Fix React DOM warnings and improve pre-push hook

- Fix fill and priority boolean attributes in Hero component
- Improve next/image mock in Jest setup to handle boolean props correctly
- Enhance pre-push hook with better Docker detection and error handling
- Make Docker build test non-blocking (warnings instead of errors)
- Add executable permissions for secret check script
- Prevent React DOM warnings in tests

.gitea/workflows/ci-cd.yml

@@ -0,0 +1,127 @@
+name: CI/CD Pipeline (Simple)
+
+on:
+  push:
+    branches: [ main, production ]
+  pull_request:
+    branches: [ main, production ]
+
+env:
+  NODE_VERSION: '20'
+  DOCKER_IMAGE: portfolio-app
+  CONTAINER_NAME: portfolio-app
+
+jobs:
+  # Single job that does everything for non-production branches
+  test-and-build:
+    runs-on: ubuntu-latest
+    if: github.ref != 'refs/heads/production'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Run tests
+        run: npm run test
+
+      - name: Build application
+        run: npm run build
+
+      - name: Run security scan
+        run: |
+          echo "🔍 Running npm audit..."
+          npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
+
+  # Production deployment pipeline
+  production:
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/production'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Run tests
+        run: npm run test
+
+      - name: Build application
+        run: npm run build
+
+      - name: Run security scan
+        run: |
+          echo "🔍 Running npm audit..."
+          npm audit --audit-level=high || echo "⚠️ Some vulnerabilities found, but continuing..."
+
+      - name: Build Docker image
+        run: |
+          docker build -t ${{ env.DOCKER_IMAGE }}:latest .
+          docker tag ${{ env.DOCKER_IMAGE }}:latest ${{ env.DOCKER_IMAGE }}:$(date +%Y%m%d-%H%M%S)
+
+      - name: Stop existing services
+        run: |
+          docker-compose down || true
+
+      - name: Verify secrets before deployment
+        run: |
+          echo "🔍 Verifying secrets..."
+          if [ -z "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
+            echo "❌ NEXT_PUBLIC_BASE_URL secret is missing!"
+            exit 1
+          fi
+          if [ -z "${{ secrets.MY_EMAIL }}" ]; then
+            echo "❌ MY_EMAIL secret is missing!"
+            exit 1
+          fi
+          if [ -z "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
+            echo "❌ ADMIN_BASIC_AUTH secret is missing!"
+            exit 1
+          fi
+          echo "✅ All required secrets are present"
+
+      - name: Start services with Docker Compose
+        run: |
+          docker-compose up -d
+        env:
+          NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
+          MY_EMAIL: ${{ secrets.MY_EMAIL }}
+          MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
+          MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
+          MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
+          ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
+
+      - name: Wait for container to be ready
+        run: |
+          sleep 10
+          timeout 60 bash -c 'until curl -f http://localhost:3000/api/health; do sleep 2; done'
+
+      - name: Health check
+        run: |
+          curl -f http://localhost:3000/api/health
+          echo "✅ Deployment successful!"
+
+      - name: Cleanup old images
+        run: |
+          docker image prune -f
+          docker system prune -f

.gitea/workflows/debug-secrets.yml

@@ -0,0 +1,126 @@
+name: Debug Secrets
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+
+jobs:
+  debug-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Debug Environment Variables
+        run: |
+          echo "🔍 Checking if secrets are available..."
+          echo ""
+          
+          # Check each secret (without revealing values)
+          if [ -n "${{ secrets.NEXT_PUBLIC_BASE_URL }}" ]; then
+            echo "✅ NEXT_PUBLIC_BASE_URL: Set (length: ${#NEXT_PUBLIC_BASE_URL})"
+          else
+            echo "❌ NEXT_PUBLIC_BASE_URL: Not set"
+          fi
+          
+          if [ -n "${{ secrets.MY_EMAIL }}" ]; then
+            echo "✅ MY_EMAIL: Set (length: ${#MY_EMAIL})"
+          else
+            echo "❌ MY_EMAIL: Not set"
+          fi
+          
+          if [ -n "${{ secrets.MY_INFO_EMAIL }}" ]; then
+            echo "✅ MY_INFO_EMAIL: Set (length: ${#MY_INFO_EMAIL})"
+          else
+            echo "❌ MY_INFO_EMAIL: Not set"
+          fi
+          
+          if [ -n "${{ secrets.MY_PASSWORD }}" ]; then
+            echo "✅ MY_PASSWORD: Set (length: ${#MY_PASSWORD})"
+          else
+            echo "❌ MY_PASSWORD: Not set"
+          fi
+          
+          if [ -n "${{ secrets.MY_INFO_PASSWORD }}" ]; then
+            echo "✅ MY_INFO_PASSWORD: Set (length: ${#MY_INFO_PASSWORD})"
+          else
+            echo "❌ MY_INFO_PASSWORD: Not set"
+          fi
+          
+          if [ -n "${{ secrets.ADMIN_BASIC_AUTH }}" ]; then
+            echo "✅ ADMIN_BASIC_AUTH: Set (length: ${#ADMIN_BASIC_AUTH})"
+          else
+            echo "❌ ADMIN_BASIC_AUTH: Not set"
+          fi
+          
+          echo ""
+          echo "📋 Summary:"
+          echo "Total secrets checked: 6"
+          echo "Set secrets: $(echo "${{ secrets.NEXT_PUBLIC_BASE_URL }}${{ secrets.MY_EMAIL }}${{ secrets.MY_INFO_EMAIL }}${{ secrets.MY_PASSWORD }}${{ secrets.MY_INFO_PASSWORD }}${{ secrets.ADMIN_BASIC_AUTH }}" | grep -o . | wc -l)"
+        env:
+          NEXT_PUBLIC_BASE_URL: ${{ secrets.NEXT_PUBLIC_BASE_URL }}
+          MY_EMAIL: ${{ secrets.MY_EMAIL }}
+          MY_INFO_EMAIL: ${{ secrets.MY_INFO_EMAIL }}
+          MY_PASSWORD: ${{ secrets.MY_PASSWORD }}
+          MY_INFO_PASSWORD: ${{ secrets.MY_INFO_PASSWORD }}
+          ADMIN_BASIC_AUTH: ${{ secrets.ADMIN_BASIC_AUTH }}
+
+      - name: Test Docker Environment
+        run: |
+          echo "🐳 Testing Docker environment with secrets..."
+          
+          # Create a test container to verify environment variables
+          docker run --rm \
+            -e NODE_ENV=production \
+            -e DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public \
+            -e REDIS_URL=redis://redis:6379 \
+            -e NEXT_PUBLIC_BASE_URL="${{ secrets.NEXT_PUBLIC_BASE_URL }}" \
+            -e MY_EMAIL="${{ secrets.MY_EMAIL }}" \
+            -e MY_INFO_EMAIL="${{ secrets.MY_INFO_EMAIL }}" \
+            -e MY_PASSWORD="${{ secrets.MY_PASSWORD }}" \
+            -e MY_INFO_PASSWORD="${{ secrets.MY_INFO_PASSWORD }}" \
+            -e ADMIN_BASIC_AUTH="${{ secrets.ADMIN_BASIC_AUTH }}" \
+            alpine:latest sh -c '
+              echo "Environment variables in container:"
+              echo "NODE_ENV: $NODE_ENV"
+              echo "DATABASE_URL: $DATABASE_URL"
+              echo "REDIS_URL: $REDIS_URL"
+              echo "NEXT_PUBLIC_BASE_URL: $NEXT_PUBLIC_BASE_URL"
+              echo "MY_EMAIL: $MY_EMAIL"
+              echo "MY_INFO_EMAIL: $MY_INFO_EMAIL"
+              echo "MY_PASSWORD: [HIDDEN - length: ${#MY_PASSWORD}]"
+              echo "MY_INFO_PASSWORD: [HIDDEN - length: ${#MY_INFO_PASSWORD}]"
+              echo "ADMIN_BASIC_AUTH: [HIDDEN - length: ${#ADMIN_BASIC_AUTH}]"
+            '
+
+      - name: Validate Secret Formats
+        run: |
+          echo "🔐 Validating secret formats..."
+          
+          # Check NEXT_PUBLIC_BASE_URL format
+          if [[ "${{ secrets.NEXT_PUBLIC_BASE_URL }}" =~ ^https?:// ]]; then
+            echo "✅ NEXT_PUBLIC_BASE_URL: Valid URL format"
+          else
+            echo "❌ NEXT_PUBLIC_BASE_URL: Invalid URL format (should start with http:// or https://)"
+          fi
+          
+          # Check email formats
+          if [[ "${{ secrets.MY_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+            echo "✅ MY_EMAIL: Valid email format"
+          else
+            echo "❌ MY_EMAIL: Invalid email format"
+          fi
+          
+          if [[ "${{ secrets.MY_INFO_EMAIL }}" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then
+            echo "✅ MY_INFO_EMAIL: Valid email format"
+          else
+            echo "❌ MY_INFO_EMAIL: Invalid email format"
+          fi
+          
+          # Check ADMIN_BASIC_AUTH format (should be username:password)
+          if [[ "${{ secrets.ADMIN_BASIC_AUTH }}" =~ ^[^:]+:.+$ ]]; then
+            echo "✅ ADMIN_BASIC_AUTH: Valid format (username:password)"
+          else
+            echo "❌ ADMIN_BASIC_AUTH: Invalid format (should be username:password)"
+          fi

