Merge remote-tracking branch 'origin/main'

.woodpecker.yml

@@ -1,62 +1,84 @@
 steps:
   audit_dependencies:
     image: node:20
+    commands:
+      - npm install --package-lock-only
+      - npm audit --audit-level=moderate --json > audit-result.json 2>&1 || echo "Audit completed"
+      - npm audit --audit-level=moderate > audit-output.txt 2>&1 || echo "Audit completed"
+    when:
+      - branch: main
+        event: push
+
+  discord_notify_audit:
+    image: alpine:latest
     environment:
       DISCORD_WEBHOOK:
         from_secret: discord_webhook
     commands:
-      - npm install --package-lock-only
+      - apk add --no-cache curl jq
-      - npm audit --audit-level=moderate || AUDIT_EXIT=$?
       - |
-        if [ ! -z "$AUDIT_EXIT" ]; then
+        if [ -f audit-result.json ]; then
-          echo ""
+          TOTAL=$(jq -r '.metadata.vulnerabilities.total // 0' audit-result.json 2>/dev/null || echo "0")
-          echo "=========================================="
+          CRITICAL=$(jq -r '.metadata.vulnerabilities.critical // 0' audit-result.json 2>/dev/null || echo "0")
-          echo "⚠️  WARNING: npm audit found vulnerabilities!"
+          HIGH=$(jq -r '.metadata.vulnerabilities.high // 0' audit-result.json 2>/dev/null || echo "0")
-          echo "⚠️  Please review the security issues above"
+          MODERATE=$(jq -r '.metadata.vulnerabilities.moderate // 0' audit-result.json 2>/dev/null || echo "0")
-          echo "⚠️  Build continues despite vulnerabilities"
+          LOW=$(jq -r '.metadata.vulnerabilities.low // 0' audit-result.json 2>/dev/null || echo "0")
-          echo "=========================================="
-          echo ""
 
-          # Discord Benachrichtigung senden
+          if [ "$CRITICAL" -gt 0 ] || [ "$HIGH" -gt 0 ] || [ "$MODERATE" -gt 0 ]; then
-          if [ ! -z "$DISCORD_WEBHOOK" ]; then
+            COLOR=16744448
-            curl -H "Content-Type: application/json" \
+            STATUS="⚠️ Vulnerabilities Found"
-              -d "{
+          else
-                \"embeds\": [{
+            COLOR=3066993
-                  \"title\": \"⚠️ npm audit Warnung\",
+            STATUS="✅ No Vulnerabilities"
-                  \"description\": \"Es wurden Sicherheitslücken in den Dependencies gefunden!\",
-                  \"color\": 16744448,
-                  \"fields\": [
-                    {
-                      \"name\": \"Repository\",
-                      \"value\": \"Gallus_Pub\",
-                      \"inline\": true
-                    },
-                    {
-                      \"name\": \"Branch\",
-                      \"value\": \"${CI_COMMIT_BRANCH}\",
-                      \"inline\": true
-                    },
-                    {
-                      \"name\": \"Commit\",
-                      \"value\": \"${CI_COMMIT_SHA:0:7}\",
-                      \"inline\": true
-                    }
-                  ],
-                  \"footer\": {
-                    \"text\": \"Build läuft trotzdem durch\"
-                  },
-                  \"timestamp\": \"$(date -u +%Y-%m-%dT%H:%M:%S.000Z)\"
-                }]
-              }" \
-              "$DISCORD_WEBHOOK"
           fi
+
+          if [ -f audit-output.txt ]; then
+            VULNS=$(head -50 audit-output.txt | tail -40 || echo "No details")
+          else
+            VULNS="No audit output available"
+          fi
+
+          printf '%s' "$VULNS" > /tmp/vulns.txt
+
+          PAYLOAD=$(jq -n \
+            --arg title "🔒 Security Audit - Build #${CI_BUILD_NUMBER}" \
+            --arg status "$STATUS" \
+            --arg total "$TOTAL" \
+            --arg critical "$CRITICAL" \
+            --arg high "$HIGH" \
+            --arg moderate "$MODERATE" \
+            --arg low "$LOW" \
+            --arg commit "${CI_COMMIT_SHA:0:7}" \
+            --rawfile details /tmp/vulns.txt \
+            --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%S.000Z)" \
+            --argjson color "$COLOR" \
+            '{
+              embeds: [{
+                title: $title,
+                description: $status,
+                color: $color,
+                fields: [
+                  { name: "Total", value: $total, inline: true },
+                  { name: "Critical", value: $critical, inline: true },
+                  { name: "High", value: $high, inline: true },
+                  { name: "Moderate", value: $moderate, inline: true },
+                  { name: "Low", value: $low, inline: true },
+                  { name: "Commit", value: ("`" + $commit + "`"), inline: true },
+                  { name: "Details", value: ("```\n" + ($details[:800]) + (if ($details | length) > 800 then "\n... (truncated)" else "" end) + "\n```"), inline: false }
+                ],
+                timestamp: $timestamp
+              }]
+            }')
+
+          curl -H "Content-Type: application/json" -X POST \
+            -d "$PAYLOAD" "$DISCORD_WEBHOOK"
         else
-          echo "✓ No vulnerabilities found"
+          echo "No audit results found - listing workspace files:"
+          ls -la
         fi
-      - exit 0
     when:
-      branch: main
+      - branch: main
-      event: push
+        event: push
 
