feat: disable Docker builds for development versions (#239)

* feat: disable Docker builds for development versions

- Remove dev-latest, main-latest, and dev-* version options from manual triggers
- Skip Docker builds for development versions in workflow_run events
- Only build Docker images for releases (v1.0.0) and prereleases (v1.0.0-alpha1)
- Simplify tags generation logic by removing development branch handling
- Update workflow documentation to reflect release-only Docker strategy

BREAKING CHANGE: Development Docker images are no longer built automatically

* feat: remove dev channel support from Dockerfile

- Remove CHANNEL build argument (no longer needed)
- Simplify download logic to only support release channel
- Remove dev-specific package download paths
- Update BASE_URL to point directly to release directory
- Remove channel label from Docker image metadata
- Streamline version handling (latest vs specific release)

This aligns with the workflow changes that disabled dev Docker builds.

.cursorrules

@@ -1,45 +1,85 @@
 # RustFS Project Cursor Rules
 
-## ⚠️ CRITICAL DEVELOPMENT RULES ⚠️
+## 🚨🚨🚨 CRITICAL DEVELOPMENT RULES - ZERO TOLERANCE 🚨🚨🚨
 
-### 🚨 NEVER COMMIT DIRECTLY TO MASTER/MAIN BRANCH 🚨
-- **This is the most important rule - NEVER modify code directly on main or master branch**
-- **Always work on feature branches and use pull requests for all changes**
-- **Any direct commits to master/main branch are strictly forbidden**
-- Before starting any development, always:
-  1. `git checkout main` (switch to main branch)
-  2. `git pull` (get latest changes)
-  3. `git checkout -b feat/your-feature-name` (create and switch to feature branch)
-  4. Make your changes on the feature branch
-  5. Commit and push to the feature branch
-  6. Create a pull request for review
+### ⛔️ ABSOLUTE PROHIBITION: NEVER COMMIT DIRECTLY TO MASTER/MAIN BRANCH ⛔️
+
+**🔥 THIS IS THE MOST CRITICAL RULE - VIOLATION WILL RESULT IN IMMEDIATE REVERSAL 🔥**
+
+- **🚫 ZERO DIRECT COMMITS TO MAIN/MASTER BRANCH - ABSOLUTELY FORBIDDEN**
+- **🚫 ANY DIRECT COMMIT TO MAIN BRANCH MUST BE IMMEDIATELY REVERTED**
+- **🚫 NO EXCEPTIONS FOR HOTFIXES, EMERGENCIES, OR URGENT CHANGES**
+- **🚫 NO EXCEPTIONS FOR SMALL CHANGES, TYPOS, OR DOCUMENTATION UPDATES**
+- **🚫 NO EXCEPTIONS FOR ANYONE - MAINTAINERS, CONTRIBUTORS, OR ADMINS**
+
+### 📋 MANDATORY WORKFLOW - STRICTLY ENFORCED
+
+**EVERY SINGLE CHANGE MUST FOLLOW THIS WORKFLOW:**
+
+1. **Check current branch**: `git branch` (MUST NOT be on main/master)
+2. **Switch to main**: `git checkout main`
+3. **Pull latest**: `git pull origin main`
+4. **Create feature branch**: `git checkout -b feat/your-feature-name`
+5. **Make changes ONLY on feature branch**
+6. **Test thoroughly before committing**
+7. **Commit and push to feature branch**: `git push origin feat/your-feature-name`
+8. **Create Pull Request**: Use `gh pr create` (MANDATORY)
+9. **Wait for PR approval**: NO self-merging allowed
+10. **Merge through GitHub interface**: ONLY after approval
+
+### 🔒 ENFORCEMENT MECHANISMS
+
+- **Branch protection rules**: Main branch is protected
+- **Pre-commit hooks**: Will block direct commits to main
+- **CI/CD checks**: All PRs must pass before merging
+- **Code review requirement**: At least one approval needed
+- **Automated reversal**: Direct commits to main will be automatically reverted
 
 ## Project Overview
+
 RustFS is a high-performance distributed object storage system written in Rust, compatible with S3 API. The project adopts a modular architecture, supporting erasure coding storage, multi-tenant management, observability, and other enterprise-level features.
 
 ## Core Architecture Principles
 
 ### 1. Modular Design
+
 - Project uses Cargo workspace structure, containing multiple independent crates
 - Core modules: `rustfs` (main service), `ecstore` (erasure coding storage), `common` (shared components)
 - Functional modules: `iam` (identity management), `madmin` (management interface), `crypto` (encryption), etc.
 - Tool modules: `cli` (command line tool), `crates/*` (utility libraries)
 
 ### 2. Asynchronous Programming Pattern
+
 - Comprehensive use of `tokio` async runtime
 - Prioritize `async/await` syntax
 - Use `async-trait` for async methods in traits
 - Avoid blocking operations, use `spawn_blocking` when necessary
 
 ### 3. Error Handling Strategy
-- Use unified error type `common::error::Error`
-- Support error chains and context information
-- Use `thiserror` to define specific error types
-- Error conversion uses `downcast_ref` for type checking
+
+- **Use modular, type-safe error handling with `thiserror`**
+- Each module should define its own error type using `thiserror::Error` derive macro
+- Support error chains and context information through `#[from]` and `#[source]` attributes
+- Use `Result<T>` type aliases for consistency within each module
+- Error conversion between modules should use explicit `From` implementations
+- Follow the pattern: `pub type Result<T> = core::result::Result<T, Error>`
+- Use `#[error("description")]` attributes for clear error messages
+- Support error downcasting when needed through `other()` helper methods
+- Implement `Clone` for errors when required by the domain logic
+- **Current module error types:**
+  - `ecstore::error::StorageError` - Storage layer errors
+  - `ecstore::disk::error::DiskError` - Disk operation errors
+  - `iam::error::Error` - Identity and access management errors
+  - `policy::error::Error` - Policy-related errors
+  - `crypto::error::Error` - Cryptographic operation errors
+  - `filemeta::error::Error` - File metadata errors
+  - `rustfs::error::ApiError` - API layer errors
+  - Module-specific error types for specialized functionality
 
 ## Code Style Guidelines
 
 ### 1. Formatting Configuration
+
 ```toml
 max_width = 130
 fn_call_width = 90
@@ -55,21 +95,25 @@ single_line_let_else_max_width = 100
 Before every commit, you **MUST**:
 
 1. **Format your code**:
+
    ```bash
    cargo fmt --all
    ```
 
 2. **Verify formatting**:
+
    ```bash
    cargo fmt --all --check
    ```
 
 3. **Pass clippy checks**:
+
    ```bash
    cargo clippy --all-targets --all-features -- -D warnings
    ```
 
 4. **Ensure compilation**:
+
    ```bash
    cargo check --all-targets
    ```
@@ -144,6 +188,7 @@ Example output when formatting fails:
 ```
 
 ### 3. Naming Conventions
+
 - Use `snake_case` for functions, variables, modules
 - Use `PascalCase` for types, traits, enums
 - Constants use `SCREAMING_SNAKE_CASE`
@@ -153,6 +198,7 @@ Example output when formatting fails:
 - Choose names that clearly express the purpose and intent
 
 ### 4. Type Declaration Guidelines
+
 - **Prefer type inference over explicit type declarations** when the type is obvious from context
 - Let the Rust compiler infer types whenever possible to reduce verbosity and improve maintainability
 - Only specify types explicitly when:
@@ -162,6 +208,7 @@ Example output when formatting fails:
   - Needed to resolve ambiguity between multiple possible types
 
 **Good examples (prefer these):**
+
 ```rust
 // Compiler can infer the type
 let items = vec![1, 2, 3, 4];
@@ -173,6 +220,7 @@ let filtered: Vec<_> = items.iter().filter(|&&x| x > 2).collect();
 ```
 
 **Avoid unnecessary explicit types:**
+
 ```rust
 // Unnecessary - type is obvious
 let items: Vec<i32> = vec![1, 2, 3, 4];
@@ -181,6 +229,7 @@ let result: ProcessResult = process_data(&input);
 ```
 
 **When explicit types are beneficial:**
+
 ```rust
 // API boundaries - always specify types
 pub fn process_data(input: &[u8]) -> Result<ProcessResult, Error> { ... }
@@ -193,6 +242,7 @@ let cache: HashMap<String, Arc<Mutex<CacheEntry>>> = HashMap::new();
 ```
 
 ### 5. Documentation Comments
+
 - Public APIs must have documentation comments
 - Use `///` for documentation comments
 - Complex functions add `# Examples` and `# Parameters` descriptions
@@ -201,6 +251,7 @@ let cache: HashMap<String, Arc<Mutex<CacheEntry>>> = HashMap::new();
 - Avoid meaningless comments like "debug 111" or placeholder text
 
 ### 6. Import Guidelines
+
 - Standard library imports first
 - Third-party crate imports in the middle
 - Project internal imports last
@@ -209,6 +260,7 @@ let cache: HashMap<String, Arc<Mutex<CacheEntry>>> = HashMap::new();
 ## Asynchronous Programming Guidelines
 
 ### 1. Trait Definition
+
 ```rust
 #[async_trait::async_trait]
 pub trait StorageAPI: Send + Sync {
@@ -217,6 +269,7 @@ pub trait StorageAPI: Send + Sync {
 ```
 
 ### 2. Error Handling
+
 ```rust
 // Use ? operator to propagate errors
 async fn example_function() -> Result<()> {
@@ -227,6 +280,7 @@ async fn example_function() -> Result<()> {
 ```
 
 ### 3. Concurrency Control
+
 - Use `Arc` and `Mutex`/`RwLock` for shared state management
 - Prioritize async locks from `tokio::sync`
 - Avoid holding locks for long periods
@@ -234,6 +288,7 @@ async fn example_function() -> Result<()> {
 ## Logging and Tracing Guidelines
 
 ### 1. Tracing Usage
+
 ```rust
 #[tracing::instrument(skip(self, data))]
 async fn process_data(&self, data: &[u8]) -> Result<()> {
@@ -243,6 +298,7 @@ async fn process_data(&self, data: &[u8]) -> Result<()> {
 ```
 
 ### 2. Log Levels
+
 - `error!`: System errors requiring immediate attention
 - `warn!`: Warning information that may affect functionality
 - `info!`: Important business information
@@ -250,6 +306,7 @@ async fn process_data(&self, data: &[u8]) -> Result<()> {
 - `trace!`: Detailed execution paths
 
 ### 3. Structured Logging
+
 ```rust
 info!(
     counter.rustfs_api_requests_total = 1_u64,
@@ -262,45 +319,213 @@ info!(
 ## Error Handling Guidelines
 
 ### 1. Error Type Definition
+
 ```rust
-#[derive(Debug, thiserror::Error)]
+// Use thiserror for module-specific error types
+#[derive(thiserror::Error, Debug)]
 pub enum MyError {
     #[error("IO error: {0}")]
     Io(#[from] std::io::Error),
+
+    #[error("Storage error: {0}")]
+    Storage(#[from] ecstore::error::StorageError),
+
     #[error("Custom error: {message}")]
     Custom { message: String },
+
+    #[error("File not found: {path}")]
+    FileNotFound { path: String },
+
+    #[error("Invalid configuration: {0}")]
+    InvalidConfig(String),
+}
+
+// Provide Result type alias for the module
+pub type Result<T> = core::result::Result<T, MyError>;
+```
+
+### 2. Error Helper Methods
+
+```rust
+impl MyError {
+    /// Create error from any compatible error type
+    pub fn other<E>(error: E) -> Self
+    where
+        E: Into<Box<dyn std::error::Error + Send + Sync>>,
+    {
+        MyError::Io(std::io::Error::other(error))
+    }
 }
 ```
 
-### 2. Error Conversion
+### 3. Error Conversion Between Modules
+
 ```rust
-pub fn to_s3_error(err: Error) -> S3Error {
-    if let Some(storage_err) = err.downcast_ref::<StorageError>() {
-        match storage_err {
-            StorageError::ObjectNotFound(bucket, object) => {
-                s3_error!(NoSuchKey, "{}/{}", bucket, object)
+// Convert between different module error types
+impl From<ecstore::error::StorageError> for MyError {
+    fn from(e: ecstore::error::StorageError) -> Self {
+        match e {
+            ecstore::error::StorageError::FileNotFound => {
+                MyError::FileNotFound { path: "unknown".to_string() }
             }
-            // Other error types...
+            _ => MyError::Storage(e),
+        }
+    }
+}
+
+// Provide reverse conversion when needed
+impl From<MyError> for ecstore::error::StorageError {
+    fn from(e: MyError) -> Self {
+        match e {
+            MyError::FileNotFound { .. } => ecstore::error::StorageError::FileNotFound,
+            MyError::Storage(e) => e,
+            _ => ecstore::error::StorageError::other(e),
         }
     }
-    // Default error handling
 }
 ```
 
-### 3. Error Context
+### 4. Error Context and Propagation
+
 ```rust
-// Add error context
-.map_err(|e| Error::from_string(format!("Failed to process {}: {}", path, e)))?
+// Use ? operator for clean error propagation
+async fn example_function() -> Result<()> {
+    let data = read_file("path").await?;
+    process_data(data).await?;
+    Ok(())
+}
+
+// Add context to errors
+fn process_with_context(path: &str) -> Result<()> {
+    std::fs::read(path)
+        .map_err(|e| MyError::Custom {
+            message: format!("Failed to read {}: {}", path, e)
+        })?;
+    Ok(())
+}
+```
+
+### 5. API Error Conversion (S3 Example)
+
+```rust
+// Convert storage errors to API-specific errors
+use s3s::{S3Error, S3ErrorCode};
+
+#[derive(Debug)]
+pub struct ApiError {
+    pub code: S3ErrorCode,
+    pub message: String,
+    pub source: Option<Box<dyn std::error::Error + Send + Sync>>,
+}
+
+impl From<ecstore::error::StorageError> for ApiError {
+    fn from(err: ecstore::error::StorageError) -> Self {
+        let code = match &err {
+            ecstore::error::StorageError::BucketNotFound(_) => S3ErrorCode::NoSuchBucket,
+            ecstore::error::StorageError::ObjectNotFound(_, _) => S3ErrorCode::NoSuchKey,
+            ecstore::error::StorageError::BucketExists(_) => S3ErrorCode::BucketAlreadyExists,
+            ecstore::error::StorageError::InvalidArgument(_, _, _) => S3ErrorCode::InvalidArgument,
+            ecstore::error::StorageError::MethodNotAllowed => S3ErrorCode::MethodNotAllowed,
+            ecstore::error::StorageError::StorageFull => S3ErrorCode::ServiceUnavailable,
+            _ => S3ErrorCode::InternalError,
+        };
+
+        ApiError {
+            code,
+            message: err.to_string(),
+            source: Some(Box::new(err)),
+        }
+    }
+}
+
+impl From<ApiError> for S3Error {
+    fn from(err: ApiError) -> Self {
+        let mut s3e = S3Error::with_message(err.code, err.message);
+        if let Some(source) = err.source {
+            s3e.set_source(source);
+        }
+        s3e
+    }
+}
+```
+
+### 6. Error Handling Best Practices
+
+#### Pattern Matching and Error Classification
+
+```rust
+// Use pattern matching for specific error handling
+async fn handle_storage_operation() -> Result<()> {
+    match storage.get_object("bucket", "key").await {
+        Ok(object) => process_object(object),
+        Err(ecstore::error::StorageError::ObjectNotFound(bucket, key)) => {
+            warn!("Object not found: {}/{}", bucket, key);
+            create_default_object(bucket, key).await
+        }
+        Err(ecstore::error::StorageError::BucketNotFound(bucket)) => {
+            error!("Bucket not found: {}", bucket);
+            Err(MyError::Custom {
+                message: format!("Bucket {} does not exist", bucket)
+            })
+        }
+        Err(e) => {
+            error!("Storage operation failed: {}", e);
+            Err(MyError::Storage(e))
+        }
+    }
+}
+```
+
+#### Error Aggregation and Reporting
+
+```rust
+// Collect and report multiple errors
+pub fn validate_configuration(config: &Config) -> Result<()> {
+    let mut errors = Vec::new();
+
+    if config.bucket_name.is_empty() {
+        errors.push("Bucket name cannot be empty");
+    }
+
+    if config.region.is_empty() {
+        errors.push("Region must be specified");
+    }
+
+    if !errors.is_empty() {
+        return Err(MyError::Custom {
+            message: format!("Configuration validation failed: {}", errors.join(", "))
+        });
+    }
+
+    Ok(())
+}
+```
+
+#### Contextual Error Information
+
+```rust
+// Add operation context to errors
+#[tracing::instrument(skip(self))]
+async fn upload_file(&self, bucket: &str, key: &str, data: Vec<u8>) -> Result<()> {
+    self.storage
+        .put_object(bucket, key, data)
+        .await
+        .map_err(|e| MyError::Custom {
+            message: format!("Failed to upload {}/{}: {}", bucket, key, e)
+        })
+}
 ```
 
 ## Performance Optimization Guidelines
 
 ### 1. Memory Management
+
 - Use `Bytes` instead of `Vec<u8>` for zero-copy operations
 - Avoid unnecessary cloning, use reference passing
 - Use `Arc` for sharing large objects
 
 ### 2. Concurrency Optimization
+
 ```rust
 // Use join_all for concurrent operations
 let futures = disks.iter().map(|disk| disk.operation());
@@ -308,12 +533,14 @@ let results = join_all(futures).await;
 ```
 
 ### 3. Caching Strategy
-- Use `lazy_static` or `OnceCell` for global caching
+
+- Use `LazyLock` for global caching
 - Implement LRU cache to avoid memory leaks
 
 ## Testing Guidelines
 
 ### 1. Unit Tests
+
 ```rust
 #[cfg(test)]
 mod tests {
@@ -331,14 +558,55 @@ mod tests {
     fn test_with_cases(input: &str, expected: &str) {
         assert_eq!(function(input), expected);
     }
+
+    #[test]
+    fn test_error_conversion() {
+        use ecstore::error::StorageError;
+
+        let storage_err = StorageError::BucketNotFound("test-bucket".to_string());
+        let api_err: ApiError = storage_err.into();
+
+        assert_eq!(api_err.code, S3ErrorCode::NoSuchBucket);
+        assert!(api_err.message.contains("test-bucket"));
+        assert!(api_err.source.is_some());
+    }
+
+    #[test]
+    fn test_error_types() {
+        let io_err = std::io::Error::new(std::io::ErrorKind::NotFound, "file not found");
+        let my_err = MyError::Io(io_err);
+
+        // Test error matching
+        match my_err {
+            MyError::Io(_) => {}, // Expected
+            _ => panic!("Unexpected error type"),
+        }
+    }
+
+    #[test]
+    fn test_error_context() {
+        let result = process_with_context("nonexistent_file.txt");
+        assert!(result.is_err());
+
+        let err = result.unwrap_err();
+        match err {
+            MyError::Custom { message } => {
+                assert!(message.contains("Failed to read"));
+                assert!(message.contains("nonexistent_file.txt"));
+            }
+            _ => panic!("Expected Custom error"),
+        }
+    }
 }
 ```
 
 ### 2. Integration Tests
+
 - Use `e2e_test` module for end-to-end testing
 - Simulate real storage environments
 
 ### 3. Test Quality Standards
+
 - Write meaningful test cases that verify actual functionality
 - Avoid placeholder or debug content like "debug 111", "test test", etc.
 - Use descriptive test names that clearly indicate what is being tested
@@ -348,9 +616,11 @@ mod tests {
 ## Cross-Platform Compatibility Guidelines
 
 ### 1. CPU Architecture Compatibility
+
 - **Always consider multi-platform and different CPU architecture compatibility** when writing code
 - Support major architectures: x86_64, aarch64 (ARM64), and other target platforms
 - Use conditional compilation for architecture-specific code:
+
 ```rust
 #[cfg(target_arch = "x86_64")]
 fn optimized_x86_64_function() { /* x86_64 specific implementation */ }
@@ -363,16 +633,19 @@ fn generic_function() { /* Generic fallback implementation */ }
 ```
 
 ### 2. Platform-Specific Dependencies
+
 - Use feature flags for platform-specific dependencies
 - Provide fallback implementations for unsupported platforms
 - Test on multiple architectures in CI/CD pipeline
 
 ### 3. Endianness Considerations
+
 - Use explicit byte order conversion when dealing with binary data
 - Prefer `to_le_bytes()`, `from_le_bytes()` for consistent little-endian format
 - Use `byteorder` crate for complex binary format handling
 
 ### 4. SIMD and Performance Optimizations
+
 - Use portable SIMD libraries like `wide` or `packed_simd`
 - Provide fallback implementations for non-SIMD architectures
 - Use runtime feature detection when appropriate
@@ -380,10 +653,12 @@ fn generic_function() { /* Generic fallback implementation */ }
 ## Security Guidelines
 
 ### 1. Memory Safety
+
 - Disable `unsafe` code (workspace.lints.rust.unsafe_code = "deny")
 - Use `rustls` instead of `openssl`
 
 ### 2. Authentication and Authorization
+
 ```rust
 // Use IAM system for permission checks
 let identity = iam.authenticate(&access_key, &secret_key).await?;
@@ -393,11 +668,13 @@ iam.authorize(&identity, &action, &resource).await?;
 ## Configuration Management Guidelines
 
 ### 1. Environment Variables
+
 - Use `RUSTFS_` prefix
 - Support both configuration files and environment variables
 - Provide reasonable default values
 
 ### 2. Configuration Structure
+
 ```rust
 #[derive(Debug, Deserialize, Clone)]
 pub struct Config {
@@ -411,10 +688,12 @@ pub struct Config {
 ## Dependency Management Guidelines
 
 ### 1. Workspace Dependencies
+
 - Manage versions uniformly at workspace level
 - Use `workspace = true` to inherit configuration
 
 ### 2. Feature Flags
+
 ```rust
 [features]
 default = ["file"]
@@ -425,15 +704,18 @@ kafka = ["dep:rdkafka"]
 ## Deployment and Operations Guidelines
 
 ### 1. Containerization
+
 - Provide Dockerfile and docker-compose configuration
 - Support multi-stage builds to optimize image size
 
 ### 2. Observability
+
 - Integrate OpenTelemetry for distributed tracing
 - Support Prometheus metrics collection
 - Provide Grafana dashboards
 
 ### 3. Health Checks
+
 ```rust
 // Implement health check endpoint
 async fn health_check() -> Result<HealthStatus> {
@@ -444,6 +726,7 @@ async fn health_check() -> Result<HealthStatus> {
 ## Code Review Checklist
 
 ### 1. **Code Formatting and Quality (MANDATORY)**
+
 - [ ] **Code is properly formatted** (`cargo fmt --all --check` passes)
 - [ ] **All clippy warnings are resolved** (`cargo clippy --all-targets --all-features -- -D warnings` passes)
 - [ ] **Code compiles successfully** (`cargo check --all-targets` passes)
@@ -451,27 +734,32 @@ async fn health_check() -> Result<HealthStatus> {
 - [ ] **No formatting-related changes** mixed with functional changes (separate commits)
 
 ### 2. Functionality
+
 - [ ] Are all error cases properly handled?
 - [ ] Is there appropriate logging?
 - [ ] Is there necessary test coverage?
 
 ### 3. Performance
+
 - [ ] Are unnecessary memory allocations avoided?
 - [ ] Are async operations used correctly?
 - [ ] Are there potential deadlock risks?
 
 ### 4. Security
+
 - [ ] Are input parameters properly validated?
 - [ ] Are there appropriate permission checks?
 - [ ] Is information leakage avoided?
 
 ### 5. Cross-Platform Compatibility
+
 - [ ] Does the code work on different CPU architectures (x86_64, aarch64)?
 - [ ] Are platform-specific features properly gated with conditional compilation?
 - [ ] Is byte order handling correct for binary data?
 - [ ] Are there appropriate fallback implementations for unsupported platforms?
 
 ### 6. Code Commits and Documentation
+
 - [ ] Does it comply with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)?
 - [ ] Are commit messages concise and under 72 characters for the title line?
 - [ ] Commit titles should be concise and in English, avoid Chinese
@@ -480,6 +768,7 @@ async fn health_check() -> Result<HealthStatus> {
 ## Common Patterns and Best Practices
 
 ### 1. Resource Management
+
 ```rust
 // Use RAII pattern for resource management
 pub struct ResourceGuard {
@@ -494,6 +783,7 @@ impl Drop for ResourceGuard {
 ```
 
 ### 2. Dependency Injection
+
 ```rust
 // Use dependency injection pattern
 pub struct Service {
@@ -503,6 +793,7 @@ pub struct Service {
 ```
 
 ### 3. Graceful Shutdown
+
 ```rust
 // Implement graceful shutdown
 async fn shutdown_gracefully(shutdown_rx: &mut Receiver<()>) {
@@ -521,16 +812,19 @@ async fn shutdown_gracefully(shutdown_rx: &mut Receiver<()>) {
 ## Domain-Specific Guidelines
 
 ### 1. Storage Operations
+
 - All storage operations must support erasure coding
 - Implement read/write quorum mechanisms
 - Support data integrity verification
 
 ### 2. Network Communication
+
 - Use gRPC for internal service communication
 - HTTP/HTTPS support for S3-compatible API
 - Implement connection pooling and retry mechanisms
 
 ### 3. Metadata Management
+
 - Use FlatBuffers for serialization
 - Support version control and migration
 - Implement metadata caching
@@ -540,40 +834,94 @@ These rules should serve as guiding principles when developing the RustFS projec
 ### 4. Code Operations
 
 #### Branch Management
- - **🚨 CRITICAL: NEVER modify code directly on main or master branch - THIS IS ABSOLUTELY FORBIDDEN 🚨**
- - **⚠️ ANY DIRECT COMMITS TO MASTER/MAIN WILL BE REJECTED AND MUST BE REVERTED IMMEDIATELY ⚠️**
- - **Always work on feature branches - NO EXCEPTIONS**
- - Always check the .cursorrules file before starting to ensure you understand the project guidelines
- - **MANDATORY workflow for ALL changes:**
+
+- **🚨 CRITICAL: NEVER modify code directly on main or master branch - THIS IS ABSOLUTELY FORBIDDEN 🚨**
+- **⚠️ ANY DIRECT COMMITS TO MASTER/MAIN WILL BE REJECTED AND MUST BE REVERTED IMMEDIATELY ⚠️**
+- **🔒 ALL CHANGES MUST GO THROUGH PULL REQUESTS - NO DIRECT COMMITS TO MAIN UNDER ANY CIRCUMSTANCES 🔒**
+- **Always work on feature branches - NO EXCEPTIONS**
+- Always check the .cursorrules file before starting to ensure you understand the project guidelines
+- **MANDATORY workflow for ALL changes:**
    1. `git checkout main` (switch to main branch)
    2. `git pull` (get latest changes)
    3. `git checkout -b feat/your-feature-name` (create and switch to feature branch)
    4. Make your changes ONLY on the feature branch
    5. Test thoroughly before committing
    6. Commit and push to the feature branch
-   7. Create a pull request for code review
- - Use descriptive branch names following the pattern: `feat/feature-name`, `fix/issue-name`, `refactor/component-name`, etc.
- - **Double-check current branch before ANY commit: `git branch` to ensure you're NOT on main/master**
- - Ensure all changes are made on feature branches and merged through pull requests
+   7. **Create a pull request for code review - THIS IS THE ONLY WAY TO MERGE TO MAIN**
+   8. **Wait for PR approval before merging - NEVER merge your own PRs without review**
+- Use descriptive branch names following the pattern: `feat/feature-name`, `fix/issue-name`, `refactor/component-name`, etc.
+- **Double-check current branch before ANY commit: `git branch` to ensure you're NOT on main/master**
+- **Pull Request Requirements:**
+  - All changes must be submitted via PR regardless of size or urgency
+  - PRs must include comprehensive description and testing information
+  - PRs must pass all CI/CD checks before merging
+  - PRs require at least one approval from code reviewers
+  - Even hotfixes and emergency changes must go through PR process
+- **Enforcement:**
+  - Main branch should be protected with branch protection rules
+  - Direct pushes to main should be blocked by repository settings
+  - Any accidental direct commits to main must be immediately reverted via PR
 
 #### Development Workflow
- - Use English for all code comments, documentation, and variable names
- - Write meaningful and descriptive names for variables, functions, and methods
- - Avoid meaningless test content like "debug 111" or placeholder values
- - Before each change, carefully read the existing code to ensure you understand the code structure and implementation, do not break existing logic implementation, do not introduce new issues
- - Ensure each change provides sufficient test cases to guarantee code correctness
- - Do not arbitrarily modify numbers and constants in test cases, carefully analyze their meaning to ensure test case correctness
- - When writing or modifying tests, check existing test cases to ensure they have scientific naming and rigorous logic testing, if not compliant, modify test cases to ensure scientific and rigorous testing
- - **Before committing any changes, run `cargo clippy --all-targets --all-features -- -D warnings` to ensure all code passes Clippy checks**
- - After each development completion, first git add . then git commit -m "feat: feature description" or "fix: issue description", ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
- - **Keep commit messages concise and under 72 characters** for the title line, use body for detailed explanations if needed
- - After each development completion, first git push to remote repository
- - After each change completion, summarize the changes, do not create summary files, provide a brief change description, ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
- - Provide change descriptions needed for PR in the conversation, ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
- - **Always provide PR descriptions in English** after completing any changes, including:
-   - Clear and concise title following Conventional Commits format
-   - Detailed description of what was changed and why
-   - List of key changes and improvements
-   - Any breaking changes or migration notes if applicable
-   - Testing information and verification steps
- - **Provide PR descriptions in copyable markdown format** enclosed in code blocks for easy one-click copying
+
+## 🎯 **Core Development Principles**
+
+- **🔴 Every change must be precise - don't modify unless you're confident**
+  - Carefully analyze code logic and ensure complete understanding before making changes
+  - When uncertain, prefer asking users or consulting documentation over blind modifications
+  - Use small iterative steps, modify only necessary parts at a time
+  - Evaluate impact scope before changes to ensure no new issues are introduced
+
+- **🚀 GitHub PR creation prioritizes gh command usage**
+  - Prefer using `gh pr create` command to create Pull Requests
+  - Avoid having users manually create PRs through web interface
+  - Provide clear and professional PR titles and descriptions
+  - Using `gh` commands ensures better integration and automation
+
+## 📝 **Code Quality Requirements**
+
+- Use English for all code comments, documentation, and variable names
+- Write meaningful and descriptive names for variables, functions, and methods
+- Avoid meaningless test content like "debug 111" or placeholder values
+- Before each change, carefully read the existing code to ensure you understand the code structure and implementation, do not break existing logic implementation, do not introduce new issues
+- Ensure each change provides sufficient test cases to guarantee code correctness
+- Do not arbitrarily modify numbers and constants in test cases, carefully analyze their meaning to ensure test case correctness
+- When writing or modifying tests, check existing test cases to ensure they have scientific naming and rigorous logic testing, if not compliant, modify test cases to ensure scientific and rigorous testing
+- **Before committing any changes, run `cargo clippy --all-targets --all-features -- -D warnings` to ensure all code passes Clippy checks**
+- After each development completion, first git add . then git commit -m "feat: feature description" or "fix: issue description", ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
+- **Keep commit messages concise and under 72 characters** for the title line, use body for detailed explanations if needed
+- After each development completion, first git push to remote repository
+- After each change completion, summarize the changes, do not create summary files, provide a brief change description, ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
+- Provide change descriptions needed for PR in the conversation, ensure compliance with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/)
+- **Always provide PR descriptions in English** after completing any changes, including:
+  - Clear and concise title following Conventional Commits format
+  - Detailed description of what was changed and why
+  - List of key changes and improvements
+  - Any breaking changes or migration notes if applicable
+  - Testing information and verification steps
+- **Provide PR descriptions in copyable markdown format** enclosed in code blocks for easy one-click copying
+
+## 🚫 AI 文档生成限制
+
+### 禁止生成总结文档
+
+- **严格禁止创建任何形式的AI生成总结文档**
+- **不得创建包含大量表情符号、详细格式化表格和典型AI风格的文档**
+- **不得在项目中生成以下类型的文档：**
+  - 基准测试总结文档（BENCHMARK*.md）
+  - 实现对比分析文档（IMPLEMENTATION_COMPARISON*.md）
+  - 性能分析报告文档
+  - 架构总结文档
+  - 功能对比文档
+  - 任何带有大量表情符号和格式化内容的文档
+- **如果需要文档，请只在用户明确要求时创建，并保持简洁实用的风格**
+- **文档应当专注于实际需要的信息，避免过度格式化和装饰性内容**
+- **任何发现的AI生成总结文档都应该立即删除**
+
+### 允许的文档类型
+
+- README.md（项目介绍，保持简洁）
+- 技术文档（仅在明确需要时创建）
+- 用户手册（仅在明确需要时创建）
+- API文档（从代码生成）
+- 变更日志（CHANGELOG.md）

.docker/Dockerfile.devenv

@@ -1,29 +0,0 @@
-FROM m.daocloud.io/docker.io/library/ubuntu:22.04
-
-ENV LANG C.UTF-8
-
-RUN sed -i s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g /etc/apt/sources.list
-
-RUN apt-get clean && apt-get update && apt-get install wget git curl unzip gcc pkg-config libssl-dev lld libdbus-1-dev libwayland-dev libwebkit2gtk-4.1-dev libxdo-dev -y
-
-# install protoc
-RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v30.2/protoc-30.2-linux-x86_64.zip \
-    && unzip protoc-30.2-linux-x86_64.zip -d protoc3 \
-    && mv protoc3/bin/* /usr/local/bin/ && chmod +x /usr/local/bin/protoc && mv protoc3/include/* /usr/local/include/ && rm -rf protoc-30.2-linux-x86_64.zip protoc3
-
-# install flatc
-RUN wget https://github.com/google/flatbuffers/releases/download/v25.2.10/Linux.flatc.binary.g++-13.zip \
-    && unzip Linux.flatc.binary.g++-13.zip \
-    && mv flatc /usr/local/bin/ && chmod +x /usr/local/bin/flatc && rm -rf Linux.flatc.binary.g++-13.zip
-
-# install rust
-ENV RUSTUP_DIST_SERVER="https://rsproxy.cn"
-ENV RUSTUP_UPDATE_ROOT="https://rsproxy.cn/rustup"
-RUN curl -o rustup-init.sh --proto '=https' --tlsv1.2 -sSf https://rsproxy.cn/rustup-init.sh \
-    && sh rustup-init.sh -y && rm -rf rustup-init.sh
-
-COPY .docker/cargo.config.toml /root/.cargo/config.toml
-
-WORKDIR /root/s3-rustfs
-
-CMD [ "bash", "-c", "while true; do sleep 1; done" ]

.docker/Dockerfile.rockylinux9.3

@@ -1,35 +0,0 @@
-FROM m.daocloud.io/docker.io/library/rockylinux:9.3 AS builder
-
-ENV LANG C.UTF-8
-
-RUN sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-    -e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.ustc.edu.cn/rocky|g' \
-    -i.bak \
-    /etc/yum.repos.d/rocky-extras.repo \
-    /etc/yum.repos.d/rocky.repo
-
-RUN dnf makecache
-
-RUN yum install wget git unzip gcc openssl-devel pkgconf-pkg-config -y
-
-# install protoc
-RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v30.2/protoc-30.2-linux-x86_64.zip \
-    && unzip protoc-30.2-linux-x86_64.zip -d protoc3 \
-    && mv protoc3/bin/* /usr/local/bin/ && chmod +x /usr/local/bin/protoc \
-    && rm -rf protoc-30.2-linux-x86_64.zip protoc3
-
-# install flatc
-RUN wget https://github.com/google/flatbuffers/releases/download/v25.2.10/Linux.flatc.binary.g++-13.zip \
-    && unzip Linux.flatc.binary.g++-13.zip \
-    && mv flatc /usr/local/bin/ && chmod +x /usr/local/bin/flatc \
-    && rm -rf Linux.flatc.binary.g++-13.zip
-
-# install rust
-ENV RUSTUP_DIST_SERVER="https://rsproxy.cn"
-ENV RUSTUP_UPDATE_ROOT="https://rsproxy.cn/rustup"
-RUN curl -o rustup-init.sh --proto '=https' --tlsv1.2 -sSf https://rsproxy.cn/rustup-init.sh \
-    && sh rustup-init.sh -y && rm -rf rustup-init.sh
-
-COPY .docker/cargo.config.toml /root/.cargo/config.toml
-
-WORKDIR /root/s3-rustfs