.githooks/README.md

@@ -0,0 +1,78 @@
+# Git Hooks
+
+This directory contains Git hooks for the Portfolio project.
+
+## Pre-Push Hook
+
+The pre-push hook runs automatically before every `git push` and performs the following checks:
+
+### Checks Performed:
+1. **Node.js Version Check** - Ensures Node.js 20+ is installed
+2. **Dependency Installation** - Installs npm dependencies if needed
+3. **Linting** - Runs ESLint to check code quality
+4. **Tests** - Runs Jest test suite
+5. **Build** - Builds the Next.js application
+6. **Security Audit** - Runs npm audit for vulnerabilities
+7. **Secret Detection** - Checks for accidentally committed secrets
+8. **Docker Configuration** - Validates Dockerfile and docker-compose.yml
+9. **Production Checks** - Additional checks when pushing to production branch
+
+### Production Branch Special Checks:
+- Environment file validation
+- Docker build test
+- Deployment readiness check
+
+### Usage:
+
+The hook runs automatically on every push. To manually test it:
+
+```bash
+# Test the hook manually
+.githooks/pre-push
+
+# Or push to trigger it
+git push origin main
+```
+
+### Bypassing the Hook:
+
+If you need to bypass the hook in an emergency:
+
+```bash
+git push --no-verify origin main
+```
+
+**Note**: Only bypass in emergencies. The hook prevents broken code from being pushed.
+
+### Troubleshooting:
+
+If the hook fails:
+
+1. **Fix the reported issues** (linting errors, test failures, etc.)
+2. **Run the checks manually** to debug:
+   ```bash
+   npm run lint
+   npm run test
+   npm run build
+   npm audit
+   ```
+3. **Check Node.js version**: `node --version` (should be 20+)
+4. **Reinstall dependencies**: `rm -rf node_modules && npm ci`
+
+### Configuration:
+
+The hook is configured in `.git/config`:
+```
+[core]
+    hooksPath = .githooks
+```
+
+To disable hooks temporarily:
+```bash
+git config core.hooksPath ""
+```
+
+To re-enable:
+```bash
+git config core.hooksPath .githooks
+```

.githooks/pre-push

@@ -0,0 +1,170 @@
+#!/bin/bash
+
+# Pre-push hook for Portfolio
+# Runs CI/CD checks before allowing push
+
+set -e
+
+echo "🚀 Running pre-push checks..."
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Function to print colored output
+print_status() {
+    echo -e "${BLUE}[INFO]${NC} $1"
+}
+
+print_success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+print_warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+print_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Check if we're in the right directory
+if [ ! -f "package.json" ]; then
+    print_error "Not in project root directory!"
+    exit 1
+fi
+
+# Check if Node.js is available
+if ! command -v node &> /dev/null; then
+    print_error "Node.js is not installed!"
+    exit 1
+fi
+
+# Check Node.js version
+NODE_VERSION=$(node --version | cut -d'v' -f2 | cut -d'.' -f1)
+if [ "$NODE_VERSION" -lt 20 ]; then
+    print_error "Node.js version 20+ required, found: $(node --version)"
+    exit 1
+fi
+
+print_success "Node.js version: $(node --version)"
+
+# Install dependencies if node_modules doesn't exist
+if [ ! -d "node_modules" ]; then
+    print_status "Installing dependencies..."
+    npm ci
+else
+    print_status "Dependencies already installed"
+fi
+
+# Run linting
+print_status "Running ESLint..."
+if npm run lint; then
+    print_success "Linting passed"
+else
+    print_error "Linting failed! Please fix the issues before pushing."
+    exit 1
+fi
+
+# Run tests
+print_status "Running tests..."
+if npm run test; then
+    print_success "Tests passed"
+else
+    print_error "Tests failed! Please fix the issues before pushing."
+    exit 1
+fi
+
+# Build application
+print_status "Building application..."
+if npm run build; then
+    print_success "Build successful"
+else
+    print_error "Build failed! Please fix the issues before pushing."
+    exit 1
+fi
+
+# Security audit
+print_status "Running security audit..."
+if npm audit --audit-level=high; then
+    print_success "Security audit passed"
+else
+    print_warning "Security audit found issues. Consider running 'npm audit fix'"
+    # Don't fail the push for security warnings, just warn
+fi
+
+# Check for secrets in code
+print_status "Checking for secrets in code..."
+if [ -f "scripts/check-secrets.sh" ]; then
+    chmod +x scripts/check-secrets.sh
+    if ./scripts/check-secrets.sh; then
+        print_success "No secrets found in code"
+    else
+        print_error "Secrets detected in code! Please remove them before pushing."
+        exit 1
+    fi
+else
+    print_warning "Secret check script not found, skipping..."
+fi
+
+# Check Docker configuration
+print_status "Checking Docker configuration..."
+if [ -f "Dockerfile" ]; then
+    print_success "Dockerfile found"
+else
+    print_error "Dockerfile not found!"
+    exit 1
+fi
+
+if [ -f "docker-compose.yml" ]; then
+    print_success "Docker Compose configuration found"
+else
+    print_error "Docker Compose configuration not found!"
+    exit 1
+fi
+
+# Check if we're pushing to production branch
+CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+if [ "$CURRENT_BRANCH" = "production" ]; then
+    print_warning "Pushing to production branch - this will trigger deployment!"
+    
+    # Additional production checks
+    print_status "Running production-specific checks..."
+    
+    # Check if environment file exists
+    if [ ! -f ".env" ]; then
+        print_warning "No .env file found. Make sure secrets are configured in Gitea."
+    fi
+    
+    # Check if Docker is running
+    if ! docker info > /dev/null 2>&1; then
+        print_warning "Docker is not running. Skipping Docker build test."
+    else
+        # Check Docker image can be built
+        print_status "Testing Docker build..."
+        if docker build -t portfolio-app:test . > /dev/null 2>&1; then
+            print_success "Docker build test passed"
+            docker rmi portfolio-app:test > /dev/null 2>&1
+        else
+            print_warning "Docker build test failed, but continuing..."
+            # Don't fail the push for Docker build issues in pre-push hook
+            # The CI/CD pipeline will catch this
+        fi
+    fi
+fi
+
+# Final success message
+echo ""
+print_success "All pre-push checks passed! ✅"
+print_status "Ready to push to: $CURRENT_BRANCH"
+
+# Show what will be pushed
+echo ""
+print_status "Files to be pushed:"
+git diff --name-only HEAD~1 2>/dev/null || git diff --cached --name-only
+
+echo ""
+print_success "🚀 Push will proceed..."

