {

common/core/src/main/java/org/funcode/portal/server/common/core/security/filter/JwtTokenFilter.java

@@ -13,6 +13,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.funcode.portal.server.common.core.constant.SecurityConstant;
 import org.funcode.portal.server.common.core.security.service.IJwtService;
+import org.funcode.portal.server.common.core.util.CookieUtils;
 import org.springframework.lang.NonNull;
 import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
@@ -34,7 +35,9 @@ protected void doFilterInternal(@NonNull HttpServletRequest request,
                                     @NonNull HttpServletResponse response,
                                     @NonNull FilterChain filterChain)
             throws ServletException, IOException {
-        final String accessToken = request.getHeader(SecurityConstant.TOKEN_HEADER_KEY);
+        // 获取 token，优先从 cookie 获取，其次从 header 获取
+        String accessTokenCookie = CookieUtils.getCookieValue(request, SecurityConstant.TOKEN_COOKIE_KEY);
+        final String accessToken = StringUtils.isBlank(accessTokenCookie) ? request.getHeader(SecurityConstant.TOKEN_HEADER_KEY) : accessTokenCookie;
         // 没 token 场景为 登录 等，直接放行，因为后边有其他的过滤器
         if (StringUtils.isBlank(accessToken)) {
             filterChain.doFilter(request, response);

common/core/src/main/java/org/funcode/portal/server/common/core/util/CookieUtils.java

@@ -0,0 +1,31 @@
+package org.funcode.portal.server.common.core.util;
+
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public class CookieUtils {
+
+    /**
+     * 获取指定Cookie的值
+     *
+     * @param request  HttpServletRequest
+     * @param cookieName  cookie name
+     * @return cookie value
+     */
+    public static String getCookieValue(HttpServletRequest request, String cookieName) {
+        String cookieValue = null;
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+            for (Cookie cookie : cookies) {
+                if (cookie.getName().equals(cookieName)) {
+                    cookieValue = cookie.getValue();
+                    break;
+                }
+            }
+        }
+        return cookieValue;
+    }
+}