.docker/Dockerfile.rustyvault

@@ -1,22 +0,0 @@
-FROM vault:1.13
-
-# Configure Vault for dev mode
-ENV VAULT_DEV_ROOT_TOKEN_ID=rustfs-root-token
-ENV VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
-
-# Install curl for health checks
-USER root
-RUN apk add --no-cache curl jq
-
-# Copy the Vault initialization script
-COPY vault-init.sh /usr/local/bin/vault-init.sh
-RUN chmod +x /usr/local/bin/vault-init.sh
-
-# Switch back to vault user
-USER vault
-
-# Expose Vault port
-EXPOSE 8200
-
-# Start Vault in dev mode and run the initialization script
-ENTRYPOINT ["sh", "-c", "vault server -dev & sleep 5 && vault-init.sh"]

.docker/Dockerfile.ubuntu22.04

@@ -1,27 +0,0 @@
-FROM m.daocloud.io/docker.io/library/ubuntu:22.04
-
-ENV LANG C.UTF-8
-
-RUN sed -i s@http://.*archive.ubuntu.com@http://repo.huaweicloud.com@g /etc/apt/sources.list
-
-RUN apt-get clean && apt-get update && apt-get install wget git curl unzip gcc pkg-config libssl-dev lld libdbus-1-dev libwayland-dev libwebkit2gtk-4.1-dev libxdo-dev -y
-
-# install protoc
-RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v30.2/protoc-30.2-linux-x86_64.zip \
-    && unzip protoc-30.2-linux-x86_64.zip -d protoc3 \
-    && mv protoc3/bin/* /usr/local/bin/ && chmod +x /usr/local/bin/protoc && mv protoc3/include/* /usr/local/include/ && rm -rf protoc-30.2-linux-x86_64.zip protoc3
-
-# install flatc
-RUN wget https://github.com/google/flatbuffers/releases/download/v25.2.10/Linux.flatc.binary.g++-13.zip \
-    && unzip Linux.flatc.binary.g++-13.zip \
-    && mv flatc /usr/local/bin/ && chmod +x /usr/local/bin/flatc && rm -rf Linux.flatc.binary.g++-13.zip
-
-# install rust
-ENV RUSTUP_DIST_SERVER="https://rsproxy.cn"
-ENV RUSTUP_UPDATE_ROOT="https://rsproxy.cn/rustup"
-RUN curl -o rustup-init.sh --proto '=https' --tlsv1.2 -sSf https://rsproxy.cn/rustup-init.sh \
-    && sh rustup-init.sh -y && rm -rf rustup-init.sh
-
-COPY .docker/cargo.config.toml /root/.cargo/config.toml
-
-WORKDIR /root/s3-rustfs

.docker/README.md

@@ -0,0 +1,199 @@
+# RustFS Docker Images
+
+This directory contains Docker configuration files and supporting infrastructure for building and running RustFS container images.
+
+## 📁 Directory Structure
+
+```
+rustfs/
+├── Dockerfile           # Production image (Alpine + GitHub Releases)
+├── Dockerfile.source    # Source build (Debian + cross-compilation)
+├── cargo.config.toml    # Rust cargo configuration
+├── docker-buildx.sh     # Multi-architecture build script
+└── .docker/             # Supporting infrastructure
+    ├── observability/   # Monitoring and observability configs
+    ├── compose/         # Docker Compose configurations
+    ├── mqtt/            # MQTT broker configs
+    └── openobserve-otel/ # OpenObserve + OpenTelemetry configs
+```
+
+## 🎯 Image Variants
+
+### Core Images
+
+| Image | Base OS | Build Method | Size | Use Case |
+|-------|---------|--------------|------|----------|
+| `production` (default) | Alpine 3.18 | GitHub Releases | Smallest | Production deployment |
+| `source` | Debian Bookworm | Source build | Medium | Custom builds with cross-compilation |
+| `dev` | Debian Bookworm | Development tools | Large | Interactive development |
+
+## 🚀 Usage Examples
+
+### Quick Start (Production)
+
+```bash
+# Default production image (Alpine + GitHub Releases)
+docker run -p 9000:9000 rustfs/rustfs:latest
+
+# Specific version
+docker run -p 9000:9000 rustfs/rustfs:1.2.3
+```
+
+### Complete Tag Strategy Examples
+
+```bash
+# Stable Releases
+docker run rustfs/rustfs:1.2.3           # Main version (production)
+docker run rustfs/rustfs:1.2.3-production # Explicit production variant
+docker run rustfs/rustfs:1.2.3-source   # Source build variant
+docker run rustfs/rustfs:latest          # Latest stable
+
+# Prerelease Versions
+docker run rustfs/rustfs:1.3.0-alpha.2  # Specific alpha version
+docker run rustfs/rustfs:alpha           # Latest alpha
+docker run rustfs/rustfs:beta            # Latest beta
+docker run rustfs/rustfs:rc              # Latest release candidate
+
+# Development Versions
+docker run rustfs/rustfs:dev             # Latest main branch development
+docker run rustfs/rustfs:dev-13e4a0b     # Specific commit
+docker run rustfs/rustfs:dev-latest      # Latest development
+docker run rustfs/rustfs:main-latest     # Main branch latest
+```
+
+### Development Environment
+
+```bash
+# Start development container
+docker run -it -v $(pwd):/workspace -p 9000:9000 rustfs/rustfs:latest-dev
+
+# Build from source locally
+docker build -f Dockerfile.source -t rustfs:custom .
+
+# Development with hot reload
+docker-compose up rustfs-dev
+```
+
+## 🏗️ Build Arguments and Scripts
+
+### Using docker-buildx.sh (Recommended)
+
+For multi-architecture builds, use the provided script:
+
+```bash
+# Build latest version for all architectures
+./docker-buildx.sh
+
+# Build and push to registry
+./docker-buildx.sh --push
+
+# Build specific version
+./docker-buildx.sh --release v1.2.3
+
+# Build and push specific version
+./docker-buildx.sh --release v1.2.3 --push
+```
+
+### Manual Docker Builds
+
+All images support dynamic version selection:
+
+```bash
+# Build production image with latest release
+docker build --build-arg RELEASE="latest" -t rustfs:latest .
+
+# Build from source with specific target
+docker build -f Dockerfile.source \
+  --build-arg TARGETPLATFORM="linux/amd64" \
+  -t rustfs:source .
+
+# Development build
+docker build -f Dockerfile.source -t rustfs:dev .
+```
+
+## 🔧 Binary Download Sources
+
+### Unified GitHub Releases
+
+The production image downloads from GitHub Releases for reliability and transparency:
+
+- ✅ **production** → GitHub Releases API with automatic latest detection
+- ✅ **Checksum verification** → SHA256SUMS validation when available
+- ✅ **Multi-architecture** → Supports amd64 and arm64
+
+### Source Build
+
+The source variant compiles from source code with advanced features:
+
+- 🔧 **Cross-compilation** → Supports multiple target platforms via `TARGETPLATFORM`
+- ⚡ **Build caching** → sccache for faster compilation
+- 🎯 **Optimized builds** → Release optimizations with LTO and symbol stripping
+
+## 📋 Architecture Support
+
+All variants support multi-architecture builds:
+
+- **linux/amd64** (x86_64)
+- **linux/arm64** (aarch64)
+
+Architecture is automatically detected during build using Docker's `TARGETARCH` build argument.
+
+## 🔐 Security Features
+
+- **Checksum Verification**: Production image verifies SHA256SUMS when available
+- **Non-root User**: All images run as user `rustfs` (UID 1000)
+- **Minimal Runtime**: Production image only includes necessary dependencies
+- **Secure Defaults**: No hardcoded credentials or keys
+
+## 🛠️ Development Workflow
+
+For local development and testing:
+
+```bash
+# Quick development setup
+docker-compose up rustfs-dev
+
+# Custom source build
+docker build -f Dockerfile.source -t rustfs:custom .
+
+# Run with development tools
+docker run -it -v $(pwd):/workspace rustfs:custom bash
+```
+
+## 🚀 CI/CD Integration
+
+The project uses GitHub Actions for automated multi-architecture Docker builds:
+
+### Automated Builds
+
+- **Tags**: Automatic builds triggered on version tags (e.g., `v1.2.3`)
+- **Main Branch**: Development builds with `dev-latest` and `main-latest` tags
+- **Pull Requests**: Test builds without registry push
+
+### Build Variants
+
+Each build creates three image variants:
+
+- `rustfs/rustfs:v1.2.3` (production - Alpine-based)
+- `rustfs/rustfs:v1.2.3-source` (source build - Debian-based)
+- `rustfs/rustfs:v1.2.3-dev` (development - Debian-based with tools)
+
+### Manual Builds
+
+Trigger custom builds via GitHub Actions:
+
+```bash
+# Use workflow_dispatch to build specific versions
+# Available options: latest, main-latest, dev-latest, v1.2.3, dev-abc123
+```
+
+## 📦 Supporting Infrastructure
+
+The `.docker/` directory contains supporting configuration files:
+
+- **observability/** - Prometheus, Grafana, OpenTelemetry configs
+- **compose/** - Multi-service Docker Compose setups
+- **mqtt/** - MQTT broker configurations
+- **openobserve-otel/** - Log aggregation and tracing setup
+
+See individual README files in each subdirectory for specific usage instructions.

.docker/alpine/Dockerfile.protoc

@@ -0,0 +1,40 @@
+FROM alpine:3.18
+
+ENV LANG C.UTF-8
+
+# Install base dependencies
+RUN apk add --no-cache \
+    wget \
+    git \
+    curl \
+    unzip \
+    gcc \
+    musl-dev \
+    pkgconfig \
+    openssl-dev \
+    dbus-dev \
+    wayland-dev \
+    webkit2gtk-4.1-dev \
+    build-base \
+    linux-headers
+
+# install protoc
+RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v30.2/protoc-30.2-linux-x86_64.zip \
+    && unzip protoc-30.2-linux-x86_64.zip -d protoc3 \
+    && mv protoc3/bin/* /usr/local/bin/ && chmod +x /usr/local/bin/protoc \
+    && mv protoc3/include/* /usr/local/include/ && rm -rf protoc-30.2-linux-x86_64.zip protoc3
+
+# install flatc
+RUN wget https://github.com/google/flatbuffers/releases/download/v24.3.25/Linux.flatc.binary.g++-13.zip \
+    && unzip Linux.flatc.binary.g++-13.zip \
+    && mv flatc /usr/local/bin/ && chmod +x /usr/local/bin/flatc && rm -rf Linux.flatc.binary.g++-13.zip
+
+# install rust
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+
+# Set PATH for rust
+ENV PATH="/root/.cargo/bin:${PATH}"
+
+COPY .docker/cargo.config.toml /root/.cargo/config.toml
+
+WORKDIR /root/rustfs

.docker/cargo.config.toml

@@ -1,13 +0,0 @@
-[source.crates-io]
-registry = "https://github.com/rust-lang/crates.io-index"
-replace-with = 'rsproxy-sparse'
-
-[source.rsproxy]
-registry = "https://rsproxy.cn/crates.io-index"
-[registries.rsproxy]
-index = "https://rsproxy.cn/crates.io-index"
-[source.rsproxy-sparse]
-registry = "sparse+https://rsproxy.cn/index/"
-
-[net]
-git-fetch-with-cli = true

.docker/compose/README.md

@@ -0,0 +1,80 @@
+# Docker Compose Configurations
+
+This directory contains specialized Docker Compose configurations for different use cases.
+
+## 📁 Configuration Files
+
+This directory contains specialized Docker Compose configurations and their associated Dockerfiles, keeping related files organized together.
+
+### Main Configuration (Root Directory)
+
+- **`../../docker-compose.yml`** - **Default Production Setup**
+  - Complete production-ready configuration
+  - Includes RustFS server + full observability stack
+  - Supports multiple profiles: `dev`, `observability`, `cache`, `proxy`
+  - Recommended for most users
+
+### Specialized Configurations
+
+- **`docker-compose.cluster.yaml`** - **Distributed Testing**
+  - 4-node cluster setup for testing distributed storage
+  - Uses local compiled binaries
+  - Simulates multi-node environment
+  - Ideal for development and cluster testing
+
+- **`docker-compose.observability.yaml`** - **Observability Focus**
+  - Specialized setup for testing observability features
+  - Includes OpenTelemetry, Jaeger, Prometheus, Loki, Grafana
+  - Uses `../../Dockerfile.source` for builds
+  - Perfect for observability development
+
+## 🚀 Usage Examples
+
+### Production Setup
+
+```bash
+# Start main service
+docker-compose up -d
+
+# Start with development profile
+docker-compose --profile dev up -d
+
+# Start with full observability
+docker-compose --profile observability up -d
+```
+
+### Cluster Testing
+
+```bash
+# Build and start 4-node cluster (run from project root)
+cd .docker/compose
+docker-compose -f docker-compose.cluster.yaml up -d
+
+# Or run directly from project root
+docker-compose -f .docker/compose/docker-compose.cluster.yaml up -d
+```
+
+### Observability Testing
+
+```bash
+# Start observability-focused environment (run from project root)
+cd .docker/compose
+docker-compose -f docker-compose.observability.yaml up -d
+
+# Or run directly from project root
+docker-compose -f .docker/compose/docker-compose.observability.yaml up -d
+```
+
+## 🔧 Configuration Overview
+
+| Configuration | Nodes | Storage | Observability | Use Case |
+|---------------|-------|---------|---------------|----------|
+| **Main** | 1 | Volume mounts | Full stack | Production |
+| **Cluster** | 4 | HTTP endpoints | Basic | Testing |
+| **Observability** | 4 | Local data | Advanced | Development |
+
+## 📝 Notes
+
+- Always ensure you have built the required binaries before starting cluster tests
+- The main configuration is sufficient for most use cases
+- Specialized configurations are for specific testing scenarios

.docker/compose/docker-compose.cluster.yaml

@@ -0,0 +1,82 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+services:
+  node0:
+    image: rustfs/rustfs:latest # Replace with your image name and label
+    container_name: node0
+    hostname: node0
+    environment:
+      - RUSTFS_VOLUMES=http://node{0...3}:9000/data/rustfs{0...3}
+      - RUSTFS_ADDRESS=0.0.0.0:9000
+      - RUSTFS_CONSOLE_ENABLE=true
+      - RUSTFS_ACCESS_KEY=rustfsadmin
+      - RUSTFS_SECRET_KEY=rustfsadmin
+    platform: linux/amd64
+    ports:
+      - "9000:9000" # Map port 9001 of the host to port 9000 of the container
+    volumes:
+      - ../../target/x86_64-unknown-linux-musl/release/rustfs:/app/rustfs
+    command: "/app/rustfs"
+
+  node1:
+    image: rustfs/rustfs:latest
+    container_name: node1
+    hostname: node1
+    environment:
+      - RUSTFS_VOLUMES=http://node{0...3}:9000/data/rustfs{0...3}
+      - RUSTFS_ADDRESS=0.0.0.0:9000
+      - RUSTFS_CONSOLE_ENABLE=true
+      - RUSTFS_ACCESS_KEY=rustfsadmin
+      - RUSTFS_SECRET_KEY=rustfsadmin
+    platform: linux/amd64
+    ports:
+      - "9001:9000" # Map port 9002 of the host to port 9000 of the container
+    volumes:
+      - ../../target/x86_64-unknown-linux-musl/release/rustfs:/app/rustfs
+    command: "/app/rustfs"
+
+  node2:
+    image: rustfs/rustfs:latest
+    container_name: node2
+    hostname: node2
+    environment:
+      - RUSTFS_VOLUMES=http://node{0...3}:9000/data/rustfs{0...3}
+      - RUSTFS_ADDRESS=0.0.0.0:9000
+      - RUSTFS_CONSOLE_ENABLE=true
+      - RUSTFS_ACCESS_KEY=rustfsadmin
+      - RUSTFS_SECRET_KEY=rustfsadmin
+    platform: linux/amd64
+    ports:
+      - "9002:9000" # Map port 9003 of the host to port 9000 of the container
+    volumes:
+      - ../../target/x86_64-unknown-linux-musl/release/rustfs:/app/rustfs
+    command: "/app/rustfs"
+
+  node3:
+    image: rustfs/rustfs:latest
+    container_name: node3
+    hostname: node3
+    environment:
+      - RUSTFS_VOLUMES=http://node{0...3}:9000/data/rustfs{0...3}
+      - RUSTFS_ADDRESS=0.0.0.0:9000
+      - RUSTFS_CONSOLE_ENABLE=true
+      - RUSTFS_ACCESS_KEY=rustfsadmin
+      - RUSTFS_SECRET_KEY=rustfsadmin
+    platform: linux/amd64
+    ports:
+      - "9003:9000" # Map port 9004 of the host to port 9000 of the container
+    volumes:
+      - ../../target/x86_64-unknown-linux-musl/release/rustfs:/app/rustfs
+    command: "/app/rustfs"

.docker/compose/docker-compose.observability.yaml

@@ -1,10 +1,24 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 services:
   otel-collector:
-    image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.124.0
+    image: otel/opentelemetry-collector-contrib:0.129.1
     environment:
       - TZ=Asia/Shanghai
     volumes:
-      - ./.docker/observability/otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
+      - ../../.docker/observability/otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
     ports:
       - 1888:1888
       - 8888:8888
@@ -16,7 +30,7 @@ services:
     networks:
       - rustfs-network
   jaeger:
-    image: jaegertracing/jaeger:2.5.0
+    image: jaegertracing/jaeger:2.8.0
     environment:
       - TZ=Asia/Shanghai
     ports:
@@ -26,30 +40,30 @@ services:
     networks:
       - rustfs-network
   prometheus:
-    image: prom/prometheus:v3.3.0
+    image: prom/prometheus:v3.4.2
     environment:
       - TZ=Asia/Shanghai
     volumes:
-      - ./.docker/observability/prometheus.yml:/etc/prometheus/prometheus.yml
+      - ../../.docker/observability/prometheus.yml:/etc/prometheus/prometheus.yml
     ports:
       - "9090:9090"
     networks:
       - rustfs-network
   loki:
-    image: grafana/loki:3.5.0
+    image: grafana/loki:3.5.1
     environment:
       - TZ=Asia/Shanghai
     volumes:
-      - ./.docker/observability/loki-config.yaml:/etc/loki/local-config.yaml
+      - ../../.docker/observability/loki-config.yaml:/etc/loki/local-config.yaml
     ports:
       - "3100:3100"
     command: -config.file=/etc/loki/local-config.yaml
     networks:
       - rustfs-network
   grafana:
-    image: grafana/grafana:11.6.1
+    image: grafana/grafana:12.0.2
     ports:
-      - "3000:3000"  # Web UI
+      - "3000:3000" # Web UI
     environment:
       - GF_SECURITY_ADMIN_PASSWORD=admin
       - TZ=Asia/Shanghai
@@ -58,85 +72,69 @@ services:
 
   node1:
     build:
-      context: .
-      dockerfile: Dockerfile.obs
+      context: ../..
+      dockerfile: Dockerfile.source
     container_name: node1
     environment:
       - RUSTFS_VOLUMES=http://node{1...4}:9000/root/data/target/volume/test{1...4}
       - RUSTFS_ADDRESS=:9000
       - RUSTFS_CONSOLE_ENABLE=true
-      - RUSTFS_CONSOLE_ADDRESS=:9002
-      - RUSTFS_OBS_CONFIG=/etc/observability/config/obs-multi.toml
+      - RUSTFS_OBS_ENDPOINT=http://otel-collector:4317
+      - RUSTFS_OBS_LOGGER_LEVEL=debug
     platform: linux/amd64
     ports:
-      - "9001:9000"  # 映射宿主机的 9001 端口到容器的 9000 端口
-      - "9101:9002"
-    volumes:
-      # - ./data:/root/data  # 将当前路径挂载到容器内的 /root/data
-      - ./.docker/observability/config:/etc/observability/config
+      - "9001:9000" # Map port 9001 of the host to port 9000 of the container
     networks:
       - rustfs-network
 
   node2:
     build:
-      context: .
-      dockerfile: Dockerfile.obs
+      context: ../..
+      dockerfile: Dockerfile.source
     container_name: node2
     environment:
       - RUSTFS_VOLUMES=http://node{1...4}:9000/root/data/target/volume/test{1...4}
       - RUSTFS_ADDRESS=:9000
       - RUSTFS_CONSOLE_ENABLE=true
-      - RUSTFS_CONSOLE_ADDRESS=:9002
-      - RUSTFS_OBS_CONFIG=/etc/observability/config/obs-multi.toml
+      - RUSTFS_OBS_ENDPOINT=http://otel-collector:4317
+      - RUSTFS_OBS_LOGGER_LEVEL=debug
     platform: linux/amd64
     ports:
-      - "9002:9000"  # 映射宿主机的 9002 端口到容器的 9000 端口
-      - "9102:9002"
-    volumes:
-      # - ./data:/root/data
-      - ./.docker/observability/config:/etc/observability/config
+      - "9002:9000" # Map port 9002 of the host to port 9000 of the container
     networks:
       - rustfs-network
 
   node3:
     build:
-      context: .
-      dockerfile: Dockerfile.obs
+      context: ../..
+      dockerfile: Dockerfile.source
     container_name: node3
     environment:
       - RUSTFS_VOLUMES=http://node{1...4}:9000/root/data/target/volume/test{1...4}
       - RUSTFS_ADDRESS=:9000
       - RUSTFS_CONSOLE_ENABLE=true
-      - RUSTFS_CONSOLE_ADDRESS=:9002
-      - RUSTFS_OBS_CONFIG=/etc/observability/config/obs-multi.toml
+      - RUSTFS_OBS_ENDPOINT=http://otel-collector:4317
+      - RUSTFS_OBS_LOGGER_LEVEL=debug
     platform: linux/amd64
     ports:
-      - "9003:9000"  # 映射宿主机的 9003 端口到容器的 9000 端口
-      - "9103:9002"
-    volumes:
-      # - ./data:/root/data
-      - ./.docker/observability/config:/etc/observability/config
+      - "9003:9000" # Map port 9003 of the host to port 9000 of the container
     networks:
       - rustfs-network
 
   node4:
     build:
-      context: .
-      dockerfile: Dockerfile.obs
+      context: ../..
+      dockerfile: Dockerfile.source
     container_name: node4
     environment:
       - RUSTFS_VOLUMES=http://node{1...4}:9000/root/data/target/volume/test{1...4}
       - RUSTFS_ADDRESS=:9000
       - RUSTFS_CONSOLE_ENABLE=true
-      - RUSTFS_CONSOLE_ADDRESS=:9002
-      - RUSTFS_OBS_CONFIG=/etc/observability/config/obs-multi.toml
+      - RUSTFS_OBS_ENDPOINT=http://otel-collector:4317
+      - RUSTFS_OBS_LOGGER_LEVEL=debug
     platform: linux/amd64
     ports:
-      - "9004:9000"  # 映射宿主机的 9004 端口到容器的 9000 端口
-      - "9104:9002"
-    volumes:
-      # - ./data:/root/data
-      - ./.docker/observability/config:/etc/observability/config
+      - "9004:9000" # Map port 9004 of the host to port 9000 of the container
     networks:
       - rustfs-network
 

.docker/kms/docker-compose.yml

@@ -1,26 +0,0 @@
-services:
-  rustyvault:
-    build:
-      context: ./.docker
-      dockerfile: Dockerfile.rustyvault
-    container_name: rustyvault
-    hostname: rustyvault
-    ports:
-      - "8200:8200"  # Vault API port
-    volumes:
-      - vault-data:/vault/data
-      - vault-config:/vault/config
-    cap_add:
-      - IPC_LOCK  # Allow the vault to lock sensitive data in memory
-    environment:
-      - VAULT_DEV_ROOT_TOKEN_ID=rustfs-root-token
-      - VAULT_ADDR=http://0.0.0.0:8200
-    healthcheck:
-      test: ["CMD", "curl", "-s", "http://127.0.0.1:8200/v1/sys/health"]
-      interval: 10s
-      timeout: 5s
-      retries: 3
-
-networks:
-  default:
-    driver: bridge

.docker/mqtt/config/emqx.conf

@@ -0,0 +1,37 @@
+# 节点配置
+node.name = "emqx@127.0.0.1"
+node.cookie = "aBcDeFgHiJkLmNoPqRsTuVwXyZ012345"
+node.data_dir = "/opt/emqx/data"
+
+# 日志配置
+log.console = {level = info, enable = true}
+log.file = {path = "/opt/emqx/log/emqx.log", enable = true, level = info}
+
+# MQTT TCP 监听器
+listeners.tcp.default = {bind = "0.0.0.0:1883", max_connections = 1000000, enable = true}
+
+# MQTT SSL 监听器
+listeners.ssl.default = {bind = "0.0.0.0:8883", enable = false}
+
+# MQTT WebSocket 监听器
+listeners.ws.default = {bind = "0.0.0.0:8083", enable = true}
+
+# MQTT WebSocket SSL 监听器
+listeners.wss.default = {bind = "0.0.0.0:8084", enable = false}
+
+# 管理控制台
+dashboard.listeners.http = {bind = "0.0.0.0:18083", enable = true}
+
+# HTTP API
+management.listeners.http = {bind = "0.0.0.0:8081", enable = true}
+
+# 认证配置
+authentication = [
+  {enable = true, mechanism = password_based, backend = built_in_database, user_id_type = username}
+]
+
+# 授权配置
+authorization.sources = [{type = built_in_database, enable = true}]
+
+# 持久化消息存储
+message.storage.backend = built_in_database

.docker/mqtt/config/vm.args

@@ -0,0 +1,9 @@
+-name emqx@127.0.0.1
+-setcookie aBcDeFgHiJkLmNoPqRsTuVwXyZ012345
++P 2097152
++t 1048576
++zdbbl 32768
+-kernel inet_dist_listen_min 6000
+-kernel inet_dist_listen_max 6100
+-smp enable
+-mnesia dir "/opt/emqx/data/mnesia"

.docker/mqtt/docker-compose-more.yml

@@ -0,0 +1,74 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+services:
+  emqx:
+    image: emqx/emqx:latest
+    container_name: emqx
+    restart: unless-stopped
+    environment:
+      - EMQX_NODE__NAME=emqx@127.0.0.1
+      - EMQX_NODE__COOKIE=aBcDeFgHiJkLmNoPqRsTuVwXyZ012345
+      - EMQX_NODE__DATA_DIR=/opt/emqx/data
+      - EMQX_LOG__CONSOLE__LEVEL=info
+      - EMQX_LOG__CONSOLE__ENABLE=true
+      - EMQX_LOG__FILE__PATH=/opt/emqx/log/emqx.log
+      - EMQX_LOG__FILE__LEVEL=info
+      - EMQX_LOG__FILE__ENABLE=true
+      - EMQX_LISTENERS__TCP__DEFAULT__BIND=0.0.0.0:1883
+      - EMQX_LISTENERS__TCP__DEFAULT__MAX_CONNECTIONS=1000000
+      - EMQX_LISTENERS__TCP__DEFAULT__ENABLE=true
+      - EMQX_LISTENERS__SSL__DEFAULT__BIND=0.0.0.0:8883
+      - EMQX_LISTENERS__SSL__DEFAULT__ENABLE=false
+      - EMQX_LISTENERS__WS__DEFAULT__BIND=0.0.0.0:8083
+      - EMQX_LISTENERS__WS__DEFAULT__ENABLE=true
+      - EMQX_LISTENERS__WSS__DEFAULT__BIND=0.0.0.0:8084
+      - EMQX_LISTENERS__WSS__DEFAULT__ENABLE=false
+      - EMQX_DASHBOARD__LISTENERS__HTTP__BIND=0.0.0.0:18083
+      - EMQX_DASHBOARD__LISTENERS__HTTP__ENABLE=true
+      - EMQX_MANAGEMENT__LISTENERS__HTTP__BIND=0.0.0.0:8081
+      - EMQX_MANAGEMENT__LISTENERS__HTTP__ENABLE=true
+      - EMQX_AUTHENTICATION__1__ENABLE=true
+      - EMQX_AUTHENTICATION__1__MECHANISM=password_based
+      - EMQX_AUTHENTICATION__1__BACKEND=built_in_database
+      - EMQX_AUTHENTICATION__1__USER_ID_TYPE=username
+      - EMQX_AUTHORIZATION__SOURCES__1__TYPE=built_in_database
+      - EMQX_AUTHORIZATION__SOURCES__1__ENABLE=true
+    ports:
+      - "1883:1883"    # MQTT TCP
+      - "8883:8883"    # MQTT SSL
+      - "8083:8083"    # MQTT WebSocket
+      - "8084:8084"    # MQTT WebSocket SSL
+      - "18083:18083"  # Web 管理控制台
+      - "8081:8081"    # HTTP API
+    volumes:
+      - ./data:/opt/emqx/data
+      - ./log:/opt/emqx/log
+      - ./config:/opt/emqx/etc
+    networks:
+      - mqtt-net
+    healthcheck:
+      test: [ "CMD", "/opt/emqx/bin/emqx_ctl", "status" ]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "100m"
+        max-file: "3"
+
+networks:
+  mqtt-net:
+    driver: bridge

.docker/mqtt/docker-compose.yml

@@ -0,0 +1,29 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+services:
+  emqx:
+    image: emqx/emqx:latest
+    container_name: emqx
+    ports:
+      - "1883:1883"
+      - "8083:8083"
+      - "8084:8084"
+      - "8883:8883"
+      - "18083:18083"
+    restart: unless-stopped
+
+networks:
+  default:
+    driver: bridge

.docker/observability/README_ZH.md

@@ -22,21 +22,6 @@ docker compose -f docker-compose.yml  up -d
 
 ## 配置可观测性
 
-### 创建配置文件
-
-1. 进入 `deploy/config` 目录
-2. 复制示例配置：`cp obs.toml.example obs.toml`
-3. 编辑 `obs.toml` 配置文件，修改以下关键参数：
-
-| 配置项             | 说明                         | 示例值                   |
-|-----------------|----------------------------|-----------------------|
-| endpoint        | OpenTelemetry Collector 地址 | http://localhost:4317 |
-| service_name    | 服务名称                       | rustfs                |
-| service_version | 服务版本                       | 1.0.0                 |
-| environment     | 运行环境                       | production            |
-| meter_interval  | 指标导出间隔 (秒)               | 30                  |
-| sample_ratio    | 采样率                        | 1.0                   |
-| use_stdout      | 是否输出到控制台                   | true/false            |
-| logger_level    | 日志级别                       | info                  |
-
-```
+```shell
+export RUSTFS_OBS_ENDPOINT="http://localhost:4317" # OpenTelemetry Collector 地址
+```

.docker/observability/config/obs-multi.toml

@@ -1,34 +0,0 @@
-[observability]
-endpoint = "http://otel-collector:4317" # Default is "http://localhost:4317" if not specified
-use_stdout = false # Output with stdout, true output, false no output
-sample_ratio = 2.0
-meter_interval = 30
-service_name = "rustfs"
-service_version = "0.1.0"
-environments = "production"
-logger_level = "debug"
-local_logging_enabled = true
-
-#[[sinks]]
-#type = "Kafka"
-#brokers = "localhost:9092"
-#topic = "logs"
-#batch_size = 100 # Default is 100 if not specified
-#batch_timeout_ms = 1000 # Default is 1000ms if not specified
-#
-#[[sinks]]
-#type = "Webhook"
-#endpoint = "http://localhost:8080/webhook"
-#auth_token = ""
-#batch_size = 100 # Default is 3 if not specified
-#batch_timeout_ms = 1000 # Default is 100ms if not specified
-
-[[sinks]]
-type = "File"
-path = "/root/data/logs/rustfs.log"
-buffer_size = 100 # Default is 8192 bytes if not specified
-flush_interval_ms = 1000
-flush_threshold = 100
-
-[logger]
-queue_capacity = 10

.docker/observability/config/obs.toml

@@ -1,34 +0,0 @@
-[observability]
-endpoint = "http://localhost:4317" # Default is "http://localhost:4317" if not specified
-use_stdout = false # Output with stdout, true output, false no output
-sample_ratio = 2.0
-meter_interval = 30
-service_name = "rustfs"
-service_version = "0.1.0"
-environments = "production"
-logger_level = "debug"
-local_logging_enabled = true
-
-#[[sinks]]
-#type = "Kafka"
-#brokers = "localhost:9092"
-#topic = "logs"
-#batch_size = 100 # Default is 100 if not specified
-#batch_timeout_ms = 1000 # Default is 1000ms if not specified
-#
-#[[sinks]]
-#type = "Webhook"
-#endpoint = "http://localhost:8080/webhook"
-#auth_token = ""
-#batch_size = 100 # Default is 3 if not specified
-#batch_timeout_ms = 1000 # Default is 100ms if not specified
-
-[[sinks]]
-type = "File"
-path = "/root/data/logs/rustfs.log"
-buffer_size = 100 # Default is 8192 bytes if not specified
-flush_interval_ms = 1000
-flush_threshold = 100
-
-[logger]
-queue_capacity = 10

.docker/observability/docker-compose.yml

@@ -1,22 +1,52 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 services:
+
+  tempo:
+    image: grafana/tempo:latest
+    #user: root # The container must be started with root to execute chown in the script
+    #entrypoint: [ "/etc/tempo/entrypoint.sh" ]  # Specify a custom entry point
+    command: [ "-config.file=/etc/tempo.yaml" ] # This is passed as a parameter to the entry point script
+    volumes:
+      - ./tempo-entrypoint.sh:/etc/tempo/entrypoint.sh # Mount entry point script
+      - ./tempo.yaml:/etc/tempo.yaml
+      - ./tempo-data:/var/tempo
+    ports:
+      - "3200:3200" # tempo
+      - "24317:4317" # otlp grpc
+    networks:
+      - otel-network
+
   otel-collector:
-    image: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib:0.127.0
+    image: otel/opentelemetry-collector-contrib:0.129.1
     environment:
       - TZ=Asia/Shanghai
     volumes:
       - ./otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
     ports:
-      - 1888:1888
-      - 8888:8888
-      - 8889:8889
-      - 13133:13133
-      - 4317:4317
-      - 4318:4318
-      - 55679:55679
+      - "1888:1888"
+      - "8888:8888"
+      - "8889:8889"
+      - "13133:13133"
+      - "4317:4317"
+      - "4318:4318"
+      - "55679:55679"
     networks:
       - otel-network
   jaeger:
-    image: jaegertracing/jaeger:2.6.0
+    image: jaegertracing/jaeger:2.8.0
     environment:
       - TZ=Asia/Shanghai
     ports:
@@ -26,7 +56,7 @@ services:
     networks:
       - otel-network
   prometheus:
-    image: prom/prometheus:v3.4.1
+    image: prom/prometheus:v3.4.2
     environment:
       - TZ=Asia/Shanghai
     volumes:
@@ -47,9 +77,11 @@ services:
     networks:
       - otel-network
   grafana:
-    image: grafana/grafana:12.0.1
+    image: grafana/grafana:12.0.2
     ports:
       - "3000:3000"  # Web UI
+    volumes:
+      - ./grafana-datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
     environment:
       - GF_SECURITY_ADMIN_PASSWORD=admin
       - TZ=Asia/Shanghai

.docker/observability/grafana-datasources.yaml

@@ -0,0 +1,32 @@
+apiVersion: 1
+
+datasources:
+  - name: Prometheus
+    type: prometheus
+    uid: prometheus
+    access: proxy
+    orgId: 1
+    url: http://prometheus:9090
+    basicAuth: false
+    isDefault: false
+    version: 1
+    editable: false
+    jsonData:
+      httpMethod: GET
+  - name: Tempo
+    type: tempo
+    access: proxy
+    orgId: 1
+    url: http://tempo:3200
+    basicAuth: false
+    isDefault: true
+    version: 1
+    editable: false
+    apiVersion: 1
+    uid: tempo
+    jsonData:
+      httpMethod: GET
+      serviceMap:
+        datasourceUid: prometheus
+      streamingEnabled:
+        search: true

.docker/observability/jaeger-config.yaml

@@ -1,3 +1,17 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 service:
   extensions: [ jaeger_storage, jaeger_query, remote_sampling, healthcheckv2 ]
   pipelines:
@@ -50,10 +64,10 @@ extensions:
     backends:
       some_store:
         memory:
-          max_traces: 100000
+          max_traces: 1000000
       another_store:
         memory:
-          max_traces: 100000
+          max_traces: 1000000
     metric_backends:
       some_metrics_storage:
         prometheus:

.docker/observability/loki-config.yaml

@@ -1,3 +1,17 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 auth_enabled: false
 
 server:

.docker/observability/otel-collector-config.yaml

@@ -1,3 +1,17 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 receivers:
   otlp:
     protocols:
@@ -19,6 +33,10 @@ exporters:
     endpoint: "jaeger:4317"  # Jaeger 的 OTLP gRPC 端点
     tls:
       insecure: true  # 开发环境禁用 TLS，生产环境需配置证书
+  otlp/tempo: # OTLP 导出器，用于跟踪数据
+    endpoint: "tempo:4317"  # tempo 的 OTLP gRPC 端点
+    tls:
+      insecure: true  # 开发环境禁用 TLS，生产环境需配置证书
   prometheus: # Prometheus 导出器，用于指标数据
     endpoint: "0.0.0.0:8889"  # Prometheus 刮取端点
     namespace: "rustfs"  # 指标前缀
@@ -39,7 +57,7 @@ service:
     traces:
       receivers: [ otlp ]
       processors: [ memory_limiter,batch ]
-      exporters: [ otlp/traces ]
+      exporters: [ otlp/traces,otlp/tempo ]
     metrics:
       receivers: [ otlp ]
       processors: [ batch ]
@@ -52,6 +70,12 @@ service:
     logs:
       level: "info"  # Collector 日志级别
     metrics:
-      address: "0.0.0.0:8888"  # Collector 自身指标暴露
+      level: "detailed" # 可以是 basic, normal, detailed
+      readers:
+        - periodic:
+            exporter:
+              otlp:
+                protocol: http/protobuf
+                endpoint: http://otel-collector:4318
 
 

.docker/observability/prometheus.yml

@@ -1,11 +1,28 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 global:
   scrape_interval: 5s  # 刮取间隔
 
 scrape_configs:
   - job_name: 'otel-collector'
     static_configs:
-      - targets: ['otel-collector:8888']  # 从 Collector 刮取指标
+      - targets: [ 'otel-collector:8888' ]  # 从 Collector 刮取指标
   - job_name: 'otel-metrics'
     static_configs:
-      - targets: ['otel-collector:8889']  # 应用指标
+      - targets: [ 'otel-collector:8889' ]  # 应用指标
+  - job_name: 'tempo'
+    static_configs:
+      - targets: [ 'tempo:3200' ]
       

.docker/observability/tempo-data/.gitignore

@@ -0,0 +1 @@
+*

.docker/observability/tempo-entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+# Run as root to fix directory permissions
+chown -R 10001:10001 /var/tempo
+
+# Use su-exec (a lightweight sudo/gosu alternative, commonly used in Alpine mirroring)
+# Switch to user 10001 and execute the original command (CMD) passed to the script
+# "$@" represents all parameters passed to this script, i.e. command in docker-compose
+exec su-exec 10001:10001 /tempo "$@"

.docker/observability/tempo.yaml

@@ -0,0 +1,55 @@
+stream_over_http_enabled: true
+server:
+  http_listen_port: 3200
+  log_level: info
+
+query_frontend:
+  search:
+    duration_slo: 5s
+    throughput_bytes_slo: 1.073741824e+09
+    metadata_slo:
+      duration_slo: 5s
+      throughput_bytes_slo: 1.073741824e+09
+  trace_by_id:
+    duration_slo: 5s
+
+distributor:
+  receivers:
+    otlp:
+      protocols:
+        grpc:
+          endpoint: "tempo:4317"
+
+ingester:
+  max_block_duration: 5m # cut the headblock when this much time passes. this is being set for demo purposes and should probably be left alone normally
+
+compactor:
+  compaction:
+    block_retention: 1h # overall Tempo trace retention. set for demo purposes
+
+metrics_generator:
+  registry:
+    external_labels:
+      source: tempo
+      cluster: docker-compose
+  storage:
+    path: /var/tempo/generator/wal
+    remote_write:
+      - url: http://prometheus:9090/api/v1/write
+        send_exemplars: true
+  traces_storage:
+    path: /var/tempo/generator/traces
+
+storage:
+  trace:
+    backend: local # backend configuration to use
+    wal:
+      path: /var/tempo/wal # where to store the wal locally
+    local:
+      path: /var/tempo/blocks
+
+overrides:
+  defaults:
+    metrics_generator:
+      processors: [ service-graphs, span-metrics, local-blocks ] # enables metrics generator
+      generate_native_histograms: both

.docker/openobserve-otel/docker-compose.yml

@@ -1,3 +1,17 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 services:
   openobserve:
     image: public.ecr.aws/zinclabs/openobserve:latest

.docker/openobserve-otel/otel-collector-config.yaml

@@ -1,3 +1,17 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 receivers:
   otlp:
     protocols:

.docker/vault-init.sh

@@ -1,71 +0,0 @@
-#!/bin/sh
-# vault-init.sh - Initialize Vault for RustFS SSE-KMS
-
-# Wait for Vault to start
-until curl -s http://127.0.0.1:8200/v1/sys/health | grep "initialized" > /dev/null; do
-    echo "Waiting for Vault to start..."
-    sleep 1
-done
-
-# Set the Vault token
-export VAULT_TOKEN="$VAULT_DEV_ROOT_TOKEN_ID"
-export VAULT_ADDR="http://127.0.0.1:8200"
-
-echo "Vault is running and initialized"
-
-# Enable the Transit secrets engine (for encryption operations)
-vault secrets enable transit
-echo "Transit secrets engine enabled"
-
-# Create a key for RustFS encryption
-vault write -f transit/keys/rustfs-encryption-key
-echo "Created rustfs-encryption-key"
-
-# Create another key for RustFS with rotation capability
-vault write -f transit/keys/rustfs-rotating-key
-echo "Created rustfs-rotating-key"
-
-# Set up key rotation policy
-vault write transit/keys/rustfs-rotating-key/config auto_rotate_period="30d"
-echo "Set up auto rotation for rustfs-rotating-key"
-
-# Create a policy for RustFS to access these keys
-cat > /tmp/rustfs-policy.hcl << EOF
-# Policy for RustFS encryption operations
-path "transit/encrypt/rustfs-encryption-key" {
-  capabilities = ["create", "update"]
-}
-
-path "transit/decrypt/rustfs-encryption-key" {
-  capabilities = ["create", "update"]
-}
-
-path "transit/encrypt/rustfs-rotating-key" {
-  capabilities = ["create", "update"]
-}
-
-path "transit/decrypt/rustfs-rotating-key" {
-  capabilities = ["create", "update"]
-}
-EOF
-
-# Create the policy
-vault policy write rustfs-encryption-policy /tmp/rustfs-policy.hcl
-echo "Created rustfs-encryption-policy"
-
-# Create a token for RustFS to use
-RUSTFS_TOKEN=$(vault token create -policy=rustfs-encryption-policy -field=token)
-echo "Created token for RustFS: $RUSTFS_TOKEN"
-
-# Store the token for RustFS to use
-echo "RUSTFS_KMS_VAULT_TOKEN=$RUSTFS_TOKEN" > /vault/config/rustfs-kms.env
-echo "RUSTFS_KMS_VAULT_ENDPOINT=http://rustyvault:8200" >> /vault/config/rustfs-kms.env
-echo "RUSTFS_KMS_VAULT_KEY_NAME=rustfs-encryption-key" >> /vault/config/rustfs-kms.env
-
-echo "RustFS KMS configuration has been created"
-echo "============================================"
-echo "Vault is ready for use with RustFS SSE-KMS"
-echo "============================================"
-
-# Keep the container running
-tail -f /dev/null

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/actions/setup/action.yml

@@ -1,54 +1,98 @@
-name: "setup"
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 
-description: "setup environment for rustfs"
+name: "Setup Rust Environment"
+description: "Setup Rust development environment with caching for RustFS"
 
 inputs:
   rust-version:
-    required: true
+    description: "Rust version to install"
+    required: false
     default: "stable"
-    description: "Rust version to use"
   cache-shared-key:
-    required: true
-    default: ""
-    description: "Cache key for shared cache"
+    description: "Shared cache key for Rust dependencies"
+    required: false
+    default: "rustfs-deps"
   cache-save-if:
-    required: true
-    default: true
-    description: "Cache save condition"
-  run-os:
-    required: true
-    default: "ubuntu-latest"
-    description: "Running system"
+    description: "Condition for saving cache"
+    required: false
+    default: "true"
+  install-cross-tools:
+    description: "Install cross-compilation tools"
+    required: false
+    default: "false"
+  target:
+    description: "Target architecture to add"
+    required: false
+    default: ""
+  github-token:
+    description: "GitHub token for API access"
+    required: false
+    default: ""
 
 runs:
   using: "composite"
   steps:
-    - name: Install system dependencies
-      if: inputs.run-os == 'ubuntu-latest'
+    - name: Install system dependencies (Ubuntu)
+      if: runner.os == 'Linux'
       shell: bash
       run: |
-        sudo apt update
-        sudo apt install -y musl-tools build-essential lld libdbus-1-dev libwayland-dev libwebkit2gtk-4.1-dev libxdo-dev
+        sudo apt-get update
+        sudo apt-get install -y \
+          musl-tools \
+          build-essential \
+          lld \
+          libdbus-1-dev \
+          libwayland-dev \
+          libwebkit2gtk-4.1-dev \
+          libxdo-dev \
+          pkg-config \
+          libssl-dev
 
-    - uses: arduino/setup-protoc@v3
+    - name: Install protoc
+      uses: arduino/setup-protoc@v3
       with:
-        version: "30.2"
+        version: "31.1"
+        repo-token: ${{ inputs.github-token }}
 
-    - uses: Nugine/setup-flatc@v1
+    - name: Install flatc
+      uses: Nugine/setup-flatc@v1
       with:
-        version: "24.3.25"
+        version: "25.2.10"
 
-    - uses: dtolnay/rust-toolchain@master
+    - name: Install Rust toolchain
+      uses: dtolnay/rust-toolchain@stable
       with:
         toolchain: ${{ inputs.rust-version }}
+        targets: ${{ inputs.target }}
         components: rustfmt, clippy
 
-    - uses: Swatinem/rust-cache@v2
+    - name: Install Zig
+      if: inputs.install-cross-tools == 'true'
+      uses: mlugg/setup-zig@v2
+
+    - name: Install cargo-zigbuild
+      if: inputs.install-cross-tools == 'true'
+      uses: taiki-e/install-action@cargo-zigbuild
+
+    - name: Install cargo-nextest
+      uses: taiki-e/install-action@cargo-nextest
+
+    - name: Setup Rust cache
+      uses: Swatinem/rust-cache@v2
       with:
-        cache-on-failure: true
         cache-all-crates: true
+        cache-on-failure: true
         shared-key: ${{ inputs.cache-shared-key }}
         save-if: ${{ inputs.cache-save-if }}
-
-    - uses: mlugg/setup-zig@v2
-    - uses: taiki-e/install-action@cargo-zigbuild

.github/dependabot.yml

@@ -1,3 +1,17 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:

.github/pull_request_template.md

@@ -0,0 +1,39 @@
+<!--
+Pull Request Template for RustFS
+-->
+
+## Type of Change
+- [ ] New Feature
+- [ ] Bug Fix
+- [ ] Documentation
+- [ ] Performance Improvement
+- [ ] Test/CI
+- [ ] Refactor
+- [ ] Other:
+
+## Related Issues
+<!-- List related Issue numbers, e.g. #123 -->
+
+## Summary of Changes
+<!-- Briefly describe the main changes and motivation for this PR -->
+
+## Checklist
+- [ ] I have read and followed the [CONTRIBUTING.md](CONTRIBUTING.md) guidelines
+- [ ] Code is formatted with `cargo fmt --all`
+- [ ] Passed `cargo clippy --all-targets --all-features -- -D warnings`
+- [ ] Passed `cargo check --all-targets`
+- [ ] Added/updated necessary tests
+- [ ] Documentation updated (if needed)
+- [ ] CI/CD passed (if applicable)
+
+## Impact
+- [ ] Breaking change (compatibility)
+- [ ] Requires doc/config/deployment update
+- [ ] Other impact:
+
+## Additional Notes
+<!-- Any extra information for reviewers -->
+
+---
+
+Thank you for your contribution! Please ensure your PR follows the community standards ([CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)) and sign the CLA if this is your first contribution.

.github/workflows/audit.yml

@@ -1,25 +1,78 @@
-name: Audit
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Security Audit
 
 on:
   push:
-    branches:
-      - main
-    paths: 
+    branches: [main]
+    paths:
       - '**/Cargo.toml'
       - '**/Cargo.lock'
+      - '.github/workflows/audit.yml'
   pull_request:
-    branches:
-      - main
-    paths: 
+    branches: [main]
+    paths:
       - '**/Cargo.toml'
       - '**/Cargo.lock'
+      - '.github/workflows/audit.yml'
   schedule:
-    - cron: '0 0 * * 0' # at midnight of each sunday
+    - cron: '0 0 * * 0' # Weekly on Sunday at midnight UTC
+  workflow_dispatch:
+
+env:
+  CARGO_TERM_COLOR: always
 
 jobs:
-  audit:
+  security-audit:
+    name: Security Audit
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
-      - uses: actions/checkout@v4
-      - uses: taiki-e/install-action@cargo-audit
-      - run: cargo audit -D warnings
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install cargo-audit
+        uses: taiki-e/install-action@v2
+        with:
+          tool: cargo-audit
+
+      - name: Run security audit
+        run: |
+          cargo audit -D warnings --json | tee audit-results.json
+
+      - name: Upload audit results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-audit-results-${{ github.run_number }}
+          path: audit-results.json
+          retention-days: 30
+
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Dependency Review
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: moderate
+          comment-summary-in-pr: true

.github/workflows/build.yml

@@ -1,416 +1,491 @@
-name: Build RustFS And GUI
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Build and Release Workflow
+#
+# This workflow builds RustFS binaries and automatically triggers Docker image builds.
+#
+# Flow:
+# 1. Build binaries for multiple platforms
+# 2. Upload binaries to OSS storage
+# 3. Trigger docker.yml to build and push images using the uploaded binaries
+#
+# Manual Parameters:
+# - build_docker: Build and push Docker images (default: true)
+
+name: Build and Release
 
 on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * 0" # at midnight of each sunday
   push:
-    branches:
-      - main
-    tags: [ "v*", "*" ]
+    tags: ["*.*.*"]
+    branches: [main]
+    paths-ignore:
+      - "**.md"
+      - "**.txt"
+      - ".github/**"
+      - "docs/**"
+      - "deploy/**"
+      - "scripts/dev_*.sh"
+      - "LICENSE*"
+      - "README*"
+      - "**/*.png"
+      - "**/*.jpg"
+      - "**/*.svg"
+      - ".gitignore"
+      - ".dockerignore"
+  pull_request:
+    branches: [main]
+    paths-ignore:
+      - "**.md"
+      - "**.txt"
+      - ".github/**"
+      - "docs/**"
+      - "deploy/**"
+      - "scripts/dev_*.sh"
+      - "LICENSE*"
+      - "README*"
+      - "**/*.png"
+      - "**/*.jpg"
+      - "**/*.svg"
+      - ".gitignore"
+      - ".dockerignore"
+  schedule:
+    - cron: "0 0 * * 0" # Weekly on Sunday at midnight UTC
+  workflow_dispatch:
+    inputs:
+      build_docker:
+        description: "Build and push Docker images after binary build"
+        required: false
+        default: true
+        type: boolean
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+  # Optimize build performance
+  CARGO_INCREMENTAL: 0
 
 jobs:
-  build-rustfs:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ ubuntu-latest, macos-latest, windows-latest ]
-        variant:
-          - { profile: release, target: x86_64-unknown-linux-musl, glibc: "default" }
-          - { profile: release, target: x86_64-unknown-linux-gnu, glibc: "default" }
-          - { profile: release, target: aarch64-apple-darwin, glibc: "default" }
-          #- { profile: release, target: aarch64-unknown-linux-gnu, glibc: "default" }
-          - { profile: release, target: aarch64-unknown-linux-musl, glibc: "default" }
-          #- { profile: release, target: x86_64-pc-windows-msvc, glibc: "default" }
-        exclude:
-          # Linux targets on non-Linux systems
-          - os: macos-latest
-            variant: { profile: release, target: x86_64-unknown-linux-gnu, glibc: "default" }
-          - os: macos-latest
-            variant: { profile: release, target: x86_64-unknown-linux-musl, glibc: "default" }
-          - os: macos-latest
-            variant: { profile: release, target: aarch64-unknown-linux-gnu, glibc: "default" }
-          - os: macos-latest
-            variant: { profile: release, target: aarch64-unknown-linux-musl, glibc: "default" }
-          - os: windows-latest
-            variant: { profile: release, target: x86_64-unknown-linux-gnu, glibc: "default" }
-          - os: windows-latest
-            variant: { profile: release, target: x86_64-unknown-linux-musl, glibc: "default" }
-          - os: windows-latest
-            variant: { profile: release, target: aarch64-unknown-linux-gnu, glibc: "default" }
-          - os: windows-latest
-            variant: { profile: release, target: aarch64-unknown-linux-musl, glibc: "default" }
-
-          # Apple targets on non-macOS systems
-          - os: ubuntu-latest
-            variant: { profile: release, target: aarch64-apple-darwin, glibc: "default" }
-          - os: windows-latest
-            variant: { profile: release, target: aarch64-apple-darwin, glibc: "default" }
-
-          # Windows targets on non-Windows systems
-          - os: ubuntu-latest
-            variant: { profile: release, target: x86_64-pc-windows-msvc, glibc: "default" }
-          - os: macos-latest
-            variant: { profile: release, target: x86_64-pc-windows-msvc, glibc: "default" }
-
+  # Build strategy check - determine build type based on trigger
+  build-check:
+    name: Build Strategy Check
+    runs-on: ubuntu-latest
+    outputs:
+      should_build: ${{ steps.check.outputs.should_build }}
+      build_type: ${{ steps.check.outputs.build_type }}
+      version: ${{ steps.check.outputs.version }}
+      short_sha: ${{ steps.check.outputs.short_sha }}
+      is_prerelease: ${{ steps.check.outputs.is_prerelease }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      # Installation system dependencies
-      - name: Install system dependencies (Ubuntu)
-        if: runner.os == 'Linux'
+      - name: Determine build strategy
+        id: check
         run: |
-          sudo apt update
-          sudo apt install -y musl-tools build-essential lld libdbus-1-dev libwayland-dev libwebkit2gtk-4.1-dev libxdo-dev
-        shell: bash
+          should_build=false
+          build_type="none"
+          version=""
+          short_sha=""
+          is_prerelease=false
 
-      #Install Rust using dtolnay/rust-toolchain
-      - uses: dtolnay/rust-toolchain@master
+          # Get short SHA for all builds
+          short_sha=$(git rev-parse --short HEAD)
+
+          # Determine build type based on trigger
+          if [[ "${{ startsWith(github.ref, 'refs/tags/') }}" == "true" ]]; then
+            # Tag push - release or prerelease
+            should_build=true
+            tag_name="${GITHUB_REF#refs/tags/}"
+            version="${tag_name}"
+
+            # Check if this is a prerelease
+            if [[ "$tag_name" == *"alpha"* ]] || [[ "$tag_name" == *"beta"* ]] || [[ "$tag_name" == *"rc"* ]]; then
+              build_type="prerelease"
+              is_prerelease=true
+              echo "🚀 Prerelease build detected: $tag_name"
+            else
+              build_type="release"
+              echo "📦 Release build detected: $tag_name"
+            fi
+          elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            # Main branch push - development build
+            should_build=true
+            build_type="development"
+            version="dev-${short_sha}"
+            echo "🛠️  Development build detected"
+          elif [[ "${{ github.event_name }}" == "schedule" ]] || \
+               [[ "${{ github.event_name }}" == "workflow_dispatch" ]] || \
+               [[ "${{ contains(github.event.head_commit.message, '--build') }}" == "true" ]]; then
+            # Scheduled or manual build
+            should_build=true
+            build_type="development"
+            version="dev-${short_sha}"
+            echo "⚡ Manual/scheduled build detected"
+          fi
+
+          echo "should_build=$should_build" >> $GITHUB_OUTPUT
+          echo "build_type=$build_type" >> $GITHUB_OUTPUT
+          echo "version=$version" >> $GITHUB_OUTPUT
+          echo "short_sha=$short_sha" >> $GITHUB_OUTPUT
+          echo "is_prerelease=$is_prerelease" >> $GITHUB_OUTPUT
+
+          echo "📊 Build Summary:"
+          echo "  - Should build: $should_build"
+          echo "  - Build type: $build_type"
+          echo "  - Version: $version"
+          echo "  - Short SHA: $short_sha"
+          echo "  - Is prerelease: $is_prerelease"
+
+  # Build RustFS binaries
+  build-rustfs:
+    name: Build RustFS
+    needs: [build-check]
+    if: needs.build-check.outputs.should_build == 'true'
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 60
+    env:
+      RUSTFLAGS: ${{ matrix.cross == 'false' && '-C target-cpu=native' || '' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # Linux builds
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-musl
+            cross: false
+            platform: linux
+          - os: ubuntu-latest
+            target: aarch64-unknown-linux-musl
+            cross: true
+            platform: linux
+          # macOS builds
+          - os: macos-latest
+            target: aarch64-apple-darwin
+            cross: false
+            platform: macos
+          - os: macos-latest
+            target: x86_64-apple-darwin
+            cross: false
+            platform: macos
+          # # Windows builds (temporarily disabled)
+          # - os: windows-latest
+          #   target: x86_64-pc-windows-msvc
+          #   cross: false
+          #   platform: windows
+          # - os: windows-latest
+          #   target: aarch64-pc-windows-msvc
+          #   cross: true
+          #   platform: windows
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
-          toolchain: stable
-          targets: ${{ matrix.variant.target }}
-          components: rustfmt, clippy
+          fetch-depth: 0
 
-      # Install system dependencies
-      - name: Cache Protoc
-        id: cache-protoc
-        uses: actions/cache@v4.2.3
+      - name: Setup Rust environment
+        uses: ./.github/actions/setup
         with:
-          path: /Users/runner/hostedtoolcache/protoc
-          key: protoc-${{ runner.os }}-30.2
-          restore-keys: |
-            protoc-${{ runner.os }}-
+          rust-version: stable
+          target: ${{ matrix.target }}
+          cache-shared-key: build-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          cache-save-if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
+          install-cross-tools: ${{ matrix.cross }}
 
-      - name: Install Protoc
-        if: steps.cache-protoc.outputs.cache-hit != 'true'
-        uses: arduino/setup-protoc@v3
-        with:
-          version: '30.2'
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup Flatc
-        uses: Nugine/setup-flatc@v1
-        with:
-          version: "25.2.10"
-
-      # Cache Cargo dependencies
-      - uses: Swatinem/rust-cache@v2
-        with:
-          cache-on-failure: true
-          cache-all-crates: true
-          shared-key: rustfs-${{ matrix.os }}-${{ matrix.variant.profile }}-${{ matrix.variant.target }}-${{ matrix.variant.glibc }}-${{ hashFiles('**/Cargo.lock') }}
-          save-if: ${{ github.event_name != 'pull_request' }}
-
-      # Set up Zig for cross-compilation
-      - uses: mlugg/setup-zig@v2
-        if: matrix.variant.glibc != 'default' || contains(matrix.variant.target, 'linux')
-
-      - uses: taiki-e/install-action@cargo-zigbuild
-        if: matrix.variant.glibc != 'default' || contains(matrix.variant.target, 'linux')
-
-      # Download static resources
-      - name: Download and Extract Static Assets
+      - name: Download static console assets
         run: |
-          url="https://dl.rustfs.com/artifacts/console/rustfs-console-latest.zip"
-
-          # Create a static resource directory
           mkdir -p ./rustfs/static
-
-          # Download static resources
-          echo "::group::Downloading static assets"
-          curl -L -o static_assets.zip "$url" --retry 3
-
-          # Unzip static resources
-          echo "::group::Extracting static assets"
-          if [ "${{ runner.os }}" = "Windows" ]; then
-            7z x static_assets.zip -o./rustfs/static
-            del static_assets.zip
+          if [[ "${{ matrix.platform }}" == "windows" ]]; then
+            curl.exe -L "https://dl.rustfs.com/artifacts/console/rustfs-console-latest.zip" -o console.zip --retry 3 --retry-delay 5 --max-time 300
+            if [[ $? -eq 0 ]]; then
+              unzip -o console.zip -d ./rustfs/static
+              rm console.zip
+            else
+              echo "Warning: Failed to download console assets, continuing without them"
+              echo "// Static assets not available" > ./rustfs/static/empty.txt
+            fi
           else
-            unzip -o static_assets.zip -d ./rustfs/static
-            rm static_assets.zip
+            chmod +w ./rustfs/static/LICENSE || true
+            curl -L "https://dl.rustfs.com/artifacts/console/rustfs-console-latest.zip" \
+              -o console.zip --retry 3 --retry-delay 5 --max-time 300
+            if [[ $? -eq 0 ]]; then
+              unzip -o console.zip -d ./rustfs/static
+              rm console.zip
+            else
+              echo "Warning: Failed to download console assets, continuing without them"
+              echo "// Static assets not available" > ./rustfs/static/empty.txt
+            fi
           fi
 
-          echo "::group::Static assets content"
-          ls -la ./rustfs/static
-        shell: bash
-
-      # Build rustfs
-      - name: Build rustfs
-        id: build
-        shell: bash
+      - name: Build RustFS
         run: |
-          echo "::group::Setting up build parameters"
-          PROFILE="${{ matrix.variant.profile }}"
-          TARGET="${{ matrix.variant.target }}"
-          GLIBC="${{ matrix.variant.glibc }}"
-
-          # Determine whether to use zigbuild
-          USE_ZIGBUILD=false
-          if [[ "$GLIBC" != "default" || "$TARGET" == *"linux"* ]]; then
-            USE_ZIGBUILD=true
-            echo "Using zigbuild for cross-compilation"
-          fi
-
-          # Determine the target parameters
-          TARGET_ARG="$TARGET"
-          if [[ "$GLIBC" != "default" ]]; then
-            TARGET_ARG="${TARGET}.${GLIBC}"
-            echo "Using custom glibc target: $TARGET_ARG"
-          fi
-
-          # Confirm the profile directory name
-          if [[ "$PROFILE" == "dev" ]]; then
-            PROFILE_DIR="debug"
-          else
-            PROFILE_DIR="$PROFILE"
-          fi
-
-          # Determine the binary suffix
-          BIN_SUFFIX=""
-          if [[ "${{ matrix.variant.target }}" == *"windows"* ]]; then
-            BIN_SUFFIX=".exe"
-          fi
-
-          # Determine the binary name - Use the appropriate extension for Windows
-          BIN_NAME="rustfs.${PROFILE}.${TARGET}"
-          if [[ "$GLIBC" != "default" ]]; then
-            BIN_NAME="${BIN_NAME}.glibc${GLIBC}"
-          fi
-          
-          # Windows systems use exe suffix, and other systems do not have suffix
-          if [[ "${{ matrix.variant.target }}" == *"windows"* ]]; then
-            BIN_NAME="${BIN_NAME}.exe"
-          else
-            BIN_NAME="${BIN_NAME}.bin"
-          fi
-          
-          echo "Binary name will be: $BIN_NAME"
-
-          echo "::group::Building rustfs"
-          # Refresh build information
+          # Force rebuild by touching build.rs
           touch rustfs/build.rs
 
-          # Identify the build command and execute it
-          if [[ "$USE_ZIGBUILD" == "true" ]]; then
-            echo "Build command: cargo zigbuild --profile $PROFILE --target $TARGET_ARG -p rustfs --bins"
-            cargo zigbuild --profile $PROFILE --target $TARGET_ARG -p rustfs --bins
+          if [[ "${{ matrix.cross }}" == "true" ]]; then
+            if [[ "${{ matrix.platform }}" == "windows" ]]; then
+              # Use cross for Windows ARM64
+              cargo install cross --git https://github.com/cross-rs/cross
+              cross build --release --target ${{ matrix.target }} -p rustfs --bins
+            else
+              # Use zigbuild for other cross-compilation
+              cargo zigbuild --release --target ${{ matrix.target }} -p rustfs --bins
+            fi
           else
-            echo "Build command: cargo build --profile $PROFILE --target $TARGET_ARG -p rustfs --bins"
-            cargo build --profile $PROFILE --target $TARGET_ARG -p rustfs --bins
+            cargo build --release --target ${{ matrix.target }} -p rustfs --bins
           fi
 
-          # Determine the binary path and output path
-          BIN_PATH="target/${TARGET_ARG}/${PROFILE_DIR}/rustfs${BIN_SUFFIX}"
-          OUT_PATH="target/artifacts/${BIN_NAME}"
-
-          # Create a target directory
-          mkdir -p target/artifacts
-
-          echo "Copying binary from ${BIN_PATH} to ${OUT_PATH}"
-          cp "${BIN_PATH}" "${OUT_PATH}"
-
-          # Record the output path for use in the next steps
-          echo "bin_path=${OUT_PATH}" >> $GITHUB_OUTPUT
-          echo "bin_name=${BIN_NAME}" >> $GITHUB_OUTPUT
-
-      - name: Package Binary and Static Assets
+      - name: Create release package
         id: package
-        run: |
-          # Create component file name
-          ARTIFACT_NAME="rustfs-${{ matrix.variant.profile }}-${{ matrix.variant.target }}"
-          if [ "${{ matrix.variant.glibc }}" != "default" ]; then
-            ARTIFACT_NAME="${ARTIFACT_NAME}-glibc${{ matrix.variant.glibc }}"
-          fi
-          echo "artifact_name=${ARTIFACT_NAME}" >> $GITHUB_OUTPUT
-
-          # Get the binary path
-          BIN_PATH="${{ steps.build.outputs.bin_path }}"
-
-          # Create a packaged directory structure - only contains bin and docs directories
-          mkdir -p ${ARTIFACT_NAME}/{bin,docs}
-
-          # Copy binary files (note the difference between Windows and other systems)
-          if [[ "${{ matrix.variant.target }}" == *"windows"* ]]; then
-            cp "${BIN_PATH}" ${ARTIFACT_NAME}/bin/rustfs.exe
-          else
-            cp "${BIN_PATH}" ${ARTIFACT_NAME}/bin/rustfs
-          fi
-
-          # copy documents and licenses
-          if [ -f "LICENSE" ]; then
-            cp LICENSE ${ARTIFACT_NAME}/docs/
-          fi
-          if [ -f "README.md" ]; then
-            cp README.md ${ARTIFACT_NAME}/docs/
-          fi
-
-          # Packaged as zip
-          if [ "${{ runner.os }}" = "Windows" ]; then
-            7z a ${ARTIFACT_NAME}.zip ${ARTIFACT_NAME}
-          else
-            zip -r ${ARTIFACT_NAME}.zip ${ARTIFACT_NAME}
-          fi
-
-          echo "Created artifact: ${ARTIFACT_NAME}.zip"
-          ls -la ${ARTIFACT_NAME}.zip
-        shell: bash
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ${{ steps.package.outputs.artifact_name }}
-          path: ${{ steps.package.outputs.artifact_name }}.zip
-          retention-days: 7
-
-      - name: Upload to Aliyun OSS
-        if: startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main'
-        uses: JohnGuan/oss-upload-action@main
-        with:
-          key-id: ${{ secrets.ALICLOUDOSS_KEY_ID }}
-          key-secret: ${{ secrets.ALICLOUDOSS_KEY_SECRET }}
-          region: oss-cn-beijing
-          bucket: rustfs-artifacts
-          assets: |
-            ${{ steps.package.outputs.artifact_name }}.zip:/artifacts/rustfs/${{ steps.package.outputs.artifact_name }}.zip
-            ${{ steps.package.outputs.artifact_name }}.zip:/artifacts/rustfs/${{ steps.package.outputs.artifact_name }}.latest.zip  
-
-      # Determine whether to perform GUI construction based on conditions
-      - name: Prepare for GUI build
-        if: startsWith(github.ref, 'refs/tags/')
-        id: prepare_gui
-        run: |
-          # Create a target directory
-          mkdir -p ./cli/rustfs-gui/embedded-rustfs/
-
-          # Copy the currently built binary to the embedded-rustfs directory
-          if [[ "${{ matrix.variant.target }}" == *"windows"* ]]; then
-            cp "${{ steps.build.outputs.bin_path }}" ./cli/rustfs-gui/embedded-rustfs/rustfs.exe
-          else
-            cp "${{ steps.build.outputs.bin_path }}" ./cli/rustfs-gui/embedded-rustfs/rustfs
-          fi
-
-          echo "Copied binary to embedded-rustfs directory"
-          ls -la ./cli/rustfs-gui/embedded-rustfs/
-        shell: bash
-
-      #Install the dioxus-cli tool
-      - uses: taiki-e/cache-cargo-install-action@v2
-        if: startsWith(github.ref, 'refs/tags/')
-        with:
-          tool: dioxus-cli
-
-      # Build and package GUI applications
-      - name: Build and Bundle rustfs-gui
-        if: startsWith(github.ref, 'refs/tags/')
-        id: build_gui
         shell: bash
         run: |
-          echo "::group::Setting up build parameters for GUI"
-          PROFILE="${{ matrix.variant.profile }}"
-          TARGET="${{ matrix.variant.target }}"
-          GLIBC="${{ matrix.variant.glibc }}"
-          RELEASE_PATH="target/artifacts/$TARGET"
+          BUILD_TYPE="${{ needs.build-check.outputs.build_type }}"
+          VERSION="${{ needs.build-check.outputs.version }}"
+          SHORT_SHA="${{ needs.build-check.outputs.short_sha }}"
 
-          # Make sure the output directory exists
-          mkdir -p ${RELEASE_PATH}
+          # Extract platform and arch from target
+          TARGET="${{ matrix.target }}"
+          PLATFORM="${{ matrix.platform }}"
 
-          # Configure the target platform linker
-          echo "::group::Configuring linker for $TARGET"
+          # Map target to architecture
           case "$TARGET" in
-          "x86_64-unknown-linux-gnu")
-            export CC_x86_64_unknown_linux_gnu=gcc
-            export CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=gcc
-            ;;
-          "x86_64-unknown-linux-musl")
-            export CC_x86_64_unknown_linux_musl=musl-gcc
-            export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=musl-gcc
-            ;;
-          "aarch64-unknown-linux-gnu")
-            export CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
-            export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
-            ;;
-          "aarch64-unknown-linux-musl")
-            export CC_aarch64_unknown_linux_musl=aarch64-linux-musl-gcc
-            export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=aarch64-linux-musl-gcc
-            ;;
-          "aarch64-apple-darwin")
-            export CC_aarch64_apple_darwin=clang
-            export CARGO_TARGET_AARCH64_APPLE_DARWIN_LINKER=clang
-            ;;
-          "x86_64-pc-windows-msvc")
-            export CC_x86_64_pc_windows_msvc=cl
-            export CARGO_TARGET_X86_64_PC_WINDOWS_MSVC_LINKER=link
-            ;;
+            *x86_64*)
+              ARCH="x86_64"
+              ;;
+            *aarch64*|*arm64*)
+              ARCH="aarch64"
+              ;;
+            *armv7*)
+              ARCH="armv7"
+              ;;
+            *)
+              ARCH="unknown"
+              ;;
           esac
 
-          echo "::group::Building GUI application"
-          cd cli/rustfs-gui
-
-          # Building according to the target platform
-          if [[ "$TARGET" == *"apple-darwin"* ]]; then
-            echo "Building for macOS"
-            dx bundle --platform macos --package-types "macos" --package-types "dmg" --release --profile ${PROFILE} --out-dir ../../${RELEASE_PATH}
-          elif [[ "$TARGET" == *"windows-msvc"* ]]; then
-            echo "Building for Windows"
-            dx bundle --platform windows --package-types "msi" --release --profile ${PROFILE} --out-dir ../../${RELEASE_PATH}
-          elif [[ "$TARGET" == *"linux"* ]]; then
-            echo "Building for Linux"
-            dx bundle --platform linux --package-types "deb" --package-types "rpm" --package-types "appimage" --release --profile ${PROFILE} --out-dir ../../${RELEASE_PATH}
-          fi
-
-          cd ../..
-
-          # Create component name
-          GUI_ARTIFACT_NAME="rustfs-gui-${PROFILE}-${TARGET}"
-
-          if [ "$GLIBC" != "default" ]; then
-            GUI_ARTIFACT_NAME="${GUI_ARTIFACT_NAME}-glibc${GLIBC}"
-          fi
-
-          echo "::group::Packaging GUI application"
-          # Select packaging method according to the operating system
-          if [ "${{ runner.os }}" = "Windows" ]; then
-            7z a ${GUI_ARTIFACT_NAME}.zip ${RELEASE_PATH}/*
+          # Generate package name based on build type
+          if [[ "$BUILD_TYPE" == "development" ]]; then
+            # Development build: rustfs-${platform}-${arch}-dev-${short_sha}.zip
+            PACKAGE_NAME="rustfs-${PLATFORM}-${ARCH}-dev-${SHORT_SHA}"
           else
-            zip -r ${GUI_ARTIFACT_NAME}.zip ${RELEASE_PATH}/*
+            # Release/Prerelease build: rustfs-${platform}-${arch}-v${version}.zip
+            PACKAGE_NAME="rustfs-${PLATFORM}-${ARCH}-v${VERSION}"
           fi
 
