From 2818a00548eb72c322fde944ca11ed2c4ab833ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Eppl=C3=A9e?= <hello@rafa.ee>
Date: Thu, 17 Jul 2025 14:48:17 +0200
Subject: [PATCH 1/6] docs: Add .env.example file

---
 .env.example | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .env.example

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..ccbd6ed
--- /dev/null
+++ b/.env.example
@@ -0,0 +1 @@
+OIDC_CLIENT_SECRET=

From 1782210950787e1991461b857a67f4223a82054a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Eppl=C3=A9e?= <hello@rafa.ee>
Date: Thu, 17 Jul 2025 14:48:17 +0200
Subject: [PATCH 2/6] docs: Add docs for testing SSO

---
 README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README.md b/README.md
index 24419c7..38013f4 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,18 @@
 # mitgliederverwaltung
 
+## Testing SSO with rauthy
+
+1. `just run`
+1. go to [localhost:8080](http://localhost:8080), go to the Admin area
+1. Login with "admin@localhost" and password from `BOOTSTRAP_ADMIN_PASSWORD_PLAIN` in docker-compose.yml
+1. add client from the admin panel
+    - Client ID: mv
+    - redirect uris: http://localhost:4000/auth/user/rauthy/callback
+    - Authorization Flows: authorization_code
+    - allowed origins: http://localhost:4000
+    - access/id token algortihm: RS256 (EDDSA did not work for me, found just few infos in the ashauthentication docs)
+1. copy client secret to `.env` file
+1. abort and run `just run` again
+
+
+

From c7bdd5501d43ea0acde644c44d731de2b1a9a446 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Eppl=C3=A9e?= <hello@rafa.ee>
Date: Thu, 14 Aug 2025 14:23:54 +0200
Subject: [PATCH 3/6] Dont run renovate on every push

---
 .drone.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 3c429ba..3195217 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -109,7 +109,6 @@ trigger:
   event:
     - cron
     - custom
-    - push
   branch:
     - main
 

From dd77be038843232fb30354f3f87c9df816fee4dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Eppl=C3=A9e?= <hello@rafa.ee>
Date: Mon, 4 Aug 2025 14:03:26 +0200
Subject: [PATCH 4/6] Add seed script for admin user

---
 lib/accounts/user.ex | 1 +
 mix.lock             | 2 +-
 priv/repo/seeds.exs  | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/accounts/user.ex b/lib/accounts/user.ex
index d8c7a66..9294526 100644
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@@ -65,6 +65,7 @@ defmodule Mv.Accounts.User do
 
     create :create_user do
       accept [:email]
+      upsert? true
     end
 
     update :update_user do
diff --git a/mix.lock b/mix.lock
index 4392c65..6599c01 100644
--- a/mix.lock
+++ b/mix.lock
@@ -28,7 +28,7 @@
   "expo": {:hex, :expo, "1.1.0", "f7b9ed7fb5745ebe1eeedf3d6f29226c5dd52897ac67c0f8af62a07e661e5c75", [:mix], [], "hexpm", "fbadf93f4700fb44c331362177bdca9eeb8097e8b0ef525c9cc501cb9917c960"},
   "file_system": {:hex, :file_system, "1.1.0", "08d232062284546c6c34426997dd7ef6ec9f8bbd090eb91780283c9016840e8f", [:mix], [], "hexpm", "bfcf81244f416871f2a2e15c1b515287faa5db9c6bcf290222206d120b3d43f6"},
   "finch": {:hex, :finch, "0.20.0", "5330aefb6b010f424dcbbc4615d914e9e3deae40095e73ab0c1bb0968933cadf", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.6.2 or ~> 1.7", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.1", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "2658131a74d051aabfcba936093c903b8e89da9a1b63e430bee62045fa9b2ee2"},
-  "fine": {:hex, :fine, "0.1.2", "85cf7dd190c7c6c54c2840754ae977c9acc0417316255b674fad9f2678e4ecc7", [], [], "hexpm", "9113531982c2b60dbea6c7233917ddf16806947cd7104b5d03011bf436ca3072"},
+  "fine": {:hex, :fine, "0.1.2", "85cf7dd190c7c6c54c2840754ae977c9acc0417316255b674fad9f2678e4ecc7", [:mix], [], "hexpm", "9113531982c2b60dbea6c7233917ddf16806947cd7104b5d03011bf436ca3072"},
   "gettext": {:hex, :gettext, "0.26.2", "5978aa7b21fada6deabf1f6341ddba50bc69c999e812211903b169799208f2a8", [:mix], [{:expo, "~> 0.5.1 or ~> 1.0", [hex: :expo, repo: "hexpm", optional: false]}], "hexpm", "aa978504bcf76511efdc22d580ba08e2279caab1066b76bb9aa81c4a1e0a32a5"},
   "glob_ex": {:hex, :glob_ex, "0.1.11", "cb50d3f1ef53f6ca04d6252c7fde09fd7a1cf63387714fe96f340a1349e62c93", [:mix], [], "hexpm", "342729363056e3145e61766b416769984c329e4378f1d558b63e341020525de4"},
   "heroicons": {:git, "https://github.com/tailwindlabs/heroicons.git", "0435d4ca364a608cc75e2f8683d374e55abbae26", [tag: "v2.2.0", sparse: "optimized", depth: 1]},
diff --git a/priv/repo/seeds.exs b/priv/repo/seeds.exs
index 1497096..306b627 100644
--- a/priv/repo/seeds.exs
+++ b/priv/repo/seeds.exs
@@ -4,6 +4,7 @@
 #
 
