chore: add docker-hub login to pipeline

Merge pull request 'Implement Pagination / Limit for the Dashboard' (#18 ) from issue-6 into main
Reviewed-on: #18
2026-04-05 10:32:22 +02:00 · 2026-04-05 10:13:26 +02:00 · 2026-04-03 17:32:09 +02:00 · 2026-04-03 14:27:58 +02:00 · 2026-04-03 13:57:34 +02:00 · 2026-04-03 13:52:40 +02:00
9 changed files with 74 additions and 73 deletions
@@ -3,7 +3,9 @@ name: Commit
 on:
  push:
    # only trigger on branches, not on tags
-    branches: '**'
+    branches:
      - 'main'
      - 'dev'
 jobs:
  # Job 1: Lint and Test (Type Check)
@@ -17,8 +17,10 @@ jobs:
              http = true
              insecure = true
-      - name: login
+      - name: login gitea registry
        run: docker login -u schreifuchs -p ${{ secrets.REGISTRY_TOKEN }} git.schreifuchs.ch
      - name: login dockerhub
        run: docker login -u aktitiel -p ${{ secrets.DOCKER_HUB_TOKEN}}
      - name: Build and push Docker image
        uses: https://github.com/docker/build-push-action@v5
        with:
@@ -18,8 +18,10 @@ jobs:
              http = true
              insecure = true
-      - name: login
+      - name: login gitea registry
        run: docker login -u schreifuchs -p ${{ secrets.REGISTRY_TOKEN }} git.schreifuchs.ch
      - name: login dockerhub
        run: docker login -u aktitiel -p ${{ secrets.DOCKER_HUB_TOKEN}}
      - name: Build and push Docker image
        uses: https://github.com/docker/build-push-action@v5
        with:
@@ -1,2 +1,3 @@
 pnpm run format
 pnpm run lint
 pnpm run test
@@ -1,65 +0,0 @@
 # Project Review & Refactoring TODOs
 This document contains the prioritized list of refactoring tasks, architectural improvements, and testing strategies for the Aktiteil project.
 ## 🚨 Must do (Security & Critical Best Practices)
 - [ ] **Fix Critical XSS Vulnerability (`{@html}` without sanitization)**
  - **Where:** `src/routes/akti/[aktiId]/+page.svelte`
  - **Why:** Rendering user input via `{@html data.akti.body}` without sanitization allows malicious scripts to be injected.
  - **Fix:** Use the already installed `sanitize-html` library on the server to sanitize `changeRequest.body` before updating/inserting into the database.
 - [ ] **Move Server-Only Code to `$lib/server`**
  - **Where:** `src/lib/auth.ts`
  - **Why:** It imports from `./server/db`. Keeping server-side dependencies in the general `$lib` folder risks accidental imports by client components, breaking the Vite build and potentially leaking server logic.
  - **Fix:** Move and rename it to `src/lib/server/session.ts` (or `authUtils.ts`) and update imports in `.server.ts` files.
 - [ ] **Fix Action Validation Error Handling**
  - **Where:** `src/routes/akti/[aktiId]/+page.server.ts` and `src/routes/akti/[aktiId]/comment/+page.server.ts`
  - **Why:** Currently returning `error(400)` on validation failure, which wipes form data and shows a generic error page.
  - **Fix:** Use SvelteKit's `fail(400, { message: 'Invalid data' })` to keep the user on the page and preserve their input.
 - [ ] **Fix Hacky Fallback in Auth Query**
  - **Where:** `src/lib/auth.ts` -> `getSession()`
  - **Why:** Querying the DB with a fallback UUID (`eaf930...`) when email is missing is an anti-pattern.
  - **Fix:** Implement an early return (`if (!session?.user?.email) return null;`) before hitting the database.
 ## 🛠️ Should do (Performance & Architecture)
 - [ ] **Parallelize Database Queries**
  - **Where:** `src/routes/akti/[aktiId]/+page.server.ts` (load function)
  - **Why:** Queries are running sequentially.
  - **Fix:** Use `Promise.all([ db.query.aktis.findFirst(...), db.query.ratings.findMany(...) ])` to run concurrently.
 - [ ] **Implement Pagination / Limit for the Dashboard**
  - **Where:** `src/routes/+page.server.ts`
  - **Why:** Querying all records joined with ratings will scale poorly.
  - **Fix:** Add a `.limit()` clause and consider basic pagination or infinite scrolling.
 - [ ] **Extend Auth.js Types Globally**
  - **Where:** `src/app.d.ts`
  - **Why:** TypeScript doesn't inherently know `session.user.id` exists, leading to hacky workarounds.
  - **Fix:** Override `@auth/sveltekit` Session types in `app.d.ts` to include `id` and `email` strictly.
 - [ ] **Consider Adopting a Form Library**
  - **Where:** `src/lib/extractFormData.ts`
  - **Why:** Custom form extractors lack instant client-side validation and seamless server-side error mapping.
  - **Fix:** Consider switching to `sveltekit-superforms` which integrates well with Valibot.
 ## ✨ Nice to have (UX & Polish)
 - [ ] **Clarify File Naming (`auth.ts` vs `auth.ts`)**
  - Rename `src/lib/auth.ts` to `session.ts` or similar to distinguish from `src/auth.ts` (Auth.js setup).
 - [ ] **Abstract Heavy Database Queries**
  - Move complex aggregations (like computing averages in `src/routes/+page.server.ts`) into a dedicated `src/lib/server/db/queries.ts` file to keep routes clean.
 - [ ] **Clean up Redundant Imports**
  - In `src/routes/+layout.server.ts`, change `import { getSession as getSession }` to `import { getSession }`.