-          echo "gui_artifact_name=${GUI_ARTIFACT_NAME}" >> $GITHUB_OUTPUT
-          echo "Created GUI artifact: ${GUI_ARTIFACT_NAME}.zip"
-          ls -la ${GUI_ARTIFACT_NAME}.zip
+          # Create zip packages for all platforms
+          # Ensure zip is available
+          if ! command -v zip &> /dev/null; then
+            if [[ "${{ matrix.os }}" == "ubuntu-latest" ]]; then
+              sudo apt-get update && sudo apt-get install -y zip
+            fi
+          fi
 
-      # Upload GUI components
-      - uses: actions/upload-artifact@v4
-        if: startsWith(github.ref, 'refs/tags/')
+          cd target/${{ matrix.target }}/release
+          zip "../../../${PACKAGE_NAME}.zip" rustfs
+          cd ../../..
+
+          echo "package_name=${PACKAGE_NAME}" >> $GITHUB_OUTPUT
+          echo "package_file=${PACKAGE_NAME}.zip" >> $GITHUB_OUTPUT
+          echo "build_type=${BUILD_TYPE}" >> $GITHUB_OUTPUT
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+
+          echo "📦 Package created: ${PACKAGE_NAME}.zip"
+          echo "🔧 Build type: ${BUILD_TYPE}"
+          echo "📊 Version: ${VERSION}"
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
         with:
-          name: ${{ steps.build_gui.outputs.gui_artifact_name }}
-          path: ${{ steps.build_gui.outputs.gui_artifact_name }}.zip
-          retention-days: 7
+          name: ${{ steps.package.outputs.package_name }}
+          path: ${{ steps.package.outputs.package_file }}
+          retention-days: ${{ startsWith(github.ref, 'refs/tags/') && 30 || 7 }}
 
-      # Upload GUI to Alibaba Cloud OSS
-      - name: Upload GUI to Aliyun OSS
-        if: startsWith(github.ref, 'refs/tags/')
-        uses: JohnGuan/oss-upload-action@main
-        with:
-          key-id: ${{ secrets.ALICLOUDOSS_KEY_ID }}
-          key-secret: ${{ secrets.ALICLOUDOSS_KEY_SECRET }}
-          region: oss-cn-beijing
-          bucket: rustfs-artifacts
-          assets: |
-            ${{ steps.build_gui.outputs.gui_artifact_name }}.zip:/artifacts/rustfs/${{ steps.build_gui.outputs.gui_artifact_name }}.zip
-            ${{ steps.build_gui.outputs.gui_artifact_name }}.zip:/artifacts/rustfs/${{ steps.build_gui.outputs.gui_artifact_name }}.latest.zip
+      - name: Upload to Aliyun OSS
+        if: env.OSS_ACCESS_KEY_ID != '' && (needs.build-check.outputs.build_type == 'release' || needs.build-check.outputs.build_type == 'prerelease' || needs.build-check.outputs.build_type == 'development')
+        env:
+          OSS_ACCESS_KEY_ID: ${{ secrets.ALICLOUDOSS_KEY_ID }}
+          OSS_ACCESS_KEY_SECRET: ${{ secrets.ALICLOUDOSS_KEY_SECRET }}
+          OSS_REGION: cn-beijing
+          OSS_ENDPOINT: https://oss-cn-beijing.aliyuncs.com
+        run: |
+          BUILD_TYPE="${{ needs.build-check.outputs.build_type }}"
 
+          # Install ossutil (platform-specific)
+          OSSUTIL_VERSION="2.1.1"
+          case "${{ matrix.platform }}" in
+            linux)
+              if [[ "$(uname -m)" == "arm64" ]]; then
+                ARCH="arm64"
+              else
+                ARCH="amd64"
+              fi
+              OSSUTIL_ZIP="ossutil-${OSSUTIL_VERSION}-linux-${ARCH}.zip"
+              OSSUTIL_DIR="ossutil-${OSSUTIL_VERSION}-linux-${ARCH}"
 
-  merge:
+              curl -o "$OSSUTIL_ZIP" "https://gosspublic.alicdn.com/ossutil/v2/${OSSUTIL_VERSION}/${OSSUTIL_ZIP}"
+              unzip "$OSSUTIL_ZIP"
+              mv "${OSSUTIL_DIR}/ossutil" /usr/local/bin/
+              rm -rf "$OSSUTIL_DIR" "$OSSUTIL_ZIP"
+              chmod +x /usr/local/bin/ossutil
+              OSSUTIL_BIN=ossutil
+              ;;
+            macos)
+              if [[ "$(uname -m)" == "arm64" ]]; then
+                ARCH="arm64"
+              else
+                ARCH="amd64"
+              fi
+              OSSUTIL_ZIP="ossutil-${OSSUTIL_VERSION}-mac-${ARCH}.zip"
+              OSSUTIL_DIR="ossutil-${OSSUTIL_VERSION}-mac-${ARCH}"
+
+              curl -o "$OSSUTIL_ZIP" "https://gosspublic.alicdn.com/ossutil/v2/${OSSUTIL_VERSION}/${OSSUTIL_ZIP}"
+              unzip "$OSSUTIL_ZIP"
+              mv "${OSSUTIL_DIR}/ossutil" /usr/local/bin/
+              rm -rf "$OSSUTIL_DIR" "$OSSUTIL_ZIP"
+              chmod +x /usr/local/bin/ossutil
+              OSSUTIL_BIN=ossutil
+              ;;
+          esac
+
+          # Determine upload path based on build type
+          if [[ "$BUILD_TYPE" == "development" ]]; then
+            OSS_PATH="oss://rustfs-artifacts/artifacts/rustfs/dev/"
+            echo "📤 Uploading development build to OSS dev directory"
+          else
+            OSS_PATH="oss://rustfs-artifacts/artifacts/rustfs/release/"
+            echo "📤 Uploading release build to OSS release directory"
+          fi
+
+          # Upload the package file to OSS
+          echo "Uploading ${{ steps.package.outputs.package_file }} to $OSS_PATH..."
+          $OSSUTIL_BIN cp "${{ steps.package.outputs.package_file }}" "$OSS_PATH" --force
+
+          # For release and prerelease builds, also create a latest version
+          if [[ "$BUILD_TYPE" == "release" ]] || [[ "$BUILD_TYPE" == "prerelease" ]]; then
+            # Extract platform and arch from package name
+            PACKAGE_NAME="${{ steps.package.outputs.package_name }}"
+
+            # Create latest version filename
+            # Convert from rustfs-linux-x86_64-v1.0.0 to rustfs-linux-x86_64-latest
+            LATEST_FILE="${PACKAGE_NAME%-v*}-latest.zip"
+
+            # Copy the original file to latest version
+            cp "${{ steps.package.outputs.package_file }}" "$LATEST_FILE"
+
+            # Upload the latest version
+            echo "Uploading latest version: $LATEST_FILE to $OSS_PATH..."
+            $OSSUTIL_BIN cp "$LATEST_FILE" "$OSS_PATH" --force
+
+            echo "✅ Latest version uploaded: $LATEST_FILE"
+          fi
+
+          # For development builds, create dev-latest version
+          if [[ "$BUILD_TYPE" == "development" ]]; then
+            # Extract platform and arch from package name
+            PACKAGE_NAME="${{ steps.package.outputs.package_name }}"
+
+            # Create dev-latest version filename
+            # Convert from rustfs-linux-x86_64-dev-abc123 to rustfs-linux-x86_64-dev-latest
+            DEV_LATEST_FILE="${PACKAGE_NAME%-*}-latest.zip"
+
+            # Copy the original file to dev-latest version
+            cp "${{ steps.package.outputs.package_file }}" "$DEV_LATEST_FILE"
+
+            # Upload the dev-latest version
+            echo "Uploading dev-latest version: $DEV_LATEST_FILE to $OSS_PATH..."
+            $OSSUTIL_BIN cp "$DEV_LATEST_FILE" "$OSS_PATH" --force
+
+            echo "✅ Dev-latest version uploaded: $DEV_LATEST_FILE"
+
+            # For main branch builds, also create a main-latest version
+            if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+              # Create main-latest version filename
+              # Convert from rustfs-linux-x86_64-dev-abc123 to rustfs-linux-x86_64-main-latest
+              MAIN_LATEST_FILE="${PACKAGE_NAME%-dev-*}-main-latest.zip"
+
+              # Copy the original file to main-latest version
+              cp "${{ steps.package.outputs.package_file }}" "$MAIN_LATEST_FILE"
+
+              # Upload the main-latest version
+              echo "Uploading main-latest version: $MAIN_LATEST_FILE to $OSS_PATH..."
+              $OSSUTIL_BIN cp "$MAIN_LATEST_FILE" "$OSS_PATH" --force
+
+              echo "✅ Main-latest version uploaded: $MAIN_LATEST_FILE"
+
+              # Also create a generic main-latest for Docker builds
+              if [[ "${{ matrix.platform }}" == "linux" ]]; then
+                DOCKER_MAIN_LATEST_FILE="rustfs-linux-${{ matrix.target == 'x86_64-unknown-linux-musl' && 'x86_64' || 'aarch64' }}-main-latest.zip"
+
+                cp "${{ steps.package.outputs.package_file }}" "$DOCKER_MAIN_LATEST_FILE"
+                $OSSUTIL_BIN cp "$DOCKER_MAIN_LATEST_FILE" "$OSS_PATH" --force
+                echo "✅ Docker main-latest version uploaded: $DOCKER_MAIN_LATEST_FILE"
+              fi
+            fi
+          fi
+
+          echo "✅ Upload completed successfully"
+
+  # Build summary
+  build-summary:
+    name: Build Summary
+    needs: [build-check, build-rustfs]
+    if: always() && needs.build-check.outputs.should_build == 'true'
     runs-on: ubuntu-latest
-    needs: [ build-rustfs ]
-    if: startsWith(github.ref, 'refs/tags/')
     steps:
-      - uses: actions/upload-artifact/merge@v4
-        with:
-          name: rustfs-packages
-          pattern: "rustfs-*"
-          delete-merged: true
+      - name: Build completion summary
+        run: |
+          BUILD_TYPE="${{ needs.build-check.outputs.build_type }}"
+          VERSION="${{ needs.build-check.outputs.version }}"
+
+          echo "🎉 Build completed successfully!"
+          echo "📦 Build type: $BUILD_TYPE"
+          echo "🔢 Version: $VERSION"
+          echo ""
+
+          # Check build status
+          BUILD_STATUS="${{ needs.build-rustfs.result }}"
+
+          echo "📊 Build Results:"
+          echo "  📦 All platforms: $BUILD_STATUS"
+          echo ""
+
+          case "$BUILD_TYPE" in
+            "development")
+              echo "🛠️  Development build artifacts have been uploaded to OSS dev directory"
+              echo "⚠️  This is a development build - not suitable for production use"
+              ;;
+            "release")
+              echo "🚀 Release build artifacts have been uploaded to OSS release directory"
+              echo "✅ This build is ready for production use"
+              echo "🏷️  GitHub Release will be created automatically by the release workflow"
+              ;;
+            "prerelease")
+              echo "🧪 Prerelease build artifacts have been uploaded to OSS release directory"
+              echo "⚠️  This is a prerelease build - use with caution"
+              echo "🏷️  GitHub Release will be created automatically by the release workflow"
+              ;;
+          esac
+
+          echo ""
+          echo "🐳 Docker Images:"
+          if [[ "${{ github.event.inputs.build_docker }}" == "false" ]]; then
+            echo "⏭️  Docker image build was skipped (binary only build)"
+          elif [[ "$BUILD_STATUS" == "success" ]]; then
+            echo "🔄 Docker images will be built and pushed automatically via workflow_run event"
+          else
+            echo "❌ Docker image build will be skipped due to build failure"
+          fi

.github/workflows/ci.yml

@@ -1,21 +1,71 @@
-name: CI
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Continuous Integration
 
 on:
   push:
-    branches:
-      - main
+    branches: [main]
+    paths-ignore:
+      - "**.md"
+      - "**.txt"
+      - "docs/**"
+      - "deploy/**"
+      - "scripts/dev_*.sh"
+      - "scripts/probe.sh"
+      - "LICENSE*"
+      - ".gitignore"
+      - ".dockerignore"
+      - "README*"
+      - "**/*.png"
+      - "**/*.jpg"
+      - "**/*.svg"
+      - ".github/workflows/build.yml"
+      - ".github/workflows/docker.yml"
+      - ".github/workflows/audit.yml"
+      - ".github/workflows/performance.yml"
   pull_request:
-    branches:
-      - main
+    branches: [main]
+    paths-ignore:
+      - "**.md"
+      - "**.txt"
+      - "docs/**"
+      - "deploy/**"
+      - "scripts/dev_*.sh"
+      - "scripts/probe.sh"
+      - "LICENSE*"
+      - ".gitignore"
+      - ".dockerignore"
+      - "README*"
+      - "**/*.png"
+      - "**/*.jpg"
+      - "**/*.svg"
+      - ".github/workflows/build.yml"
+      - ".github/workflows/docker.yml"
+      - ".github/workflows/audit.yml"
+      - ".github/workflows/performance.yml"
   schedule:
-    - cron: '0 0 * * 0' # at midnight of each sunday
+    - cron: "0 0 * * 0" # Weekly on Sunday at midnight UTC
   workflow_dispatch:
 
 env:
   CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
 
 jobs:
   skip-check:
+    name: Skip Duplicate Actions
     permissions:
       actions: write
       contents: read
@@ -23,100 +73,84 @@ jobs:
     outputs:
       should_skip: ${{ steps.skip_check.outputs.should_skip }}
     steps:
-      - id: skip_check
+      - name: Skip duplicate actions
+        id: skip_check
         uses: fkirc/skip-duplicate-actions@v5
         with:
-          concurrent_skipping: 'same_content_newer'
+          concurrent_skipping: "same_content_newer"
           cancel_others: true
-          paths_ignore: '["*.md"]'
+          paths_ignore: '["*.md", "docs/**", "deploy/**"]'
+          # Never skip release events and tag pushes
+          do_not_skip: '["workflow_dispatch", "schedule", "merge_group", "release", "push"]'
 
-  # Quality checks for pull requests
-  pr-checks:
-    name: Pull Request Quality Checks
-    if: github.event_name == 'pull_request'
-    runs-on: self-hosted
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup
-
-      - name: Format Check
-        run: cargo fmt --all --check
-
-      - name: Lint Check
-        run: cargo check --all-targets
-
-      - name: Clippy Check
-        run: cargo clippy --all-targets --all-features -- -D warnings
-
-      - name: Unit Tests
-        run: cargo test --all --exclude e2e_test
-
-  develop:
+  test-and-lint:
+    name: Test and Lint
     needs: skip-check
     if: needs.skip-check.outputs.should_skip != 'true'
-    runs-on: self-hosted
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
     steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-      - name: Format
+      - name: Setup Rust environment
+        uses: ./.github/actions/setup
+        with:
+          rust-version: stable
+          cache-shared-key: ci-test-${{ hashFiles('**/Cargo.lock') }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          cache-save-if: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Run tests
+        run: |
+          cargo nextest run --all --exclude e2e_test
+          cargo test --all --doc
+
+      - name: Check code formatting
         run: cargo fmt --all --check
 
-      - name: Lint
-        run: cargo check --all-targets
-
-      - name: Clippy
+      - name: Run clippy lints
         run: cargo clippy --all-targets --all-features -- -D warnings
 
-      - name: Test
-        run: cargo test --all --exclude e2e_test
+  e2e-tests:
+    name: End-to-End Tests
+    needs: skip-check
+    if: needs.skip-check.outputs.should_skip != 'true'
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-      - name: Build debug
+      - name: Setup Rust environment
+        uses: ./.github/actions/setup
+        with:
+          rust-version: stable
+          cache-shared-key: ci-e2e-${{ hashFiles('**/Cargo.lock') }}
+          cache-save-if: ${{ github.ref == 'refs/heads/main' }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install s3s-e2e test tool
+        uses: taiki-e/cache-cargo-install-action@v2
+        with:
+          tool: s3s-e2e
+          git: https://github.com/Nugine/s3s.git
+          rev: b7714bfaa17ddfa9b23ea01774a1e7bbdbfc2ca3
+
+      - name: Build debug binary
         run: |
           touch rustfs/build.rs
           cargo build -p rustfs --bins
 
-      - name: Pack artifacts
+      - name: Run end-to-end tests
         run: |
-          mkdir -p ./target/artifacts
-          cp target/debug/rustfs    ./target/artifacts/rustfs-debug
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: rustfs
-          path: ./target/artifacts/*
-
-  s3s-e2e:
-    name: E2E (s3s-e2e)
-    needs:
-      - skip-check
-      - develop
-    if: needs.skip-check.outputs.should_skip != 'true'
-    runs-on: self-hosted
-    steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
-      - uses: Swatinem/rust-cache@v2
-        with:
-          cache-on-failure: true
-          cache-all-crates: true
-
-      - name: Install s3s-e2e
-        run: |
-          cargo install s3s-e2e --git https://github.com/Nugine/s3s.git
           s3s-e2e --version
+          ./scripts/e2e-run.sh ./target/debug/rustfs /tmp/rustfs
 
-      - uses: actions/download-artifact@v4
+      - name: Upload test logs
+        if: failure()
+        uses: actions/upload-artifact@v4
         with:
-          name: rustfs
-          path: ./target/artifacts
-
-      - name: Run s3s-e2e
-        timeout-minutes: 10
-        run: |
-          ./scripts/e2e-run.sh ./target/artifacts/rustfs-debug /tmp/rustfs
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: s3s-e2e.logs
+          name: e2e-test-logs-${{ github.run_number }}
           path: /tmp/rustfs.log
+          retention-days: 3

.github/workflows/docker.yml

@@ -0,0 +1,384 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Docker Images Workflow
+#
+# This workflow builds Docker images using pre-built binaries from the build workflow.
+#
+# Trigger Types:
+# 1. workflow_run: Automatically triggered when "Build and Release" workflow completes
+# 2. workflow_dispatch: Manual trigger for standalone Docker builds
+#
+# Key Features:
+# - Only triggers when Linux builds (x86_64 + aarch64) are successful
+# - Independent of macOS/Windows build status
+# - Uses workflow_run event for precise control
+# - Only builds Docker images for releases and prereleases (development builds are skipped)
+
+name: Docker Images
+
+# Permissions needed for workflow_run event and Docker registry access
+permissions:
+  contents: read
+  packages: write
+
+on:
+  # Automatically triggered when build workflow completes
+  workflow_run:
+    workflows: ["Build and Release"]
+    types: [completed]
+    branches: [main]
+  # Manual trigger with same parameters for consistency
+  workflow_dispatch:
+    inputs:
+      push_images:
+        description: "Push images to registries"
+        required: false
+        default: true
+        type: boolean
+      version:
+        description: "Version to build (latest for stable release, or specific version like v1.0.0, v1.0.0-alpha1)"
+        required: false
+        default: "latest"
+        type: string
+      force_rebuild:
+        description: "Force rebuild even if binary exists (useful for testing)"
+        required: false
+        default: false
+        type: boolean
+
+env:
+  DOCKERHUB_USERNAME: rustfs
+  CARGO_TERM_COLOR: always
+  REGISTRY_DOCKERHUB: rustfs/rustfs
+  REGISTRY_GHCR: ghcr.io/${{ github.repository }}
+  DOCKER_PLATFORMS: linux/amd64,linux/arm64
+
+jobs:
+  # Check if we should build Docker images
+  build-check:
+    name: Docker Build Check
+    runs-on: ubuntu-latest
+    outputs:
+      should_build: ${{ steps.check.outputs.should_build }}
+      should_push: ${{ steps.check.outputs.should_push }}
+      build_type: ${{ steps.check.outputs.build_type }}
+      version: ${{ steps.check.outputs.version }}
+      short_sha: ${{ steps.check.outputs.short_sha }}
+      is_prerelease: ${{ steps.check.outputs.is_prerelease }}
+      create_latest: ${{ steps.check.outputs.create_latest }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check build conditions
+        id: check
+        run: |
+          should_build=false
+          should_push=false
+          build_type="none"
+          version=""
+          short_sha=""
+          is_prerelease=false
+          create_latest=false
+
+          if [[ "${{ github.event_name }}" == "workflow_run" ]]; then
+            # Triggered by build workflow completion
+            echo "🔗 Triggered by build workflow completion"
+
+            # Check if the triggering workflow was successful
+            # If the workflow succeeded, it means ALL builds (including Linux x86_64 and aarch64) succeeded
+            if [[ "${{ github.event.workflow_run.conclusion }}" == "success" ]]; then
+              echo "✅ Build workflow succeeded, all builds including Linux are successful"
+              should_build=true
+              should_push=true
+            else
+              echo "❌ Build workflow failed (conclusion: ${{ github.event.workflow_run.conclusion }}), skipping Docker build"
+              should_build=false
+            fi
+
+            # Extract version info from commit message or use commit SHA
+            # Use Git to generate consistent short SHA (ensures uniqueness like build.yml)
+            short_sha=$(git rev-parse --short "${{ github.event.workflow_run.head_sha }}")
+
+            # Determine build type based on branch and commit
+            if [[ "${{ github.event.workflow_run.head_branch }}" == "main" ]]; then
+              build_type="development"
+              version="dev-${short_sha}"
+              # Skip Docker build for development builds
+              should_build=false
+              echo "⏭️  Skipping Docker build for development version (main branch)"
+            elif [[ "${{ github.event.workflow_run.event }}" == "push" ]] && [[ "${{ github.event.workflow_run.head_branch }}" =~ ^refs/tags/ ]]; then
+              # Tag push - only build for releases and prereleases
+              tag_name="${{ github.event.workflow_run.head_branch }}"
+              version="${tag_name#refs/tags/}"
+              if [[ "$version" == *"alpha"* ]] || [[ "$version" == *"beta"* ]] || [[ "$version" == *"rc"* ]]; then
+                build_type="prerelease"
+                is_prerelease=true
+                echo "🧪 Building Docker image for prerelease: $version"
+              else
+                build_type="release"
+                create_latest=true
+                echo "🚀 Building Docker image for release: $version"
+              fi
+            else
+              build_type="development"
+              version="dev-${short_sha}"
+              # Skip Docker build for development builds
+              should_build=false
+              echo "⏭️  Skipping Docker build for development version"
+            fi
+
+            echo "🔄 Build triggered by workflow_run:"
+            echo "   📋 Conclusion: ${{ github.event.workflow_run.conclusion }}"
+            echo "   🌿 Branch: ${{ github.event.workflow_run.head_branch }}"
+            echo "   📎 SHA: ${{ github.event.workflow_run.head_sha }}"
+            echo "   🎯 Event: ${{ github.event.workflow_run.event }}"
+
+          elif [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            # Manual trigger
+            input_version="${{ github.event.inputs.version }}"
+            version="${input_version}"
+            should_push="${{ github.event.inputs.push_images }}"
+            should_build=true
+
+            # Get short SHA
+            short_sha=$(git rev-parse --short HEAD)
+
+            echo "🎯 Manual Docker build triggered:"
+            echo "   📋 Requested version: $input_version"
+            echo "   🔧 Force rebuild: ${{ github.event.inputs.force_rebuild }}"
+            echo "   🚀 Push images: $should_push"
+
+            case "$input_version" in
+              "latest")
+                build_type="release"
+                create_latest=true
+                echo "🚀 Building with latest stable release version"
+                ;;
+              v[0-9]*)
+                build_type="release"
+                create_latest=true
+                echo "📦 Building with specific release version: $input_version"
+                ;;
+              v*alpha*|v*beta*|v*rc*)
+                build_type="prerelease"
+                is_prerelease=true
+                echo "🧪 Building with prerelease version: $input_version"
+                ;;
+              *)
+                # Invalid version for Docker build
+                should_build=false
+                echo "❌ Invalid version for Docker build: $input_version"
+                echo "⚠️  Only release versions (latest, v1.0.0) and prereleases (v1.0.0-alpha1) are supported"
+                ;;
+            esac
+          fi
+
+          echo "should_build=$should_build" >> $GITHUB_OUTPUT
+          echo "should_push=$should_push" >> $GITHUB_OUTPUT
+          echo "build_type=$build_type" >> $GITHUB_OUTPUT
+          echo "version=$version" >> $GITHUB_OUTPUT
+          echo "short_sha=$short_sha" >> $GITHUB_OUTPUT
+          echo "is_prerelease=$is_prerelease" >> $GITHUB_OUTPUT
+          echo "create_latest=$create_latest" >> $GITHUB_OUTPUT
+
+          echo "🐳 Docker Build Summary:"
+          echo "  - Should build: $should_build"
+          echo "  - Should push: $should_push"
+          echo "  - Build type: $build_type"
+          echo "  - Version: $version"
+          echo "  - Short SHA: $short_sha"
+          echo "  - Is prerelease: $is_prerelease"
+          echo "  - Create latest: $create_latest"
+
+  # Build multi-arch Docker images
+  # Strategy: Build images using pre-built binaries from dl.rustfs.com
+  # Supports both release and dev channel binaries based on build context
+  # Only runs when should_build is true (which includes workflow success check)
+  build-docker:
+    name: Build Docker Images
+    needs: build-check
+    if: needs.build-check.outputs.should_build == 'true'
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      # - name: Login to GitHub Container Registry
+      #   uses: docker/login-action@v3
+      #   with:
+      #     registry: ghcr.io
+      #     username: ${{ github.actor }}
+      #     password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata and generate tags
+        id: meta
+        run: |
+          BUILD_TYPE="${{ needs.build-check.outputs.build_type }}"
+          VERSION="${{ needs.build-check.outputs.version }}"
+          SHORT_SHA="${{ needs.build-check.outputs.short_sha }}"
+          CREATE_LATEST="${{ needs.build-check.outputs.create_latest }}"
+
+          # Convert version format for Dockerfile compatibility
+          case "$VERSION" in
+            "latest")
+              # For stable latest, use RELEASE=latest + release CHANNEL
+              DOCKER_RELEASE="latest"
+              DOCKER_CHANNEL="release"
+              ;;
+            v*)
+              # For versioned releases (v1.0.0), remove 'v' prefix for Dockerfile
+              DOCKER_RELEASE="${VERSION#v}"
+              DOCKER_CHANNEL="release"
+              ;;
+            *)
+              # For other versions, pass as-is
+              DOCKER_RELEASE="${VERSION}"
+              DOCKER_CHANNEL="release"
+              ;;
+          esac
+
+          echo "docker_release=$DOCKER_RELEASE" >> $GITHUB_OUTPUT
+          echo "docker_channel=$DOCKER_CHANNEL" >> $GITHUB_OUTPUT
+
+          echo "🐳 Docker build parameters:"
+          echo "  - Original version: $VERSION"
+          echo "  - Docker RELEASE: $DOCKER_RELEASE"
+          echo "  - Docker CHANNEL: $DOCKER_CHANNEL"
+
+          # Generate tags based on build type
+          # Only support release and prerelease builds (no development builds)
+          TAGS="${{ env.REGISTRY_DOCKERHUB }}:${VERSION}"
+
+          # Add channel tags for prereleases and latest for stable
+          if [[ "$CREATE_LATEST" == "true" ]]; then
+            # Stable release
+            TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:latest"
+          elif [[ "$BUILD_TYPE" == "prerelease" ]]; then
+            # Prerelease channel tags (alpha, beta, rc)
+            if [[ "$VERSION" == *"alpha"* ]]; then
+              CHANNEL="alpha"
+            elif [[ "$VERSION" == *"beta"* ]]; then
+              CHANNEL="beta"
+            elif [[ "$VERSION" == *"rc"* ]]; then
+              CHANNEL="rc"
+            fi
+
+            if [[ -n "$CHANNEL" ]]; then
+              TAGS="$TAGS,${{ env.REGISTRY_DOCKERHUB }}:${CHANNEL}"
+            fi
+          fi
+
+          # Output tags
+          echo "tags=$TAGS" >> $GITHUB_OUTPUT
+
+          # Generate labels
+          LABELS="org.opencontainers.image.title=RustFS"
+          LABELS="$LABELS,org.opencontainers.image.description=RustFS distributed object storage system"
+          LABELS="$LABELS,org.opencontainers.image.version=$VERSION"
+          LABELS="$LABELS,org.opencontainers.image.revision=${{ github.sha }}"
+          LABELS="$LABELS,org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}"
+          LABELS="$LABELS,org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+          LABELS="$LABELS,org.opencontainers.image.build-type=$BUILD_TYPE"
+
+          echo "labels=$LABELS" >> $GITHUB_OUTPUT
+
+          echo "🐳 Generated Docker tags:"
+          echo "$TAGS" | tr ',' '\n' | sed 's/^/  - /'
+          echo "📋 Build type: $BUILD_TYPE"
+          echo "🔖 Version: $VERSION"
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          platforms: ${{ env.DOCKER_PLATFORMS }}
+          push: ${{ needs.build-check.outputs.should_push == 'true' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: |
+            type=gha,scope=docker-binary
+          cache-to: |
+            type=gha,mode=max,scope=docker-binary
+          build-args: |
+            BUILDTIME=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+            VERSION=${{ needs.build-check.outputs.version }}
+            BUILD_TYPE=${{ needs.build-check.outputs.build_type }}
+            REVISION=${{ github.sha }}
+            RELEASE=${{ steps.meta.outputs.docker_release }}
+            CHANNEL=${{ steps.meta.outputs.docker_channel }}
+            BUILDKIT_INLINE_CACHE=1
+          # Enable advanced BuildKit features for better performance
+          provenance: false
+          sbom: false
+          # Add retry mechanism by splitting the build process
+          no-cache: false
+          pull: true
+
+  # Note: Manifest creation is no longer needed as we only build one variant
+  # Multi-arch manifests are automatically created by docker/build-push-action
+
+  # Docker build summary
+  docker-summary:
+    name: Docker Build Summary
+    needs: [build-check, build-docker]
+    if: always() && needs.build-check.outputs.should_build == 'true'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Docker build completion summary
+        run: |
+          BUILD_TYPE="${{ needs.build-check.outputs.build_type }}"
+          VERSION="${{ needs.build-check.outputs.version }}"
+          CREATE_LATEST="${{ needs.build-check.outputs.create_latest }}"
+
+          echo "🐳 Docker build completed successfully!"
+          echo "📦 Build type: $BUILD_TYPE"
+          echo "🔢 Version: $VERSION"
+          echo "🚀 Strategy: Images using pre-built binaries (release channel only)"
+          echo ""
+
+          case "$BUILD_TYPE" in
+            "release")
+              echo "🚀 Release Docker image has been built with ${VERSION} tags"
+              echo "✅ This image is ready for production use"
+              if [[ "$CREATE_LATEST" == "true" ]]; then
+                echo "🏷️  Latest tag has been created for stable release"
+              fi
+              ;;
+            "prerelease")
+              echo "🧪 Prerelease Docker image has been built with ${VERSION} tags"
+              echo "⚠️  This is a prerelease image - use with caution"
+              echo "🚫 Latest tag NOT created for prerelease"
+              ;;
+            *)
+              echo "❌ Unexpected build type: $BUILD_TYPE"
+              ;;
+          esac

.github/workflows/issue-translator.yml

@@ -0,0 +1,32 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "issue-translator"
+on:
+  issue_comment:
+    types: [created]
+  issues:
+    types: [opened]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: usthe/issues-translate-action@v2.7
+        with:
+          IS_MODIFY_TITLE: false
+          # not require, default false, . Decide whether to modify the issue title
+          # if true, the robot account @Issues-translate-bot must have modification permissions, invite @Issues-translate-bot to your project or use your custom bot.
+          CUSTOM_BOT_NOTE: Bot detected the issue body's language is not English, translate it automatically.
+          # not require. Customize the translation robot prefix message.

.github/workflows/performance.yml

@@ -0,0 +1,139 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Performance Testing
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "**/*.rs"
+      - "**/Cargo.toml"
+      - "**/Cargo.lock"
+      - ".github/workflows/performance.yml"
+  workflow_dispatch:
+    inputs:
+      profile_duration:
+        description: "Profiling duration in seconds"
+        required: false
+        default: "120"
+        type: string
+
+env:
+  CARGO_TERM_COLOR: always
+  RUST_BACKTRACE: 1
+
+jobs:
+  performance-profile:
+    name: Performance Profiling
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Rust environment
+        uses: ./.github/actions/setup
+        with:
+          rust-version: nightly
+          cache-shared-key: perf-${{ hashFiles('**/Cargo.lock') }}
+          cache-save-if: ${{ github.ref == 'refs/heads/main' }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install additional nightly components
+        run: rustup component add llvm-tools-preview
+
+      - name: Install samply profiler
+        uses: taiki-e/cache-cargo-install-action@v2
+        with:
+          tool: samply
+
+      - name: Configure kernel for profiling
+        run: echo '1' | sudo tee /proc/sys/kernel/perf_event_paranoid
+
+      - name: Prepare test environment
+        run: |
+          # Create test volumes
+          for i in {0..4}; do
+            mkdir -p ./target/volume/test$i
+          done
+
+          # Set environment variables
+          echo "RUSTFS_VOLUMES=./target/volume/test{0...4}" >> $GITHUB_ENV
+          echo "RUST_LOG=rustfs=info,ecstore=info,s3s=info,iam=info,rustfs-obs=info" >> $GITHUB_ENV
+
+      - name: Verify console static assets
+        run: |
+          # Console static assets are already embedded in the repository
+          echo "Console static assets size: $(du -sh rustfs/static/)"
+          echo "Console static assets are embedded via rust-embed, no external download needed"
+
+      - name: Build with profiling optimizations
+        run: |
+          RUSTFLAGS="-C force-frame-pointers=yes -C debug-assertions=off" \
+          cargo +nightly build --profile profiling -p rustfs --bins
+
+      - name: Run performance profiling
+        id: profiling
+        run: |
+          DURATION="${{ github.event.inputs.profile_duration || '120' }}"
+          echo "Running profiling for ${DURATION} seconds..."
+
+          timeout "${DURATION}s" samply record \
+            --output samply-profile.json \
+            ./target/profiling/rustfs ${RUSTFS_VOLUMES} || true
+
+          if [ -f "samply-profile.json" ]; then
+            echo "profile_generated=true" >> $GITHUB_OUTPUT
+            echo "Profile generated successfully"
+          else
+            echo "profile_generated=false" >> $GITHUB_OUTPUT
+            echo "::warning::Profile data not generated"
+          fi
+
+      - name: Upload profile data
+        if: steps.profiling.outputs.profile_generated == 'true'
+        uses: actions/upload-artifact@v4
+        with:
+          name: performance-profile-${{ github.run_number }}
+          path: samply-profile.json
+          retention-days: 30
+
+  benchmark:
+    name: Benchmark Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Rust environment
+        uses: ./.github/actions/setup
+        with:
+          rust-version: stable
+          cache-shared-key: bench-${{ hashFiles('**/Cargo.lock') }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          cache-save-if: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Run benchmarks
+        run: |
+          cargo bench --package ecstore --bench comparison_benchmark -- --output-format json | \
+          tee benchmark-results.json
+
+      - name: Upload benchmark results
+        uses: actions/upload-artifact@v4
+        with:
+          name: benchmark-results-${{ github.run_number }}
+          path: benchmark-results.json
+          retention-days: 7

.github/workflows/release-notes-template.md

@@ -0,0 +1,78 @@
+## RustFS ${VERSION_CLEAN}
+
+${ORIGINAL_NOTES}
+
+---
+
+### 🚀 Quick Download
+
+**Linux (Static Binaries - No Dependencies):**
+
+```bash
+# x86_64 (Intel/AMD)
+curl -LO https://github.com/rustfs/rustfs/releases/download/${VERSION}/rustfs-x86_64-unknown-linux-musl.zip
+unzip rustfs-x86_64-unknown-linux-musl.zip
+sudo mv rustfs /usr/local/bin/
+
+# ARM64 (Graviton, Apple Silicon VMs)
+curl -LO https://github.com/rustfs/rustfs/releases/download/${VERSION}/rustfs-aarch64-unknown-linux-musl.zip
+unzip rustfs-aarch64-unknown-linux-musl.zip
+sudo mv rustfs /usr/local/bin/
+```
+
+**macOS:**
+
+```bash
+# Apple Silicon (M1/M2/M3)
+curl -LO https://github.com/rustfs/rustfs/releases/download/${VERSION}/rustfs-aarch64-apple-darwin.zip
+unzip rustfs-aarch64-apple-darwin.zip
+sudo mv rustfs /usr/local/bin/
+
+# Intel
+curl -LO https://github.com/rustfs/rustfs/releases/download/${VERSION}/rustfs-x86_64-apple-darwin.zip
+unzip rustfs-x86_64-apple-darwin.zip
+sudo mv rustfs /usr/local/bin/
+```
+
+### 📁 Available Downloads
+
+| Platform | Architecture | File | Description |
+|----------|-------------|------|-------------|
+| Linux | x86_64 | `rustfs-x86_64-unknown-linux-musl.zip` | Static binary, no dependencies |
+| Linux | ARM64 | `rustfs-aarch64-unknown-linux-musl.zip` | Static binary, no dependencies |
+| macOS | Apple Silicon | `rustfs-aarch64-apple-darwin.zip` | Native binary, ZIP archive |
+| macOS | Intel | `rustfs-x86_64-apple-darwin.zip` | Native binary, ZIP archive |
+
+### 🔐 Verification
+
+Download checksums and verify your download:
+
+```bash
+# Download checksums
+curl -LO https://github.com/rustfs/rustfs/releases/download/${VERSION}/SHA256SUMS
+
+# Verify (Linux)
+sha256sum -c SHA256SUMS --ignore-missing
+
+# Verify (macOS)
+shasum -a 256 -c SHA256SUMS --ignore-missing
+```
+
+### 🛠️ System Requirements
+
+- **Linux**: Any distribution with glibc 2.17+ (CentOS 7+, Ubuntu 16.04+)
+- **macOS**: 10.15+ (Catalina or later)
+- **Windows**: Windows 10 version 1809 or later
+
+### 📚 Documentation
+
+- [Installation Guide](https://github.com/rustfs/rustfs#installation)
+- [Quick Start](https://github.com/rustfs/rustfs#quick-start)
+- [Configuration](https://github.com/rustfs/rustfs/blob/main/docs/)
+- [API Documentation](https://docs.rs/rustfs)
+
+### 🆘 Support
+
+- 🐛 [Report Issues](https://github.com/rustfs/rustfs/issues)
+- 💬 [Community Discussions](https://github.com/rustfs/rustfs/discussions)
+- 📖 [Documentation](https://github.com/rustfs/rustfs/tree/main/docs)

.github/workflows/release.yml

@@ -0,0 +1,353 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Release
+
+on:
+  push:
+    tags: ["*.*.*"]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Tag to create release for"
+        required: true
+        type: string
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  # Determine release type
+  release-check:
+    name: Release Type Check
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.check.outputs.tag }}
+      version: ${{ steps.check.outputs.version }}
+      is_prerelease: ${{ steps.check.outputs.is_prerelease }}
+      release_type: ${{ steps.check.outputs.release_type }}
+    steps:
+      - name: Determine release type
+        id: check
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            TAG="${{ github.event.inputs.tag }}"
+          else
+            TAG="${GITHUB_REF#refs/tags/}"
+          fi
+
+          VERSION="${TAG}"
+
+          # Check if this is a prerelease
+          IS_PRERELEASE=false
+          RELEASE_TYPE="release"
+
+          if [[ "$TAG" == *"alpha"* ]] || [[ "$TAG" == *"beta"* ]] || [[ "$TAG" == *"rc"* ]]; then
+            IS_PRERELEASE=true
+            if [[ "$TAG" == *"alpha"* ]]; then
+              RELEASE_TYPE="alpha"
+            elif [[ "$TAG" == *"beta"* ]]; then
+              RELEASE_TYPE="beta"
+            elif [[ "$TAG" == *"rc"* ]]; then
+              RELEASE_TYPE="rc"
+            fi
+          fi
+
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "is_prerelease=$IS_PRERELEASE" >> $GITHUB_OUTPUT
+          echo "release_type=$RELEASE_TYPE" >> $GITHUB_OUTPUT
+
+          echo "📦 Release Type: $RELEASE_TYPE"
+          echo "🏷️  Tag: $TAG"
+          echo "🔢 Version: $VERSION"
+          echo "🚀 Is Prerelease: $IS_PRERELEASE"
+
+  # Create GitHub Release
+  create-release:
+    name: Create GitHub Release
+    needs: release-check
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    outputs:
+      release_id: ${{ steps.create.outputs.release_id }}
+      release_url: ${{ steps.create.outputs.release_url }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Create GitHub Release
+        id: create
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          TAG="${{ needs.release-check.outputs.tag }}"
+          VERSION="${{ needs.release-check.outputs.version }}"
+          IS_PRERELEASE="${{ needs.release-check.outputs.is_prerelease }}"
+          RELEASE_TYPE="${{ needs.release-check.outputs.release_type }}"
+
+          # Check if release already exists
+          if gh release view "$TAG" >/dev/null 2>&1; then
+            echo "Release $TAG already exists"
+            RELEASE_ID=$(gh release view "$TAG" --json databaseId --jq '.databaseId')
+            RELEASE_URL=$(gh release view "$TAG" --json url --jq '.url')
+          else
+            # Get release notes from tag message
+            RELEASE_NOTES=$(git tag -l --format='%(contents)' "${TAG}")
+            if [[ -z "$RELEASE_NOTES" || "$RELEASE_NOTES" =~ ^[[:space:]]*$ ]]; then
+              if [[ "$IS_PRERELEASE" == "true" ]]; then
+                RELEASE_NOTES="Pre-release ${VERSION} (${RELEASE_TYPE})"
+              else
+                RELEASE_NOTES="Release ${VERSION}"
+              fi
+            fi
+
+            # Create release title
+            if [[ "$IS_PRERELEASE" == "true" ]]; then
+              TITLE="RustFS $VERSION (${RELEASE_TYPE})"
+            else
+              TITLE="RustFS $VERSION"
+            fi
+
+            # Create the release
+            PRERELEASE_FLAG=""
+            if [[ "$IS_PRERELEASE" == "true" ]]; then
+              PRERELEASE_FLAG="--prerelease"
+            fi
+
+            gh release create "$TAG" \
+              --title "$TITLE" \
+              --notes "$RELEASE_NOTES" \
+              $PRERELEASE_FLAG \
+              --draft
+
+            RELEASE_ID=$(gh release view "$TAG" --json databaseId --jq '.databaseId')
+            RELEASE_URL=$(gh release view "$TAG" --json url --jq '.url')
+          fi
+
+          echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT
+          echo "release_url=$RELEASE_URL" >> $GITHUB_OUTPUT
+          echo "Created release: $RELEASE_URL"
+
+  # Wait for build artifacts from build.yml
+  wait-for-artifacts:
+    name: Wait for Build Artifacts
+    needs: release-check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Wait for build workflow
+        uses: lewagon/wait-on-check-action@v1.3.1
+        with:
+          ref: ${{ needs.release-check.outputs.tag }}
+          check-name: "Build RustFS"
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          wait-interval: 30
+          allowed-conclusions: success
+
+  # Download and prepare release assets
+  prepare-assets:
+    name: Prepare Release Assets
+    needs: [release-check, wait-for-artifacts]
+    runs-on: ubuntu-latest
+    outputs:
+      assets_prepared: ${{ steps.prepare.outputs.assets_prepared }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Download artifacts from build workflow
+        uses: actions/download-artifact@v4
+        with:
+          path: ./artifacts
+          pattern: rustfs-*
+          merge-multiple: true
+
+      - name: Prepare release assets
+        id: prepare
+        run: |
+          VERSION="${{ needs.release-check.outputs.version }}"
+          TAG="${{ needs.release-check.outputs.tag }}"
+
+          mkdir -p ./release-assets
+
+          # Copy and verify artifacts
+          ASSETS_COUNT=0
+          for file in ./artifacts/rustfs-*.zip; do
+            if [[ -f "$file" ]]; then
+              cp "$file" ./release-assets/
+              ASSETS_COUNT=$((ASSETS_COUNT + 1))
+            fi
+          done
+
+          if [[ $ASSETS_COUNT -eq 0 ]]; then
+            echo "❌ No artifacts found!"
+            exit 1
+          fi
+
+          cd ./release-assets
+
+          # Generate checksums
+          if ls *.zip >/dev/null 2>&1; then
+            sha256sum *.zip > SHA256SUMS
+            sha512sum *.zip > SHA512SUMS
+          fi
+
+          # TODO: Add GPG signing for signatures
+          # For now, create placeholder signature files
+          for file in *.zip; do
+            echo "# Signature for $file" > "${file}.asc"
+            echo "# GPG signature will be added in future versions" >> "${file}.asc"
+          done
+
+          echo "assets_prepared=true" >> $GITHUB_OUTPUT
+
+          echo "📦 Prepared assets:"
+          ls -la
+
+          echo "🔢 Asset count: $ASSETS_COUNT"
+
+      - name: Upload prepared assets
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-assets-${{ needs.release-check.outputs.tag }}
+          path: ./release-assets/
+          retention-days: 30
+
+  # Upload assets to GitHub Release
+  upload-assets:
+    name: Upload Release Assets
+    needs: [release-check, create-release, prepare-assets]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Download prepared assets
+        uses: actions/download-artifact@v4
+        with:
+          name: release-assets-${{ needs.release-check.outputs.tag }}
+          path: ./release-assets
+
+      - name: Upload to GitHub Release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          TAG="${{ needs.release-check.outputs.tag }}"
+
+          cd ./release-assets
+
+          # Upload all files
+          for file in *; do
+            if [[ -f "$file" ]]; then
+              echo "📤 Uploading $file..."
+              gh release upload "$TAG" "$file" --clobber
+            fi
+          done
+
+          echo "✅ All assets uploaded successfully"
+
+  # Update latest.json for stable releases only
+  update-latest:
+    name: Update Latest Version
+    needs: [release-check, upload-assets]
+    if: needs.release-check.outputs.is_prerelease == 'false'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Update latest.json
+        env:
+          OSS_ACCESS_KEY_ID: ${{ secrets.ALICLOUDOSS_KEY_ID }}
+          OSS_ACCESS_KEY_SECRET: ${{ secrets.ALICLOUDOSS_KEY_SECRET }}
+        run: |
+          if [[ -z "$OSS_ACCESS_KEY_ID" ]]; then
+            echo "⚠️ OSS credentials not available, skipping latest.json update"
+            exit 0
+          fi
+
+          VERSION="${{ needs.release-check.outputs.version }}"
+          TAG="${{ needs.release-check.outputs.tag }}"
+
+          # Install ossutil
+          OSSUTIL_VERSION="2.1.1"
+          OSSUTIL_ZIP="ossutil-${OSSUTIL_VERSION}-linux-amd64.zip"
+          OSSUTIL_DIR="ossutil-${OSSUTIL_VERSION}-linux-amd64"
+
+          curl -o "$OSSUTIL_ZIP" "https://gosspublic.alicdn.com/ossutil/v2/${OSSUTIL_VERSION}/${OSSUTIL_ZIP}"
+          unzip "$OSSUTIL_ZIP"
+          chmod +x "${OSSUTIL_DIR}/ossutil"
+
+          # Create latest.json
+          cat > latest.json << EOF
+          {
+            "version": "${VERSION}",
+            "tag": "${TAG}",
+            "release_date": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
+            "release_type": "stable",
+            "download_url": "https://github.com/${{ github.repository }}/releases/tag/${TAG}"
+          }
+          EOF
+
+          # Upload to OSS
+          ./${OSSUTIL_DIR}/ossutil cp latest.json oss://rustfs-version/latest.json --force
+
+          echo "✅ Updated latest.json for stable release $VERSION"
+
+  # Publish release (remove draft status)
+  publish-release:
+    name: Publish Release
+    needs: [release-check, create-release, upload-assets]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Update release notes and publish
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          TAG="${{ needs.release-check.outputs.tag }}"
+          VERSION="${{ needs.release-check.outputs.version }}"
+          IS_PRERELEASE="${{ needs.release-check.outputs.is_prerelease }}"
+          RELEASE_TYPE="${{ needs.release-check.outputs.release_type }}"
+
+          # Get original release notes from tag
+          ORIGINAL_NOTES=$(git tag -l --format='%(contents)' "${TAG}")
+          if [[ -z "$ORIGINAL_NOTES" || "$ORIGINAL_NOTES" =~ ^[[:space:]]*$ ]]; then
+            if [[ "$IS_PRERELEASE" == "true" ]]; then
+              ORIGINAL_NOTES="Pre-release ${VERSION} (${RELEASE_TYPE})"
+            else
+              ORIGINAL_NOTES="Release ${VERSION}"
+            fi
+          fi
+
+          # Use release notes template if available
+          if [[ -f ".github/workflows/release-notes-template.md" ]]; then
+            # Substitute variables in template
+            sed -e "s/\${VERSION}/$TAG/g" \
+                -e "s/\${VERSION_CLEAN}/$VERSION/g" \
+                -e "s/\${ORIGINAL_NOTES}/$(echo "$ORIGINAL_NOTES" | sed 's/[[\.*^$()+?{|]/\\&/g')/g" \
+                .github/workflows/release-notes-template.md > enhanced_notes.md
+
+            # Update release notes
+            gh release edit "$TAG" --notes-file enhanced_notes.md
+          fi
+
+          # Publish the release (remove draft status)
+          gh release edit "$TAG" --draft=false
+
+          echo "🎉 Released $TAG successfully!"
+          echo "📄 Release URL: ${{ needs.create-release.outputs.release_url }}"

.github/workflows/samply.yml

@@ -1,68 +0,0 @@
-name: Profile with Samply
-on:
-  push:
-    branches: [ main ]
-  workflow_dispatch:
-jobs:
-  profile:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: dtolnay/rust-toolchain@nightly
-        with:
-          components: llvm-tools-preview
-
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-
-      - name: Install samply
-        uses: taiki-e/cache-cargo-install-action@v2
-        with:
-          tool: samply
-
-      - name: Configure kernel for profiling
-        run: echo '1' | sudo tee /proc/sys/kernel/perf_event_paranoid
-
-      - name: Create test volumes
-        run: |
-          for i in {0..4}; do
-          mkdir -p ./target/volume/test$i
-          done
-
-      - name: Set environment variables
-        run: |
-          echo "RUSTFS_VOLUMES=./target/volume/test{0...4}" >> $GITHUB_ENV
-          echo "RUST_LOG=rustfs=info,ecstore=info,s3s=info,iam=info,rustfs-obs=info" >> $GITHUB_ENV
-
-      - name: Download static files
-        run: |
-          curl -L "https://dl.rustfs.com/artifacts/console/rustfs-console-latest.zip" -o tempfile.zip && unzip -o tempfile.zip -d ./rustfs/static && rm tempfile.zip
-
-      - name: Build with profiling
-        run: |
-          RUSTFLAGS="-C force-frame-pointers=yes" cargo +nightly build --profile profiling -p rustfs --bins
-
-      - name: Run samply with timeout
-        id: samply_record
-        run: |
-          timeout 120s samply record --output samply.json ./target/profiling/rustfs ${RUSTFS_VOLUMES}
-          if [ -f "samply.json" ]; then
-            echo "profile_generated=true" >> $GITHUB_OUTPUT
-          else
-            echo "profile_generated=false" >> $GITHUB_OUTPUT
-            echo "::error::Failed to generate profile data"
-          fi
-
-      - name: Upload profile data
-        if: steps.samply_record.outputs.profile_generated == 'true'
-        uses: actions/upload-artifact@v4
-        with:
-          name: samply-profile-${{ github.run_number }}
-          path: samply.json
-          retention-days: 7

.gitignore

@@ -10,7 +10,6 @@ rustfs/static/*
 !rustfs/static/.gitkeep
 vendor
 cli/rustfs-gui/embedded-rustfs/rustfs
-deploy/config/obs.toml
 *.log
 deploy/certs/*
 *jsonl
@@ -19,3 +18,5 @@ deploy/certs/*
 .cargo
 profile.json
 .docker/openobserve-otel/data
+*.zst
+.secrets

.vscode/launch.json

@@ -20,33 +20,19 @@
                 }
             },
             "env": {
-                "RUST_LOG": "rustfs=debug,ecstore=info,s3s=debug",
-                "RUSTFS_VOLUMES": "./target/volume/test{0...3}",
-                "RUSTFS_ADDRESS": "[::]:9000",
-                "RUSTFS_CONSOLE_ENABLE": "true",
-                "RUSTFS_CONSOLE_ADDRESS": "[::]:9002",
-                "RUSTFS_SERVER_DOMAINS": "localhost:9000",
-                "RUSTFS_TLS_PATH": "./deploy/certs",
-                "RUSTFS_OBS_CONFIG": "./deploy/config/obs.example.toml",
-                "RUSTFS__OBSERVABILITY__ENDPOINT": "http://localhost:4317",
-                "RUSTFS__OBSERVABILITY__USE_STDOUT": "true",
-                "RUSTFS__OBSERVABILITY__SAMPLE_RATIO": "2.0",
-                "RUSTFS__OBSERVABILITY__METER_INTERVAL": "30",
-                "RUSTFS__OBSERVABILITY__SERVICE_NAME": "rustfs",
-                "RUSTFS__OBSERVABILITY__SERVICE_VERSION": "0.1.0",
-                "RUSTFS__OBSERVABILITY__ENVIRONMENT": "develop",
-                "RUSTFS__OBSERVABILITY__LOGGER_LEVEL": "info",
-                "RUSTFS__SINKS__FILE__ENABLED": "true",
-                "RUSTFS__SINKS__FILE__PATH": "./deploy/logs/rustfs.log",
-                "RUSTFS__SINKS__WEBHOOK__ENABLED": "false",
-                "RUSTFS__SINKS__WEBHOOK__ENDPOINT": "", 
-                "RUSTFS__SINKS__WEBHOOK__AUTH_TOKEN": "",
-                "RUSTFS__SINKS__KAFKA__ENABLED": "false",
-                "RUSTFS__SINKS__KAFKA__BOOTSTRAP_SERVERS": "",
-                "RUSTFS__SINKS__KAFKA__TOPIC": "",
-                "RUSTFS__LOGGER__QUEUE_CAPACITY": "10"
-
+                "RUST_LOG": "rustfs=debug,ecstore=info,s3s=debug"
             },
+            "args": [
+                "--access-key",
+                "AKEXAMPLERUSTFS",
+                "--secret-key",
+                "SKEXAMPLERUSTFS",
+                "--address",
+                "0.0.0.0:9010",
+                "--domain-name",
+                "127.0.0.1:9010",
+                "./target/volume/test{0...4}"
+            ],
             "cwd": "${workspaceFolder}"
         },
         {
@@ -86,6 +72,19 @@
             },
             "args": [],
             "cwd": "${workspaceFolder}"
+        },
+        {
+            "name": "Debug executable target/debug/rustfs",
+            "type":  "lldb",
+            "request": "launch",
+            "program": "${workspaceFolder}/target/debug/rustfs",
+            "args": [],
+            "cwd": "${workspaceFolder}",
+            //"stopAtEntry": false,
+            //"preLaunchTask": "cargo build",
+            "sourceLanguages": [
+                "rust"
+            ],
         }
     ]
 }

CLA.md

@@ -0,0 +1,39 @@
+RustFS Individual Contributor License Agreement
+
+Thank you for your interest in contributing documentation and related software code to a project hosted or managed by RustFS. In order to clarify the intellectual property license granted with Contributions from any person or entity, RustFS must have a Contributor License Agreement (“CLA”) on file that has been signed by each Contributor, indicating agreement to the license terms below. This version of the Contributor License Agreement allows an individual to submit Contributions to the applicable project. If you are making a submission on behalf of a legal entity, then you should sign the separate Corporate Contributor License Agreement.
+
+You accept and agree to the following terms and conditions for Your present and future Contributions submitted to RustFS. You hereby irrevocably assign and transfer to RustFS all right, title, and interest in and to Your Contributions, including all copyrights and other intellectual property rights therein.
+
+Definitions
+
+“You” (or “Your”) shall mean the copyright owner or legal entity authorized by the copyright owner that is making this Agreement with RustFS. For legal entities, the entity making a Contribution and all other entities that control, are controlled by, or are under common control with that entity are considered to be a single Contributor. For the purposes of this definition, “control” means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
+
+“Contribution” shall mean any original work of authorship, including any modifications or additions to an existing work, that is intentionally submitted by You to RustFS for inclusion in, or documentation of, any of the products or projects owned or managed by RustFS (the “Work”), including without limitation any Work described in Schedule A. For the purposes of this definition, “submitted” means any form of electronic or written communication sent to RustFS or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, RustFS for the purpose of discussing and improving the Work.
+
+Assignment of Copyright
+
+Subject to the terms and conditions of this Agreement, You hereby irrevocably assign and transfer to RustFS all right, title, and interest in and to Your Contributions, including all copyrights and other intellectual property rights therein, for the entire term of such rights, including all renewals and extensions. You agree to execute all documents and take all actions as may be reasonably necessary to vest in RustFS the ownership of Your Contributions and to assist RustFS in perfecting, maintaining, and enforcing its rights in Your Contributions.
+
+Grant of Patent License
+
+Subject to the terms and conditions of this Agreement, You hereby grant to RustFS and to recipients of documentation and software distributed by RustFS a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by You that are necessarily infringed by Your Contribution(s) alone or by combination of Your Contribution(s) with the Work to which such Contribution(s) was submitted. If any entity institutes patent litigation against You or any other entity (including a cross-claim or counterclaim in a lawsuit) alleging that your Contribution, or the Work to which you have contributed, constitutes direct or contributory patent infringement, then any patent licenses granted to that entity under this Agreement for that Contribution or Work shall terminate as of the date such litigation is filed.
+
+You represent that you are legally entitled to grant the above assignment and license.
+
+You represent that each of Your Contributions is Your original creation (see section 7 for submissions on behalf of others). You represent that Your Contribution submissions include complete details of any third-party license or other restriction (including, but not limited to, related patents and trademarks) of which you are personally aware and which are associated with any part of Your Contributions.
+
+You are not expected to provide support for Your Contributions, except to the extent You desire to provide support. You may provide support for free, for a fee, or not at all. Unless required by applicable law or agreed to in writing, You provide Your Contributions on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+Should You wish to submit work that is not Your original creation, You may submit it to RustFS separately from any Contribution, identifying the complete details of its source and of any license or other restriction (including, but not limited to, related patents, trademarks, and license agreements) of which you are personally aware, and conspicuously marking the work as “Submitted on behalf of a third-party: [named here]”.
+
+You agree to notify RustFS of any facts or circumstances of which you become aware that would make these representations inaccurate in any respect.
+
+Modification of CLA
+
+RustFS reserves the right to update or modify this CLA in the future. Any updates or modifications to this CLA shall apply only to Contributions made after the effective date of the revised CLA. Contributions made prior to the update shall remain governed by the version of the CLA that was in effect at the time of submission. It is not necessary for all Contributors to re-sign the CLA when the CLA is updated or modified.
+
+Governing Law and Dispute Resolution
+
+This Agreement will be governed by and construed in accordance with the laws of the People’s Republic of China excluding that body of laws known as conflict of laws. The parties expressly agree that the United Nations Convention on Contracts for the International Sale of Goods will not apply. Any legal action or proceeding arising under this Agreement will be brought exclusively in the courts located in Beijing, China, and the parties hereby irrevocably consent to the personal jurisdiction and venue therein.
+
+For your reading convenience, this Agreement is written in parallel English and Chinese sections. To the extent there is a conflict between the English and Chinese sections, the English sections shall govern.

CODE_OF_CONDUCT.md

@@ -0,0 +1,128 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+hello@rustfs.com.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

CONTRIBUTING.md

@@ -11,21 +11,25 @@
 Before every commit, you **MUST**:
 
 1. **Format your code**:
+
    ```bash
    cargo fmt --all
    ```
 
 2. **Verify formatting**:
+
    ```bash
    cargo fmt --all --check
    ```
 
 3. **Pass clippy checks**:
+
    ```bash
    cargo clippy --all-targets --all-features -- -D warnings
    ```
 
 4. **Ensure compilation**:
+
    ```bash
    cargo check --all-targets
    ```
@@ -136,6 +140,7 @@ Install the `rust-analyzer` extension and add to your `settings.json`:
 #### Other IDEs
 
 Configure your IDE to:
+
 - Use the project's `rustfmt.toml` configuration
 - Format on save
 - Run clippy checks

Cargo.toml

@@ -1,33 +1,55 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 [workspace]
 members = [
-    "appauth", # Application authentication and authorization
-    "cli/rustfs-gui", # Graphical user interface client
-    "common/common", # Shared utilities and data structures
-    "common/lock", # Distributed locking implementation
-    "common/protos", # Protocol buffer definitions
-    "common/workers", # Worker thread pools and task scheduling
-    "crates/config", # Configuration management
-    "crates/event-notifier", # Event notification system
-    "crates/obs", # Observability utilities
-    "crates/utils", # Utility functions and helpers
-    "crypto", # Cryptography and security features
-    "ecstore", # Erasure coding storage implementation
-    "e2e_test", # End-to-end test suite
-    "iam", # Identity and Access Management
-    "madmin", # Management dashboard and admin API interface
     "rustfs", # Core file system implementation
-    "s3select/api", # S3 Select API interface
-    "s3select/query", # S3 Select query engine
-    "crates/zip",
+    "cli/rustfs-gui", # Graphical user interface client
+    "crates/appauth", # Application authentication and authorization
+    "crates/common", # Shared utilities and data structures
+    "crates/config", # Configuration management
+    "crates/crypto", # Cryptography and security features
+    "crates/ecstore", # Erasure coding storage implementation
+    "crates/e2e_test", # End-to-end test suite
+    "crates/filemeta", # File metadata management
+    "crates/iam", # Identity and Access Management
+    "crates/lock", # Distributed locking implementation
+    "crates/madmin", # Management dashboard and admin API interface
+    "crates/notify", # Notification system for events
+    "crates/obs", # Observability utilities
+    "crates/protos", # Protocol buffer definitions
+    "crates/rio", # Rust I/O utilities and abstractions
+    "crates/s3select-api", # S3 Select API interface
+    "crates/s3select-query", # S3 Select query engine
+    "crates/signer", # client signer
+    "crates/utils", # Utility functions and helpers
+    "crates/workers", # Worker thread pools and task scheduling
+    "crates/zip", # ZIP file handling and compression
+    "crates/ahm",
 ]
 resolver = "2"
 
 [workspace.package]
-edition = "2021"
+edition = "2024"
 license = "Apache-2.0"
 repository = "https://github.com/rustfs/rustfs"
-rust-version = "1.75"
-version = "0.0.1"
+rust-version = "1.85"
+version = "0.0.5"
+homepage = "https://rustfs.com"
+description = "RustFS is a high-performance distributed object storage software built using Rust, one of the most popular languages worldwide. "
+keywords = ["RustFS", "Minio", "object-storage", "filesystem", "s3"]
+categories = ["web-programming", "development-tools", "filesystem", "network-programming"]
 
 [workspace.lints.rust]
 unsafe_code = "deny"
@@ -35,65 +57,89 @@ unsafe_code = "deny"
 [workspace.lints.clippy]
 all = "warn"
 
+[patch.crates-io]
+rustfs-utils = { path = "crates/utils" }
+rustfs-filemeta = { path = "crates/filemeta" }
+rustfs-rio = { path = "crates/rio" }
+
 [workspace.dependencies]
-api = { path = "./s3select/api", version = "0.0.1" }
-appauth = { path = "./appauth", version = "0.0.1" }
-common = { path = "./common/common", version = "0.0.1" }
-crypto = { path = "./crypto", version = "0.0.1" }
-ecstore = { path = "./ecstore", version = "0.0.1" }
-iam = { path = "./iam", version = "0.0.1" }
-lock = { path = "./common/lock", version = "0.0.1" }
-madmin = { path = "./madmin", version = "0.0.1" }
-policy = { path = "./policy", version = "0.0.1" }
-protos = { path = "./common/protos", version = "0.0.1" }
-query = { path = "./s3select/query", version = "0.0.1" }
-rustfs = { path = "./rustfs", version = "0.0.1" }
-rustfs-zip = { path = "./crates/zip", version = "0.0.1" }
-rustfs-config = { path = "./crates/config", version = "0.0.1" }
-rustfs-obs = { path = "crates/obs", version = "0.0.1" }
-rustfs-event-notifier = { path = "crates/event-notifier", version = "0.0.1" }
-rustfs-utils = { path = "crates/utils", version = "0.0.1" }
-workers = { path = "./common/workers", version = "0.0.1" }
-tokio-tar = "0.3.1"
+rustfs-ahm = { path = "crates/ahm", version = "0.0.5" }
+rustfs-s3select-api = { path = "crates/s3select-api", version = "0.0.5" }
+rustfs-appauth = { path = "crates/appauth", version = "0.0.5" }
+rustfs-common = { path = "crates/common", version = "0.0.5" }
+rustfs-crypto = { path = "crates/crypto", version = "0.0.5" }
+rustfs-ecstore = { path = "crates/ecstore", version = "0.0.5" }
+rustfs-iam = { path = "crates/iam", version = "0.0.5" }
+rustfs-lock = { path = "crates/lock", version = "0.0.5" }
+rustfs-madmin = { path = "crates/madmin", version = "0.0.5" }
+rustfs-policy = { path = "crates/policy", version = "0.0.5" }
+rustfs-protos = { path = "crates/protos", version = "0.0.5" }
+rustfs-s3select-query = { path = "crates/s3select-query", version = "0.0.5" }
+rustfs = { path = "./rustfs", version = "0.0.5" }
+rustfs-zip = { path = "./crates/zip", version = "0.0.5" }
+rustfs-config = { path = "./crates/config", version = "0.0.5" }
+rustfs-obs = { path = "crates/obs", version = "0.0.5" }
+rustfs-notify = { path = "crates/notify", version = "0.0.5" }
+rustfs-utils = { path = "crates/utils", version = "0.0.5" }
+rustfs-rio = { path = "crates/rio", version = "0.0.5" }
+rustfs-filemeta = { path = "crates/filemeta", version = "0.0.5" }
+rustfs-signer = { path = "crates/signer", version = "0.0.5" }
+rustfs-workers = { path = "crates/workers", version = "0.0.5" }
+aes-gcm = { version = "0.10.3", features = ["std"] }
+arc-swap = "1.7.1"
+argon2 = { version = "0.5.3", features = ["std"] }
 atoi = "2.0.0"
+async-channel = "2.5.0"
 async-recursion = "1.1.1"
 async-trait = "0.1.88"
+async-compression = { version = "0.4.0" }
 atomic_enum = "0.3.0"
-aws-sdk-s3 = "1.29.0"
+aws-sdk-s3 = "1.96.0"
 axum = "0.8.4"
 axum-extra = "0.10.1"
 axum-server = { version = "0.7.2", features = ["tls-rustls"] }
-backon = "1.5.1"
-blake2 = "0.10.6"
-bytes = "1.10.1"
+base64-simd = "0.8.0"
+base64 = "0.22.1"
+brotli = "8.0.1"
+bytes = { version = "1.10.1", features = ["serde"] }
 bytesize = "2.0.1"
 byteorder = "1.5.0"
+cfg-if = "1.0.1"
+chacha20poly1305 = { version = "0.10.1" }
 chrono = { version = "0.4.41", features = ["serde"] }
-clap = { version = "4.5.39", features = ["derive", "env"] }
-config = "0.15.11"
+clap = { version = "4.5.41", features = ["derive", "env"] }
 const-str = { version = "0.6.2", features = ["std", "proc"] }
+crc32fast = "1.4.2"
+criterion = { version = "0.5", features = ["html_reports"] }
+dashmap = "6.1.0"
 datafusion = "46.0.1"
 derive_builder = "0.20.2"
 dioxus = { version = "0.6.3", features = ["router"] }
 dirs = "6.0.0"
+enumset = "1.1.7"
 flatbuffers = "25.2.10"
-flexi_logger = { version = "0.30.2", features = ["trc"] }
+flate2 = "1.1.2"
+flexi_logger = { version = "0.31.2", features = ["trc", "dont_minimize_extra_stacks"] }
+form_urlencoded = "1.2.1"
 futures = "0.3.31"
 futures-core = "0.3.31"
 futures-util = "0.3.31"
 glob = "0.3.2"
 hex = "0.4.3"
+hex-simd = "0.8.0"
 highway = { version = "1.3.0" }
+hmac = "0.12.1"
 hyper = "1.6.0"
-hyper-util = { version = "0.1.14", features = [
+hyper-util = { version = "0.1.15", features = [
     "tokio",
     "server-auto",
     "server-graceful",
 ] }
+hyper-rustls = "0.27.7"
 http = "1.3.1"
 http-body = "1.0.1"
 humantime = "2.2.0"
-include_dir = "0.7.4"
+ipnetwork = { version = "0.21.1", features = ["serde"] }
 jsonwebtoken = "9.3.1"
 keyring = { version = "3.6.2", features = [
     "apple-native",
@@ -103,9 +149,9 @@ keyring = { version = "3.6.2", features = [
 lazy_static = "1.5.0"
 libsystemd = { version = "0.7.2" }
 local-ip-address = "0.6.5"
+lz4 = "1.28.1"
 matchit = "0.8.4"
 md-5 = "0.10.6"
-mime = "0.3.17"
 mime_guess = "2.0.5"
 netif = "0.1.6"
 nix = { version = "0.30.1", features = ["fs"] }
@@ -129,17 +175,19 @@ opentelemetry-semantic-conventions = { version = "0.30.0", features = [
     "semconv_experimental",
 ] }
 parking_lot = "0.12.4"
+path-absolutize = "3.1.1"
+path-clean = "1.0.1"
+blake3 = { version = "1.8.2" }
+pbkdf2 = "0.12.2"
 percent-encoding = "2.3.1"
 pin-project-lite = "0.2.16"
-# pin-utils = "0.1.0"
 prost = "0.13.5"
-prost-build = "0.13.5"
-protobuf = "3.7"
-rand = "0.8.5"
-rdkafka = { version = "0.37.0", features = ["tokio"] }
-reed-solomon-erasure = { version = "6.0.0", features = ["simd-accel"] }
+quick-xml = "0.38.0"
+rand = "0.9.1"
+rdkafka = { version = "0.38.0", features = ["tokio"] }
+reed-solomon-simd = { version = "3.0.1" }
 regex = { version = "1.11.1" }
-reqwest = { version = "0.12.19", default-features = false, features = [
+reqwest = { version = "0.12.22", default-features = false, features = [
     "rustls-tls",
     "charset",
     "http2",
@@ -154,26 +202,32 @@ rfd = { version = "0.15.3", default-features = false, features = [
 ] }
 rmp = "0.8.14"
 rmp-serde = "1.3.0"
+rsa = "0.9.8"
 rumqttc = { version = "0.24" }
 rust-embed = { version = "8.7.2" }
+rust-i18n = { version = "3.1.5" }
 rustfs-rsc = "2025.506.1"
-rustls = { version = "0.23.27" }
+rustls = { version = "0.23.29" }
 rustls-pki-types = "1.12.0"
 rustls-pemfile = "2.2.0"
-s3s = { git = "https://github.com/Nugine/s3s.git", rev = "4733cdfb27b2713e832967232cbff413bb768c10" }
-s3s-policy = { git = "https://github.com/Nugine/s3s.git", rev = "4733cdfb27b2713e832967232cbff413bb768c10" }
-shadow-rs = { version = "1.1.1", default-features = false }
+s3s = { version = "0.12.0-minio-preview.2" }
+shadow-rs = { version = "1.2.0", default-features = false }
 serde = { version = "1.0.219", features = ["derive"] }
-serde_json = "1.0.140"
+serde_json = { version = "1.0.140", features = ["raw_value"] }
+serde-xml-rs = "0.8.1"
 serde_urlencoded = "0.7.1"
-serde_with = "3.12.0"
+sha1 = "0.10.6"
 sha2 = "0.10.9"
-smallvec = { version = "1.15.0", features = ["serde"] }
+siphasher = "1.0.1"
+smallvec = { version = "1.15.1", features = ["serde"] }
 snafu = "0.8.6"
-socket2 = "0.5.10"
+snap = "1.1.1"
+socket2 = "0.6.0"
 strum = { version = "0.27.1", features = ["derive"] }
-sysinfo = "0.35.2"
+sysinfo = "0.36.0"
+sysctl = "0.6.0"
 tempfile = "3.20.0"
+temp-env = "0.3.6"
 test-case = "3.3.1"
 thiserror = "2.0.12"
 time = { version = "0.3.41", features = [
@@ -183,12 +237,14 @@ time = { version = "0.3.41", features = [
     "macros",
     "serde",
 ] }
-tokio = { version = "1.45.1", features = ["fs", "rt-multi-thread"] }
-tonic = { version = "0.13.1", features = ["gzip"] }
-tonic-build = { version = "0.13.1" }
+tokio = { version = "1.46.1", features = ["fs", "rt-multi-thread"] }
 tokio-rustls = { version = "0.26.2", default-features = false }
 tokio-stream = { version = "0.1.17" }
+tokio-tar = "0.3.1"
+tokio-test = "0.4.4"
 tokio-util = { version = "0.7.15", features = ["io", "compat"] }
+tonic = { version = "0.13.1", features = ["gzip"] }
+tonic-build = { version = "0.13.1" }
 tower = { version = "0.5.2", features = ["timeout"] }
 tower-http = { version = "0.6.6", features = ["cors"] }
 tracing = "0.1.41"
@@ -205,8 +261,12 @@ uuid = { version = "1.17.0", features = [
     "fast-rng",
     "macro-diagnostics",
 ] }
+wildmatch = { version = "2.4.0", features = ["serde"] }
 winapi = { version = "0.3.9" }
-
+xxhash-rust = { version = "0.8.15", features = ["xxh64", "xxh3"] }
+zip = "2.4.2"
+zstd = "0.13.3"
+anyhow = "1.0.98"
 
