chore: install GitHub-reward from idea2app/GitHub-reward

.env.release.draft

@@ -0,0 +1,82 @@
+# SkillHub production draft for bare-metal deployment.
+# Copy this to .env.release and replace every value marked TODO.
+#
+# Recommended workflow:
+# 1. cp .env.release.draft .env.release
+# 2. Edit TODO values
+# 3. make validate-release-config
+# 4. docker compose --env-file .env.release -f compose.release.yml up -d
+
+# Pin a released image tag in production.
+SKILLHUB_VERSION=v0.1.0-beta.5
+SKILLHUB_SERVER_IMAGE=ghcr.io/iflytek/skillhub-server
+SKILLHUB_WEB_IMAGE=ghcr.io/iflytek/skillhub-web
+
+# Public HTTPS entrypoint, no trailing slash.
+SKILLHUB_PUBLIC_BASE_URL=https://skillhub.example.com
+
+# Usually keep empty when web and api are served from the same domain.
+SKILLHUB_WEB_API_BASE_URL=
+SKILLHUB_API_UPSTREAM=http://server:8080
+
+# Keep database and redis local-only on the host unless you explicitly need remote access.
+POSTGRES_BIND_ADDRESS=127.0.0.1
+POSTGRES_PORT=5432
+POSTGRES_DB=skillhub
+POSTGRES_USER=skillhub
+POSTGRES_PASSWORD=TODO_change_to_a_strong_database_password
+
+REDIS_BIND_ADDRESS=127.0.0.1
+REDIS_PORT=6379
+
+# Host ports exposed by the app containers.
+API_PORT=8080
+WEB_PORT=80
+
+# Must stay true when the public site is behind HTTPS.
+SESSION_COOKIE_SECURE=true
+
+# External object storage. Production should use s3.
+SKILLHUB_STORAGE_PROVIDER=s3
+
+# Fill with your real S3-compatible endpoint.
+# Aliyun OSS example:
+#   https://oss-cn-shanghai.aliyuncs.com
+# AWS S3 example:
+#   https://s3.ap-east-1.amazonaws.com
+# MinIO example:
+#   https://minio.example.com
+SKILLHUB_STORAGE_S3_ENDPOINT=https://oss-cn-shanghai.aliyuncs.com
+
+# Optional public endpoint for presigned download URLs.
+# Leave empty if the same endpoint is externally reachable.
+SKILLHUB_STORAGE_S3_PUBLIC_ENDPOINT=
+
+SKILLHUB_STORAGE_S3_BUCKET=skillhub-prod
+SKILLHUB_STORAGE_S3_ACCESS_KEY=TODO_fill_real_access_key
+SKILLHUB_STORAGE_S3_SECRET_KEY=TODO_fill_real_secret_key
+SKILLHUB_STORAGE_S3_REGION=cn-shanghai
+
+# Aliyun OSS / AWS S3 typically use false.
+# Many self-hosted MinIO deployments need true.
+SKILLHUB_STORAGE_S3_FORCE_PATH_STYLE=false
+
+# Keep false in production unless you intentionally want the app to create the bucket.
+SKILLHUB_STORAGE_S3_AUTO_CREATE_BUCKET=false
+SKILLHUB_STORAGE_S3_PRESIGN_EXPIRY=PT10M
+
+# Bootstrap admin is only for first login / first bootstrap.
+BOOTSTRAP_ADMIN_ENABLED=true
+BOOTSTRAP_ADMIN_USER_ID=docker-admin
+BOOTSTRAP_ADMIN_USERNAME=admin
+BOOTSTRAP_ADMIN_PASSWORD=TODO_change_to_a_strong_admin_password
+BOOTSTRAP_ADMIN_DISPLAY_NAME=Platform Admin
+BOOTSTRAP_ADMIN_EMAIL=admin@example.com
+
+# Usually keep empty and let the backend derive it from SKILLHUB_PUBLIC_BASE_URL.
+DEVICE_AUTH_VERIFICATION_URI=
+
+# Optional GitHub OAuth.
+# Leave both empty if you are not enabling GitHub login yet.
+OAUTH2_GITHUB_CLIENT_ID=
+OAUTH2_GITHUB_CLIENT_SECRET=

.env.release.example

@@ -3,16 +3,53 @@
 SKILLHUB_VERSION=edge
 SKILLHUB_SERVER_IMAGE=ghcr.io/iflytek/skillhub-server
 SKILLHUB_WEB_IMAGE=ghcr.io/iflytek/skillhub-web
+POSTGRES_IMAGE=postgres:16-alpine
+REDIS_IMAGE=redis:7-alpine
 