.github/workflows/ci-cd.yml

@@ -190,8 +190,11 @@ jobs:
           # Stop and remove old container
           docker compose -f $COMPOSE_FILE down || true
           
-          # Start new container
-          docker compose -f $COMPOSE_FILE up -d
+          # Remove old images to force using new one
+          docker image prune -f
+          
+          # Start new container with force recreate
+          docker compose -f $COMPOSE_FILE up -d --force-recreate
           
           # Wait for health check
           echo "Waiting for application to be healthy..."

.secretsignore

@@ -0,0 +1,29 @@
+# Ignore patterns for secret detection
+# These are legitimate authentication patterns, not actual secrets
+
+# Authentication-related code patterns
+*password*
+*username*
+*credentials*
+*csrf*
+*session*
+*token*
+*key*
+*auth*
+
+# Environment variable references
+process.env.*
+
+# Cache and Redis patterns
+*cache*
+*redis*
+
+# Rate limiting patterns
+*rateLimit*
+
+# Next.js build artifacts
+.next/
+
+# Generated files
+*.d.ts
+*.js.map

AUTO-DEPLOYMENT.md

@@ -1,226 +0,0 @@
-# Automatisches Deployment System
-
-## Übersicht
-
-Dieses Portfolio verwendet ein **automatisches Deployment-System**, das bei jedem Git Push die Codebase prüft, den Container erstellt und startet.
-
-## 🚀 Deployment-Skripte
-
-### **1. Auto-Deploy (Vollständig)**
-```bash
-# Vollständiges automatisches Deployment
-./scripts/auto-deploy.sh
-
-# Oder mit npm
-npm run auto-deploy
-```
-
-**Was passiert:**
-- ✅ Git Status prüfen und uncommitted Changes committen
-- ✅ Latest Changes pullen
-- ✅ ESLint Linting
-- ✅ Tests ausführen
-- ✅ Next.js Build
-- ✅ Docker Image erstellen
-- ✅ Container stoppen/starten
-- ✅ Health Check
-- ✅ Cleanup alter Images
-
-### **2. Quick-Deploy (Schnell)**
-```bash
-# Schnelles Deployment ohne Tests
-./scripts/quick-deploy.sh
-
-# Oder mit npm
-npm run quick-deploy
-```
-
-**Was passiert:**
-- ✅ Docker Image erstellen
-- ✅ Container stoppen/starten
-- ✅ Health Check
-
-### **3. Manuelles Deployment**
-```bash
-# Manuelles Deployment mit Docker Compose
-./scripts/deploy.sh
-
-# Oder mit npm
-npm run deploy
-```
-
-## 🔄 Automatisches Deployment
-
-### **Git Hook Setup**
-Das System verwendet einen Git Post-Receive Hook, der automatisch bei jedem Push ausgeführt wird:
-
-```bash
-# Hook ist bereits konfiguriert in:
-.git/hooks/post-receive
-```
-
-### **Wie es funktioniert:**
-1. **Git Push** → Hook wird ausgelöst
-2. **Auto-Deploy Script** wird ausgeführt
-3. **Vollständige Pipeline** läuft automatisch
-4. **Deployment** wird durchgeführt
-5. **Health Check** bestätigt Erfolg
-
-## 📋 Deployment-Schritte
-
-### **Automatisches Deployment:**
-```bash
-# 1. Code Quality Checks
-git status --porcelain
-git pull origin main
-npm run lint
-npm run test
-
-# 2. Build Application
-npm run build
-
-# 3. Docker Operations
-docker build -t portfolio-app:latest .
-docker tag portfolio-app:latest portfolio-app:$(date +%Y%m%d-%H%M%S)
-
-# 4. Deployment
-docker stop portfolio-app || true
-docker rm portfolio-app || true
-docker run -d --name portfolio-app -p 3000:3000 portfolio-app:latest
-
-# 5. Health Check
-curl -f http://localhost:3000/api/health
-
-# 6. Cleanup
-docker system prune -f
-```
-
-## 🎯 Verwendung
-
-### **Für Entwicklung:**
-```bash
-# Schnelles Deployment während der Entwicklung
-npm run quick-deploy
-```
-
-### **Für Production:**
-```bash
-# Vollständiges Deployment mit Tests
-npm run auto-deploy
-```
-
-### **Automatisch bei Push:**
-```bash
-# Einfach committen und pushen
-git add .
-git commit -m "Update feature"
-git push origin main
-# → Automatisches Deployment läuft
-```
-
-## 📊 Monitoring
-
-### **Container Status:**
-```bash
-# Status prüfen
-npm run monitor status
-
-# Health Check
-npm run monitor health
-
-# Logs anzeigen
-npm run monitor logs
-```
-
-### **Deployment Logs:**
-```bash
-# Deployment-Logs anzeigen
-tail -f /var/log/portfolio-deploy.log
-
-# Git-Deployment-Logs
-tail -f /var/log/git-deploy.log
-```
-
-## 🔧 Konfiguration
-
-### **Ports:**
-- **Standard Port:** 3000
-- **Backup Port:** 3001 (falls 3000 belegt)
-
-### **Container:**
-- **Name:** portfolio-app
-- **Image:** portfolio-app:latest
-- **Restart Policy:** unless-stopped
-
-### **Logs:**
-- **Deployment Logs:** `/var/log/portfolio-deploy.log`
-- **Git Logs:** `/var/log/git-deploy.log`
-
-## 🚨 Troubleshooting
-
-### **Deployment schlägt fehl:**
-```bash
-# Logs prüfen
-docker logs portfolio-app
-
-# Container-Status prüfen
-docker ps -a
-
-# Manuell neu starten
-npm run quick-deploy
-```
-
-### **Port bereits belegt:**
-```bash
-# Ports prüfen
-lsof -i :3000
-
-# Anderen Port verwenden
-docker run -d --name portfolio-app -p 3001:3000 portfolio-app:latest
-```
-
-### **Tests schlagen fehl:**
-```bash
-# Tests lokal ausführen
-npm run test
-
-# Linting prüfen
-npm run lint
-
-# Build testen
-npm run build
-```
-
-## 📈 Features
-
-### **Automatische Features:**
-- ✅ **Git Integration** - Automatisch bei Push
-- ✅ **Code Quality** - Linting und Tests
-- ✅ **Health Checks** - Automatische Verifikation
-- ✅ **Rollback** - Alte Container werden gestoppt
-- ✅ **Cleanup** - Alte Images werden entfernt
-- ✅ **Logging** - Vollständige Deployment-Logs
-
-### **Sicherheits-Features:**
-- ✅ **Non-root Container**
-- ✅ **Resource Limits**
-- ✅ **Health Monitoring**
-- ✅ **Error Handling**
-- ✅ **Rollback bei Fehlern**
-
-## 🎉 Vorteile
-
-1. **Automatisierung** - Keine manuellen Schritte nötig
-2. **Konsistenz** - Immer gleiche Deployment-Prozesse
-3. **Sicherheit** - Tests vor jedem Deployment
-4. **Monitoring** - Vollständige Logs und Health Checks
-5. **Schnell** - Quick-Deploy für Entwicklung
-6. **Zuverlässig** - Automatische Rollbacks bei Fehlern
-
-## 📞 Support
-
-Bei Problemen:
-1. **Logs prüfen:** `tail -f /var/log/portfolio-deploy.log`
-2. **Container-Status:** `npm run monitor status`
-3. **Health Check:** `npm run monitor health`
-4. **Manueller Neustart:** `npm run quick-deploy`

DEPLOYMENT.md

@@ -1,272 +1,229 @@
 # Portfolio Deployment Guide
 
-## Übersicht
+## Overview
 
-Dieses Portfolio verwendet ein **optimiertes CI/CD-System** mit Docker für Production-Deployment. Das System ist darauf ausgelegt, hohen Traffic zu bewältigen und automatische Tests vor dem Deployment durchzuführen.
+This document covers all aspects of deploying the Portfolio application, including local development, CI/CD, and production deployment.
 
-## 🚀 Features
+## Prerequisites
 
-### ✅ **CI/CD Pipeline**
-- **Automatische Tests** vor jedem Deployment
-- **Security Scanning** mit Trivy
-- **Multi-Architecture Docker Builds** (AMD64 + ARM64)
-- **Health Checks** und Deployment-Verifikation
-- **Automatische Cleanup** alter Images
+- Docker and Docker Compose installed
+- Node.js 20+ for local development
+- Access to Gitea repository with Actions enabled
 
-### ⚡ **Performance-Optimierungen**
-- **Multi-Stage Docker Build** für kleinere Images
-- **Nginx Load Balancer** mit Caching
-- **Gzip Compression** und optimierte Headers
-- **Rate Limiting** für API-Endpoints
-- **Resource Limits** für Container
+## Environment Setup
 
-### 🔒 **Sicherheit**
-- **Non-root User** im Container
-- **Security Headers** (HSTS, CSP, etc.)
-- **SSL/TLS Termination** mit Nginx
-- **Vulnerability Scanning** in CI/CD
+### Required Secrets in Gitea
 
-## 📁 Dateistruktur
+Configure these secrets in your Gitea repository (Settings → Secrets):
 
-```
-├── .github/workflows/
-│   └── ci-cd.yml              # CI/CD Pipeline
-├── scripts/
-│   ├── deploy.sh              # Deployment-Skript
-│   └── monitor.sh             # Monitoring-Skript
-├── docker-compose.prod.yml    # Production Docker Compose
-├── nginx.conf                 # Nginx Konfiguration
-├── Dockerfile                 # Optimiertes Dockerfile
-└── env.example               # Environment Template
-```
+| Secret Name | Description | Example |
+|-------------|-------------|---------|
+| `NEXT_PUBLIC_BASE_URL` | Public URL of your website | `https://dk0.dev` |
+| `MY_EMAIL` | Main email for contact form | `contact@dk0.dev` |
+| `MY_INFO_EMAIL` | Info email address | `info@dk0.dev` |
+| `MY_PASSWORD` | Password for main email | `your_email_password` |
+| `MY_INFO_PASSWORD` | Password for info email | `your_info_email_password` |
+| `ADMIN_BASIC_AUTH` | Admin basic auth for protected areas | `admin:your_secure_password` |
 
-## 🛠️ Setup
+### Local Environment
 
-### 1. **Environment Variables**
+1. Copy environment template:
    ```bash
-# Kopiere die Beispiel-Datei
    cp env.example .env
-
-# Bearbeite die .env Datei mit deinen Werten
-nano .env
    ```
 
-### 2. **GitHub Secrets & Variables**
-Konfiguriere in deinem GitHub Repository:
-
-**Secrets:**
-- `GITHUB_TOKEN` (automatisch verfügbar)
-- `GHOST_API_KEY`
-- `MY_PASSWORD`
-- `MY_INFO_PASSWORD`
-
-**Variables:**
-- `NEXT_PUBLIC_BASE_URL`
-- `GHOST_API_URL`
-- `MY_EMAIL`
-- `MY_INFO_EMAIL`
-
-### 3. **SSL-Zertifikate**
+2. Update `.env` with your values:
    ```bash
-# Erstelle SSL-Verzeichnis
-mkdir -p ssl
-
-# Kopiere deine SSL-Zertifikate
-cp your-cert.pem ssl/cert.pem
-cp your-key.pem ssl/key.pem
+   NEXT_PUBLIC_BASE_URL=https://dk0.dev
+   MY_EMAIL=contact@dk0.dev
+   MY_INFO_EMAIL=info@dk0.dev
+   MY_PASSWORD=your_email_password
+   MY_INFO_PASSWORD=your_info_email_password
+   ADMIN_BASIC_AUTH=admin:your_secure_password
    ```
 
-## 🚀 Deployment
+## Deployment Methods
 
-### **Automatisches Deployment**
-Das System deployt automatisch bei Push auf den `production` Branch:
+### 1. Local Development
 
 ```bash
-# Code auf production Branch pushen
-git push origin production
+# Start all services
+docker-compose up -d
+
+# View logs
+docker-compose logs -f portfolio
+
+# Stop services
+docker-compose down
 ```
 
-### **Manuelles Deployment**
+### 2. CI/CD Pipeline (Automatic)
+
+The CI/CD pipeline runs automatically on:
+- **Push to `main`**: Runs tests, linting, build, and security checks
+- **Push to `production`**: Full deployment including Docker build and deployment
+
+#### Pipeline Steps:
+1. **Install dependencies** (`npm ci`)
+2. **Run linting** (`npm run lint`)
+3. **Run tests** (`npm run test`)
+4. **Build application** (`npm run build`)
+5. **Security scan** (`npm audit`)
+6. **Build Docker image** (production only)
+7. **Deploy with Docker Compose** (production only)
+
+### 3. Manual Deployment
+
 ```bash
-# Lokales Deployment
-./scripts/deploy.sh production
+# Build and start services
+docker-compose up -d --build
 
-# Oder mit npm
-npm run deploy
+# Check service status
+docker-compose ps
+
+# View logs
+docker-compose logs -f
 ```
 
-### **Docker Commands**
+## Service Configuration
+
+### Portfolio App
+- **Port**: 3000 (configurable via `PORT` environment variable)
+- **Health Check**: `http://localhost:3000/api/health`
+- **Environment**: Production
+- **Resources**: 512M memory limit, 0.5 CPU limit
+
+### PostgreSQL Database
+- **Port**: 5432 (internal)
+- **Database**: `portfolio_db`
+- **User**: `portfolio_user`
+- **Password**: `portfolio_pass`
+- **Health Check**: `pg_isready`
+
+### Redis Cache
+- **Port**: 6379 (internal)
+- **Health Check**: `redis-cli ping`
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Secrets not loading**:
+   - Run the debug workflow: Actions → Debug Secrets
+   - Verify all secrets are set in Gitea
+   - Check secret names match exactly
+
+2. **Container won't start**:
    ```bash
-# Container starten
-npm run docker:compose
+   # Check logs
+   docker-compose logs portfolio
    
-# Container stoppen
-npm run docker:down
+   # Check service status
+   docker-compose ps
    
-# Health Check
-npm run health
+   # Restart services
+   docker-compose restart
    ```
 
-## 📊 Monitoring
-
-### **Container Status**
+3. **Database connection issues**:
    ```bash
-# Status anzeigen
-./scripts/monitor.sh status
+   # Check PostgreSQL status
+   docker-compose exec postgres pg_isready -U portfolio_user -d portfolio_db
    
-# Oder mit npm
-npm run monitor status
+   # Check database logs
+   docker-compose logs postgres
    ```
 