 [profile.wasm-dev]
 inherits = "dev"
@@ -220,10 +280,6 @@ inherits = "dev"
 
 [profile.release]
 opt-level = 3
-lto = "thin"
-codegen-units = 1
-panic = "abort"   # Optional, remove the panic expansion code
-strip = true      # strip symbol information to reduce binary size
 
 [profile.production]
 inherits = "release"

Dockerfile

@@ -1,17 +1,121 @@
+# Multi-stage build for RustFS production image
+FROM alpine:latest AS build
+
+# Build arguments - use TARGETPLATFORM for consistency with Dockerfile.source
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+ARG RELEASE=latest
+
+# Install dependencies for downloading and verifying binaries
+RUN apk add --no-cache \
+    ca-certificates \
+    curl \
+    bash \
+    wget \
+    unzip \
+    jq
+
+# Create build directory
+WORKDIR /build
+
+# Map TARGETPLATFORM to architecture format used in builds
+RUN case "${TARGETPLATFORM}" in \
+        "linux/amd64") ARCH="x86_64" ;; \
+        "linux/arm64") ARCH="aarch64" ;; \
+        *) echo "Unsupported platform: ${TARGETPLATFORM}" && exit 1 ;; \
+    esac && \
+    echo "ARCH=${ARCH}" > /build/arch.env
+
+# Download rustfs binary from dl.rustfs.com (release channel only)
+RUN . /build/arch.env && \
+    BASE_URL="https://dl.rustfs.com/artifacts/rustfs/release" && \
+    PLATFORM="linux" && \
+    if [ "${RELEASE}" = "latest" ]; then \
+        # Download latest release version \
+        PACKAGE_NAME="rustfs-${PLATFORM}-${ARCH}-latest.zip"; \
+        DOWNLOAD_URL="${BASE_URL}/${PACKAGE_NAME}"; \
+        echo "📥 Downloading latest release build: ${PACKAGE_NAME}"; \
+    else \
+        # Download specific release version \
+        PACKAGE_NAME="rustfs-${PLATFORM}-${ARCH}-v${RELEASE}.zip"; \
+        DOWNLOAD_URL="${BASE_URL}/${PACKAGE_NAME}"; \
+        echo "📥 Downloading specific release version: ${PACKAGE_NAME}"; \
+    fi && \
+    echo "🔗 Download URL: ${DOWNLOAD_URL}" && \
+    curl -f -L "${DOWNLOAD_URL}" -o /build/rustfs.zip && \
+    if [ ! -f /build/rustfs.zip ] || [ ! -s /build/rustfs.zip ]; then \
+        echo "❌ Failed to download binary package"; \
+        echo "💡 Make sure the package ${PACKAGE_NAME} exists"; \
+        echo "🔗 Check: ${DOWNLOAD_URL}"; \
+        exit 1; \
+    fi && \
+    unzip /build/rustfs.zip -d /build && \
+    chmod +x /build/rustfs && \
+    rm /build/rustfs.zip && \
+    echo "✅ Successfully downloaded and extracted rustfs binary"
+
+# Runtime stage
 FROM alpine:latest
 
-# RUN apk add --no-cache <package-name>
+# Set build arguments and labels
+ARG RELEASE=latest
+ARG BUILD_DATE
+ARG VCS_REF
 
-WORKDIR /app
+LABEL name="RustFS" \
+    vendor="RustFS Team" \
+    maintainer="RustFS Team <dev@rustfs.com>" \
+    version="${RELEASE}" \
+    release="${RELEASE}" \
+    build-date="${BUILD_DATE}" \
+    vcs-ref="${VCS_REF}" \
+    summary="RustFS is a high-performance distributed object storage system written in Rust, compatible with S3 API." \
+    description="RustFS is a high-performance distributed object storage software built using Rust. It supports erasure coding storage, multi-tenant management, observability, and other enterprise-level features." \
+    url="https://rustfs.com" \
+    license="Apache-2.0"
 
-RUN mkdir -p /data/rustfs0  /data/rustfs1  /data/rustfs2  /data/rustfs3 
+# Install runtime dependencies
+RUN apk add --no-cache \
+    ca-certificates \
+    curl \
+    tzdata \
+    bash \
+    && addgroup -g 1000 rustfs \
+    && adduser -u 1000 -G rustfs -s /bin/sh -D rustfs
 
-COPY ./target/x86_64-unknown-linux-musl/release/rustfs /app/rustfs
+# Environment variables
+ENV RUSTFS_ACCESS_KEY=rustfsadmin \
+    RUSTFS_SECRET_KEY=rustfsadmin \
+    RUSTFS_ADDRESS=":9000" \
+    RUSTFS_CONSOLE_ENABLE=true \
+    RUSTFS_VOLUMES=/data \
+    RUST_LOG=warn
 
-RUN chmod +x /app/rustfs
+# Set permissions for /usr/bin (similar to MinIO's approach)
+RUN chmod -R 755 /usr/bin
 
+# Copy CA certificates and binaries from build stage
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=build /build/rustfs /usr/bin/
+
+# Set executable permissions
+RUN chmod +x /usr/bin/rustfs
+
+# Create data directory
+RUN mkdir -p /data /config && chown -R rustfs:rustfs /data /config
+
+# Switch to non-root user
+USER rustfs
+
+# Set working directory
+WORKDIR /data
+
+# Expose port
 EXPOSE 9000
-EXPOSE 9001
 
 
-CMD ["/app/rustfs"]
+# Volume for data
+VOLUME ["/data"]
+
+# Set entrypoint
+ENTRYPOINT ["/usr/bin/rustfs"]

Dockerfile.obs

@@ -1,21 +0,0 @@
-FROM ubuntu:latest
-
-# RUN apk add --no-cache <package-name>
-# 如果 rustfs 有依赖，可以在这里添加，例如：
-# RUN apk add --no-cache openssl
-# RUN apk add --no-cache bash  # 安装 Bash
-
-WORKDIR /app
-
-# 创建与 RUSTFS_VOLUMES 一致的目录
-RUN mkdir -p /root/data/target/volume/test1 /root/data/target/volume/test2 /root/data/target/volume/test3 /root/data/target/volume/test4
-
-# COPY ./target/x86_64-unknown-linux-musl/release/rustfs /app/rustfs
-COPY ./target/x86_64-unknown-linux-gnu/release/rustfs /app/rustfs
-
-RUN chmod +x /app/rustfs
-
-EXPOSE 9000
-EXPOSE 9002
-
-CMD ["/app/rustfs"]

Dockerfile.source

@@ -0,0 +1,150 @@
+# Multi-stage Dockerfile for RustFS - LOCAL DEVELOPMENT ONLY
+#
+# ⚠️  IMPORTANT: This Dockerfile is for local development and testing only.
+# ⚠️  It builds RustFS from source code and is NOT used in CI/CD pipelines.
+# ⚠️  CI/CD pipeline uses pre-built binaries from Dockerfile instead.
+#
+# Usage for local development:
+#   docker build -f Dockerfile.source -t rustfs:dev-local .
+#   docker run --rm -p 9000:9000 rustfs:dev-local
+#
+# Supports cross-compilation for amd64 and arm64 architectures
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+
+# Build stage
+FROM --platform=$BUILDPLATFORM rust:1.88-bookworm AS builder
+
+# Re-declare build arguments after FROM (required for multi-stage builds)
+ARG TARGETPLATFORM
+ARG BUILDPLATFORM
+
+# Debug: Print platform information
+RUN echo "🐳 Build Info: BUILDPLATFORM=$BUILDPLATFORM, TARGETPLATFORM=$TARGETPLATFORM"
+
+# Install required build dependencies
+RUN apt-get update && apt-get install -y \
+    wget \
+    git \
+    curl \
+    unzip \
+    gcc \
+    pkg-config \
+    libssl-dev \
+    lld \
+    && rm -rf /var/lib/apt/lists/*
+
+# Note: sccache removed for simpler builds
+
+# Install cross-compilation tools for ARM64
+RUN if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
+        apt-get update && \
+        apt-get install -y gcc-aarch64-linux-gnu && \
+        rm -rf /var/lib/apt/lists/*; \
+    fi
+
+# Install protoc
+RUN wget https://github.com/protocolbuffers/protobuf/releases/download/v31.1/protoc-31.1-linux-x86_64.zip \
+    && unzip protoc-31.1-linux-x86_64.zip -d protoc3 \
+    && mv protoc3/bin/* /usr/local/bin/ && chmod +x /usr/local/bin/protoc \
+    && mv protoc3/include/* /usr/local/include/ && rm -rf protoc-31.1-linux-x86_64.zip protoc3
+
+# Install flatc
+RUN wget https://github.com/google/flatbuffers/releases/download/v25.2.10/Linux.flatc.binary.g++-13.zip \
+    && unzip Linux.flatc.binary.g++-13.zip \
+    && mv flatc /usr/local/bin/ && chmod +x /usr/local/bin/flatc && rm -rf Linux.flatc.binary.g++-13.zip
+
+# Set up Rust targets based on platform
+RUN set -e && \
+    PLATFORM="${TARGETPLATFORM:-linux/amd64}" && \
+    echo "🎯 Setting up Rust target for platform: $PLATFORM" && \
+    case "$PLATFORM" in \
+        "linux/amd64") rustup target add x86_64-unknown-linux-gnu ;; \
+        "linux/arm64") rustup target add aarch64-unknown-linux-gnu ;; \
+        *) echo "❌ Unsupported platform: $PLATFORM" && exit 1 ;; \
+    esac
+
+# Set up environment for cross-compilation
+ENV CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc
+ENV CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc
+ENV CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++
+
+WORKDIR /usr/src/rustfs
+
+# Copy all source code
+COPY . .
+
+# Configure cargo for optimized builds
+ENV CARGO_NET_GIT_FETCH_WITH_CLI=true \
+    CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse \
+    CARGO_INCREMENTAL=0 \
+    CARGO_PROFILE_RELEASE_DEBUG=false \
+    CARGO_PROFILE_RELEASE_SPLIT_DEBUGINFO=off \
+    CARGO_PROFILE_RELEASE_STRIP=symbols
+
+# Generate protobuf code
+RUN cargo run --bin gproto
+
+# Build the actual application with optimizations
+RUN case "$TARGETPLATFORM" in \
+        "linux/amd64") \
+            echo "🔨 Building for amd64..." && \
+            rustup target add x86_64-unknown-linux-gnu && \
+            cargo build --release --target x86_64-unknown-linux-gnu --bin rustfs -j $(nproc) && \
+            cp target/x86_64-unknown-linux-gnu/release/rustfs /usr/local/bin/rustfs \
+            ;; \
+        "linux/arm64") \
+            echo "🔨 Building for arm64..." && \
+            rustup target add aarch64-unknown-linux-gnu && \
+            cargo build --release --target aarch64-unknown-linux-gnu --bin rustfs -j $(nproc) && \
+            cp target/aarch64-unknown-linux-gnu/release/rustfs /usr/local/bin/rustfs \
+            ;; \
+        *) \
+            echo "❌ Unsupported platform: $TARGETPLATFORM" && exit 1 \
+            ;; \
+    esac
+
+# Runtime stage - Ubuntu minimal for better compatibility
+FROM ubuntu:22.04
+
+# Install runtime dependencies
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    tzdata \
+    wget \
+    && rm -rf /var/lib/apt/lists/*
+
+# Create rustfs user and group
+RUN groupadd -g 1000 rustfs && \
+    useradd -d /app -g rustfs -u 1000 -s /bin/bash rustfs
+
+WORKDIR /app
+
+# Create data directories
+RUN mkdir -p /data/rustfs{0,1,2,3} && \
+    chown -R rustfs:rustfs /data /app
+
+# Copy binary from builder stage
+COPY --from=builder /usr/local/bin/rustfs /app/rustfs
+RUN chmod +x /app/rustfs && chown rustfs:rustfs /app/rustfs
+
+# Switch to non-root user
+USER rustfs
+
+# Expose ports
+EXPOSE 9000
+
+# Environment variables
+ENV RUSTFS_ACCESS_KEY=rustfsadmin \
+    RUSTFS_SECRET_KEY=rustfsadmin \
+    RUSTFS_ADDRESS=":9000" \
+    RUSTFS_CONSOLE_ENABLE=true \
+    RUSTFS_VOLUMES=/data \
+    RUST_LOG=warn
+
+
+# Volume for data
+VOLUME ["/data"]
+
+# Set default command
+CMD ["/app/rustfs"]

LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2024 Beijing Henghesha Technology Co., Ltd. 
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

Makefile

@@ -5,7 +5,9 @@
 DOCKER_CLI ?= docker
 IMAGE_NAME ?= rustfs:v1.0.0
 CONTAINER_NAME ?= rustfs-dev
-DOCKERFILE_PATH = $(shell pwd)/.docker
+# Docker build configurations
+DOCKERFILE_PRODUCTION = Dockerfile
+DOCKERFILE_SOURCE = Dockerfile.source
 
 # Code quality and formatting targets
 .PHONY: fmt
@@ -31,7 +33,8 @@ check:
 .PHONY: test
 test:
 	@echo "🧪 Running tests..."
-	cargo test --all --exclude e2e_test
+	cargo nextest run --all --exclude e2e_test
+	cargo test --all --doc
 
 .PHONY: pre-commit
 pre-commit: fmt clippy check test
@@ -45,7 +48,7 @@ setup-hooks:
 
 .PHONY: init-devenv
 init-devenv:
-	$(DOCKER_CLI) build -t $(IMAGE_NAME) -f $(DOCKERFILE_PATH)/Dockerfile.devenv .
+	$(DOCKER_CLI) build -t $(IMAGE_NAME) -f Dockerfile.source .
 	$(DOCKER_CLI) stop $(CONTAINER_NAME)
 	$(DOCKER_CLI) rm $(CONTAINER_NAME)
 	$(DOCKER_CLI) run -d --name $(CONTAINER_NAME) -p 9010:9010 -p 9000:9000 -v $(shell pwd):/root/s3-rustfs -it $(IMAGE_NAME)
@@ -66,16 +69,160 @@ e2e-server:
 probe-e2e:
 	sh $(shell pwd)/scripts/probe.sh
 
-# make BUILD_OS=ubuntu22.04 build
-# in target/ubuntu22.04/release/rustfs
-
-# make BUILD_OS=rockylinux9.3 build
-# in target/rockylinux9.3/release/rustfs
-BUILD_OS ?= rockylinux9.3
+# Native build using build-rustfs.sh script
 .PHONY: build
-build: ROCKYLINUX_BUILD_IMAGE_NAME = rustfs-$(BUILD_OS):v1
-build: ROCKYLINUX_BUILD_CONTAINER_NAME = rustfs-$(BUILD_OS)-build
-build: BUILD_CMD = /root/.cargo/bin/cargo build --release --bin rustfs --target-dir /root/s3-rustfs/target/$(BUILD_OS)
 build:
-	$(DOCKER_CLI) build -t $(ROCKYLINUX_BUILD_IMAGE_NAME) -f $(DOCKERFILE_PATH)/Dockerfile.$(BUILD_OS) .
-	$(DOCKER_CLI) run --rm --name $(ROCKYLINUX_BUILD_CONTAINER_NAME) -v $(shell pwd):/root/s3-rustfs -it $(ROCKYLINUX_BUILD_IMAGE_NAME) $(BUILD_CMD)
+	@echo "🔨 Building RustFS using build-rustfs.sh script..."
+	./build-rustfs.sh
+
+.PHONY: build-dev
+build-dev:
+	@echo "🔨 Building RustFS in development mode..."
+	./build-rustfs.sh --dev
+
+
+
+# Docker-based build (alternative approach)
+# Usage: make BUILD_OS=ubuntu22.04 build-docker
+# Output: target/ubuntu22.04/release/rustfs
+BUILD_OS ?= rockylinux9.3
+.PHONY: build-docker
+build-docker: SOURCE_BUILD_IMAGE_NAME = rustfs-$(BUILD_OS):v1
+build-docker: SOURCE_BUILD_CONTAINER_NAME = rustfs-$(BUILD_OS)-build
+build-docker: BUILD_CMD = /root/.cargo/bin/cargo build --release --bin rustfs --target-dir /root/s3-rustfs/target/$(BUILD_OS)
+build-docker:
+	@echo "🐳 Building RustFS using Docker ($(BUILD_OS))..."
+	$(DOCKER_CLI) build -t $(SOURCE_BUILD_IMAGE_NAME) -f $(DOCKERFILE_SOURCE) .
+	$(DOCKER_CLI) run --rm --name $(SOURCE_BUILD_CONTAINER_NAME) -v $(shell pwd):/root/s3-rustfs -it $(SOURCE_BUILD_IMAGE_NAME) $(BUILD_CMD)
+
+.PHONY: build-musl
+build-musl:
+	@echo "🔨 Building rustfs for x86_64-unknown-linux-musl..."
+	@echo "💡 On macOS/Windows, use 'make build-docker' or 'make docker-buildx' instead"
+	./build-rustfs.sh --platform x86_64-unknown-linux-musl
+
+.PHONY: build-gnu
+build-gnu:
+	@echo "🔨 Building rustfs for x86_64-unknown-linux-gnu..."
+	@echo "💡 On macOS/Windows, use 'make build-docker' or 'make docker-buildx' instead"
+	./build-rustfs.sh --platform x86_64-unknown-linux-gnu
+
+.PHONY: deploy-dev
+deploy-dev: build-musl
+	@echo "🚀 Deploying to dev server: $${IP}"
+	./scripts/dev_deploy.sh $${IP}
+
+# Multi-architecture Docker build targets (NEW: using docker-buildx.sh)
+.PHONY: docker-buildx
+docker-buildx:
+	@echo "🏗️ Building multi-architecture Docker images with buildx..."
+	./docker-buildx.sh
+
+.PHONY: docker-buildx-push
+docker-buildx-push:
+	@echo "🚀 Building and pushing multi-architecture Docker images with buildx..."
+	./docker-buildx.sh --push
+
+.PHONY: docker-buildx-version
+docker-buildx-version:
+	@if [ -z "$(VERSION)" ]; then \
+		echo "❌ 错误: 请指定版本, 例如: make docker-buildx-version VERSION=v1.0.0"; \
+		exit 1; \
+	fi
+	@echo "🏗️ Building multi-architecture Docker images (version: $(VERSION))..."
+	./docker-buildx.sh --release $(VERSION)
+
+.PHONY: docker-buildx-push-version
+docker-buildx-push-version:
+	@if [ -z "$(VERSION)" ]; then \
+		echo "❌ 错误: 请指定版本, 例如: make docker-buildx-push-version VERSION=v1.0.0"; \
+		exit 1; \
+	fi
+	@echo "🚀 Building and pushing multi-architecture Docker images (version: $(VERSION))..."
+	./docker-buildx.sh --release $(VERSION) --push
+
+
+
+.PHONY: docker-build-production
+docker-build-production:
+	@echo "🏗️ Building production Docker image..."
+	$(DOCKER_CLI) build -f $(DOCKERFILE_PRODUCTION) -t rustfs:latest .
+
+.PHONY: docker-build-source
+docker-build-source:
+	@echo "🏗️ Building source Docker image..."
+	$(DOCKER_CLI) build -f $(DOCKERFILE_SOURCE) -t rustfs:source .
+
+.PHONY: docker-inspect-multiarch
+docker-inspect-multiarch:
+	@if [ -z "$(IMAGE)" ]; then \
+		echo "❌ 错误: 请指定镜像, 例如: make docker-inspect-multiarch IMAGE=rustfs/rustfs:latest"; \
+		exit 1; \
+	fi
+	@echo "🔍 Inspecting multi-architecture image: $(IMAGE)"
+	docker buildx imagetools inspect $(IMAGE)
+
+.PHONY: build-cross-all
+build-cross-all:
+	@echo "🔧 Building all target architectures..."
+	@echo "💡 On macOS/Windows, use 'make docker-buildx' for reliable multi-arch builds"
+	@echo "🔨 Generating protobuf code..."
+	cargo run --bin gproto || true
+	@echo "🔨 Building x86_64-unknown-linux-musl..."
+	./build-rustfs.sh --platform x86_64-unknown-linux-musl
+	@echo "🔨 Building aarch64-unknown-linux-gnu..."
+	./build-rustfs.sh --platform aarch64-unknown-linux-gnu
+	@echo "✅ All architectures built successfully!"
+
+.PHONY: help-build
+help-build:
+	@echo "🔨 RustFS 构建帮助："
+	@echo ""
+	@echo "🚀 本地构建 (推荐使用):"
+	@echo "  make build                               # 构建 RustFS 二进制文件 (默认包含 console)"
+	@echo "  make build-dev                           # 开发模式构建"
+	@echo "  make build-musl                          # 构建 musl 版本"
+	@echo "  make build-gnu                           # 构建 GNU 版本"
+	@echo ""
+	@echo "🐳 Docker 构建:"
+	@echo "  make build-docker                        # 使用 Docker 容器构建"
+	@echo "  make build-docker BUILD_OS=ubuntu22.04   # 指定构建系统"
+	@echo ""
+	@echo "🏗️ 跨架构构建:"
+	@echo "  make build-cross-all                     # 构建所有架构的二进制文件"
+	@echo ""
+	@echo "🔧 直接使用 build-rustfs.sh 脚本:"
+	@echo "  ./build-rustfs.sh --help                 # 查看脚本帮助"
+	@echo "  ./build-rustfs.sh --no-console           # 构建时跳过 console 资源"
+	@echo "  ./build-rustfs.sh --force-console-update # 强制更新 console 资源"
+	@echo "  ./build-rustfs.sh --dev                  # 开发模式构建"
+	@echo "  ./build-rustfs.sh --sign                 # 签名二进制文件"
+	@echo "  ./build-rustfs.sh --platform x86_64-unknown-linux-musl  # 指定目标平台"
+	@echo "  ./build-rustfs.sh --skip-verification    # 跳过二进制验证"
+	@echo ""
+	@echo "💡 build-rustfs.sh 脚本提供了更多选项、智能检测和二进制验证功能"
+
+.PHONY: help-docker
+help-docker:
+	@echo "🐳 Docker 多架构构建帮助："
+	@echo ""
+	@echo "🚀 推荐使用 (新的 docker-buildx 方式):"
+	@echo "  make docker-buildx                       # 构建多架构镜像（不推送）"
+	@echo "  make docker-buildx-push                  # 构建并推送多架构镜像"
+	@echo "  make docker-buildx-version VERSION=v1.0.0        # 构建指定版本"
+	@echo "  make docker-buildx-push-version VERSION=v1.0.0   # 构建并推送指定版本"
+	@echo ""
+	@echo "🏗️ 单架构构建:"
+	@echo "  make docker-build-production             # 构建生产环境镜像"
+	@echo "  make docker-build-source                 # 构建源码构建镜像"
+	@echo ""
+	@echo "🔧 辅助工具:"
+	@echo "  make build-cross-all                     # 构建所有架构的二进制文件"
+	@echo "  make docker-inspect-multiarch IMAGE=xxx  # 检查镜像的架构支持"
+	@echo ""
+	@echo "📋 环境变量 (在推送时需要设置):"
+	@echo "  DOCKERHUB_USERNAME    Docker Hub 用户名"
+	@echo "  DOCKERHUB_TOKEN       Docker Hub 访问令牌"
+	@echo "  GITHUB_TOKEN          GitHub 访问令牌"
+	@echo ""
+	@echo "💡 更多详情请参考项目根目录的 docker-buildx.sh 脚本"

README.md

@@ -1,94 +1,169 @@
-# RustFS
+[![RustFS](https://rustfs.com/images/rustfs-github.png)](https://rustfs.com)
 
-## English Documentation |[中文文档](README_ZH.md)
+<p align="center">RustFS is a high-performance distributed object storage software built using Rust</p>
 
-### Prerequisites
+<p align="center">
+  <a href="https://github.com/rustfs/rustfs/actions/workflows/ci.yml"><img alt="CI" src="https://github.com/rustfs/rustfs/actions/workflows/ci.yml/badge.svg" /></a>
+  <a href="https://github.com/rustfs/rustfs/actions/workflows/docker.yml"><img alt="Build and Push Docker Images" src="https://github.com/rustfs/rustfs/actions/workflows/docker.yml/badge.svg" /></a>
+  <img alt="GitHub commit activity" src="https://img.shields.io/github/commit-activity/m/rustfs/rustfs"/>
+  <img alt="Github Last Commit" src="https://img.shields.io/github/last-commit/rustfs/rustfs"/>
+  <a href="https://hellogithub.com/repository/rustfs/rustfs" target="_blank"><img src="https://abroad.hellogithub.com/v1/widgets/recommend.svg?rid=b95bcb72bdc340b68f16fdf6790b7d5b&claim_uid=MsbvjYeLDKAH457&theme=small" alt="Featured｜HelloGitHub" /></a>
+</p>
 
-| Package | Version | Download Link                                                                                                                    |
-|---------|---------|----------------------------------------------------------------------------------------------------------------------------------|
-| Rust    | 1.8.5+  | [rust-lang.org/tools/install](https://www.rust-lang.org/tools/install)                                                           |
-| protoc  | 30.2+   | [protoc-30.2-linux-x86_64.zip](https://github.com/protocolbuffers/protobuf/releases/download/v30.2/protoc-30.2-linux-x86_64.zip) |
-| flatc   | 24.0+   | [Linux.flatc.binary.g++-13.zip](https://github.com/google/flatbuffers/releases/download/v25.2.10/Linux.flatc.binary.g++-13.zip)  |
+<p align="center">
+  <a href="https://docs.rustfs.com/en/introduction.html">Getting Started</a>
+  · <a href="https://docs.rustfs.com/en/">Docs</a>
+  · <a href="https://github.com/rustfs/rustfs/issues">Bug reports</a>
+  · <a href="https://github.com/rustfs/rustfs/discussions">Discussions</a>
+</p>
 
-### Building RustFS
+<p align="center">
+English | <a href="https://github.com/rustfs/rustfs/blob/main/README_ZH.md">简体中文</a> |
+  <!-- Keep these links. Translations will automatically update with the README. -->
+  <a href="https://readme-i18n.com/rustfs/rustfs?lang=de">Deutsch</a> |
+  <a href="https://readme-i18n.com/rustfs/rustfs?lang=es">Español</a> |
+  <a href="https://readme-i18n.com/rustfs/rustfs?lang=fr">français</a> |
+  <a href="https://readme-i18n.com/rustfs/rustfs?lang=ja">日本語</a> |
+  <a href="https://readme-i18n.com/rustfs/rustfs?lang=ko">한국어</a> |
+  <a href="https://readme-i18n.com/rustfs/rustfs?lang=pt">Português</a> |
+  <a href="https://readme-i18n.com/rustfs/rustfs?lang=ru">Русский</a>
+</p>
 
-#### Generate Protobuf Code
+RustFS is a high-performance distributed object storage software built using Rust, one of the most popular languages worldwide. Along with MinIO, it shares a range of advantages such as simplicity, S3 compatibility, open-source nature, support for data lakes, AI, and big data. Furthermore, it has a better and more user-friendly open-source license in comparison to other storage systems, being constructed under the Apache license. As Rust serves as its foundation, RustFS provides faster speed and safer distributed features for high-performance object storage.
 
-```bash
-cargo run --bin gproto
-```
+> ⚠️ **RustFS is under rapid development. Do NOT use in production environments!**
 
-#### Using Docker for Prerequisites
+## Features
 
-```yaml
-- uses: arduino/setup-protoc@v3
-  with:
-    version: "30.2"
+- **High Performance**: Built with Rust, ensuring speed and efficiency.
+- **Distributed Architecture**: Scalable and fault-tolerant design for large-scale deployments.
+- **S3 Compatibility**: Seamless integration with existing S3-compatible applications.
+- **Data Lake Support**: Optimized for big data and AI workloads.
+- **Open Source**: Licensed under Apache 2.0, encouraging community contributions and transparency.
+- **User-Friendly**: Designed with simplicity in mind, making it easy to deploy and manage.
 
-- uses: Nugine/setup-flatc@v1
-  with:
-    version: "25.2.10"
-```
+## RustFS vs MinIO
 
-#### Adding Console Web UI
+Stress test server parameters
+
+|  Type  |  parameter   | Remark |
+| - | - | - |
+|CPU | 2 Core | Intel Xeon(Sapphire Rapids) Platinum 8475B , 2.7/3.2 GHz|   |
+|Memory| 4GB |     |
+|Network | 15Gbp |      |
+|Driver  | 40GB x 4 |   IOPS 3800 / Driver |
+
+<https://github.com/user-attachments/assets/2e4979b5-260c-4f2c-ac12-c87fd558072a>
+
+### RustFS vs Other object storage
+
+| RustFS | Other object storage|
+| - | - |
+| Powerful Console | Simple and useless Console |
+| Developed based on Rust language, memory is safer | Developed in Go or C, with potential issues like memory GC/leaks |
+| Does not report logs to third-party countries  | Reporting logs to other third countries may violate national security laws |
+| Licensed under Apache, more business-friendly  | AGPL V3 License and other License, polluted open source and License traps, infringement of intellectual property rights |
+| Comprehensive S3 support, works with domestic and international cloud providers  | Full support for S3, but no local cloud vendor support |
+| Rust-based development, strong support for secure and innovative devices  | Poor support for edge gateways and secure innovative devices|
+| Stable commercial prices, free community support | High pricing, with costs up to $250,000 for 1PiB |
+| No risk | Intellectual property risks and risks of prohibited uses |
+
+## Quickstart
+
+To get started with RustFS, follow these steps:
+
+1. **One-click installation script (Option 1)​​**
 
-1. Download the latest console UI:
    ```bash
-   wget https://dl.rustfs.com/artifacts/console/rustfs-console-latest.zip
-   ```
-2. Create the static directory:
-   ```bash
-   mkdir -p ./rustfs/static
-   ```
-3. Extract and compile RustFS:
-   ```bash
-   unzip rustfs-console-latest.zip -d ./rustfs/static
-   cargo build
+   curl -O  https://rustfs.com/install_rustfs.sh && bash install_rustfs.sh
    ```
 
-### Running RustFS
+2. **Docker Quick Start (Option 2)​​**
 
-#### Configuration
+  ```bash
+   # Latest stable release
+   docker run -d -p 9000:9000 -v /data:/data rustfs/rustfs:latest
 
-Set the required environment variables:
+   # Development version (main branch)
+   docker run -d -p 9000:9000 -v /data:/data rustfs/rustfs:main-latest
 
-```bash
-# Basic config
-export RUSTFS_VOLUMES="./target/volume/test"
-export RUSTFS_ADDRESS="0.0.0.0:9000"
-export RUSTFS_CONSOLE_ENABLE=true
-export RUSTFS_CONSOLE_ADDRESS="0.0.0.0:9001"
-
-# Observability config
-export RUSTFS_OBS_ENDPOINT="http://localhost:4317"
-
-# Event message configuration
-#export RUSTFS_EVENT_CONFIG="./deploy/config/event.toml"
-
-```
-
-#### Start the service
-
-```bash
-./rustfs /data/rustfs
-```
-
-### Observability Stack
-
-#### Deployment
-
-1. Navigate to the observability directory:
-   ```bash
-   cd .docker/observability
+   # Specific version
+   docker run -d -p 9000:9000 -v /data:/data rustfs/rustfs:v1.0.0
    ```
 
