Skip to content

Refactor/monorepo with spec-driven development #321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wildan3105 wants to merge 83 commits into
base: master
Choose a base branch
from
Draft

Refactor/monorepo with spec-driven development #321

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
83 commits
Select commit Hold shift + click to select a range
ee25e48
feat: init spec-driven development
Feb 14, 2026
31500fe
chore: use the latest, stable node
Feb 14, 2026
847ed8c
feat: next iteration of the spec-driven; complete the 1st version of …
Feb 14, 2026
97c68a2
feat(backend): initial backend setup
Feb 14, 2026
2746c4b
feat: setup deps
Feb 14, 2026
96ec464
doc: add task lists
Feb 14, 2026
8480851
feat: implement foundation
Feb 14, 2026
67b0387
fix: ignore dist
Feb 14, 2026
7cbfa28
feat: initi mvp with graphql
Feb 14, 2026
4c08c9f
feat: app layer
Feb 14, 2026
34da9c5
feat: http layer integration
Feb 14, 2026
d51de46
test: add initial test and update readme
Feb 14, 2026
41a181c
fix: handle 404 not found
Feb 14, 2026
5f51690
fix tests
Feb 14, 2026
8dafec7
test: increase coverage to over 80%
Feb 14, 2026
6f971ab
fix: update manual-test to use AccountData structure
Feb 14, 2026
9d99638
feat: use the actual all available lang colors
Feb 14, 2026
dcd7ff5
chore: delete manual tests
Feb 14, 2026
8840fb6
doc: add info about forked repo
Feb 14, 2026
28ec631
refactor: make gitlab and bitbucket unimplemented as they actually are
Feb 14, 2026
75916f9
fix test
Feb 14, 2026
3fcfcd3
fix formatting
Feb 14, 2026
0b07003
backend: add avatarUrl
Feb 14, 2026
0867c0b
fix test
Feb 14, 2026
9a780f9
perf
Feb 14, 2026
71dd36a
doc: add root readme
Feb 14, 2026
4d03ef2
doc: update homepage
Feb 14, 2026
9d6bb1b
ci: remove old workflows
Feb 15, 2026
0cc1b21
ci: add frontend-ci.yml
Feb 15, 2026
094e8b3
chore: align node version across projects
Feb 15, 2026
051eb9d
fix: broken builds
Feb 15, 2026
f6b8c89
ui: add search icon for search button
Feb 15, 2026
23a06a6
ui: make provider size dynamics
Feb 15, 2026
269afac
ui: center all the download and share buttons
Feb 15, 2026
60559df
ui: make user type Sentence case
Feb 15, 2026
dfb2c2b
fix: remove doughnut option as its pretty much the same as pie chart
Feb 15, 2026
340175a
doc: remove everything about doughnut chart
Feb 15, 2026
5be606c
feat: add polar chart
Feb 15, 2026
27eac26
doc: add polar area in the docs
Feb 15, 2026
f5a905a
ui: add copyright
Feb 15, 2026
13b9060
doc: add tasks for frontend improvement
Feb 15, 2026
f8c409f
frontend improvement: skeleton loading states
Feb 15, 2026
3d9a4af
frontend improvement: sticky footer
Feb 15, 2026
1ae6e98
frontend improvement: kpi or overview of stats
Feb 15, 2026
b5863e3
frontend improvement: export dropdown - remove x and fb share
Feb 15, 2026
9cf6ae0
frontend improvement: smooth transitions
Feb 15, 2026
acd6c5c
frontend improv: remove copy link
Feb 15, 2026
83821ac
frontend improvement: fix lint
Feb 15, 2026
a10f809
frontend improvement: loading state polish
Feb 15, 2026
c6204a7
frontend improvement: micro states
Feb 15, 2026
25db81a
feat: add optional location and websiteUrl for user and org's profile…
Feb 15, 2026
d9db0e0
chore: handle nullish gracefully
Feb 15, 2026
bdf81fc
frontend improv: add optional location and websiteUrl for profile card
Feb 15, 2026
07138c7
frontend improv: add options (fork and unknown) next to search bar
Feb 15, 2026
0f86745
frontend improv: move forks and unknown options inside chart area
Feb 15, 2026
564d12b
frontend improv: always show 4 cards
Feb 15, 2026
59aeed6
frontend improv: always show filter options if user is found
Feb 15, 2026
964478b
frontend improv: make fork and unknown false by default and remove ra…
Feb 15, 2026
3f87a72
feat: unify toolbar
Feb 15, 2026
baba093
frontend improv: micro polish
Feb 15, 2026
3c4c4ed
fix: resolve empty state when nothing happens
Feb 15, 2026
8ec7792
chore: remove github as its default provider
Feb 15, 2026
38c7ea4
feat: add more info in profile card
Feb 15, 2026
ab2f0a0
feat: change display from key to label to make it human-readable, esp…
Feb 15, 2026
7570d00
ui: add icon next to Advanced option
Feb 16, 2026
024c0d6
doc: add similar projects in the readme
Feb 16, 2026
964c2d4
feat(backend): add isVerified field for profile depending on email pr…
Feb 16, 2026
0a62cde
feat(frontend): update site title
Feb 16, 2026
a611f78
feat: add verification badge for both user and org
Feb 16, 2026
402be86
feat: createdAt field on the profile object
Feb 16, 2026
01c40bd
feat: add member since info
Feb 16, 2026
bc21c9f
feat: handle ghe (self-host github)
Feb 16, 2026
f7ff92b
fix: lint
Feb 16, 2026
57a0a7c
feat: add shareable URL
Feb 17, 2026
b469d68
refactor: extract rate limit to middleware and make it configurable
Feb 17, 2026
4949c08
fix: remove unused field (limit)
Feb 17, 2026
451531e
feat: return providerBaseUrl for the base url of user profile
Feb 17, 2026
0c4bded
feat: derive actual profile URL from providerBaseUrl in frontend
Feb 17, 2026
3d4a368
feat: add stats regarding followers and following (user) and members …
Feb 17, 2026
7404f32
fix: remove total repos on user profile
Feb 17, 2026
d10f640
feat: add icon for every field in the profile card
Feb 17, 2026
20c5085
fix test because removing the @ symbol
Feb 17, 2026
07f0e72
feat: add optional name field from the backend
Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 0 additions & 15 deletions .editorconfig
View file
Open in desktop