+# Public entrypoint seen by browsers/CLI, no trailing slash.
+# Default to localhost so `runtime.sh up` works as a zero-config quickstart.
+SKILLHUB_PUBLIC_BASE_URL=http://localhost
+
+# Frontend usually keeps this empty and proxies to the backend through nginx.
+SKILLHUB_WEB_API_BASE_URL=
+SKILLHUB_API_UPSTREAM=http://server:8080
+
+POSTGRES_BIND_ADDRESS=127.0.0.1
 POSTGRES_PORT=5432
 POSTGRES_DB=skillhub
 POSTGRES_USER=skillhub
-POSTGRES_PASSWORD=skillhub_demo
+POSTGRES_PASSWORD=change-this-postgres-password
 
+REDIS_BIND_ADDRESS=127.0.0.1
 REDIS_PORT=6379
 API_PORT=8080
 WEB_PORT=80
+SESSION_COOKIE_SECURE=false
+
+# Zero-config runtime validation uses local storage.
+# Switch to `s3` and fill the fields below before a real production deployment.
+SKILLHUB_STORAGE_PROVIDER=local
+SKILLHUB_STORAGE_S3_ENDPOINT=https://oss-cn-example.aliyuncs.com
+SKILLHUB_STORAGE_S3_PUBLIC_ENDPOINT=
+SKILLHUB_STORAGE_S3_BUCKET=skillhub-prod
+SKILLHUB_STORAGE_S3_ACCESS_KEY=replace-me
+SKILLHUB_STORAGE_S3_SECRET_KEY=replace-me
+SKILLHUB_STORAGE_S3_REGION=cn-shanghai
+SKILLHUB_STORAGE_S3_FORCE_PATH_STYLE=false
+SKILLHUB_STORAGE_S3_AUTO_CREATE_BUCKET=false
+SKILLHUB_STORAGE_S3_PRESIGN_EXPIRY=PT10M
+
+# Bootstrap local admin account for first login. Rotate or disable after initial setup.
+BOOTSTRAP_ADMIN_ENABLED=false
+BOOTSTRAP_ADMIN_USER_ID=docker-admin
+BOOTSTRAP_ADMIN_USERNAME=admin
+BOOTSTRAP_ADMIN_PASSWORD=replace-this-admin-password
+BOOTSTRAP_ADMIN_DISPLAY_NAME=Platform Admin
+BOOTSTRAP_ADMIN_EMAIL=admin@example.com
+
+# Optional override. Defaults to ${SKILLHUB_PUBLIC_BASE_URL}/device.
+DEVICE_AUTH_VERIFICATION_URI=
 
 # Optional: configure real GitHub OAuth before exposing the stack to other users.
-OAUTH2_GITHUB_CLIENT_ID=local-placeholder
-OAUTH2_GITHUB_CLIENT_SECRET=local-placeholder
+OAUTH2_GITHUB_CLIENT_ID=
+OAUTH2_GITHUB_CLIENT_SECRET=

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,40 @@
+name: Bug Report
+description: Report a defect in SkillHub
+title: "[Bug] "
+labels:
+  - bug
+body:
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: What happened?
+    validations:
+      required: true
+  - type: textarea
+    id: steps
+    attributes:
+      label: Steps To Reproduce
+      description: Include commands, requests, or UI flow
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Behavior
+    validations:
+      required: true
+  - type: textarea
+    id: environment
+    attributes:
+      label: Environment
+      description: Branch, commit, runtime profile, browser, OS, etc.
+  - type: textarea
+    id: api-impact
+    attributes:
+      label: API Contract Impact
+      description: If relevant, include the request path, response shape, and whether `web/src/api/generated/schema.d.ts` appears stale.
+  - type: textarea
+    id: logs
+    attributes:
+      label: Logs Or Screenshots

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Security Report
+    url: https://github.com/iflytek/skillhub/security/advisories/new
+    about: Do not file public issues for suspected vulnerabilities.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,33 @@
+name: Feature Request
+description: Propose a new capability or workflow improvement
+title: "[Feature] "
+labels:
+  - enhancement
+body:
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem
+      description: What user or operator problem does this solve?
+    validations:
+      required: true
+  - type: textarea
+    id: proposal
+    attributes:
+      label: Proposed Solution
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives Considered
+  - type: textarea
+    id: impact
+    attributes:
+      label: Impact
+      description: Auth, API, migration, deployment, observability, or UX impact
+  - type: textarea
+    id: contract
+    attributes:
+      label: Contract Or SDK Impact
+      description: Note whether this proposal changes OpenAPI, generated SDKs, CLI protocol, or operator docs.