-### **Health Check**
+4. **Redis connection issues**:
    ```bash
-# Application Health
-./scripts/monitor.sh health
+   # Test Redis connection
+   docker-compose exec redis redis-cli ping
    
-# Oder direkt
-curl http://localhost:3000/api/health
+   # Check Redis logs
+   docker-compose logs redis
    ```
 
-### **Logs anzeigen**
+### Debug Commands
+
 ```bash
-# Letzte 50 Zeilen
-./scripts/monitor.sh logs 50
+# Check environment variables in container
+docker exec portfolio-app env | grep -E "(DATABASE_URL|REDIS_URL|NEXT_PUBLIC_BASE_URL)"
 
-# Live-Logs folgen
-./scripts/monitor.sh logs 100
+# Test health endpoints
+curl -f http://localhost:3000/api/health
+
+# View all service logs
+docker-compose logs --tail=50
+
+# Check resource usage
+docker stats
 ```
 
-### **Metriken**
+## Monitoring
+
+### Health Checks
+- **Portfolio App**: `http://localhost:3000/api/health`
+- **PostgreSQL**: `pg_isready` command
+- **Redis**: `redis-cli ping` command
+
+### Logs
 ```bash
-# Detaillierte Metriken
-./scripts/monitor.sh metrics
+# Follow all logs
+docker-compose logs -f
+
+# Follow specific service logs
+docker-compose logs -f portfolio
+docker-compose logs -f postgres
+docker-compose logs -f redis
 ```
 
-## 🔧 Wartung
+## Security
 
-### **Container neustarten**
+### Security Scans
+- **NPM Audit**: Runs automatically in CI/CD
+- **Dependency Check**: Checks for known vulnerabilities
+- **Secret Detection**: Prevents accidental secret commits
+
+### Best Practices
+- Never commit secrets to repository
+- Use environment variables for sensitive data
+- Regularly update dependencies
+- Monitor security advisories
+
+## Backup and Recovery
+
+### Database Backup
 ```bash
-./scripts/monitor.sh restart
+# Create backup
+docker-compose exec postgres pg_dump -U portfolio_user portfolio_db > backup.sql
+
+# Restore backup
+docker-compose exec -T postgres psql -U portfolio_user portfolio_db < backup.sql
 ```
 
-### **Cleanup**
+### Volume Backup
 ```bash
-# Docker-Ressourcen bereinigen
-./scripts/monitor.sh cleanup
+# Backup volumes
+docker run --rm -v portfolio_postgres_data:/data -v $(pwd):/backup alpine tar czf /backup/postgres_backup.tar.gz /data
+docker run --rm -v portfolio_redis_data:/data -v $(pwd):/backup alpine tar czf /backup/redis_backup.tar.gz /data
 ```
 
-### **Updates**
-```bash
-# Neues Image pullen und deployen
-./scripts/deploy.sh production
-```
+## Performance Optimization
 
-## 📈 Performance-Tuning
+### Resource Limits
+- **Portfolio App**: 512M memory, 0.5 CPU
+- **PostgreSQL**: 256M memory, 0.25 CPU
+- **Redis**: Default limits
 
-### **Nginx Optimierungen**
-- **Gzip Compression** aktiviert
-- **Static Asset Caching** (1 Jahr)
-- **API Rate Limiting** (10 req/s)
-- **Load Balancing** bereit für Skalierung
+### Caching
+- **Next.js**: Built-in caching
+- **Redis**: Session and analytics caching
+- **Static Assets**: Served from CDN
 
-### **Docker Optimierungen**
-- **Multi-Stage Build** für kleinere Images
-- **Non-root User** für Sicherheit
-- **Health Checks** für automatische Recovery
-- **Resource Limits** (512MB RAM, 0.5 CPU)
+## Support
 
-### **Next.js Optimierungen**
-- **Standalone Output** für Docker
-- **Image Optimization** (WebP, AVIF)
-- **CSS Optimization** aktiviert
-- **Package Import Optimization**
-
-## 🚨 Troubleshooting
-
-### **Container startet nicht**
-```bash
-# Logs prüfen
-./scripts/monitor.sh logs
-
-# Status prüfen
-./scripts/monitor.sh status
-
-# Neustarten
-./scripts/monitor.sh restart
-```
-
-### **Health Check schlägt fehl**
-```bash
-# Manueller Health Check
-curl -v http://localhost:3000/api/health
-
-# Container-Logs prüfen
-docker compose -f docker-compose.prod.yml logs portfolio
-```
-
-### **Performance-Probleme**
-```bash
-# Resource-Usage prüfen
-./scripts/monitor.sh metrics
-
-# Nginx-Logs prüfen
-docker compose -f docker-compose.prod.yml logs nginx
-```
-
-### **SSL-Probleme**
-```bash
-# SSL-Zertifikate prüfen
-openssl x509 -in ssl/cert.pem -text -noout
-
-# Nginx-Konfiguration testen
-docker compose -f docker-compose.prod.yml exec nginx nginx -t
-```
-
-## 📋 CI/CD Pipeline
-
-### **Workflow-Schritte**
-1. **Test** - Linting, Tests, Build
-2. **Security** - Trivy Vulnerability Scan
-3. **Build** - Multi-Arch Docker Image
-4. **Deploy** - Automatisches Deployment
-
-### **Trigger**
-- **Push auf `main`** - Build nur
-- **Push auf `production`** - Build + Deploy
-- **Pull Request** - Test + Security
-
-### **Monitoring**
-- **GitHub Actions** - Pipeline-Status
-- **Container Health** - Automatische Checks
-- **Resource Usage** - Monitoring-Skript
-
-## 🔄 Skalierung
-
-### **Horizontal Scaling**
-```yaml
-# In nginx.conf - weitere Backend-Server hinzufügen
-upstream portfolio_backend {
-    least_conn;
-    server portfolio:3000 max_fails=3 fail_timeout=30s;
-    server portfolio-2:3000 max_fails=3 fail_timeout=30s;
-    server portfolio-3:3000 max_fails=3 fail_timeout=30s;
-}
-```
-
-### **Vertical Scaling**
-```yaml
-# In docker-compose.prod.yml - Resource-Limits erhöhen
-deploy:
-  resources:
-    limits:
-      memory: 1G
-      cpus: '1.0'
-```
-
-## 📞 Support
-
-Bei Problemen:
-1. **Logs prüfen**: `./scripts/monitor.sh logs`
-2. **Status prüfen**: `./scripts/monitor.sh status`
-3. **Health Check**: `./scripts/monitor.sh health`
-4. **Container neustarten**: `./scripts/monitor.sh restart`
+For issues or questions:
+1. Check the troubleshooting section above
+2. Review CI/CD pipeline logs
+3. Run the debug workflow
+4. Check service health endpoints

Dockerfile

@@ -4,7 +4,7 @@ FROM node:20 AS base
 # Install dependencies only when needed
 FROM base AS deps
 # Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
-RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
 WORKDIR /app
 
 # Install dependencies based on the preferred package manager

app/components/Contact.tsx

@@ -93,10 +93,10 @@ const Contact = () => {
           className="text-center mb-16"
         >
           <h2 className="text-4xl md:text-5xl font-bold mb-6 gradient-text">
-            Get In Touch
+            Contact Me
           </h2>
           <p className="text-xl text-gray-400 max-w-2xl mx-auto">
-            Have a project in mind or want to collaborate? I would love to hear from you!
+            Interested in working together or have questions about my projects? Feel free to reach out!
           </p>
         </motion.div>
 