This file was deleted.

89 changes: 89 additions & 0 deletions .github/workflows/backend-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
name: Backend CI

on:
push:
branches: [master, main, develop]
paths:
- 'backend/**'
- '.github/workflows/backend-ci.yml'
pull_request:
branches: [master, main, develop]
paths:
- 'backend/**'
- '.github/workflows/backend-ci.yml'

defaults:
run:
working-directory: backend

jobs:
test:
name: Test & Build
runs-on: ubuntu-latest

strategy:
matrix:
node-version: [24.x]

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache-dependency-path: backend/package-lock.json

- name: Install dependencies
run: npm ci

- name: Run linting
run: npm run lint

- name: Run type checking
run: npm run typecheck

- name: Run tests
run: npm test -- --coverage

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
files: ./backend/coverage/lcov.info
flags: backend
name: backend-coverage
continue-on-error: true

- name: Build
run: npm run build

- name: Test production build
run: |
npm start &
SERVER_PID=$!
sleep 5
curl -f http://localhost:3001/health || exit 1
kill $SERVER_PID

docker:
Comment on lines +21 to +70

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 days ago

To fix the problem, we should explicitly restrict GITHUB_TOKEN permissions in this workflow to the minimum required. Both jobs (test and docker) use actions/checkout, and the docker job uses docker/build-push-action with push: false and GitHub Actions cache, which only need read access to repository contents and the GHA cache. No steps require write access to issues, PRs, or repository contents.

The best fix is to add a top-level permissions: block (applied to all jobs) with contents: read and, to support cache usage in docker/build-push-action, id-token: write is not needed but packages is also not needed because there is no GitHub Packages usage. GitHub’s cache via type=gha works with the default contents: read / id-token scopes, but strictly speaking it does not require additional explicit scopes. Therefore, a minimal and safe configuration is:

permissions:
  contents: read

We add this block near the top of .github/workflows/backend-ci.yml, for example after the on: block and before defaults: (anywhere at the workflow root is fine). No other lines or behavior need to change.

Suggested changeset 1
.github/workflows/backend-ci.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/backend-ci.yml b/.github/workflows/backend-ci.yml
--- a/.github/workflows/backend-ci.yml
+++ b/.github/workflows/backend-ci.yml
@@ -12,6 +12,9 @@
       - 'backend/**'
       - '.github/workflows/backend-ci.yml'
 
+permissions:
+  contents: read
+
 defaults:
   run:
     working-directory: backend
EOF
@@ -12,6 +12,9 @@
- 'backend/**'
- '.github/workflows/backend-ci.yml'

permissions:
contents: read

defaults:
run:
working-directory: backend
Copilot is powered by AI and may make mistakes. Always verify output.
name: Docker Build
runs-on: ubuntu-latest
needs: test

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: ./backend
push: false
tags: gitlingo-backend:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
Comment on lines +71 to +89

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 days ago

To fix the problem, add an explicit permissions: block that grants only the minimal rights needed by these jobs. Since the jobs only check out code, set up Node, run tests/lint/build, upload coverage to Codecov, and build a Docker image without pushing, they only need read access to the repository contents.