-2. Start the observability stack:
+3. **Build from Source (Option 3) - Advanced Users**
+
+   For developers who want to build RustFS Docker images from source with multi-architecture support:
+
    ```bash
-   docker compose -f docker-compose.yml  up -d
+   # Build multi-architecture images locally
+   ./docker-buildx.sh --build-arg RELEASE=latest
+
+   # Build and push to registry
+   ./docker-buildx.sh --push
+
+   # Build specific version
+   ./docker-buildx.sh --release v1.0.0 --push
+
+   # Build for custom registry
+   ./docker-buildx.sh --registry your-registry.com --namespace yourname --push
    ```
 
-#### Access Monitoring Dashboards
+   The `docker-buildx.sh` script supports:
+   - **Multi-architecture builds**: `linux/amd64`, `linux/arm64`
+   - **Automatic version detection**: Uses git tags or commit hashes
+   - **Registry flexibility**: Supports Docker Hub, GitHub Container Registry, etc.
+   - **Build optimization**: Includes caching and parallel builds
 
-- Grafana: `http://localhost:3000` (credentials: `admin`/`admin`)
-- Jaeger: `http://localhost:16686`
-- Prometheus: `http://localhost:9090`
+   You can also use Make targets for convenience:
+
+   ```bash
+   make docker-buildx                    # Build locally
+   make docker-buildx-push               # Build and push
+   make docker-buildx-version VERSION=v1.0.0  # Build specific version
+   make help-docker                      # Show all Docker-related commands
+   ```
+
+4. **Access the Console**: Open your web browser and navigate to `http://localhost:9000` to access the RustFS console, default username and password is `rustfsadmin` .
+5. **Create a Bucket**: Use the console to create a new bucket for your objects.
+6. **Upload Objects**: You can upload files directly through the console or use S3-compatible APIs to interact with your RustFS instance.
+
+## Documentation
+
+For detailed documentation, including configuration options, API references, and advanced usage, please visit our [Documentation](https://docs.rustfs.com).
+
+## Getting Help
+
+If you have any questions or need assistance, you can:
+
+- Check the [FAQ](https://github.com/rustfs/rustfs/discussions/categories/q-a) for common issues and solutions.
+- Join our [GitHub Discussions](https://github.com/rustfs/rustfs/discussions) to ask questions and share your experiences.
+- Open an issue on our [GitHub Issues](https://github.com/rustfs/rustfs/issues) page for bug reports or feature requests.
+
+## Links
+
+- [Documentation](https://docs.rustfs.com) - The manual you should read
+- [Changelog](https://github.com/rustfs/rustfs/releases) - What we broke and fixed
+- [GitHub Discussions](https://github.com/rustfs/rustfs/discussions) - Where the community lives
+
+## Contact
+
+- **Bugs**: [GitHub Issues](https://github.com/rustfs/rustfs/issues)
+- **Business**: <hello@rustfs.com>
+- **Jobs**: <jobs@rustfs.com>
+- **General Discussion**: [GitHub Discussions](https://github.com/rustfs/rustfs/discussions)
+- **Contributing**: [CONTRIBUTING.md](CONTRIBUTING.md)
+
+## Contributors
+
+RustFS is a community-driven project, and we appreciate all contributions. Check out the [Contributors](https://github.com/rustfs/rustfs/graphs/contributors) page to see the amazing people who have helped make RustFS better.
+
+<a href="https://github.com/rustfs/rustfs/graphs/contributors">
+  <img src="https://opencollective.com/rustfs/contributors.svg?width=890&limit=500&button=false" />
+</a>
+
+## License
+
+[Apache 2.0](https://opensource.org/licenses/Apache-2.0)
+
+**RustFS** is a trademark of RustFS, Inc. All other trademarks are the property of their respective owners.

README_ZH.md

@@ -1,99 +1,119 @@
-# RustFS
+[![RustFS](https://rustfs.com/images/rustfs-github.png)](https://rustfs.com)
 
-## [English Documentation](README.md) ｜中文文档
+<p align="center">RustFS 是一个使用 Rust 构建的高性能分布式对象存储软件</p >
 
-### 前置要求
+<p align="center">
+  <a href="https://github.com/rustfs/rustfs/actions/workflows/ci.yml"><img alt="CI" src="https://github.com/rustfs/rustfs/actions/workflows/ci.yml/badge.svg" /></a>
+  <a href="https://github.com/rustfs/rustfs/actions/workflows/docker.yml"><img alt="Build and Push Docker Images" src="https://github.com/rustfs/rustfs/actions/workflows/docker.yml/badge.svg" /></a>
+  <img alt="GitHub commit activity" src="https://img.shields.io/github/commit-activity/m/rustfs/rustfs"/>
+  <img alt="Github Last Commit" src="https://img.shields.io/github/last-commit/rustfs/rustfs"/>
+  <a href="https://hellogithub.com/repository/rustfs/rustfs" target="_blank"><img src="https://abroad.hellogithub.com/v1/widgets/recommend.svg?rid=b95bcb72bdc340b68f16fdf6790b7d5b&claim_uid=MsbvjYeLDKAH457&theme=small" alt="Featured｜HelloGitHub" /></a>
+</p >
 
-| 软件包    | 版本     | 下载链接                                                                                                                             |
-|--------|--------|----------------------------------------------------------------------------------------------------------------------------------|
-| Rust   | 1.8.5+ | [rust-lang.org/tools/install](https://www.rust-lang.org/tools/install)                                                           |
-| protoc | 30.2+  | [protoc-30.2-linux-x86_64.zip](https://github.com/protocolbuffers/protobuf/releases/download/v30.2/protoc-30.2-linux-x86_64.zip) |
-| flatc  | 24.0+  | [Linux.flatc.binary.g++-13.zip](https://github.com/google/flatbuffers/releases/download/v25.2.10/Linux.flatc.binary.g++-13.zip)  |
+<p align="center">
+  <a href="https://docs.rustfs.com/zh/introduction.html">快速开始</a >
+  · <a href="https://docs.rustfs.com/zh/">文档</a >
+  · <a href="https://github.com/rustfs/rustfs/issues">问题报告</a >
+  · <a href="https://github.com/rustfs/rustfs/discussions">讨论</a >
+</p >
 
-### 构建 RustFS
+<p align="center">
+<a href="https://github.com/rustfs/rustfs/blob/main/README.md">English</a > | 简体中文
+</p >
 
-#### 生成 Protobuf 代码
+RustFS 是一个使用 Rust（全球最受欢迎的编程语言之一）构建的高性能分布式对象存储软件。与 MinIO 一样，它具有简单性、S3 兼容性、开源特性以及对数据湖、AI 和大数据的支持等一系列优势。此外，与其他存储系统相比，它采用 Apache 许可证构建，拥有更好、更用户友好的开源许可证。由于以 Rust 为基础，RustFS 为高性能对象存储提供了更快的速度和更安全的分布式功能。
 
-```bash
-cargo run --bin gproto
-```
+## 特性
 
-#### 使用 Docker 安装依赖
+- **高性能**：使用 Rust 构建，确保速度和效率。
+- **分布式架构**：可扩展且容错的设计，适用于大规模部署。
+- **S3 兼容性**：与现有 S3 兼容应用程序无缝集成。
+- **数据湖支持**：针对大数据和 AI 工作负载进行了优化。
+- **开源**：采用 Apache 2.0 许可证，鼓励社区贡献和透明度。
+- **用户友好**：设计简单，易于部署和管理。
 
-```yaml
-- uses: arduino/setup-protoc@v3
-  with:
-    version: "30.2"
+## RustFS vs MinIO
 
-- uses: Nugine/setup-flatc@v1
-  with:
-    version: "25.2.10"
-```
+压力测试服务器参数
 
-#### 添加控制台 Web UI
+|  类型  |  参数   | 备注 |
+| - | - | - |
+|CPU | 2 核心 | Intel Xeon(Sapphire Rapids) Platinum 8475B , 2.7/3.2 GHz|   |
+|内存| 4GB |     |
+|网络 | 15Gbp |      |
+|驱动器  | 40GB x 4 |   IOPS 3800 / 驱动器 |
+
+<https://github.com/user-attachments/assets/2e4979b5-260c-4f2c-ac12-c87fd558072a>
+
+### RustFS vs 其他对象存储
+
+| RustFS | 其他对象存储|
+| - | - |
+| 强大的控制台 | 简单且无用的控制台 |
+| 基于 Rust 语言开发，内存更安全 | 使用 Go 或 C 开发，存在内存 GC/泄漏等潜在问题 |
+| 不向第三方国家报告日志  | 向其他第三方国家报告日志可能违反国家安全法律 |
+| 采用 Apache 许可证，对商业更友好  | AGPL V3 许可证等其他许可证，污染开源和许可证陷阱，侵犯知识产权 |
+| 全面的 S3 支持，适用于国内外云提供商  | 完全支持 S3，但不支持本地云厂商 |
+| 基于 Rust 开发，对安全和创新设备有强大支持  | 对边缘网关和安全创新设备支持较差|
+| 稳定的商业价格，免费社区支持 | 高昂的定价，1PiB 成本高达 $250,000 |
+| 无风险 | 知识产权风险和禁止使用的风险 |
+
+## 快速开始
+
+要开始使用 RustFS，请按照以下步骤操作：
+
+1. **一键脚本快速启动 (方案一)**
 
-1. 下载最新的控制台 UI：
    ```bash
-   wget https://dl.rustfs.com/artifacts/console/rustfs-console-latest.zip
-   ```
-2. 创建静态资源目录：
-   ```bash
-   mkdir -p ./rustfs/static
-   ```
-3. 解压并编译 RustFS：
-   ```bash
-   unzip rustfs-console-latest.zip -d ./rustfs/static
-   cargo build
+   curl -O  https://rustfs.com/install_rustfs.sh && bash install_rustfs.sh
    ```
 
-### 运行 RustFS
+2. **Docker快速启动（方案二）**
 
-#### 配置
-
-设置必要的环境变量：
-
-```bash
-# 基础配置
-export RUSTFS_VOLUMES="./target/volume/test"
-export RUSTFS_ADDRESS="0.0.0.0:9000"
-export RUSTFS_CONSOLE_ENABLE=true
-export RUSTFS_CONSOLE_ADDRESS="0.0.0.0:9001"
-
-# 可观测性配置
-export RUSTFS_OBS_ENDPOINT="http://localhost:4317"
-
-# 事件消息配置
-#export RUSTFS_EVENT_CONFIG="./deploy/config/event.toml"
-```
-
-#### 启动服务
-
-```bash
-./rustfs /data/rustfs
-```
-
-### 可观测性系统
-
-#### 部署
-
-1. 进入可观测性目录：
-   ```bash
-   cd .docker/observability
+  ```bash
+   docker run -d -p 9000:9000  -v /data:/data rustfs/rustfs
    ```
 
-2. 启动可观测性系统：
-   ```bash
-   docker compose -f docker-compose.yml  up -d
-   ```
+3. **访问控制台**：打开 Web 浏览器并导航到 `http://localhost:9000` 以访问 RustFS 控制台，默认的用户名和密码是 `rustfsadmin` 。
+4. **创建存储桶**：使用控制台为您的对象创建新的存储桶。
+5. **上传对象**：您可以直接通过控制台上传文件，或使用 S3 兼容的 API 与您的 RustFS 实例交互。
 
-#### 访问监控面板
+## 文档
 
-- Grafana: `http://localhost:3000` (默认账号/密码：`admin`/`admin`)
-- Jaeger: `http://localhost:16686`
-- Prometheus: `http://localhost:9090`
+有关详细文档，包括配置选项、API 参考和高级用法，请访问我们的[文档](https://docs.rustfs.com)。
 
-#### 配置可观测性
+## 获取帮助
 
-```
-OpenTelemetry Collector 地址(endpoint):  http://localhost:4317 
-```
+如果您有任何问题或需要帮助，您可以：
+
+- 查看[常见问题解答](https://github.com/rustfs/rustfs/discussions/categories/q-a)以获取常见问题和解决方案。
+- 加入我们的 [GitHub 讨论](https://github.com/rustfs/rustfs/discussions)来提问和分享您的经验。
+- 在我们的 [GitHub Issues](https://github.com/rustfs/rustfs/issues) 页面上开启问题，报告错误或功能请求。
+
+## 链接
+
+- [文档](https://docs.rustfs.com) - 您应该阅读的手册
+- [更新日志](https://docs.rustfs.com/changelog) - 我们破坏和修复的内容
+- [GitHub 讨论](https://github.com/rustfs/rustfs/discussions) - 社区所在地
+
+## 联系
+
+- **错误报告**：[GitHub Issues](https://github.com/rustfs/rustfs/issues)
+- **商务合作**：<hello@rustfs.com>
+- **招聘**：<jobs@rustfs.com>
+- **一般讨论**：[GitHub 讨论](https://github.com/rustfs/rustfs/discussions)
+- **贡献**：[CONTRIBUTING.md](CONTRIBUTING.md)
+
+## 贡献者
+
+RustFS 是一个社区驱动的项目，我们感谢所有的贡献。查看[贡献者](https://github.com/rustfs/rustfs/graphs/contributors)页面，了解帮助 RustFS 变得更好的杰出人员。
+
+<a href="https://github.com/rustfs/rustfs/graphs/contributors">
+  <img src="https://opencollective.com/rustfs/contributors.svg?width=890&limit=500&button=false" />
+</a >
+
+## 许可证
+
+[Apache 2.0](https://opensource.org/licenses/Apache-2.0)
+
+**RustFS** 是 RustFS, Inc. 的商标。所有其他商标均为其各自所有者的财产。

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.

SSE_KMS_IMPROVEMENTS.md

@@ -1,154 +0,0 @@
-# RustFS SSE-KMS 改进实现总结
-
-本次改进针对 RustFS 的 SSE-KMS 系统进行了四个主要增强，使其更符合 MinIO 标准并支持动态配置管理。
-
-## 实现的改进
-
-### 1. 创建 KMS 配置子系统 ✅
-
-**实现位置**: `crates/config/src/lib.rs`
-
-- 创建了统一的配置管理器 `ConfigManager`
-- 支持动态 KMS 配置的读取、设置和持久化
-- 提供线程安全的全局配置访问
-- 支持配置验证和错误处理
-
-**主要功能**:
-
-```rust
-// 全局配置管理器
-ConfigManager::global().get_kms_config("vault").await
-ConfigManager::global().set_kms_config("vault", config).await
-ConfigManager::global().validate_all_configs().await
-```
-
-### 2. KMS 配置查找和验证 ✅
-
-**实现位置**: `ecstore/src/config/kms.rs`
-
-- 实现了完整的 KMS 配置结构 `Config`
-- 支持环境变量和配置文件双重配置源
-- 提供配置验证和连接测试功能
-- 兼容 MinIO 的配置参数命名
-
-**主要特性**:
-
-- 支持 Vault 端点、密钥名称、认证 token 等配置
-- 自动验证配置完整性和有效性
-- 支持 TLS 配置和证书验证
-- 提供连接测试功能
-
-### 3. S3 标准元数据格式支持 ✅
-
-**实现位置**: `crypto/src/sse_kms.rs`
-
-- 实现了 MinIO 兼容的元数据格式
-- 支持标准 S3 SSE-KMS HTTP 头部
-- 提供元数据与 HTTP 头部的双向转换
-- 支持分片加密的元数据管理
-
-**标准头部支持**:
-
-```
-x-amz-server-side-encryption: aws:kms
-x-amz-server-side-encryption-aws-kms-key-id: key-id
-x-amz-server-side-encryption-context: context
-x-amz-meta-sse-kms-encrypted-key: encrypted-data-key
-x-amz-meta-sse-kms-iv: initialization-vector
-```
-
-### 4. 管理 API 支持动态配置 ✅
-
-**实现位置**: `rustfs/src/admin/handlers.rs` 和 `rustfs/src/admin/mod.rs`
-
-- 添加了 KMS 配置管理的 REST API 端点
-- 支持 MinIO 兼容的配置管理路径
-- 提供获取和设置配置的 HTTP 接口
-- 支持实时配置更新和验证
-
-**API 端点**:
-
-```
-GET  /minio/admin/v3/config          # 获取所有配置
-POST /minio/admin/v3/config/kms_vault/{target}  # 设置KMS配置
-GET  /rustfs/admin/v3/config         # RustFS原生配置API
-POST /rustfs/admin/v3/config/kms_vault/{target} # RustFS原生设置API
-```
-
-## 技术特性
-
-### 兼容性
-
-- ✅ 完全兼容 MinIO 的 SSE-KMS 配置格式
-- ✅ 支持标准 S3 SSE-KMS HTTP 头部
-- ✅ 兼容 MinIO Admin API 配置管理接口
-
-### 安全性
-
-- ✅ 支持 RustyVault KMS 集成
-- ✅ 数据密钥的安全生成和加密存储
-- ✅ 支持 TLS 连接和证书验证
-- ✅ 敏感配置信息的安全处理
-
-### 性能
-
-- ✅ 异步配置操作
-- ✅ 线程安全的全局配置缓存
-- ✅ 高效的元数据序列化/反序列化
-- ✅ 支持分片并行加密
-
-### 可维护性
-
-- ✅ 模块化设计，职责分离
-- ✅ 完整的错误处理和日志记录
-- ✅ 丰富的单元测试覆盖
-- ✅ 详细的文档和注释
-
-## 使用示例
-
-### 配置 KMS
-
-```bash
-# 通过环境变量配置
-export RUSTFS_KMS_ENABLED=true
-export RUSTFS_KMS_VAULT_ENDPOINT=http://vault:8200
-export RUSTFS_KMS_VAULT_KEY_NAME=rustfs-key
-export RUSTFS_KMS_VAULT_TOKEN=vault-token
-
-# 通过API配置
-curl -X POST "http://rustfs:9000/minio/admin/v3/config/kms_vault/default" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "endpoint": "http://vault:8200",
-    "key_name": "rustfs-encryption-key",
-    "token": "vault-token",
-    "enabled": true
-  }'
-```
-
-### 使用 SSE-KMS 上传对象
-
-```bash
-# 使用aws-cli上传加密对象
-aws s3 cp file.txt s3://bucket/file.txt \
-  --server-side-encryption aws:kms \
-  --ssekms-key-id rustfs-encryption-key
-```
-
-## 部署注意事项
-
-1. **RustyVault 集成**: 确保 RustyVault 服务可访问且已正确配置 transit 引擎
-2. **网络安全**: 建议在生产环境中使用 TLS 连接到 Vault
-3. **权限管理**: 确保 RustFS 具有访问 Vault 密钥的适当权限
-4. **监控**: 建议监控 KMS 连接状态和加密操作性能
-
-## 后续发展
-
-这次实现为 RustFS 的企业级加密功能奠定了坚实基础。未来可以考虑：
-
-- 支持多个 KMS 提供商（AWS KMS, Azure Key Vault 等）
-- 实现密钥轮换功能
-- 添加加密性能监控和优化
-- 支持更复杂的访问控制策略
-
-通过这些改进，RustFS 现在具备了与 MinIO 相当的 SSE-KMS 功能，可以满足企业级数据加密需求。

TODO.md

@@ -1,68 +0,0 @@
-# TODO LIST
-
-## 基础存储
-
-- [x] EC 可用读写数量判断 Read/WriteQuorum
-- [ ] 优化后台并发执行，可中断，传引用？
-- [x] 小文件存储到 metafile, inlinedata
-- [x] 完善 bucketmeta
-- [x] 对象锁
-- [x] 边读写边 hash，实现 reader 嵌套
-- [x] 远程 rpc
-- [x] 错误类型判断，程序中判断错误类型，如何统一错误
-- [x] 优化 xlmeta, 自定义 msg 数据结构
-- [ ] 优化 io.reader 参考 GetObjectNInfo 方便 io copy 如果 异步写，再平衡
-- [ ] 代码优化 使用范型？
-- [ ] 抽象出 metafile 存储
-
-## 基础功能
-
-- [ ] 桶操作
-  - [x] 创建 CreateBucket
-  - [x] 列表 ListBuckets
-    - [ ] 桶下面的文件列表 ListObjects
-      - [x] 简单实现功能
-      - [ ] 优化并发读取
-  - [ ] 删除
-  - [x] 详情 HeadBucket
-- [ ] 文件操作
-  - [x] 上传 PutObject
-  - [x] 大文件上传
-    - [x] 创建分片上传 CreateMultipartUpload
-    - [x] 上传分片 PubObjectPart
-    - [x] 提交完成 CompleteMultipartUpload
-    - [x] 取消上传 AbortMultipartUpload
-  - [x] 下载 GetObject
-  - [x] 删除 DeleteObjects
-  - [ ] 版本控制
-  - [ ] 对象锁
-  - [ ] 复制 CopyObject
-  - [ ] 详情 HeadObject
-  - [ ] 对象预先签名（get、put、head、post）
-
-## 扩展功能
-
-- [ ] 用户管理
-- [ ] Policy 管理
-- [ ] AK/SK分配管理
-- [ ] data scanner 统计和对象修复
-- [ ] 桶配额
-- [ ] 桶只读
-- [ ] 桶复制
-- [ ] 桶事件通知
-- [ ] 桶公开、桶私有
-- [ ] 对象生命周期管理
-- [ ] prometheus 对接
-- [ ] 日志收集和日志外发
-- [ ] 对象压缩
-- [ ] STS
-- [ ] 分层（阿里云、腾讯云、S3 远程对接）
-
-
-
-## 性能优化
-- [ ] bitrot impl AsyncRead/AsyncWrite
-- [ ] erasure 并发读写
-- [x] 完善删除逻辑，并发处理，先移动到回收站，
-- [ ] 空间不足时清空回收站
-- [ ] list_object 使用 reader 传输

appauth/Cargo.toml

@@ -1,19 +0,0 @@
-[package]
-name = "appauth"
-edition.workspace = true
-license.workspace = true
-repository.workspace = true
-rust-version.workspace = true
-version.workspace = true
-
-[dependencies]
-base64-simd = "0.8.0"
-common.workspace = true
-hex-simd = "0.8.0"
-rand.workspace = true
-rsa = "0.9.8"
-serde.workspace = true
-serde_json.workspace = true
-
-[lints]
-workspace = true

appauth/src/lib.rs

@@ -1 +0,0 @@
-pub mod token;

appauth/src/token.rs

@@ -1,110 +0,0 @@
-use common::error::Result;
-use rsa::Pkcs1v15Encrypt;
-use rsa::{
-    pkcs8::{DecodePrivateKey, DecodePublicKey},
-    RsaPrivateKey, RsaPublicKey,
-};
-use serde::{Deserialize, Serialize};
-
-#[derive(Serialize, Deserialize, Debug, Default, Clone)]
-pub struct Token {
-    pub name: String, // 应用 ID
-    pub expired: u64, // 到期时间 (UNIX 时间戳)
-}
-
-// 公钥生成 Token
-// [token] Token 对象
-// [key] 公钥字符串
-// 返回 base64 处理的加密字符串
-pub fn gencode(token: &Token, key: &str) -> Result<String> {
-    let data = serde_json::to_vec(token)?;
-    let public_key = RsaPublicKey::from_public_key_pem(key)?;
-    let encrypted_data = public_key.encrypt(&mut rand::thread_rng(), Pkcs1v15Encrypt, &data)?;
-    Ok(base64_simd::URL_SAFE_NO_PAD.encode_to_string(&encrypted_data))
-}
-
-// 私钥解析 Token
-// [token] base64 处理的加密字符串
-// [key] 私钥字符串
-// 返回 Token 对象
-pub fn parse(token: &str, key: &str) -> Result<Token> {
-    let encrypted_data = base64_simd::URL_SAFE_NO_PAD.decode_to_vec(token.as_bytes())?;
-    let private_key = RsaPrivateKey::from_pkcs8_pem(key)?;
-    let decrypted_data = private_key.decrypt(Pkcs1v15Encrypt, &encrypted_data)?;
-    let res: Token = serde_json::from_slice(&decrypted_data)?;
-    Ok(res)
-}
-
-pub fn parse_license(license: &str) -> Result<Token> {
-    parse(license, TEST_PRIVATE_KEY)
-    // match parse(license, TEST_PRIVATE_KEY) {
-    //     Ok(token) => {
-    //         if token.expired > SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() {
-    //             Ok(token)
-    //         } else {
-    //             Err("Token expired".into())
-    //         }
-    //     }
-    //     Err(e) => Err(e),
-    // }
-}
-
-static TEST_PRIVATE_KEY:&str ="-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCj86SrJIuxSxR6\nBJ/dlJEUIj6NeBRnhLQlCDdovuz61+7kJXVcxaR66w4m8W7SLEUP+IlPtnn6vmiG\n7XMhGNHIr7r1JsEVVLhZmL3tKI66DEZl786ZhG81BWqUlmcooIPS8UEPZNqJXLuz\nVGhxNyVGbj/tV7QC2pSISnKaixc+nrhxvo7w56p5qrm9tik0PjTgfZsUePkoBsSN\npoRkAauS14MAzK6HGB75CzG3dZqXUNWSWVocoWtQbZUwFGXyzU01ammsHQDvc2xu\nK1RQpd1qYH5bOWZ0N0aPFwT0r59HztFXg9sbjsnuhO1A7OiUOkc6iGVuJ0wm/9nA\nwZIBqzgjAgMBAAECggEAPMpeSEbotPhNw2BrllE76ec4omPfzPJbiU+em+wPGoNu\nRJHPDnMKJbl6Kd5jZPKdOOrCnxfd6qcnQsBQa/kz7+GYxMV12l7ra+1Cnujm4v0i\nLTHZvPpp8ZLsjeOmpF3AAzsJEJgon74OqtOlVjVIUPEYKvzV9ijt4gsYq0zfdYv0\nhrTMzyrGM4/UvKLsFIBROAfCeWfA7sXLGH8JhrRAyDrtCPzGtyyAmzoHKHtHafcB\nuyPFw/IP8otAgpDk5iiQPNkH0WwzAQIm12oHuNUa66NwUK4WEjXTnDg8KeWLHHNv\nIfN8vdbZchMUpMIvvkr7is315d8f2cHCB5gEO+GWAQKBgQDR/0xNll+FYaiUKCPZ\nvkOCAd3l5mRhsqnjPQ/6Ul1lAyYWpoJSFMrGGn/WKTa/FVFJRTGbBjwP+Mx10bfb\ngUg2GILDTISUh54fp4zngvTi9w4MWGKXrb7I1jPkM3vbJfC/v2fraQ/r7qHPpO2L\nf6ZbGxasIlSvr37KeGoelwcAQQKBgQDH3hmOTS2Hl6D4EXdq5meHKrfeoicGN7m8\noQK7u8iwn1R9zK5nh6IXxBhKYNXNwdCQtBZVRvFjjZ56SZJb7lKqa1BcTsgJfZCy\nnI3Uu4UykrECAH8AVCVqBXUDJmeA2yE+gDAtYEjvhSDHpUfWxoGHr0B/Oqk2Lxc/\npRy1qV5fYwKBgBWSL/hYVf+RhIuTg/s9/BlCr9SJ0g3nGGRrRVTlWQqjRCpXeFOO\nJzYqSq9pFGKUggEQxoOyJEFPwVDo9gXqRcyov+Xn2kaXl7qQr3yoixc1YZALFDWY\nd1ySBEqQr0xXnV9U/gvEgwotPRnjSzNlLWV2ZuHPtPtG/7M0o1H5GZMBAoGAKr3N\nW0gX53o+my4pCnxRQW+aOIsWq1a5aqRIEFudFGBOUkS2Oz+fI1P1GdrRfhnnfzpz\n2DK+plp/vIkFOpGhrf4bBlJ2psjqa7fdANRFLMaAAfyXLDvScHTQTCcnVUAHQPVq\n2BlSH56pnugyj7SNuLV6pnql+wdhAmRN2m9o1h8CgYAbX2juSr4ioXwnYjOUdrIY\n4+ERvHcXdjoJmmPcAm4y5NbSqLXyU0FQmplNMt2A5LlniWVJ9KNdjAQUt60FZw/+\nr76LdxXaHNZghyx0BOs7mtq5unSQXamZ8KixasfhE9uz3ij1jXjG6hafWkS8/68I\nuWbaZqgvy7a9oPHYlKH7Jg==\n-----END PRIVATE KEY-----\n";
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use rsa::{
-        pkcs8::{EncodePrivateKey, EncodePublicKey, LineEnding},
-        RsaPrivateKey,
-    };
-    use std::time::{SystemTime, UNIX_EPOCH};
-    #[test]
-    fn test_gencode_and_parse() {
-        let mut rng = rand::thread_rng();
-        let bits = 2048;
-        let private_key = RsaPrivateKey::new(&mut rng, bits).expect("Failed to generate private key");
-        let public_key = RsaPublicKey::from(&private_key);
-
-        let private_key_pem = private_key.to_pkcs8_pem(LineEnding::LF).unwrap();
-        let public_key_pem = public_key.to_public_key_pem(LineEnding::LF).unwrap();
-
-        let token = Token {
-            name: "test_app".to_string(),
-            expired: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 3600, // 1 hour from now
-        };
-
-        let encoded = gencode(&token, &public_key_pem).expect("Failed to encode token");
-
-        let decoded = parse(&encoded, &private_key_pem).expect("Failed to decode token");
-
-        assert_eq!(token.name, decoded.name);
-        assert_eq!(token.expired, decoded.expired);
-    }
-
-    #[test]
-    fn test_parse_invalid_token() {
-        let private_key_pem = RsaPrivateKey::new(&mut rand::thread_rng(), 2048)
-            .expect("Failed to generate private key")
-            .to_pkcs8_pem(LineEnding::LF)
-            .unwrap();
-
-        let invalid_token = "invalid_base64_token";
-        let result = parse(invalid_token, &private_key_pem);
-
-        assert!(result.is_err());
-    }
-
-    #[test]
-    fn test_gencode_with_invalid_key() {
-        let token = Token {
-            name: "test_app".to_string(),
-            expired: SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 3600, // 1 hour from now
-        };
-
-        let invalid_key = "invalid_public_key";
-        let result = gencode(&token, invalid_key);
-
-        assert!(result.is_err());
-    }
-}

bucket_replicate_test.md

@@ -1,45 +0,0 @@
-启动两个rustfs
-rustfs --address 0.0.0.0:9000 /rustfs-data9000
-rustfs --address 0.0.0.0:9001 /rustfs-data9001
-
-
-### 使用 minio mc 设置 alias 分别为 rustfs 和 rustfs2
-
-
-### 创建 bucket
-mc mb rustfs/srcbucket
-
-### 创建 desc bucket
-
-mc mb rustfs2/destbucket
-
-
-
-### 开启版本控制
-
-mc version enable rustfs/srcbucket
-mc version enable rustfs2/destbucket
-
-#### 使用修改过的 mc 才能 add bucket replication
-
-./mc replication add rustfs/srcbucket --remote-bucket rustfs2/destbucket
-
-
-
-###### 复制一个小文件；
-mc cp ./1.txt rustfs/srcbucket
-
-###### 查看是否成功
-mc ls --versions rustfs/srcbucket/1.txt
-mc ls --versions rustfs/destbucket/1.txt
-
-
-##### 复制一个大文件
-1 创建一个大文件
-dd if=/dev/zero of=./dd.out bs=4096000 count=1000
-
-mc cp ./dd.out rustfs/srcbucket/
-
-##### 查看是否成功
-mc ls --versions rustfs/srcbucket/dd.out
-mc ls --versions rustfs2/destbucket/dd.out

build-rustfs.sh

@@ -0,0 +1,564 @@
+#!/bin/bash
+
+# RustFS Binary Build Script
+# This script compiles RustFS binaries for different platforms and architectures
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Auto-detect current platform
+detect_platform() {
+    local arch=$(uname -m)
+    local os=$(uname -s | tr '[:upper:]' '[:lower:]')
+
+    case "$os" in
+        "linux")
+            case "$arch" in
+                "x86_64")
+                    echo "x86_64-unknown-linux-musl"
+                    ;;
+                "aarch64"|"arm64")
+                    echo "aarch64-unknown-linux-musl"
+                    ;;
+                "armv7l")
+                    echo "armv7-unknown-linux-musleabihf"
+                    ;;
+                *)
+                    echo "unknown-platform"
+                    ;;
+            esac
+            ;;
+        "darwin")
+            case "$arch" in
+                "x86_64")
+                    echo "x86_64-apple-darwin"
+                    ;;
+                "arm64"|"aarch64")
+                    echo "aarch64-apple-darwin"
+                    ;;
+                *)
+                    echo "unknown-platform"
+                    ;;
+            esac
+            ;;
+        *)
+            echo "unknown-platform"
+            ;;
+    esac
+}
+
+# Cross-platform SHA256 checksum generation
+generate_sha256() {
+    local file="$1"
+    local output_file="$2"
+    local os=$(uname -s | tr '[:upper:]' '[:lower:]')
+
+    case "$os" in
+        "linux")
+            if command -v sha256sum &> /dev/null; then
+                sha256sum "$file" > "$output_file"
+            elif command -v shasum &> /dev/null; then
+                shasum -a 256 "$file" > "$output_file"
+            else
+                print_message $RED "❌ No SHA256 command found (sha256sum or shasum)"
+                return 1
+            fi
+            ;;
+        "darwin")
+            if command -v shasum &> /dev/null; then
+                shasum -a 256 "$file" > "$output_file"
+            elif command -v sha256sum &> /dev/null; then
+                sha256sum "$file" > "$output_file"
+            else
+                print_message $RED "❌ No SHA256 command found (shasum or sha256sum)"
+                return 1
+            fi
+            ;;
+        *)
+            # Try common commands in order
+            if command -v sha256sum &> /dev/null; then
+                sha256sum "$file" > "$output_file"
+            elif command -v shasum &> /dev/null; then
+                shasum -a 256 "$file" > "$output_file"
+            else
+                print_message $RED "❌ No SHA256 command found"
+                return 1
+            fi
+            ;;
+    esac
+}
+
+# Default values
+OUTPUT_DIR="target/release"
+PLATFORM=$(detect_platform)  # Auto-detect current platform
+BINARY_NAME="rustfs"
+BUILD_TYPE="release"
+SIGN=false
+WITH_CONSOLE=true
+FORCE_CONSOLE_UPDATE=false
+CONSOLE_VERSION="latest"
+SKIP_VERIFICATION=false
+CUSTOM_PLATFORM=""
+
+# Print usage
+usage() {
+    echo "Usage: $0 [OPTIONS]"
+    echo ""
+    echo "Description:"
+    echo "  Build RustFS binary for the current platform. Designed for CI/CD pipelines"
+    echo "  where different runners build platform-specific binaries natively."
+    echo "  Includes automatic verification to ensure the built binary is functional."
+    echo ""
+    echo "Options:"
+    echo "  -o, --output-dir DIR       Output directory (default: target/release)"
+    echo "  -b, --binary-name NAME     Binary name (default: rustfs)"
+    echo "  -p, --platform TARGET      Target platform (default: auto-detect)"
+    echo "  --dev                      Build in dev mode"
+    echo "  --sign                     Sign binaries after build"
+    echo "  --with-console             Download console static assets (default)"
+    echo "  --no-console               Skip console static assets"
+    echo "  --force-console-update     Force update console assets even if they exist"
+    echo "  --console-version VERSION  Console version to download (default: latest)"
+    echo "  --skip-verification        Skip binary verification after build"
+    echo "  -h, --help                 Show this help message"
+    echo ""
+    echo "Examples:"
+    echo "  $0                         # Build for current platform (includes console assets)"
+    echo "  $0 --dev                   # Development build"
+    echo "  $0 --sign                  # Build and sign binary (release CI)"
+    echo "  $0 --no-console            # Build without console static assets"
+    echo "  $0 --force-console-update  # Force update console assets"
+    echo "  $0 --platform x86_64-unknown-linux-musl  # Build for specific platform"
+    echo "  $0 --skip-verification     # Skip binary verification (for cross-compilation)"
+    echo ""
+    echo "Detected platform: $(detect_platform)"
+    echo "CI Usage: Run this script on each platform's runner to build native binaries"
+}
+
+# Print colored message
+print_message() {
+    local color=$1
+    local message=$2
+    echo -e "${color}${message}${NC}"
+}
+
+# Get version from git
+get_version() {
+    if git describe --abbrev=0 --tags >/dev/null 2>&1; then
+        git describe --abbrev=0 --tags
+    else
+        git rev-parse --short HEAD
+    fi
+}
+
+# Setup rust environment
+setup_rust_environment() {
+    print_message $BLUE "🔧 Setting up Rust environment..."
+
+    # Install required target for current platform
+    print_message $YELLOW "Installing target: $PLATFORM"
+    rustup target add "$PLATFORM"
+
+    # Set up environment variables for musl targets
+    if [[ "$PLATFORM" == *"musl"* ]]; then
+        print_message $YELLOW "Setting up environment for musl target..."
+        export RUSTFLAGS="-C target-feature=-crt-static"
+
+        # For cargo-zigbuild, set up additional environment variables
+        if command -v cargo-zigbuild &> /dev/null; then
+            print_message $YELLOW "Configuring cargo-zigbuild for musl target..."
+
+            # Set environment variables for better musl support
+            export CC_x86_64_unknown_linux_musl="zig cc -target x86_64-linux-musl"
+            export CXX_x86_64_unknown_linux_musl="zig c++ -target x86_64-linux-musl"
+            export AR_x86_64_unknown_linux_musl="zig ar"
+            export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER="zig cc -target x86_64-linux-musl"
+
+            export CC_aarch64_unknown_linux_musl="zig cc -target aarch64-linux-musl"
+            export CXX_aarch64_unknown_linux_musl="zig c++ -target aarch64-linux-musl"
+            export AR_aarch64_unknown_linux_musl="zig ar"
+            export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER="zig cc -target aarch64-linux-musl"
+
+            # Set environment variables for zstd-sys to avoid target parsing issues
+            export ZSTD_SYS_USE_PKG_CONFIG=1
+            export PKG_CONFIG_ALLOW_CROSS=1
+        fi
+    fi
+
+    # Install required tools
+    if [ "$SIGN" = true ]; then
+        if ! command -v minisign &> /dev/null; then
+            print_message $YELLOW "Installing minisign for binary signing..."
+            cargo install minisign
+        fi
+    fi
+}
+
+# Download console static assets
+download_console_assets() {
+    local static_dir="rustfs/static"
+    local console_exists=false
+
+    # Check if console assets already exist
+    if [ -d "$static_dir" ] && [ -f "$static_dir/index.html" ]; then
+        console_exists=true
+        local static_size=$(du -sh "$static_dir" 2>/dev/null | cut -f1 || echo "unknown")
+        print_message $YELLOW "Console static assets already exist ($static_size)"
+    fi
+
+    # Determine if we need to download
+    local should_download=false
+    if [ "$WITH_CONSOLE" = true ]; then
+        if [ "$console_exists" = false ]; then
+            print_message $BLUE "🎨 Console assets not found, downloading..."
+            should_download=true
+        elif [ "$FORCE_CONSOLE_UPDATE" = true ]; then
+            print_message $BLUE "🎨 Force updating console assets..."
+            should_download=true
+        else
+            print_message $GREEN "✅ Console assets already available, skipping download"
+        fi
+    else
+        if [ "$console_exists" = true ]; then
+            print_message $GREEN "✅ Using existing console assets"
+        else
+            print_message $YELLOW "⚠️  Console assets not found. Use --download-console to download them."
+        fi
+    fi
+
+    if [ "$should_download" = true ]; then
+        print_message $BLUE "📥 Downloading console static assets..."
+
+        # Create static directory
+        mkdir -p "$static_dir"
+
+        # Download from GitHub Releases (consistent with Docker build)
+        local download_url
+        if [ "$CONSOLE_VERSION" = "latest" ]; then
+            print_message $YELLOW "Getting latest console release info..."
+            # For now, use dl.rustfs.com as fallback until GitHub Releases includes console assets
+            download_url="https://dl.rustfs.com/artifacts/console/rustfs-console-latest.zip"
+        else
+            download_url="https://dl.rustfs.com/artifacts/console/rustfs-console-${CONSOLE_VERSION}.zip"
+        fi
+
+        print_message $YELLOW "Downloading from: $download_url"
+
+        # Download with retries
+        local temp_file="console-assets-temp.zip"
+        local download_success=false
+
+        for i in {1..3}; do
+            if curl -L "$download_url" -o "$temp_file" --retry 3 --retry-delay 5 --max-time 300; then
+                download_success=true
+                break
+            else
+                print_message $YELLOW "Download attempt $i failed, retrying..."
+                sleep 2
+            fi
+        done
+
+        if [ "$download_success" = true ]; then
+            # Verify the downloaded file
+            if [ -f "$temp_file" ] && [ -s "$temp_file" ]; then
+                print_message $BLUE "📦 Extracting console assets..."
+
+                # Extract to static directory
+                if unzip -o "$temp_file" -d "$static_dir"; then
+                    rm "$temp_file"
+                    local final_size=$(du -sh "$static_dir" 2>/dev/null | cut -f1 || echo "unknown")
+                    print_message $GREEN "✅ Console assets downloaded successfully ($final_size)"
+                else
+                    print_message $RED "❌ Failed to extract console assets"
+                    rm -f "$temp_file"
+                    return 1
+                fi
+            else
+                print_message $RED "❌ Downloaded file is empty or invalid"
+                rm -f "$temp_file"
+                return 1
+            fi
+        else
+            print_message $RED "❌ Failed to download console assets after 3 attempts"
+            print_message $YELLOW "💡 Console assets are optional. Build will continue without them."
+            rm -f "$temp_file"
+        fi
+    fi
+}
+
+# Verify binary functionality
+verify_binary() {
+    local binary_path="$1"
+
+    # Check if binary exists
+    if [ ! -f "$binary_path" ]; then
+        print_message $RED "❌ Binary file not found: $binary_path"
+        return 1
+    fi
+
+    # Check if binary is executable
+    if [ ! -x "$binary_path" ]; then
+        print_message $RED "❌ Binary is not executable: $binary_path"
+        return 1
+    fi
+
+    # Check basic functionality - try to run help command
+    print_message $YELLOW "   Testing --help command..."
+    if ! "$binary_path" --help >/dev/null 2>&1; then
+        print_message $RED "❌ Binary failed to run --help command"
+        return 1
+    fi
+
+    # Check version command
+    print_message $YELLOW "   Testing --version command..."
+    if ! "$binary_path" --version >/dev/null 2>&1; then
+        print_message $YELLOW "⚠️  Binary does not support --version command (this is optional)"
+    fi
+
+    # Try to get some basic info about the binary
+    local file_info=$(file "$binary_path" 2>/dev/null || echo "unknown")
+    print_message $YELLOW "   Binary info: $file_info"
+
+    # Check if it's a valid ELF/Mach-O binary
+    if command -v readelf >/dev/null 2>&1; then
+        if readelf -h "$binary_path" >/dev/null 2>&1; then
+            print_message $YELLOW "   ELF binary structure: valid"
+        fi
+    elif command -v otool >/dev/null 2>&1; then