   deploy_frontend:
     image: node:20
@@ -68,5 +90,87 @@ steps:
       - export PATH="$HOME/.fly/bin:$PATH"
       - flyctl deploy --config fly.toml --app gallus-pub --remote-only
     when:
-      branch: main
+      - branch: main
-      event: push
+        event: push
+
+  notify_success:
+    image: alpine:latest
+    environment:
+      DISCORD_WEBHOOK:
+        from_secret: discord_webhook
+    commands:
+      - apk add --no-cache curl jq
+      - |
+        # Schreibe Commit-Message in Datei (sicher gegen Shell-Sonderzeichen)
+        printf '%s\n' "$CI_COMMIT_MESSAGE" > /tmp/commit_msg.txt
+
+        PAYLOAD=$(cat /tmp/commit_msg.txt | jq -Rs \
+          --arg title "✅ Build #${CI_BUILD_NUMBER} - Success" \
+          --arg repo "${CI_REPO}" \
+          --arg branch "${CI_COMMIT_BRANCH}" \
+          --arg commit "${CI_COMMIT_SHA:0:7}" \
+          --arg author "${CI_COMMIT_AUTHOR}" \
+          --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%S.000Z)" \
+          '. as $message | {
+            embeds: [{
+              title: $title,
+              description: "Build und Deployment erfolgreich abgeschlossen!",
+              color: 3066993,
+              fields: [
+                { name: "Repository", value: $repo, inline: true },
+                { name: "Branch", value: $branch, inline: true },
+                { name: "Commit", value: ("`" + $commit + "`"), inline: true },
+                { name: "Author", value: $author, inline: true },
+                { name: "Commit Message", value: $message, inline: false }
+              ],
+              timestamp: $timestamp
+            }]
+          }')
+
+        curl -H "Content-Type: application/json" -X POST \
+          -d "$PAYLOAD" "$DISCORD_WEBHOOK"
+    when:
+      - branch: main
+        event: push
+        status: success
+
+  notify_failure:
+    image: alpine:latest
+    environment:
+      DISCORD_WEBHOOK:
+        from_secret: discord_webhook
+    commands:
+      - apk add --no-cache curl jq
+      - |
+        # Schreibe Commit-Message in Datei (sicher gegen Shell-Sonderzeichen)
+        printf '%s\n' "$CI_COMMIT_MESSAGE" > /tmp/commit_msg.txt
+
+        PAYLOAD=$(cat /tmp/commit_msg.txt | jq -Rs \
+          --arg title "❌ Build #${CI_BUILD_NUMBER} - Failure" \
+          --arg repo "${CI_REPO}" \
+          --arg branch "${CI_COMMIT_BRANCH}" \
+          --arg commit "${CI_COMMIT_SHA:0:7}" \
+          --arg author "${CI_COMMIT_AUTHOR}" \
+          --arg timestamp "$(date -u +%Y-%m-%dT%H:%M:%S.000Z)" \
+          '. as $message | {
+            embeds: [{
+              title: $title,
+              description: "Build oder Deployment ist fehlgeschlagen!",
+              color: 15158332,
+              fields: [
+                { name: "Repository", value: $repo, inline: true },
+                { name: "Branch", value: $branch, inline: true },
+                { name: "Commit", value: ("`" + $commit + "`"), inline: true },
+                { name: "Author", value: $author, inline: true },
+                { name: "Commit Message", value: $message, inline: false }
+              ],
+              timestamp: $timestamp
+            }]
+          }')
+
+        curl -H "Content-Type: application/json" -X POST \
+          -d "$PAYLOAD" "$DISCORD_WEBHOOK"
+    when:
+      - branch: main
+        event: push
+        status: failure