The most straightforward fix without changing functionality is to add a workflow-level permissions: block right after the name: and before on::

permissions:
  contents: read

This will apply to both test and docker jobs, restricting GITHUB_TOKEN to read-only repository contents, which is sufficient for actions/checkout@v4 and the other used actions. No other scopes (like packages, pull-requests, or id-token) are required based on the provided snippet, and we are not pushing Docker images or writing to GitHub APIs.

Concretely:

  • Edit .github/workflows/backend-ci.yml.
  • Insert the permissions: block near the top of the file (e.g., between line 1 and line 3, after name: Backend CI and the blank line).
  • No imports, methods, or additional definitions are needed, as this is purely a workflow configuration change.
Suggested changeset 1
.github/workflows/backend-ci.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/backend-ci.yml b/.github/workflows/backend-ci.yml
--- a/.github/workflows/backend-ci.yml
+++ b/.github/workflows/backend-ci.yml
@@ -1,5 +1,8 @@
 name: Backend CI
 
+permissions:
+  contents: read
+
 on:
   push:
     branches: [master, main, develop]
EOF
@@ -1,5 +1,8 @@
name: Backend CI

permissions:
contents: read

on:
push:
branches: [master, main, develop]
Copilot is powered by AI and may make mistakes. Always verify output.
130 changes: 0 additions & 130 deletions .github/workflows/deploy.yml
View file
Open in desktop

This file was deleted.

66 changes: 66 additions & 0 deletions .github/workflows/frontend-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
name: Frontend CI

on:
push:
branches: [master, main, develop]
paths:
- 'frontend/**'
- '.github/workflows/frontend-ci.yml'
pull_request:
branches: [master, main, develop]
paths:
- 'frontend/**'
- '.github/workflows/frontend-ci.yml'

defaults:
run:
working-directory: frontend

jobs:
test:
name: Test & Build
runs-on: ubuntu-latest

strategy:
matrix:
node-version: [22.x]

steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
cache-dependency-path: frontend/package-lock.json

- name: Install dependencies
run: npm ci

- name: Run linting
run: npm run lint

- name: Run type checking
run: npm run typecheck

- name: Run tests
run: npm run test:coverage

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
files: ./frontend/coverage/lcov.info
flags: frontend
name: frontend-coverage
continue-on-error: true

- name: Build
run: npm run build

- name: Verify build artifacts
run: |
test -f dist/index.html || exit 1
test -d dist/assets || exit 1
echo "Build artifacts verified successfully"
Comment on lines +21 to +66

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 days ago

To fix the problem, explicitly declare a restrictive permissions block so that the GITHUB_TOKEN has only the access required. Since this workflow only needs to read repository contents (for checkout) and does not perform any GitHub write operations, the minimal safe choice is contents: read. You can define this at the workflow root so it applies to all jobs (currently just test), or per job. Root-level is simpler and keeps the job block unchanged.

Concretely, in .github/workflows/frontend-ci.yml, add a permissions: section right after the name: Frontend CI line. Set contents: read as recommended by CodeQL. No other changes, imports, or additional configuration are needed, and this will not affect npm, linting, testing, or Codecov upload behavior.

Suggested changeset 1
.github/workflows/frontend-ci.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/frontend-ci.yml b/.github/workflows/frontend-ci.yml
--- a/.github/workflows/frontend-ci.yml
+++ b/.github/workflows/frontend-ci.yml
@@ -1,5 +1,8 @@
 name: Frontend CI
 
+permissions:
+  contents: read
+
 on:
   push:
     branches: [master, main, develop]
EOF
@@ -1,5 +1,8 @@
name: Frontend CI

permissions:
contents: read

on:
push:
branches: [master, main, develop]
Copilot is powered by AI and may make mistakes. Always verify output.
35 changes: 0 additions & 35 deletions .github/workflows/test.yml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion .nvmrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
18.18.0
24.3.0
Copy link

Copilot AI Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Root .nvmrc is set to Node 24.3.0, but the backend CI matrix runs Node 20.x and backend/package.json requires >=20. Consider aligning .nvmrc to the CI/runtime baseline (or documenting that Node 24 is required for the repo) to avoid local/CI drift.

Suggested change
24.3.0
20

Copilot uses AI. Check for mistakes.
Loading
Loading