@@ -111,11 +111,11 @@ const Contact = () => {
           >
             <div>
               <h3 className="text-2xl font-bold text-white mb-6">
-                Let&apos;s Connect
+                Get In Touch
               </h3>
               <p className="text-gray-400 leading-relaxed">
-                I&apos;m always open to discussing new opportunities, interesting projects, 
-                or just having a chat about technology and innovation.
+                I&apos;m always available to discuss new opportunities, interesting projects, 
+                or simply chat about technology and innovation.
               </p>
             </div>
 

app/components/Hero.tsx

@@ -101,9 +101,9 @@ const Hero = () => {
                 <Image
                   src="/images/me.jpg"
                   alt="Dennis Konkol - Software Engineer"
-                  fill={true}
+                  fill
                   className="object-cover"
-                  priority={true}
+                  priority
                 />
                 
                 {/* Hover overlay effect */}
@@ -216,7 +216,7 @@ const Hero = () => {
             whileTap={{ scale: 0.95 }}
             className="px-8 py-4 text-lg font-semibold border-2 border-gray-600 text-gray-300 hover:text-white hover:border-gray-500 rounded-lg transition-all duration-200"
           >
-            Get In Touch
+            Contact Me
           </motion.a>
         </motion.div>
 

app/editor/page.tsx

@@ -567,6 +567,7 @@ function EditorPageContent() {
                     className="p-2 rounded-lg text-gray-300"
                     title="Image"
                   >
+                    {/* eslint-disable-next-line jsx-a11y/alt-text */}
                     <Image className="w-4 h-4" />
                   </button>
                 </div>

app/layout.tsx

@@ -42,7 +42,7 @@ export const metadata: Metadata = {
   authors: [{name: "Dennis Konkol", url: "https://dk0.dev"}],
   openGraph: {
     title: "Dennis Konkol | Portfolio",
-    description: "Explore my projects and get in touch!",
+    description: "Explore my projects and contact me for collaboration opportunities!",
     url: "https://dk0.dev",
     siteName: "Dennis Konkol Portfolio",
     images: [

docker-compose.yml

@@ -1,16 +1,17 @@
+# Unified Docker Compose configuration for Portfolio
+# Supports both local development and production deployment
+
 services:
   portfolio:
-    build:
-      context: .
-      dockerfile: Dockerfile
+    image: portfolio-app:latest
     container_name: portfolio-app
     restart: unless-stopped
     ports:
-      - "4000:3000"
+      - "${PORT:-3000}:3000"  # Configurable port, defaults to 3000
     environment:
-      - NODE_ENV=production
+      - NODE_ENV=${NODE_ENV:-production}
       - DATABASE_URL=postgresql://portfolio_user:portfolio_pass@postgres:5432/portfolio_db?schema=public
-      - REDIS_URL=redis://redis-redis-shared-1:6379
+      - REDIS_URL=redis://redis:6379
       - NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL}
       - MY_EMAIL=${MY_EMAIL}
       - MY_INFO_EMAIL=${MY_INFO_EMAIL}
@@ -25,6 +26,8 @@ services:
     depends_on:
       postgres:
         condition: service_healthy
+      redis:
+        condition: service_healthy
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
       interval: 30s
@@ -67,6 +70,21 @@ services:
           memory: 128M
           cpus: '0.1'
 
+  redis:
+    image: redis:7-alpine
+    container_name: portfolio-redis
+    restart: unless-stopped
+    volumes:
+      - redis_data:/data
+    networks:
+      - portfolio_net
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+
 volumes:
   portfolio_data:
     driver: local
@@ -77,6 +95,6 @@ volumes:
 
 networks:
   portfolio_net:
-    external: true
+    driver: bridge
   proxy:
     external: true

jest.setup.ts

@@ -25,8 +25,14 @@ jest.mock('next/link', () => {
 
 // Mock next/image
 jest.mock('next/image', () => {
-  const ImageComponent = ({ src, alt, ...props }: Record<string, unknown>) => 
-    React.createElement('img', { src, alt, ...props });
+  const ImageComponent = ({ src, alt, fill, priority, ...props }: Record<string, unknown>) => {
+    // Convert boolean props to strings for DOM compatibility
+    const domProps: Record<string, unknown> = { src, alt };
+    if (fill) domProps.style = { width: '100%', height: '100%', objectFit: 'cover' };
+    if (priority) domProps.loading = 'eager';
+    
+    return React.createElement('img', { ...domProps, ...props });
+  };
   ImageComponent.displayName = 'Image';
   return ImageComponent;
 });

next.config.ts

@@ -8,6 +8,7 @@ dotenv.config({ path: path.resolve(__dirname, '.env') });
 const nextConfig: NextConfig = {
   // Enable standalone output for Docker
   output: 'standalone',
+  outputFileTracingRoot: path.join(__dirname, '../../'),
   
   // Optimize for production
   compress: true,
@@ -41,6 +42,23 @@ const nextConfig: NextConfig = {
     formats: ['image/webp', 'image/avif'],
     minimumCacheTTL: 60,
   },
+  
+  // Dynamic routes are handled automatically by Next.js
+  
+  // Add cache-busting headers
+  async headers() {
+    return [
+      {
+        source: '/(.*)',
+        headers: [
+          {
+            key: 'Cache-Control',
+            value: 'public, max-age=0, must-revalidate',
+          },
+        ],
+      },
+    ];
+  },
 };
 
 import bundleAnalyzer from "@next/bundle-analyzer";

package.json

@@ -32,6 +32,8 @@
     "deploy": "./scripts/deploy.sh",
     "auto-deploy": "./scripts/auto-deploy.sh",
     "quick-deploy": "./scripts/quick-deploy.sh",
+    "gitea-deploy": "./scripts/gitea-deploy.sh",
+    "setup-gitea-runner": "./scripts/setup-gitea-runner.sh",
     "monitor": "./scripts/monitor.sh",
     "health": "curl -f http://localhost:3000/api/health"
   },

prisma/schema.prisma

@@ -1,6 +1,3 @@
-// This is your Prisma schema file,
-// learn more about it in the docs: https://pris.ly/d/prisma-schema
-
 generator client {
   provider = "prisma-client-js"
 }
@@ -13,8 +10,8 @@ datasource db {
 model Project {
   id                 Int        @id @default(autoincrement())
   title              String     @db.VarChar(255)
-  description       String   @db.Text
-  content           String   @db.Text
+  description        String
+  content            String
   tags               String[]   @default([])
   featured           Boolean    @default(false)
   category           String     @db.VarChar(100)
@@ -23,12 +20,10 @@ model Project {
   live               String?    @db.VarChar(500)
   published          Boolean    @default(true)
   imageUrl           String?    @db.VarChar(500)
-  metaDescription   String?  @db.Text
-  keywords          String?  @db.Text
+  metaDescription    String?
+  keywords           String?
   ogImage            String?    @db.VarChar(500)
   schema             Json?
-  
-  // Advanced features
   difficulty         Difficulty @default(INTERMEDIATE)
   timeToComplete     String?    @db.VarChar(100)
   technologies       String[]   @default([])
@@ -37,20 +32,13 @@ model Project {
   futureImprovements String[]   @default([])
   demoVideo          String?    @db.VarChar(500)
   screenshots        String[]   @default([])
-  colorScheme      String   @db.VarChar(100) @default("Dark")
+  colorScheme        String     @default("Dark") @db.VarChar(100)
   accessibility      Boolean    @default(true)
-  
-  // Performance metrics
-  performance      Json     @default("{\"lighthouse\": 90, \"bundleSize\": \"50KB\", \"loadTime\": \"1.5s\"}")
-  
-  // Analytics
-  analytics        Json     @default("{\"views\": 0, \"likes\": 0, \"shares\": 0}")
-  
-  // Timestamps
+  performance        Json       @default("{\"loadTime\": \"1.5s\", \"bundleSize\": \"50KB\", \"lighthouse\": 90}")
+  analytics          Json       @default("{\"likes\": 0, \"views\": 0, \"shares\": 0}")
   createdAt          DateTime   @default(now()) @map("created_at")
   updatedAt          DateTime   @updatedAt @map("updated_at")
 