.github/ISSUE_TEMPLATE/reward-task.yml

@@ -0,0 +1,48 @@
+name: 💰 Reward Task
+description: Task issue with Reward
+title: '[Reward] '
+labels:
+    - reward
+body:
+    - type: textarea
+      id: description
+      attributes:
+          label: Task description
+      validations:
+          required: true
+
+    - type: dropdown
+      id: currency
+      attributes:
+          label: Reward currency
+          options:
+              - 'USD $'
+              - 'CAD C$'
+              - 'AUD A$'
+              - 'GBP £'
+              - 'EUR €'
+              - 'CNY ¥'
+              - 'HKD HK$'
+              - 'TWD NT$'
+              - 'SGD S$'
+              - 'KRW ₩'
+              - 'JPY ¥'
+              - 'INR ₹'
+              - 'UAH ₴'
+      validations:
+          required: true
+
+    - type: input
+      id: amount
+      attributes:
+          label: Reward amount
+      validations:
+          required: true
+
+    - type: input
+      id: payer
+      attributes:
+          label: Reward payer
+          description: GitHub username of the payer (optional, defaults to issue creator)
+      validations:
+          required: false

.github/pull_request_template.md

@@ -0,0 +1,29 @@
+## Summary
+
+- What changed?
+- Why is this needed?
+
+## Validation
+
+- [ ] Backend tests passed
+- [ ] Frontend typecheck/build passed
+- [ ] OpenAPI SDK regenerated or checked when API contracts changed
+- [ ] Smoke test run when relevant
+
+Commands run:
+
+```bash
+# paste commands here
+```
+
+## Risk
+
+- User-facing impact:
+- Deployment or migration impact:
+- Rollback approach:
+
+## Notes
+
+- Related issue:
+- Follow-up work:
+- Docs or operator runbooks updated when behavior changed:

.github/scripts/count-reward.ts

@@ -0,0 +1,57 @@
+import { $, YAML } from "npm:zx";
+
+import { Reward } from "./type.ts";
+
+$.verbose = true;
+
+const rawTags =
+  await $`git tag --list "reward-*" --format="%(refname:short) %(creatordate:short)"`;
+
+const lastMonth = new Date();
+lastMonth.setMonth(lastMonth.getMonth() - 1);
+const lastMonthStr = lastMonth.toJSON().slice(0, 7);
+
+const rewardTags = rawTags.stdout
+  .split("\n")
+  .filter((line) => line.split(/\s+/)[1] >= lastMonthStr)
+  .map((line) => line.split(/\s+/)[0]);
+
+let rawYAML = "";
+
+for (const tag of rewardTags)
+  rawYAML += (await $`git tag -l --format="%(contents)" ${tag}`) + "\n";
+
+if (!rawYAML.trim())
+  throw new ReferenceError("No reward data is found for the last month.");
+
+const rewards = YAML.parse(rawYAML) as Reward[];
+
+const groupedRewards = Object.groupBy(rewards, ({ payee }) => payee);
+
+const summaryList = Object.entries(groupedRewards).map(([payee, rewards]) => {
+  const reward = rewards!.reduce((acc, { currency, reward }) => {
+    acc[currency] ??= 0;
+    acc[currency] += reward;
+    return acc;
+  }, {} as Record<string, number>);
+
+  return {
+    payee,
+    reward,
+    accounts: rewards!.map(({ payee: _, ...account }) => account),
+  };
+});
+
+const summaryText = YAML.stringify(summaryList);
+
+console.log(summaryText);
+
+const tagName = `statistic-${new Date().toJSON().slice(0, 7)}`;
+
+await $`git config user.name "github-actions[bot]"`;
+await $`git config user.email "github-actions[bot]@users.noreply.github.com"`;
+
+await $`git tag -a ${tagName} $(git rev-parse HEAD) -m ${summaryText}`;
+await $`git push origin --tags --no-verify`;
+
+await $`gh release create ${tagName} --notes ${summaryText}`;

.github/scripts/deno.json

@@ -0,0 +1,3 @@
+{
+    "nodeModulesDir": "none"
+}