 alias Mv.Membership
+alias Mv.Accounts
 
 for attrs <- [
       %{
@@ -41,3 +42,8 @@ for attrs <- [
     upsert_identity: :unique_name
   )
 end
+
+# Create admin user for testing
+Accounts.create_user!(%{email: "admin@mv.local"}, upsert?: true, upsert_identity: :unique_email)
+|> Ash.Changeset.for_update(:admin_set_password, %{password: "testpassword"})
+|> Ash.update!()

From 61dc095498eb92f42a163693ba7506ba1f489975 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Eppl=C3=A9e?= <hello@rafa.ee>
Date: Wed, 28 May 2025 17:08:02 +0200
Subject: [PATCH 5/6] wip: feat(ci): Build docker container

---
 .drone.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.drone.yml b/.drone.yml
index 3195217..569ce6a 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -8,6 +8,12 @@ services:
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres
+  - name: docker
+    image: docker:dind
+    privileged: true
+    volumes:
+      - name: dockersock
+        path: /var/run
 
 trigger:
   event:
@@ -95,11 +101,25 @@ steps:
       - name: cache
         path: /cache
 
+  - name: build & publish container?
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run
+    commands:
+      - sleep 6 # give docker time to start
+      - docker build --tag git.local-it.org/ci-builder/mitgliederverwaltung:latest .
+      - docker login --username $DRONE_FORGEJO_ACCOUNT_USERNAME --password $DRONE_FORGEJO_ACCOUNT_PASSWORD git.local-it.org
+      - docker push git.local-it.org/ci-builder/mitgliederverwaltung:latest
+
 volumes:
   - name: cache
     host:
       path: /tmp/drone_cache
 
+  - name: dockersock
+    temp: {}
+
 ---
 kind: pipeline
 type: docker

From 92588cbef2f541a19c706aaf0fae2e0918514a28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Eppl=C3=A9e?= <hello@rafa.ee>
Date: Thu, 17 Jul 2025 15:23:39 +0200
Subject: [PATCH 6/6] dropme: remove other drone tasks for faster debugging

---
 .drone.yml | 81 ------------------------------------------------------
 1 file changed, 81 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 569ce6a..7f0dead 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -20,87 +20,6 @@ trigger:
     - push
 
 steps:
-  - name: compute cache key
-    image: docker.io/library/elixir:1.18.3-otp-27
-    commands:
-      - mix_lock_hash=$(sha256sum mix.lock | cut -d ' ' -f 1)
-      - echo "$DRONE_REPO_OWNER/$DRONE_REPO_NAME/$mix_lock_hash" >> .cache_key
-      # Print cache key for debugging
-      - cat .cache_key
-
-  - name: restore-cache
-    image: drillster/drone-volume-cache
-    settings:
-      restore: true
-      mount:
-        - ./deps
-        - ./_build
-      ttl: 30
-    volumes:
-      - name: cache
-        path: /cache
-
-  - name: lint
-    image: docker.io/library/elixir:1.18.3-otp-27
-    commands:
-      # Install hex package manager
-      - mix local.hex --force
-      # Fetch dependencies
-      - mix deps.get
-      # Check for compilation errors & warnings
-      - mix compile --warnings-as-errors
-      # Check formatting
-      - mix format --check-formatted
-      # Security checks
-      - mix sobelow --config
-      # Check dependencies for known vulnerabilities
-      - mix deps.audit
-      # Check for dependencies that are not maintained anymore
-      - mix hex.audit
-      # Provide hints for improving code quality
-      - mix credo
-
-  - name: wait_for_postgres
-    image: docker.io/library/postgres:17.5
-    commands:
-      # Wait for postgres to become available
-      - |
-        for i in {1..20}; do
-          if pg_isready -h postgres -U postgres; then
-            exit 0
-          else
-            true
-          fi
-          sleep 2
-        done
-        echo "Postgres did not become available, aborting."
-        exit 1
-
-  - name: test
-    image: docker.io/library/elixir:1.18.3-otp-27
-    environment:
-      MIX_ENV: test
-      TEST_POSTGRES_HOST: postgres
-      TEST_POSTGRES_PORT: 5432
-    commands:
-      # Install hex package manager
-      - mix local.hex --force
-      # Fetch dependencies
-      - mix deps.get
-      # Run tests
-      - mix test
-
-  - name: rebuild-cache
-    image: drillster/drone-volume-cache
-    settings:
-      rebuild: true
-      mount:
-        - ./deps
-        - ./_build
-    volumes:
-      - name: cache
-        path: /cache
-
   - name: build & publish container?
     image: docker:dind
     volumes: