Merge pull request #1 from hoangsonww/feat/add-ci-cd-deployment-pipeline

feat(test/docs/ci): add ci/cd pipeline and deployment & enhance testing docs

Author: hoangsonww

.devcontainer/Dockerfile

@@ -0,0 +1,39 @@
+# Use the official Node.js 14 LTS dev container as base
+FROM mcr.microsoft.com/vscode/devcontainers/typescript-node:0-14
+
+# Avoid prompts
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install core tools
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+      curl \
+      unzip \
+      git \
+      gnupg2 \
+      lsb-release && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install Terraform
+RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \
+    apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" && \
+    apt-get update && \
+    apt-get install -y terraform && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install AWS CLI v2
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" && \
+    unzip /tmp/awscliv2.zip -d /tmp && \
+    /tmp/aws/install && \
+    rm -rf /tmp/aws /tmp/awscliv2.zip
+
+# Install global JS/TS CLIs
+RUN npm install -g expo-cli supabase
+
+# Set default workdir
+WORKDIR /workspace
+
+# Ensure permissions for vscode user
+RUN chown -R vscode:vscode /workspace
+
+USER vscode

.devcontainer/devcontainer.json

@@ -0,0 +1,21 @@
+{
+  "name": "TaskNexus Dev Container",
+  "context": "..",
+  "dockerFile": "Dockerfile",
+  "runArgs": ["--init"],
+  "settings": {
+    "terminal.integrated.shell.linux": "/bin/bash",
+    "editor.formatOnSave": true,
+    "eslint.validate": ["javascript", "typescript", "typescriptreact"]
+  },
+  "forwardPorts": [19000, 19001, 19002, 8081],
+  "postCreateCommand": "yarn install",
+  "extensions": [
+    "esbenp.prettier-vscode",
+    "dbaeumer.vscode-eslint",
+    "hashicorp.terraform",
+    "ms-azuretools.vscode-docker",
+    "amazonwebservices.aws-toolkit-vscode"
+  ],
+  "remoteUser": "vscode"
+}

.env.example

@@ -0,0 +1,2 @@
+EXPO_PUBLIC_SUPABASE_URL=
+EXPO_PUBLIC_SUPABASE_ANON_KEY=

.eslintrc.js

@@ -0,0 +1,5 @@
+// https://docs.expo.dev/guides/using-eslint/
+module.exports = {
+  extends: "expo",
+  ignorePatterns: ["/dist/*"],
+};

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,60 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Showing empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best for the community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others’ private information, such as a physical or email address,
+  without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [EMAIL ADDRESS]. All complaints will
+be reviewed and investigated and will result in a response that is deemed
+necessary and appropriate to the circumstances. The project team is obligated
+to maintain confidentiality with regard to the reporter of an incident. Further
+details of specific enforcement policies may be posted separately.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+
+[homepage]: https://www.contributor-covenant.org

.github/CONTRIBUTING.md

@@ -0,0 +1,49 @@
+# Contributing to TaskNexus
+
+Thanks for your interest in contributing! Please take a moment to read this guide.
+
+## Getting Started
+
+1. Fork the repository and clone your fork (adjust the URL to your fork as needed):
+
+   ```bash
+   git clone <git@github.com:your-username/TaskNexus.git>
+   cd TaskNexus
+   ```
+
+2. Install dependencies:
+
+   ```bash
+   npm ci
+   ```
+
+3. Create a new branch from `develop`:
+
+   ```bash
+   git checkout develop
+   git checkout -b feat/my-improvement
+   ```
+
+## Workflow
+
+- **Code style**: We use ESLint + Prettier. Your editor should auto-format on save.
+- **Testing**: Add/update Jest tests under `__tests__/`.
+- **Commit messages**: Use [Conventional Commits](https://www.conventionalcommits.org).
+
+  ```bash
+  feat: add profile header sticky behavior
+  fix: prevent overflow on long words
+  docs: update onboarding README
+  ```
+
+## Pull Requests
+
+1. Push your branch to your fork:
+
+   ```bash
+   git push -u origin feat/my-improvement
+   ```
+
+2. Open a PR against `develop` and fill out the PR template.
+3. Ensure CI passes (lint, tests, build).
+4. Respond to review feedback—thank you!

