Skip to content

Commit edfaf08

Browse files
committed
Update whole project
1 parent 89956bc commit edfaf08

269 files changed

Lines changed: 270550 additions & 0 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.gitattributes

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
# Auto detect text files and perform LF normalization
2+
* text=auto

.github/CODE_OF_CONDUCT.md

Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
# Code of Conduct
2+
3+
## Introduction
4+
5+
Welcome to this Open-Source Project! This Code of Conduct outlines our expectations for participants within the community, as well as steps to report unacceptable behavior. We are committed to providing a welcoming and inspiring community for all and expect our Code of Conduct to be honored. Anyone who violates this code of conduct may be banned from the community.
6+
7+
## Our Standards
8+
9+
Examples of behavior that contributes to creating a positive environment include:
10+
11+
- **Using welcoming and inclusive language**
12+
- **Being respectful of differing viewpoints and experiences**
13+
- **Gracefully accepting constructive criticism**
14+
- **Focusing on what is best for the community**
15+
- **Showing empathy towards other community members**
16+
17+
Examples of unacceptable behavior by participants include:
18+
19+
- **The use of sexualized language or imagery and unwelcome sexual attention or advances**
20+
- **Trolling, insulting/derogatory comments, and personal or political attacks**
21+
- **Public or private harassment**
22+
- **Publishing others' private information, such as a physical or electronic address, without explicit permission**
23+
- **Other conduct which could reasonably be considered inappropriate in a professional setting**
24+
25+
## Our Responsibilities
26+
27+
Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
28+
29+
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned with this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
30+
31+
## Scope
32+
33+
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
34+
35+
## Enforcement
36+
37+
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [insert email address]. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
38+
39+
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
40+
41+
## Attribution
42+
43+
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version].
44+
45+
[homepage]: http://contributor-covenant.org
46+
[version]: http://contributor-covenant.org/version/1/4/
47+
---

.github/CONTRIBUTING.md

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
# Contributing to Employee Management Project
2+
3+
Thanks for your interest in contributing! Please take a moment to read this guide.
4+
5+
## Getting Started
6+
7+
1. Fork the repository and clone your fork (adjust the URL to your fork as needed):
8+
9+
```bash
10+
git clone <your-fork>.git
11+
cd <your-dir>
12+
```
13+
14+
2. Install dependencies:
15+
16+
```bash
17+
npm ci
18+
```
19+
20+
3. Create a new branch from `develop`:
21+
22+
```bash
23+
git checkout develop
24+
git checkout -b feat/my-improvement
25+
```
26+
27+
## Workflow
28+
29+
- **Code style**: We use ESLint + Prettier. Your editor should auto-format on save.
30+
- **Testing**: Add/update Jest tests under `__tests__/`.
31+
- **Commit messages**: Use [Conventional Commits](https://www.conventionalcommits.org).
32+
33+
```bash
34+
feat: add profile header sticky behavior
35+
fix: prevent overflow on long words
36+
docs: update onboarding README
37+
```
38+
39+
## Pull Requests
40+
41+
1. Push your branch to your fork:
42+
43+
```bash
44+
git push -u origin feat/my-improvement
45+
```
46+
47+
2. Open a PR against `develop` and fill out the PR template.
48+
3. Ensure CI passes (lint, tests, build).
49+
4. Respond to review feedback—thank you!

.github/PULL_REQUEST_TEMPLATE.md

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
# Pull Request Template
2+
3+
## Overview
4+
Briefly describe the purpose of this pull request. What features or bug fixes are included?
5+
6+
## Related Issue/Ticket
7+
Link any related issue or ticket here.
8+
9+
## Files Changed
10+
List the files that have been added, deleted, or modified.
11+
12+
## Testing
13+
Describe how you tested these changes.
14+
15+
## Screenshots (if applicable)
16+
Include screenshots or GIFs if you've made UI changes.
17+
18+
## Notes to Reviewers
19+
Add any notes for reviewers, such as areas to focus on, decisions you made, etc.
20+
21+
## Deployment Notes
22+
Include any necessary steps for deployment, configuration changes, etc.

.github/SECURITY.md

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
# Security Policy
2+
3+
_Last updated: May 16, 2025_
4+
5+
This document describes the security vulnerability disclosure process for the **Employee Management** project. It covers supported versions, reporting guidelines, response commitments, and safe-harbor protections for security researchers.
6+
7+
---
8+
9+
## Supported Versions
10+
11+
| Version | Supported |
12+
| --------- | --------- |
13+
| `1.1.x` | YES |
14+
| `1.0.x` | YES |
15+
| `< 1.0.0` | NO |
16+
17+
We backport critical and high-severity security fixes to the latest two minor versions (`1.1.x` and `1.0.x`) for at least 90 days after release. Older versions are no longer supported—users should upgrade to a supported release as soon as possible.
18+
19+
---
20+
21+
## Reporting a Vulnerability
22+
23+
If you discover a security issue in our code or infrastructure, please report it privately:
24+
25+
1. **Email**:
26+
27+
```text
28+
hoangson091104@gmail.com
29+
```
30+
31+
2. **PGP Key** (fingerprint):
32+
33+
```
34+
3F8A 2E4B 9D1C 7A5E 0B9F 1C23 4D56 7890 ABCD 1234
35+
```
36+
37+
Attach your public key or encrypt your report to avoid eavesdropping.
38+
39+
3. **What to include**:
40+
41+
- A clear description of the vulnerability and its impact.
42+
- Step-by-step reproduction instructions or proof-of-concept code.
43+
- Affected version(s) and environment details (OS, Node.js version, etc.).
44+
- Suggested mitigation or fix, if known.
45+
46+
Please **do not** open a public GitHub issue or discuss the issue publicly before we have had a chance to triage and remediate. This helps protect our users and the wider ecosystem.
47+
48+
---
49+
50+
## Response Timeline
51+
52+
| Phase | Commitment |
53+
| -------------------------------- | ----------------------- |
54+
| Acknowledgement | Within 48 hours |
55+
| Preliminary triage & severity | Within 5 business days |
56+
| Patch deployment (high/critical) | Within 30 days |
57+
| Patch deployment (medium/low) | Within 90 days |
58+
| Public disclosure | After patch is released |
59+
60+
We’ll keep you updated throughout the process. If you do not hear back within 48 hours, feel free to send a reminder.
61+
62+
---
63+
64+
## Safe Harbor
65+
66+
We welcome and appreciate good-faith security research. As long as you:
67+
68+
- Limit your testing to your own accounts or demo environments.
69+
- Do not access, modify, or delete any data you do not own.
70+
- Do not degrade the service for other users.
71+
- Promptly report any issues you find to us.
72+
73+
—you will not face legal action from the Employee Management team.
74+
75+
---
76+
77+
## Acknowledgments
78+
79+
Thank you to all security researchers and contributors who help us keep our project safe. If you would like to be acknowledged publicly for your responsibly disclosed finding, please let us know in your report.
80+
81+
---
82+
83+
## References
84+
85+
- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories)
86+
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
87+
- [Node.js Security Working Group](https://github.com/nodejs/security-wg)

.github/workflows/ci.yml

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,130 @@
1+
name: CI/CD Pipeline for Employee Management
2+
3+
on:
4+
push:
5+
branches:
6+
- master
7+
pull_request:
8+
branches:
9+
- master
10+
11+
jobs:
12+
formatting:
13+
name: 🔧 Install, Lint & Format
14+
runs-on: ubuntu-latest
15+
steps:
16+
- name: Checkout code
17+
uses: actions/checkout@v3
18+
19+
- name: Use Node.js 18
20+
uses: actions/setup-node@v3
21+
with:
22+
node-version: 18
23+
24+
- name: Install root deps
25+
run: npm ci
26+
27+
- name: Run Prettier
28+
run: npm run format
29+
30+
backend:
31+
name: 🚀 Backend JUnit Tests
32+
runs-on: ubuntu-latest
33+
needs: formatting
34+
steps:
35+
- name: Checkout code
36+
uses: actions/checkout@v3
37+
38+
- name: Set up JDK 17
39+
uses: actions/setup-java@v3
40+
with:
41+
distribution: temurin
42+
java-version: '17'
43+
44+
- name: Run Maven tests
45+
working-directory: backend
46+
run: mvn --batch-mode test
47+
48+
- name: Archive test reports
49+
if: always()
50+
uses: actions/upload-artifact@v4
51+
with:
52+
name: junit-reports
53+
path: backend/target/surefire-reports/*.xml
54+
55+
frontend:
56+
name: 🌐 Frontend Tests
57+
runs-on: ubuntu-latest
58+
needs: formatting
59+
steps:
60+
- name: Checkout code
61+
uses: actions/checkout@v3
62+
63+
- name: Use Node.js 18
64+
uses: actions/setup-node@v3
65+
with:
66+
node-version: 18
67+
68+
- name: Install & Test Frontend
69+
working-directory: frontend
70+
run: |
71+
npm ci
72+
npm test
73+
74+
docker:
75+
name: 🐳 Build & Push Docker Images
76+
runs-on: ubuntu-latest
77+
needs:
78+
- backend
79+
- frontend
80+
permissions:
81+
contents: read
82+
packages: write
83+
steps:
84+
- name: Checkout code
85+
uses: actions/checkout@v3
86+
87+
- name: Log in to GHCR
88+
uses: docker/login-action@v2
89+
with:
90+
registry: ghcr.io
91+
username: ${{ github.actor }}
92+
password: ${{ secrets.GITHUB_TOKEN }}
93+
94+
- name: Build & push backend image
95+
uses: docker/build-push-action@v3
96+
with:
97+
context: ./backend
98+
file: ./backend/Dockerfile
99+
push: true
100+
tags: |
101+
ghcr.io/${{ github.repository_owner }}/employee-management-backend:${{ github.sha }}
102+
ghcr.io/${{ github.repository_owner }}/employee-management-backend:latest
103+
104+
- name: Build & push frontend image
105+
uses: docker/build-push-action@v3
106+
with:
107+
context: ./frontend
108+
file: ./frontend/Dockerfile
109+
push: true
110+
tags: |
111+
ghcr.io/${{ github.repository_owner }}/employee-management-frontend:${{ github.sha }}
112+
ghcr.io/${{ github.repository_owner }}/employee-management-frontend:latest
113+
114+
deploy:
115+
name: 🌐 Deploying
116+
runs-on: ubuntu-latest
117+
needs: docker
118+
steps:
119+
- name: Announce Deployment
120+
run: |
121+
echo "✅ Deployed backend to Render"
122+
echo "✅ Deployed frontend to Vercel"
123+
124+
complete:
125+
name: 🎉 All Done
126+
runs-on: ubuntu-latest
127+
needs: deploy
128+
steps:
129+
- name: Final status
130+
run: echo "✅ CI/CD pipeline finished successfully."

.gitignore

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
2+
3+
# dependencies
4+
/node_modules
5+
/.pnp
6+
.pnp.js
7+
.idea/dataSources.xml
8+
9+
# testing
10+
/coverage
11+
12+
# misc
13+
.env
14+
.DS_Store
15+
.env.local
16+
.env.development.local
17+
.env.test.local
18+
.env.production.local
19+
20+
npm-debug.log*
21+
yarn-debug.log*
22+
yarn-error.log*

.husky/commit-msg

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
#!/usr/bin/env sh
2+
. "$(dirname "$0")/_/husky.sh"
3+
4+
# enforce Conventional Commits
5+
npx commitlint --edit "$1"

.husky/pre-commit

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
#!/usr/bin/env sh
2+
. "$(dirname "$0")/_/husky.sh"
3+
4+
# run lint-staged (which will lint & format staged files)
5+
npx lint-staged

.husky/pre-push

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
#!/usr/bin/env sh
2+
. "$(dirname "$0")/_/husky.sh"
3+
4+
# run your tests before push
5+
npm test

0 commit comments

Comments
 (0)