backend/src/db/schema.ts

@@ -1,7 +1,6 @@
 import { sqliteTable, text, integer } from 'drizzle-orm/sqlite-core';
 import { sql } from 'drizzle-orm';
 
-// Users table - stores Gitea user info for audit and access control
 export const users = sqliteTable('users', {
   id: text('id').primaryKey().$defaultFn(() => crypto.randomUUID()),
   giteaId: text('gitea_id').notNull().unique(),

src/pages/index.astro

@@ -11,11 +11,24 @@ import About from "../components/About.astro";
 
 const events = [
 	{
-		image: "/images/events/mj7dj1ko-mtnbg6.jpeg",
+		image: "/images/events/mmlw73z2-9jda78.jpeg",
 		title: "Karaoke",
-		date: "2025-12-01",
+		date: "2026-03-11",
 		description: `
-			Von Mittwoch bis Samstag kannst du deine Stimme zum Besten geben. Du singst gerne, aber lieber für dich? Dann kannst du den 2. OG auch privat mieten. 🍀 WA 077 232 27 70
+			Du singst gerne, aber lieber für dich? Dann kannst du den 2. OG auch privat mieten. Optimal für 10-20Pers. Mehr Info's🍀via WA 077 232 27 70
+		`,
+	},
+	{
+		image: "/images/events/mmlwals3-l45i8v.jpeg",
+		title: "Aushilfe gesucht",
+		date: "2026-03-11",
+		description: `
+			Was erwartet dich?
+🍀Einsatz: 4 Abende im Monat oder nach Absprache. (Auch bisschen Saisonbedingt)
+🍀Die besten Stammgäste
+🍀Gute Entlöhnung
+🍀Familiäre Atmosphäre
+und mehr! 077 232 27 70
 		`,
 	},
 	{
@@ -28,30 +41,21 @@ Plätze sind begrenzt! Jetzt reservieren unter 🍀WA 077 232 27 70
 		`,
 	},
 	{
-		image: "/images/events/mjbgwbzv-n60vrw.jpeg",
+		image: "/images/events/ml0s9u8a-d8eqee.jpeg",
-		title: "New Year Apero",
+		title: "St.Patricks Day",
-		date: "2026-01-02",
+		date: "2026-03-17",
 		description: `
-			Wir stossen mit euch an!
+			🍀 It’s Paddy’s Time! Freu dich auf echtes St.-Patrick’s-Day-Feeling mit Live‑Dudelsackmusik, Guinness vom Fass und natürlich grünem Bier. Zieh etwas Grünes an, bring deine Freunde mit und stoß mit uns an – Sláinte! 🍻
-Freitag 02.01. bereits ab 18:00 OFFEN!
 		`,
 	},
 	{
-		image: "/images/events/mjbgxwyk-ygcymt.jpeg",
+		image: "/images/events/mk6wdnz2-rpxzvl.jpeg",
-		title: "Schlager Flyer",
+		title: "Pg Petricca - LIVE",
-		date: "2026-01-15",
+		date: "2026-03-20",
 		description: `
-			Schalger- HüttenzauberKARAOKE geht in die 2.Runde! 
+			LIVE Musik mit Pg Petricca! - Folk & Blues.
-Eintritt ist frei!
+Eintritt ist Frei / Hutkollekte
-Plätze reservieren unter WA 077 232 27 70
+Reservation unter 🍀WA 077 232 27 70
-		`,
-	},
-	{
-		image: "/images/events/mj7donky-md8jp5.jpeg",
-		title: "Celtik Folk Night",
-		date: "2026-01-29",
-		description: `
-			Celtic Folk Night im Gallus Pub!✨🌿20:30Uhr Eintritt ist Frei/Hutkollekte. Reservation via WA 077 232 27 70
 		`,
 	}
 ];