-  // Indexes for performance
   @@index([category])
   @@index([featured])
   @@index([published])
@@ -59,6 +47,49 @@ model Project {
   @@index([tags])
 }
 
+model PageView {
+  id        Int      @id @default(autoincrement())
+  projectId Int?     @map("project_id")
+  page      String   @db.VarChar(100)
+  ip        String?  @db.VarChar(45)
+  userAgent String?  @map("user_agent")
+  referrer  String?  @db.VarChar(500)
+  timestamp DateTime @default(now())
+
+  @@index([projectId])
+  @@index([timestamp])
+  @@index([page])
+}
+
+model UserInteraction {
+  id        Int             @id @default(autoincrement())
+  projectId Int             @map("project_id")
+  type      InteractionType
+  ip        String?         @db.VarChar(45)
+  userAgent String?         @map("user_agent")
+  timestamp DateTime        @default(now())
+
+  @@index([projectId])
+  @@index([type])
+  @@index([timestamp])
+}
+
+model Contact {
+  id               Int      @id @default(autoincrement())
+  name             String   @db.VarChar(255)
+  email            String   @db.VarChar(255)
+  subject          String   @db.VarChar(500)
+  message          String
+  responded        Boolean  @default(false)
+  responseTemplate String?  @map("response_template") @db.VarChar(50)
+  createdAt        DateTime @default(now()) @map("created_at")
+  updatedAt        DateTime @updatedAt @map("updated_at")
+
+  @@index([email])
+  @@index([responded])
+  @@index([createdAt])
+}
+
 enum Difficulty {
   BEGINNER
   INTERMEDIATE
@@ -66,55 +97,9 @@ enum Difficulty {
   EXPERT
 }
 
-// Analytics tracking
-model PageView {
-  id        Int      @id @default(autoincrement())
-  projectId Int?     @map("project_id")
-  page      String   @db.VarChar(100)
-  ip        String?  @db.VarChar(45)
-  userAgent String?  @db.Text @map("user_agent")
-  referrer  String?  @db.VarChar(500)
-  timestamp DateTime @default(now())
-  
-  @@index([projectId])
-  @@index([timestamp])
-  @@index([page])
-}
-
-// User interactions
-model UserInteraction {
-  id        Int      @id @default(autoincrement())
-  projectId Int      @map("project_id")
-  type      InteractionType
-  ip        String?  @db.VarChar(45)
-  userAgent String?  @db.Text @map("user_agent")
-  timestamp DateTime @default(now())
-  
-  @@index([projectId])
-  @@index([type])
-  @@index([timestamp])
-}
-
 enum InteractionType {
   LIKE
   SHARE
   BOOKMARK
   COMMENT
 }
-
-// Contact form submissions
-model Contact {
-  id                Int      @id @default(autoincrement())
-  name              String   @db.VarChar(255)
-  email             String   @db.VarChar(255)
-  subject           String   @db.VarChar(500)
-  message           String   @db.Text
-  responded         Boolean  @default(false)
-  responseTemplate  String?  @db.VarChar(50) @map("response_template")
-  createdAt         DateTime @default(now()) @map("created_at")
-  updatedAt         DateTime @updatedAt @map("updated_at")
-  
-  @@index([email])
-  @@index([responded])
-  @@index([createdAt])
-}

scripts/check-secrets.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+
+# Advanced Secret Detection Script
+# This script checks for actual secrets, not legitimate authentication code
+
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+print_status() {
+    echo -e "${GREEN}✅ $1${NC}"
+}
+
+print_warning() {
+    echo -e "${YELLOW}⚠️  $1${NC}"
+}
+
+print_error() {
+    echo -e "${RED}❌ $1${NC}"
+}
+
+echo "🔍 Advanced secret detection..."
+
+SECRETS_FOUND=false
+
+# Check for hardcoded secrets (more specific patterns)
+echo "Checking for hardcoded secrets..."
+
+# Check for actual API keys, tokens, passwords (not variable names)
+if grep -r -E "(api[_-]?key|secret[_-]?key|private[_-]?key|access[_-]?token|bearer[_-]?token)\s*[:=]\s*['\"][^'\"]{20,}" \
+   --include="*.js" --include="*.ts" --include="*.json" --include="*.env*" . | \
+   grep -v node_modules | grep -v ".git" | grep -v ".next/" | grep -v "test"; then
+    print_error "Hardcoded API keys or tokens found!"
+    SECRETS_FOUND=true
+fi
+
+# Check for database connection strings with credentials (excluding .env files)
+if grep -r -E "(postgresql|mysql|mongodb)://[^:]+:[^@]+@" \
+   --include="*.js" --include="*.ts" --include="*.json" . | \
+   grep -v node_modules | grep -v ".git" | grep -v ".next/" | grep -v "test" | \
+   grep -v ".env"; then
+    print_error "Database connection strings with credentials found in source code!"
+    SECRETS_FOUND=true
+fi
+
+# Check for AWS/cloud service credentials
+if grep -r -E "(aws[_-]?access[_-]?key[_-]?id|aws[_-]?secret[_-]?access[_-]?key|azure[_-]?account[_-]?key|gcp[_-]?service[_-]?account)" \
+   --include="*.js" --include="*.ts" --include="*.json" --include="*.env*" . | \
+   grep -v node_modules | grep -v ".git" | grep -v ".next/" | grep -v "test"; then
+    print_error "Cloud service credentials found!"
+    SECRETS_FOUND=true
+fi
+
+# Check for .env files in git (should be in .gitignore)
+if git ls-files | grep -E "\.env$|\.env\."; then
+    print_error ".env files found in git repository!"
+    SECRETS_FOUND=true
+fi
+
+# Check for common secret file patterns
+if find . -name "*.pem" -o -name "*.key" -o -name "*.p12" -o -name "*.pfx" | grep -v node_modules | grep -v ".git"; then
+    print_error "Certificate or key files found in repository!"
+    SECRETS_FOUND=true
+fi
+
+# Check for JWT secrets or signing keys
+if grep -r -E "(jwt[_-]?secret|signing[_-]?key|encryption[_-]?key)\s*[:=]\s*['\"][^'\"]{32,}" \
+   --include="*.js" --include="*.ts" --include="*.json" --include="*.env*" . | \
+   grep -v node_modules | grep -v ".git" | grep -v ".next/" | grep -v "test"; then
+    print_error "JWT secrets or signing keys found!"
+    SECRETS_FOUND=true
+fi
+
+if [ "$SECRETS_FOUND" = false ]; then
+    print_status "No actual secrets found in code"
+else
+    print_error "Potential secrets detected - please review and remove"
+    exit 1
+fi
+
+echo "🔍 Secret detection completed!"