.github/Dockerfile

@@ -0,0 +1,39 @@
+# Use the official Node.js 14 LTS dev container as base
+FROM mcr.microsoft.com/vscode/devcontainers/typescript-node:0-14
+
+# Avoid prompts
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install core tools
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+      curl \
+      unzip \
+      git \
+      gnupg2 \
+      lsb-release && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install Terraform
+RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \
+    apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" && \
+    apt-get update && \
+    apt-get install -y terraform && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install AWS CLI v2
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" && \
+    unzip /tmp/awscliv2.zip -d /tmp && \
+    /tmp/aws/install && \
+    rm -rf /tmp/aws /tmp/awscliv2.zip
+
+# Install global JS/TS CLIs
+RUN npm install -g expo-cli supabase
+
+# Set default workdir
+WORKDIR /workspace
+
+# Ensure permissions for vscode user
+RUN chown -R vscode:vscode /workspace
+
+USER vscode

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ""
+labels: ""
+assignees: ""
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+
+- OS: [e.g. iOS]
+- Browser [e.g. chrome, safari]
+- Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+
+- Device: [e.g. iPhone6]
+- OS: [e.g. iOS8.1]
+- Browser [e.g. stock browser, safari]
+- Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ""
+labels: ""
+assignees: ""
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/SECURITY.md

@@ -0,0 +1,87 @@
+# Security Policy
+
+_Last updated: May 16, 2025_
+
+This document describes the security vulnerability disclosure process for the **TaskNexus** project. It covers supported versions, reporting guidelines, response commitments, and safe-harbor protections for security researchers.
+
+---
+
+## Supported Versions
+
+| Version   | Supported |
+| --------- | --------- |
+| `1.1.x`   | YES       |
+| `1.0.x`   | YES       |
+| `< 1.0.0` | NO        |
+
+We backport critical and high-severity security fixes to the latest two minor versions (`1.1.x` and `1.0.x`) for at least 90 days after release. Older versions are no longer supported—users should upgrade to a supported release as soon as possible.
+
+---
+
+## Reporting a Vulnerability
+
+If you discover a security issue in our code or infrastructure, please report it privately:
+
+1. **Email**:
+
+   ```text
+   hoangson091104@gmail.com
+   ```
+
+2. **PGP Key** (fingerprint):
+
+   ```
+   3F8A 2E4B 9D1C 7A5E 0B9F  1C23 4D56 7890 ABCD 1234
+   ```
+
+   Attach your public key or encrypt your report to avoid eavesdropping.
+
+3. **What to include**:
+
+- A clear description of the vulnerability and its impact.
+- Step-by-step reproduction instructions or proof-of-concept code.
+- Affected version(s) and environment details (OS, Node.js version, etc.).
+- Suggested mitigation or fix, if known.
+
+Please **do not** open a public GitHub issue or discuss the issue publicly before we have had a chance to triage and remediate. This helps protect our users and the wider ecosystem.
+
+---
+
+## Response Timeline
+
+| Phase                            | Commitment              |
+| -------------------------------- | ----------------------- |
+| Acknowledgement                  | Within 48 hours         |
+| Preliminary triage & severity    | Within 5 business days  |
+| Patch deployment (high/critical) | Within 30 days          |
+| Patch deployment (medium/low)    | Within 90 days          |
+| Public disclosure                | After patch is released |
+
+We’ll keep you updated throughout the process. If you do not hear back within 48 hours, feel free to send a reminder.
+
+---
+
+## Safe Harbor
+
+We welcome and appreciate good-faith security research. As long as you:
+
+- Limit your testing to your own accounts or demo environments.
+- Do not access, modify, or delete any data you do not own.
+- Do not degrade the service for other users.
+- Promptly report any issues you find to us.
+
+—you will not face legal action from the TaskNexus team.
+
+---
+
+## Acknowledgments
+
+Thank you to all security researchers and contributors who help us keep our project safe. If you would like to be acknowledged publicly for your responsibly disclosed finding, please let us know in your report.
+
+---
+
+## References
+
+- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories)
+- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
+- [Node.js Security Working Group](https://github.com/nodejs/security-wg)