 ## 🧪 Testing Plan
 - [ ] **Add Playwright (End-to-End Testing)**
  - Install Playwright to test SvelteKit server actions, DB integration, and Flowbite forms holistically.
 - [ ] **Add Vitest + Svelte Testing Library (Unit/Component Testing)**
  - Set up Vitest to test UI components (`AktiCard`, `AktiEditor`) and utility functions (`extractFormData`) in isolation.
@@ -2,7 +2,7 @@ import { db } from '$lib/server/db';
 import { aktis, ratings } from '$lib/server/db/schema';
 import { avg, eq } from 'drizzle-orm';
-export async function getAktisWithAvgRating() {
+export async function getAktisWithAvgRating(limit = 20, offset = 0) {
 	return await db
 		.select({
 			id: aktis.id,
@@ -12,5 +12,7 @@ export async function getAktisWithAvgRating() {
 		})
 		.from(aktis)
 		.leftJoin(ratings, eq(aktis.id, ratings.aktiId))
-		.groupBy(aktis.id, aktis.title, aktis.summary);
+		.groupBy(aktis.id, aktis.title, aktis.summary)
 		.limit(limit)
 		.offset(offset);
 }
@@ -1,8 +1,11 @@
 import { getAktisWithAvgRating } from '$lib/server/db/queries';
 import type { PageServerLoad } from './$types';
-export const load: PageServerLoad = async () => {
+export const load: PageServerLoad = async ({ url }) => {
-	const a = await getAktisWithAvgRating();
+	const offset = Number(url.searchParams.get('offset')) || 0;
 	const limit = 20;
 	const a = await getAktisWithAvgRating(limit, offset);
 	return {
 		aktis: a.map((a) => ({ ...a, rating: a.rating ? parseFloat(a.rating) : undefined }))
@@ -1,12 +1,55 @@
 <script lang="ts">
 	import AktiCard from '$lib/components/akti/AktiCard.svelte';
 	import type { PageProps } from './$types';
 	import { Spinner } from 'flowbite-svelte';
 	let { data }: PageProps = $props();
 	let aktis = $state(data.aktis);
 	let offset = $state(data.aktis.length);
 	let loading = $state(false);
 	let hasMore = $state(data.aktis.length >= 20);
 	async function loadMore() {
 		if (loading || !hasMore) return;
 		loading = true;
 		const res = await fetch(`/api/aktis?offset=${offset}`);
 		const newAktis = await res.json();
 		if (newAktis.length < 20) {
 			hasMore = false;
 		}
 		aktis = [...aktis, ...newAktis];
 		offset += newAktis.length;
 		loading = false;
 	}
 	function infiniteScroll(node: HTMLElement) {
 		const observer = new IntersectionObserver((entries) => {
 			if (entries[0].isIntersecting) {
 				loadMore();
 			}
 		});
 		observer.observe(node);
 		return {
 			destroy() {
 				observer.disconnect();
 			}
 		};
 	}
 </script>
 <div class="grid gap-5 grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 3xl:grid-cols-5">
-	{#each data.aktis as akti (akti.id)}
+	{#each aktis as akti (akti.id)}
 		<AktiCard {akti}></AktiCard>
 	{/each}
 </div>
 <div class="mt-10 flex justify-center h-20">
 	{#if loading}
 		<Spinner />
 	{:else if hasMore}
 		<div use:infiniteScroll></div>
 	{/if}
 </div>
@@ -0,0 +1,11 @@
 import { getAktisWithAvgRating } from '$lib/server/db/queries';
 import { json, type RequestHandler } from '@sveltejs/kit';
 export const GET: RequestHandler = async ({ url }) => {
 	const offset = Number(url.searchParams.get('offset')) || 0;
 	const limit = 20;
 	const a = await getAktisWithAvgRating(limit, offset);
 	return json(a.map((a) => ({ ...a, rating: a.rating ? parseFloat(a.rating) : undefined })));
 };
Author	SHA1	Message	Date
schreifuchs	aae537b312	chore: add docker-hub login to pipeline Commit / ci (push) Successful in 10m42s Details	2026-04-05 10:32:22 +02:00
schreifuchs	19238edf57	Merge pull request 'Implement Pagination / Limit for the Dashboard' (#18 ) from issue-6 into main Commit / ci (push) Waiting to run Details Reviewed-on: #18	2026-04-05 10:13:26 +02:00
schreifuchs	0f8ad4a36a	chore: better pre-commit checks Commit / ci (push) Successful in 10m32s Details	2026-04-03 17:32:09 +02:00
schreifuchs	0de1cdfb8d	revert: Docker base image to original Commit / ci (push) Successful in 10m34s Details PullRequest / publish (pull_request) Failing after 2m28s Details	2026-04-03 14:27:58 +02:00
schreifuchs	89c86a2d32	ci: fix docker hub rate limit with ecr mirror Commit / ci (push) Has been cancelled Details PullRequest / publish (pull_request) Successful in 4m38s Details	2026-04-03 13:57:34 +02:00
schreifuchs	070638b2f1	refactor: resolve conflicts and use queries helper Commit / ci (push) Has been cancelled Details PullRequest / publish (pull_request) Failing after 2m21s Details	2026-04-03 13:52:40 +02:00
schreifuchs	f58af022dc	feat: implement endless scrolling	2026-04-03 13:52:13 +02:00
schreifuchs	4475879330	feat: implement limit for the dashboard (resolves #6 ) Commit / ci (push) Has been cancelled Details PullRequest / publish (pull_request) Failing after 2m10s Details	2026-04-03 13:06:11 +02:00