+        if otool -h "$binary_path" >/dev/null 2>&1; then
+            print_message $YELLOW "   Mach-O binary structure: valid"
+        fi
+    fi
+
+    return 0
+}
+
+# Build binary for current platform
+build_binary() {
+    local version=$(get_version)
+    local output_file="${OUTPUT_DIR}/${PLATFORM}/${BINARY_NAME}"
+
+    print_message $BLUE "🏗️  Building for platform: $PLATFORM"
+    print_message $YELLOW "   Version: $version"
+    print_message $YELLOW "   Output: $output_file"
+
+    # Create output directory
+    mkdir -p "${OUTPUT_DIR}/${PLATFORM}"
+
+    # Simple build logic matching the working version (4fb4b353)
+    # Force rebuild by touching build.rs
+    touch rustfs/build.rs
+
+    # Determine build command based on platform and cross-compilation needs
+    local build_cmd=""
+    local current_platform=$(detect_platform)
+
+    print_message $BLUE "📦 Using working version build logic..."
+
+    # Check if we need cross-compilation
+    if [ "$PLATFORM" != "$current_platform" ]; then
+        # Cross-compilation needed
+        if [[ "$PLATFORM" == *"apple-darwin"* ]]; then
+            print_message $RED "❌ macOS cross-compilation not supported"
+            print_message $YELLOW "💡 macOS targets must be built natively on macOS runners"
+            return 1
+        elif [[ "$PLATFORM" == *"windows"* ]]; then
+            # Use cross for Windows ARM64
+            if ! command -v cross &> /dev/null; then
+                print_message $YELLOW "📦 Installing cross tool..."
+                cargo install cross --git https://github.com/cross-rs/cross
+            fi
+            build_cmd="cross build"
+        else
+            # Use zigbuild for Linux ARM64 (matches working version)
+            if ! command -v cargo-zigbuild &> /dev/null; then
+                print_message $RED "❌ cargo-zigbuild not found. Please install it first."
+                return 1
+            fi
+            build_cmd="cargo zigbuild"
+        fi
+    else
+        # Native compilation
+        build_cmd="cargo build"
+    fi
+
+    if [ "$BUILD_TYPE" = "release" ]; then
+        build_cmd+=" --release"
+    fi
+
+    build_cmd+=" --target $PLATFORM"
+    build_cmd+=" -p rustfs --bins"
+
+    print_message $BLUE "📦 Executing: $build_cmd"
+
+    # Execute build (this matches exactly what the working version does)
+    if eval $build_cmd; then
+        print_message $GREEN "✅ Successfully built for $PLATFORM"
+
+        # Copy binary to output directory
+        cp "target/${PLATFORM}/${BUILD_TYPE}/${BINARY_NAME}" "$output_file"
+
+        # Generate checksums
+        print_message $BLUE "🔐 Generating checksums..."
+        (cd "${OUTPUT_DIR}/${PLATFORM}" && generate_sha256 "${BINARY_NAME}" "${BINARY_NAME}.sha256sum")
+
+        # Verify binary functionality (if not skipped)
+        if [ "$SKIP_VERIFICATION" = false ]; then
+            print_message $BLUE "🔍 Verifying binary functionality..."
+            if verify_binary "$output_file"; then
+                print_message $GREEN "✅ Binary verification passed"
+            else
+                print_message $RED "❌ Binary verification failed"
+                return 1
+            fi
+        else
+            print_message $YELLOW "⚠️  Binary verification skipped by user request"
+        fi
+
+        # Sign binary if requested
+        if [ "$SIGN" = true ]; then
+            print_message $BLUE "✍️  Signing binary..."
+            (cd "${OUTPUT_DIR}/${PLATFORM}" && minisign -S -m "${BINARY_NAME}" -s ~/.minisign/minisign.key)
+        fi
+
+        print_message $GREEN "✅ Build completed successfully"
+    else
+        print_message $RED "❌ Failed to build for $PLATFORM"
+        return 1
+    fi
+}
+
+
+
+# Main build function
+build_rustfs() {
+    local version=$(get_version)
+
+    print_message $BLUE "🚀 Starting RustFS binary build process..."
+    print_message $YELLOW "   Version: $version"
+    print_message $YELLOW "   Platform: $PLATFORM"
+    print_message $YELLOW "   Output Directory: $OUTPUT_DIR"
+    print_message $YELLOW "   Build Type: $BUILD_TYPE"
+    print_message $YELLOW "   Sign: $SIGN"
+    print_message $YELLOW "   With Console: $WITH_CONSOLE"
+    if [ "$WITH_CONSOLE" = true ]; then
+        print_message $YELLOW "   Console Version: $CONSOLE_VERSION"
+        print_message $YELLOW "   Force Console Update: $FORCE_CONSOLE_UPDATE"
+    fi
+    print_message $YELLOW "   Skip Verification: $SKIP_VERIFICATION"
+    echo ""
+
+    # Setup environment
+    setup_rust_environment
+    echo ""
+
+    # Download console assets if requested
+    download_console_assets
+    echo ""
+
+    # Build binary
+    build_binary
+    echo ""
+
+    print_message $GREEN "🎉 Build process completed successfully!"
+
+    # Show built binary
+    local binary_file="${OUTPUT_DIR}/${PLATFORM}/${BINARY_NAME}"
+    if [ -f "$binary_file" ]; then
+        local size=$(ls -lh "$binary_file" | awk '{print $5}')
+        print_message $BLUE "📋 Built binary: $binary_file ($size)"
+    fi
+}
+
+# Parse command line arguments
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        -o|--output-dir)
+            OUTPUT_DIR="$2"
+            shift 2
+            ;;
+        -b|--binary-name)
+            BINARY_NAME="$2"
+            shift 2
+            ;;
+        -p|--platform)
+            CUSTOM_PLATFORM="$2"
+            shift 2
+            ;;
+        --dev)
+            BUILD_TYPE="debug"
+            shift
+            ;;
+        --sign)
+            SIGN=true
+            shift
+            ;;
+        --with-console)
+            WITH_CONSOLE=true
+            shift
+            ;;
+        --no-console)
+            WITH_CONSOLE=false
+            shift
+            ;;
+        --force-console-update)
+            FORCE_CONSOLE_UPDATE=true
+            WITH_CONSOLE=true  # Auto-enable download when forcing update
+            shift
+            ;;
+        --console-version)
+            CONSOLE_VERSION="$2"
+            shift 2
+            ;;
+        --skip-verification)
+            SKIP_VERIFICATION=true
+            shift
+            ;;
+        -h|--help)
+            usage
+            exit 0
+            ;;
+        *)
+            print_message $RED "❌ Unknown option: $1"
+            usage
+            exit 1
+            ;;
+    esac
+done
+
+# Main execution
+main() {
+    print_message $BLUE "🦀 RustFS Binary Build Script"
+    echo ""
+
+    # Check if we're in a Rust project
+    if [ ! -f "Cargo.toml" ]; then
+        print_message $RED "❌ No Cargo.toml found. Are you in a Rust project directory?"
+        exit 1
+    fi
+
+    # Override platform if specified
+    if [ -n "$CUSTOM_PLATFORM" ]; then
+        PLATFORM="$CUSTOM_PLATFORM"
+        print_message $YELLOW "🎯 Using specified platform: $PLATFORM"
+
+        # Auto-enable skip verification for cross-compilation
+        if [ "$PLATFORM" != "$(detect_platform)" ]; then
+            SKIP_VERIFICATION=true
+            print_message $YELLOW "⚠️  Cross-compilation detected, enabling --skip-verification"
+        fi
+    fi
+
+    # Start build process
+    build_rustfs
+}
+
+# Run main function
+main
+

build_rustfs.sh

@@ -1,21 +0,0 @@
-#!/bin/bash
-clear
-
-# 获取当前平台架构
-ARCH=$(uname -m)
-
-# 根据架构设置 target 目录
-if [ "$ARCH" == "x86_64" ]; then
-    TARGET_DIR="target/x86_64"
-elif [ "$ARCH" == "aarch64" ]; then
-    TARGET_DIR="target/arm64"
-else
-    TARGET_DIR="target/unknown"
-fi
-
-# 设置 CARGO_TARGET_DIR 并构建项目
-CARGO_TARGET_DIR=$TARGET_DIR RUSTFLAGS="-C link-arg=-fuse-ld=mold" cargo build --package rustfs
-
-echo -e "\a"
-echo -e "\a"
-echo -e "\a"

cli/rustfs-gui/Cargo.toml

@@ -1,3 +1,17 @@
+# Copyright 2024 RustFS Team
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 [package]
 name = "rustfs-gui"
 edition.workspace = true
@@ -12,9 +26,9 @@ dioxus = { workspace = true, features = ["router"] }
 dirs = { workspace = true }
 hex = { workspace = true }
 keyring = { workspace = true }
-lazy_static = { workspace = true }
 rfd = { workspace = true }
 rust-embed = { workspace = true, features = ["interpolate-folder-path"] }
+rust-i18n = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 sha2 = { workspace = true }

cli/rustfs-gui/Dioxus.toml

@@ -37,7 +37,9 @@ copyright = "Copyright 2025 rustfs.com"
 
 icon = [
     "assets/icons/icon.icns",
-    "assets/icons/icon.ico"
+    "assets/icons/icon.ico",
+    "assets/icons/icon.png",
+    "assets/icons/rustfs-icon.png",
 ]
 #[bundle.macos]
 #provider_short_name = "RustFs"

cli/rustfs-gui/assets/js/sts.js

@@ -1,3 +1,19 @@
+/**
+ * Copyright 2024 RustFS Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 window.switchTab = function (tabId) {
     // Hide everything
     document.querySelectorAll('.tab-content').forEach(content => {

cli/rustfs-gui/assets/rustfs-logo.svg

@@ -1,20 +1,15 @@
 <svg width="1558" height="260" viewBox="0 0 1558 260" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <g clip-path="url(#clip0_0_3)">
-        <path d="M1288.5 112.905H1159.75V58.4404H1262L1270 0L1074 0V260H1159.75V162.997H1296.95L1288.5 112.905Z"
-              fill="#0196D0"/>
-        <path d="M1058.62 58.4404V0H789V58.4404H881.133V260H966.885V58.4404H1058.62Z" fill="#0196D0"/>
-        <path d="M521 179.102V0L454.973 15V161C454.973 181.124 452.084 193.146 443.5 202C434.916 211.257 419.318 214.5 400.5 214.5C381.022 214.5 366.744 210.854 357.5 202C348.916 193.548 346.357 175.721 346.357 156V0L280 15V175.48C280 208.08 290.234 229.412 309.712 241.486C329.19 253.56 358.903 260 400.5 260C440.447 260 470.159 253.56 490.297 241.486C510.766 229.412 521 208.483 521 179.102Z"
-              fill="#0196D0"/>
-        <path d="M172.84 84.2813C172.84 97.7982 168.249 107.737 158.41 113.303C149.883 118.471 137.092 121.254 120.693 122.049V162.997C129.876 163.792 138.076 166.177 144.307 176.514L184.647 260H265L225.316 180.489C213.181 155.046 201.374 149.48 178.744 143.517C212.197 138.349 241.386 118.471 241.386 73.1499C241.386 53.2722 233.843 30.2141 218.756 17.8899C203.998 5.56575 183.991 0 159.394 0H120.693V48.5015H127.58C142.23 48.5015 153.6 51.4169 161.689 57.2477C169.233 62.8135 172.84 71.5596 172.84 84.2813ZM120.693 122.049C119.163 122.049 117.741 122.049 116.43 122.049H68.5457V48.5015H120.693V0H0V260H70.5137V162.997H110.526C113.806 162.997 117.741 162.997 120.693 162.997V122.049Z"
-              fill="#0196D0"/>
-        <path d="M774 179.297C774 160.829 766.671 144.669 752.013 131.972C738.127 119.66 712.025 110.169 673.708 103.5C662.136 101.191 651.722 99.6523 643.235 97.3437C586.532 84.6467 594.632 52.7118 650.564 52.7118C680.651 52.7118 709.582 61.946 738.127 66.9478C742.37 67.7174 743.913 68.1021 744.298 68.1021L750.47 12.697C720.383 3.46282 684.895 0 654.036 0C616.619 0 587.689 6.54088 567.245 19.2379C546.801 31.9349 536 57.7137 536 82.3382C536 103.5 543.715 119.66 559.916 131.972C575.731 143.515 604.276 152.749 645.55 160.059C658.279 162.368 668.694 163.907 676.794 166.215C685.023 168.524 691.066 170.704 694.924 172.756C702.253 176.604 706.11 182.375 706.11 188.531C706.11 196.611 701.481 202.767 692.224 207C664.836 220.081 587.689 212.001 556.83 198.15L543.715 247.784C547.186 248.169 552.972 249.323 559.916 250.477C616.619 259.327 690.681 270.869 741.212 238.935C762.814 225.468 774 206.23 774 179.297Z"
-              fill="#0196D0"/>
-        <path d="M1558 179.568C1558 160.383 1550.42 144.268 1535.67 131.99C1521.32 119.968 1494.34 110.631 1454.74 103.981C1442.38 101.679 1432.01 99.3764 1422.84 97.8416C1422.44 97.8416 1422.04 97.8416 1422.04 97.4579V112.422L1361.04 75.2038L1422.04 38.3692V52.9496C1424.7 52.9496 1427.49 52.9496 1430.41 52.9496C1461.51 52.9496 1491.42 62.5419 1521.32 67.5299C1525.31 67.9136 1526.9 67.9136 1527.3 67.9136L1533.68 12.6619C1502.98 3.83692 1465.9 0 1434 0C1395.33 0 1365.43 6.52277 1345.09 19.5683C1323.16 32.6139 1312 57.9376 1312 82.8776C1312 103.981 1320.37 120.096 1336.72 131.607C1353.46 143.885 1382.97 153.093 1425.23 160.383C1434 161.535 1441.18 162.686 1447.56 164.22L1448.36 150.791L1507.36 190.312L1445.57 224.844L1445.96 212.949C1409.68 215.635 1357.45 209.112 1333.53 197.985L1320.37 247.482C1323.56 248.249 1329.54 248.633 1336.72 250.551C1395.33 259.376 1471.88 270.887 1524.11 238.657C1546.84 225.611 1558 205.659 1558 179.568Z"
-              fill="#0196D0"/>
-    </g>
-    <defs>
-        <clipPath id="clip0_0_3">
-            <rect width="1558" height="260" fill="white"/>
-        </clipPath>
-    </defs>
+<g clip-path="url(#clip0_0_3)">
+<path d="M1288.5 112.905H1159.75V58.4404H1262L1270 0L1074 0V260H1159.75V162.997H1296.95L1288.5 112.905Z" fill="#0196D0"/>
+<path d="M1058.62 58.4404V0H789V58.4404H881.133V260H966.885V58.4404H1058.62Z" fill="#0196D0"/>
+<path d="M521 179.102V0L454.973 15V161C454.973 181.124 452.084 193.146 443.5 202C434.916 211.257 419.318 214.5 400.5 214.5C381.022 214.5 366.744 210.854 357.5 202C348.916 193.548 346.357 175.721 346.357 156V0L280 15V175.48C280 208.08 290.234 229.412 309.712 241.486C329.19 253.56 358.903 260 400.5 260C440.447 260 470.159 253.56 490.297 241.486C510.766 229.412 521 208.483 521 179.102Z" fill="#0196D0"/>
+<path d="M172.84 84.2813C172.84 97.7982 168.249 107.737 158.41 113.303C149.883 118.471 137.092 121.254 120.693 122.049V162.997C129.876 163.792 138.076 166.177 144.307 176.514L184.647 260H265L225.316 180.489C213.181 155.046 201.374 149.48 178.744 143.517C212.197 138.349 241.386 118.471 241.386 73.1499C241.386 53.2722 233.843 30.2141 218.756 17.8899C203.998 5.56575 183.991 0 159.394 0H120.693V48.5015H127.58C142.23 48.5015 153.6 51.4169 161.689 57.2477C169.233 62.8135 172.84 71.5596 172.84 84.2813ZM120.693 122.049C119.163 122.049 117.741 122.049 116.43 122.049H68.5457V48.5015H120.693V0H0V260H70.5137V162.997H110.526C113.806 162.997 117.741 162.997 120.693 162.997V122.049Z" fill="#0196D0"/>
+<path d="M774 179.297C774 160.829 766.671 144.669 752.013 131.972C738.127 119.66 712.025 110.169 673.708 103.5C662.136 101.191 651.722 99.6523 643.235 97.3437C586.532 84.6467 594.632 52.7118 650.564 52.7118C680.651 52.7118 709.582 61.946 738.127 66.9478C742.37 67.7174 743.913 68.1021 744.298 68.1021L750.47 12.697C720.383 3.46282 684.895 0 654.036 0C616.619 0 587.689 6.54088 567.245 19.2379C546.801 31.9349 536 57.7137 536 82.3382C536 103.5 543.715 119.66 559.916 131.972C575.731 143.515 604.276 152.749 645.55 160.059C658.279 162.368 668.694 163.907 676.794 166.215C685.023 168.524 691.066 170.704 694.924 172.756C702.253 176.604 706.11 182.375 706.11 188.531C706.11 196.611 701.481 202.767 692.224 207C664.836 220.081 587.689 212.001 556.83 198.15L543.715 247.784C547.186 248.169 552.972 249.323 559.916 250.477C616.619 259.327 690.681 270.869 741.212 238.935C762.814 225.468 774 206.23 774 179.297Z" fill="#0196D0"/>
+<path d="M1558 179.568C1558 160.383 1550.42 144.268 1535.67 131.99C1521.32 119.968 1494.34 110.631 1454.74 103.981C1442.38 101.679 1432.01 99.3764 1422.84 97.8416C1422.44 97.8416 1422.04 97.8416 1422.04 97.4579V112.422L1361.04 75.2038L1422.04 38.3692V52.9496C1424.7 52.9496 1427.49 52.9496 1430.41 52.9496C1461.51 52.9496 1491.42 62.5419 1521.32 67.5299C1525.31 67.9136 1526.9 67.9136 1527.3 67.9136L1533.68 12.6619C1502.98 3.83692 1465.9 0 1434 0C1395.33 0 1365.43 6.52277 1345.09 19.5683C1323.16 32.6139 1312 57.9376 1312 82.8776C1312 103.981 1320.37 120.096 1336.72 131.607C1353.46 143.885 1382.97 153.093 1425.23 160.383C1434 161.535 1441.18 162.686 1447.56 164.22L1448.36 150.791L1507.36 190.312L1445.57 224.844L1445.96 212.949C1409.68 215.635 1357.45 209.112 1333.53 197.985L1320.37 247.482C1323.56 248.249 1329.54 248.633 1336.72 250.551C1395.33 259.376 1471.88 270.887 1524.11 238.657C1546.84 225.611 1558 205.659 1558 179.568Z" fill="#0196D0"/>
+</g>
+<defs>
+<clipPath id="clip0_0_3">
+<rect width="1558" height="260" fill="white"/>
+</clipPath>
+</defs>
 </svg>

cli/rustfs-gui/assets/styling/navbar.css

@@ -1,3 +1,19 @@
+/**
+ * Copyright 2024 RustFS Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 #navbar {
     display: flex;
     flex-direction: row;

cli/rustfs-gui/assets/tailwind.css

@@ -1,3 +1,19 @@
+/**
+ * Copyright 2024 RustFS Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 *, ::before, ::after {
   --tw-border-spacing-x: 0;
   --tw-border-spacing-y: 0;

cli/rustfs-gui/input.css

@@ -1,3 +1,19 @@
+/**
+ * Copyright 2024 RustFS Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 @tailwind base;
 @tailwind components;
 @tailwind utilities;

cli/rustfs-gui/src/components/home.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 use crate::components::navbar::LoadingSpinner;
 use crate::route::Route;
 use crate::utils::{RustFSConfig, ServiceManager};
@@ -30,11 +44,11 @@ pub fn Home() -> Element {
     #[allow(clippy::redundant_closure)]
     let service = use_signal(|| ServiceManager::new());
     let conf = RustFSConfig::load().unwrap_or_else(|e| {
-        ServiceManager::show_error(&format!("加载配置失败：{}", e));
+        ServiceManager::show_error(&format!("load config failed: {e}"));
         RustFSConfig::default()
     });
 
-    debug!("loaded configurations:{:?}", conf);
+    debug!("loaded configurations: {:?}", conf);
     let config = use_signal(|| conf.clone());
 
     use dioxus_router::prelude::Link;
@@ -78,7 +92,7 @@ pub fn Home() -> Element {
                     }
                 }
                 Err(e) => {
-                    ServiceManager::show_error(&format!("服务启动失败：{}", e));
+                    ServiceManager::show_error(&format!("start service failed: {e}"));
                 }
             }
             // Only set loading to false when it's actually done
@@ -104,7 +118,7 @@ pub fn Home() -> Element {
                     }
                 }
                 Err(e) => {
-                    ServiceManager::show_error(&format!("服务停止失败：{}", e));
+                    ServiceManager::show_error(&format!("stop service failed: {e}"));
                 }
             }
             debug!("service_state: {:?}", service_state.read());
@@ -143,6 +157,7 @@ pub fn Home() -> Element {
         Title { "RustFS APP" }
         Meta {
             name: "description",
+            // TODO: translate to english
             content: "RustFS RustFS 用热门安全的 Rust 语言开发，兼容 S3 协议。适用于 AI/ML 及海量数据存储、大数据、互联网、工业和保密存储等全部场景。近乎免费使用。遵循 Apache 2 协议，支持国产保密设备和系统。",
         }
         div { class: "min-h-screen flex flex-col items-center bg-white",
@@ -166,7 +181,7 @@ pub fn Home() -> Element {
                 }
                 LoadingSpinner {
                     loading: loading.read().to_owned(),
-                    text: "服务处理中...",
+                    text: "processing...",
                 }
                 button { class: button_class, onclick: toggle_service,
                     svg {

cli/rustfs-gui/src/components/mod.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 mod home;
 pub use home::Home;
 mod navbar;

cli/rustfs-gui/src/components/navbar.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 use crate::route::Route;
 use dioxus::logger::tracing::debug;
 use dioxus::prelude::*;

cli/rustfs-gui/src/components/setting.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 use crate::components::navbar::LoadingSpinner;
 use dioxus::logger::tracing::{debug, error};
 use dioxus::prelude::*;
@@ -49,7 +63,7 @@ pub fn Setting() -> Element {
             let config = config.read().clone();
             spawn(async move {
                 if let Err(e) = service.read().restart(config).await {
-                    ServiceManager::show_error(&format!("发送重启命令失败：{}", e));
+                    ServiceManager::show_error(&format!("发送重启命令失败：{e}"));
                 }
                 // reset the status when you're done
                 loading.set(false);

cli/rustfs-gui/src/main.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 mod components;
 mod route;
 mod utils;

cli/rustfs-gui/src/route/mod.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 mod router;
 
 pub use router::Route;

cli/rustfs-gui/src/route/router.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 use crate::components::Navbar;
 use crate::views::{HomeViews, SettingViews};
 use dioxus::prelude::*;

cli/rustfs-gui/src/utils/config.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 use keyring::Entry;
 use serde::{Deserialize, Serialize};
 use std::error::Error;
@@ -201,7 +215,7 @@ impl RustFSConfig {
     /// Clear the stored configuration from the system keyring
     ///
     /// # Returns
-    /// Returns `Ok(())` if the configuration was successfully cleared, or an error if the operation failed.
+    /// `Ok(())` if the configuration was successfully cleared, or an error if the operation failed.
     ///
     /// # Example
     /// ```
@@ -288,7 +302,7 @@ mod tests {
 
         for (input, expected) in test_cases {
             let result = RustFSConfig::extract_host_port(input);
-            assert_eq!(result, expected, "Failed for input: {}", input);
+            assert_eq!(result, expected, "Failed for input: {input}");
         }
     }
 
@@ -306,7 +320,7 @@ mod tests {
 
         for input in invalid_cases {
             let result = RustFSConfig::extract_host_port(input);
-            assert_eq!(result, None, "Should be None for input: {}", input);
+            assert_eq!(result, None, "Should be None for input: {input}");
         }
 
         // Special case: empty host but valid port should still work
@@ -437,7 +451,7 @@ mod tests {
     #[test]
     fn test_debug_format() {
         let config = RustFSConfig::default_config();
-        let debug_str = format!("{:?}", config);
+        let debug_str = format!("{config:?}");
 
         assert!(debug_str.contains("RustFSConfig"));
         assert!(debug_str.contains("address"));
@@ -484,14 +498,14 @@ mod tests {
     fn test_very_long_strings() {
         let long_string = "a".repeat(1000);
         let config = RustFSConfig {
-            address: format!("{}:9000", long_string),
+            address: format!("{long_string}:9000"),
             host: long_string.clone(),
             port: "9000".to_string(),
             access_key: long_string.clone(),
             secret_key: long_string.clone(),
-            domain_name: format!("{}.com", long_string),
-            volume_name: format!("/data/{}", long_string),
-            console_address: format!("{}:9001", long_string),
+            domain_name: format!("{long_string}.com"),
+            volume_name: format!("/data/{long_string}"),
+            console_address: format!("{long_string}:9001"),
         };
 
         assert_eq!(config.host.len(), 1000);
@@ -525,14 +539,14 @@ mod tests {
             host: "127.0.0.1".to_string(),
             port: "9000".to_string(),
             access_key: "用户名".to_string(),
-            secret_key: "密码123".to_string(),
+            secret_key: "密码 123".to_string(),
             domain_name: "测试.com".to_string(),
             volume_name: "/数据/存储".to_string(),
             console_address: "127.0.0.1:9001".to_string(),
         };
 
         assert_eq!(config.access_key, "用户名");
-        assert_eq!(config.secret_key, "密码123");
+        assert_eq!(config.secret_key, "密码 123");
         assert_eq!(config.domain_name, "测试.com");
         assert_eq!(config.volume_name, "/数据/存储");
     }

cli/rustfs-gui/src/utils/helper.rs

@@ -1,31 +1,43 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 use crate::utils::RustFSConfig;
 use dioxus::logger::tracing::{debug, error, info};
-use lazy_static::lazy_static;
 use rust_embed::RustEmbed;
 use sha2::{Digest, Sha256};
 use std::error::Error;
 use std::path::{Path, PathBuf};
 use std::process::Command as StdCommand;
+use std::sync::LazyLock;
 use std::time::Duration;
 use tokio::fs;
 use tokio::fs::File;
 use tokio::io::AsyncWriteExt;
 use tokio::net::TcpStream;
-use tokio::sync::{mpsc, Mutex};
+use tokio::sync::{Mutex, mpsc};
 
 #[derive(RustEmbed)]
 #[folder = "$CARGO_MANIFEST_DIR/embedded-rustfs/"]
 struct Asset;
 
-// Use `lazy_static` to cache the checksum of embedded resources
-lazy_static! {
-    static ref RUSTFS_HASH: Mutex<String> = {
-        let rustfs_file = if cfg!(windows) { "rustfs.exe" } else { "rustfs" };
-        let rustfs_data = Asset::get(rustfs_file).expect("RustFs binary not embedded");
-        let hash = hex::encode(Sha256::digest(&rustfs_data.data));
-        Mutex::new(hash)
-    };
-}
+// Use `LazyLock` to cache the checksum of embedded resources
+static RUSTFS_HASH: LazyLock<Mutex<String>> = LazyLock::new(|| {
+    let rustfs_file = if cfg!(windows) { "rustfs.exe" } else { "rustfs" };
+    let rustfs_data = Asset::get(rustfs_file).expect("RustFs binary not embedded");
+    let hash = hex::encode(Sha256::digest(&rustfs_data.data));
+    Mutex::new(hash)
+});
 
 /// Service command
 /// This enum represents the commands that can be sent to the service manager
@@ -184,7 +196,7 @@ impl ServiceManager {
             let cached_hash = fs::read_to_string(&hash_path).await?;
             let expected_hash = RUSTFS_HASH.lock().await;
             if cached_hash == *expected_hash {
-                println!("Use cached rustfs: {:?}", executable_path);
+                println!("Use cached rustfs: {executable_path:?}");
                 return Ok(executable_path);
             }
         }
@@ -235,23 +247,23 @@ impl ServiceManager {
                 match cmd {
                     ServiceCommand::Start(config) => {
                         if let Err(e) = Self::start_service(&config).await {
-                            Self::show_error(&format!("启动服务失败：{}", e));
+                            Self::show_error(&format!("启动服务失败：{e}"));
                         }
                     }
                     ServiceCommand::Stop => {
                         if let Err(e) = Self::stop_service().await {
-                            Self::show_error(&format!("停止服务失败：{}", e));
+                            Self::show_error(&format!("停止服务失败：{e}"));
                         }
                     }
                     ServiceCommand::Restart(config) => {
                         if Self::check_service_status().await.is_some() {
                             if let Err(e) = Self::stop_service().await {
-                                Self::show_error(&format!("重启服务失败：{}", e));
+                                Self::show_error(&format!("重启服务失败：{e}"));
                                 continue;
                             }
                         }
                         if let Err(e) = Self::start_service(&config).await {
-                            Self::show_error(&format!("重启服务失败：{}", e));
+                            Self::show_error(&format!("重启服务失败：{e}"));
                         }
                     }
                 }
@@ -283,7 +295,7 @@ impl ServiceManager {
     async fn start_service(config: &RustFSConfig) -> Result<(), Box<dyn Error>> {
         // Check if the service is already running
         if let Some(existing_pid) = Self::check_service_status().await {
-            return Err(format!("服务已经在运行，PID: {}", existing_pid).into());
+            return Err(format!("服务已经在运行，PID: {existing_pid}").into());
         }
 
         // Prepare the service program
@@ -304,7 +316,7 @@ impl ServiceManager {
         let ports = vec![main_port, console_port];
         for port in ports {
             if Self::is_port_in_use(host, port).await {
-                return Err(format!("端口 {} 已被占用", port).into());
+                return Err(format!("端口 {port} 已被占用").into());
             }
         }
 
@@ -327,7 +339,7 @@ impl ServiceManager {
 
         // Check if the service started successfully
         if Self::is_port_in_use(host, main_port).await {
-            Self::show_info(&format!("服务启动成功！进程 ID: {}", process_pid));
+            Self::show_info(&format!("服务启动成功！进程 ID: {process_pid}"));
 
             Ok(())
         } else {
@@ -387,7 +399,7 @@ impl ServiceManager {
     /// println!("{:?}", result);
     /// ```
     async fn is_port_in_use(host: &str, port: u16) -> bool {
-        TcpStream::connect(format!("{}:{}", host, port)).await.is_ok()
+        TcpStream::connect(format!("{host}:{port}")).await.is_ok()
     }
 
     /// Show an error message
@@ -674,7 +686,7 @@ mod tests {
             message: "Test message".to_string(),
         };
 
-        let debug_str = format!("{:?}", result);
+        let debug_str = format!("{result:?}");
         assert!(debug_str.contains("ServiceOperationResult"));
         assert!(debug_str.contains("success: true"));
         assert!(debug_str.contains("Test message"));
@@ -691,8 +703,8 @@ mod tests {
             let cloned_manager = service_manager.clone();
 
             // Both should be valid (we can't test much more without async runtime)
-            assert!(format!("{:?}", service_manager).contains("ServiceManager"));
-            assert!(format!("{:?}", cloned_manager).contains("ServiceManager"));
+            assert!(format!("{service_manager:?}").contains("ServiceManager"));
+            assert!(format!("{cloned_manager:?}").contains("ServiceManager"));
         });
     }
 
@@ -710,7 +722,7 @@ mod tests {
 
         for (input, expected) in test_cases {
             let result = ServiceManager::extract_port(input);
-            assert_eq!(result, expected, "Failed for input: {}", input);
+            assert_eq!(result, expected, "Failed for input: {input}");
         }
     }
 
@@ -729,7 +741,7 @@ mod tests {
 
         for input in invalid_cases {
             let result = ServiceManager::extract_port(input);
-            assert_eq!(result, None, "Should be None for input: {}", input);
+            assert_eq!(result, None, "Should be None for input: {input}");
         }
 
         // Special case: empty host but valid port should still work
@@ -746,10 +758,10 @@ mod tests {
         assert_eq!(ServiceManager::extract_port("host:0"), Some(0));
         assert_eq!(ServiceManager::extract_port("host:65535"), Some(65535));
         assert_eq!(ServiceManager::extract_port("host:65536"), None); // Out of range
-                                                                      // IPv6-like address - extract_port takes the second part after split(':')
-                                                                      // For "::1:8080", split(':') gives ["", "", "1", "8080"], nth(1) gives ""
+        // IPv6-like address - extract_port takes the second part after split(':')
+        // For "::1:8080", split(':') gives ["", "", "1", "8080"], nth(1) gives ""
         assert_eq!(ServiceManager::extract_port("::1:8080"), None); // Second part is empty
-                                                                    // For "[::1]:8080", split(':') gives ["[", "", "1]", "8080"], nth(1) gives ""
+        // For "[::1]:8080", split(':') gives ["[", "", "1]", "8080"], nth(1) gives ""
         assert_eq!(ServiceManager::extract_port("[::1]:8080"), None); // Second part is empty
     }
 

cli/rustfs-gui/src/utils/logger.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 use dioxus::logger::tracing::debug;
 use tracing_appender::non_blocking::WorkerGuard;
 use tracing_appender::rolling::{RollingFileAppender, Rotation};
@@ -94,7 +108,7 @@ mod tests {
 
         // We can't actually build it without creating directories,
         // but we can verify the builder pattern works
-        let debug_str = format!("{:?}", builder);
+        let debug_str = format!("{builder:?}");
         // The actual debug format might be different, so just check it's not empty
         assert!(!debug_str.is_empty());
         // Check that it contains some expected parts
@@ -112,10 +126,10 @@ mod tests {
         let never = Rotation::NEVER;
 
         // Test that rotation types can be created and formatted
-        assert!(!format!("{:?}", daily).is_empty());
-        assert!(!format!("{:?}", hourly).is_empty());
-        assert!(!format!("{:?}", minutely).is_empty());
-        assert!(!format!("{:?}", never).is_empty());
+        assert!(!format!("{daily:?}").is_empty());
+        assert!(!format!("{hourly:?}").is_empty());
+        assert!(!format!("{minutely:?}").is_empty());
+        assert!(!format!("{never:?}").is_empty());
     }
 
     #[test]
@@ -159,10 +173,10 @@ mod tests {
         let error_filter = tracing_subscriber::EnvFilter::new("error");
 
         // Test that filters can be created
-        assert!(!format!("{:?}", info_filter).is_empty());
-        assert!(!format!("{:?}", debug_filter).is_empty());
-        assert!(!format!("{:?}", warn_filter).is_empty());
-        assert!(!format!("{:?}", error_filter).is_empty());
+        assert!(!format!("{info_filter:?}").is_empty());
+        assert!(!format!("{debug_filter:?}").is_empty());
+        assert!(!format!("{warn_filter:?}").is_empty());
+        assert!(!format!("{error_filter:?}").is_empty());
     }
 
     #[test]
@@ -201,7 +215,7 @@ mod tests {
         assert_eq!(suffix, "log");
 
         // Test that these would create valid filenames
-        let sample_filename = format!("{}.2024-01-01.{}", prefix, suffix);
+        let sample_filename = format!("{prefix}.2024-01-01.{suffix}");
         assert_eq!(sample_filename, "rustfs-cli.2024-01-01.log");
     }
 
@@ -243,7 +257,7 @@ mod tests {
         assert_eq!(logs_dir_name, "logs");
 
         // Test path joining
-        let combined = format!("{}/{}", rustfs_dir_name, logs_dir_name);
+        let combined = format!("{rustfs_dir_name}/{logs_dir_name}");
         assert_eq!(combined, "rustfs/logs");
     }
 

cli/rustfs-gui/src/utils/mod.rs

@@ -1,3 +1,17 @@
+// Copyright 2024 RustFS Team
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 mod config;
 mod helper;
 mod logger;