scripts/dev-minimal.js

@@ -51,7 +51,7 @@ exec('docker-compose --version', (error) => {
           shell: isWindows,
           env: {
             ...process.env,
-            DATABASE_URL: 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public',
+            DATABASE_URL: process.env.DATABASE_URL || 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public',
             REDIS_URL: 'redis://localhost:6379',
             NODE_ENV: 'development'
           }

scripts/dev-simple.js

@@ -12,7 +12,7 @@ console.log('💡 For full development environment with DB, use: npm run dev:ful
 const env = {
   ...process.env,
   NODE_ENV: 'development',
-  DATABASE_URL: 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public',
+  DATABASE_URL: process.env.DATABASE_URL || 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public',
   REDIS_URL: 'redis://localhost:6379',
   NEXT_PUBLIC_BASE_URL: 'http://localhost:3000'
 };

scripts/gitea-deploy.sh

@@ -0,0 +1,207 @@
+#!/bin/bash
+
+# Gitea-specific deployment script
+# Optimiert für lokalen Gitea Runner
+
+set -e
+
+# Configuration
+PROJECT_NAME="portfolio"
+CONTAINER_NAME="portfolio-app"
+IMAGE_NAME="portfolio-app"
+PORT=3000
+BACKUP_PORT=3001
+LOG_FILE="./logs/gitea-deploy.log"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Logging function
+log() {
+    echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1" | tee -a "$LOG_FILE"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1" | tee -a "$LOG_FILE"
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1" | tee -a "$LOG_FILE"
+}
+
+warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1" | tee -a "$LOG_FILE"
+}
+
+# Check if running as root
+if [[ $EUID -eq 0 ]]; then
+   error "This script should not be run as root"
+   exit 1
+fi
+
+# Check if Docker is running
+if ! docker info > /dev/null 2>&1; then
+    error "Docker is not running. Please start Docker and try again."
+    exit 1
+fi
+
+# Check if we're in the right directory
+if [ ! -f "package.json" ] || [ ! -f "Dockerfile" ]; then
+    error "Please run this script from the project root directory"
+    exit 1
+fi
+
+log "🚀 Starting Gitea deployment for $PROJECT_NAME"
+
+# Step 1: Code Quality Checks
+log "📋 Step 1: Running code quality checks..."
+
+# Run linting
+log "🔍 Running ESLint..."
+npm run lint || {
+    error "ESLint failed. Please fix the issues before deploying."
+    exit 1
+}
+
+# Run tests
+log "🧪 Running tests..."
+npm run test || {
+    error "Tests failed. Please fix the issues before deploying."
+    exit 1
+}
+
+success "✅ Code quality checks passed"
+
+# Step 2: Build Application
+log "🔨 Step 2: Building application..."
+
+# Build Next.js application
+log "📦 Building Next.js application..."
+npm run build || {
+    error "Build failed"
+    exit 1
+}
+
+success "✅ Application built successfully"
+
+# Step 3: Docker Operations
+log "🐳 Step 3: Docker operations..."
+
+# Build Docker image
+log "🏗️ Building Docker image..."
+docker build -t "$IMAGE_NAME:latest" . || {
+    error "Docker build failed"
+    exit 1
+}
+
+# Tag with timestamp
+TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+docker tag "$IMAGE_NAME:latest" "$IMAGE_NAME:$TIMESTAMP"
+
+success "✅ Docker image built successfully"
+
+# Step 4: Deployment
+log "🚀 Step 4: Deploying application..."
+
+# Check if container is running
+if [ "$(docker inspect -f '{{.State.Running}}' "$CONTAINER_NAME" 2>/dev/null)" = "true" ]; then
+    log "📦 Stopping existing container..."
+    docker stop "$CONTAINER_NAME" || true
+    docker rm "$CONTAINER_NAME" || true
+fi
+
+# Check if port is available
+if lsof -Pi :$PORT -sTCP:LISTEN -t >/dev/null ; then
+    warning "Port $PORT is in use. Trying backup port $BACKUP_PORT"
+    DEPLOY_PORT=$BACKUP_PORT
+else
+    DEPLOY_PORT=$PORT
+fi
+
+# Start new container
+log "🚀 Starting new container on port $DEPLOY_PORT..."
+docker run -d \
+    --name "$CONTAINER_NAME" \
+    --restart unless-stopped \
+    -p "$DEPLOY_PORT:3000" \
+    -e NODE_ENV=production \
+    "$IMAGE_NAME:latest" || {
+    error "Failed to start container"
+    exit 1
+}
+
+# Wait for container to be ready
+log "⏳ Waiting for container to be ready..."
+sleep 10
+
+# Health check
+log "🏥 Performing health check..."
+HEALTH_CHECK_TIMEOUT=60
+HEALTH_CHECK_INTERVAL=2
+ELAPSED=0
+
+while [ $ELAPSED -lt $HEALTH_CHECK_TIMEOUT ]; do
+    if curl -f "http://localhost:$DEPLOY_PORT/api/health" > /dev/null 2>&1; then
+        success "✅ Application is healthy!"
+        break
+    fi
+    
+    sleep $HEALTH_CHECK_INTERVAL
+    ELAPSED=$((ELAPSED + HEALTH_CHECK_INTERVAL))
+    echo -n "."
+done
+
+if [ $ELAPSED -ge $HEALTH_CHECK_TIMEOUT ]; then
+    error "Health check timeout. Application may not be running properly."
+    log "Container logs:"
+    docker logs "$CONTAINER_NAME" --tail=50
+    exit 1
+fi
+
+# Step 5: Verification
+log "✅ Step 5: Verifying deployment..."
+
+# Test main page
+if curl -f "http://localhost:$DEPLOY_PORT/" > /dev/null 2>&1; then
+    success "✅ Main page is accessible"
+else
+    error "❌ Main page is not accessible"
+    exit 1
+fi
+
+# Show container status
+log "📊 Container status:"
+docker ps --filter "name=$CONTAINER_NAME" --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+
+# Show resource usage
+log "📈 Resource usage:"
+docker stats --no-stream --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" "$CONTAINER_NAME"
+
+# Step 6: Cleanup
+log "🧹 Step 6: Cleaning up old images..."
+
+# Remove old images (keep last 3 versions)
+docker images "$IMAGE_NAME" --format "table {{.Tag}}\t{{.ID}}" | tail -n +2 | head -n -3 | awk '{print $2}' | xargs -r docker rmi || {
+    warning "No old images to remove"
+}
+
+# Clean up unused Docker resources
+docker system prune -f --volumes || {
+    warning "Failed to clean up Docker resources"
+}
+
+# Final success message
+success "🎉 Gitea deployment completed successfully!"
+log "🌐 Application is available at: http://localhost:$DEPLOY_PORT"
+log "🏥 Health check endpoint: http://localhost:$DEPLOY_PORT/api/health"
+log "📊 Container name: $CONTAINER_NAME"
+log "📝 Logs: docker logs $CONTAINER_NAME"
+
+# Update deployment log
+echo "$(date): Gitea deployment successful - Port: $DEPLOY_PORT - Image: $IMAGE_NAME:$TIMESTAMP" >> "$LOG_FILE"
+
+exit 0

scripts/security-scan.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+
+# Security Scan Script
+# This script runs various security checks on the portfolio project
+
+set -e
+
+echo "🔒 Starting security scan..."
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Function to print colored output
+print_status() {
+    echo -e "${GREEN}✅ $1${NC}"
+}
+
+print_warning() {
+    echo -e "${YELLOW}⚠️  $1${NC}"
+}
+
+print_error() {
+    echo -e "${RED}❌ $1${NC}"
+}
+
+# Check if we're in the right directory
+if [ ! -f "package.json" ]; then
+    print_error "Please run this script from the project root directory"
+    exit 1
+fi
+
+# 1. NPM Audit
+echo "🔍 Running npm audit..."
+if npm audit --audit-level=high; then
+    print_status "NPM audit passed - no high/critical vulnerabilities found"
+else
+    print_warning "NPM audit found vulnerabilities - check the output above"
+fi
+
+# 2. Trivy scan (if available)
+echo "🔍 Running Trivy vulnerability scan..."
+if command -v trivy &> /dev/null; then
+    if trivy fs --scanners vuln,secret --format table .; then
+        print_status "Trivy scan completed successfully"
+    else
+        print_warning "Trivy scan found issues - check the output above"
+    fi
+else
+    print_warning "Trivy not installed - skipping Trivy scan"
+    echo "To install Trivy: brew install trivy"
+fi
+
+# 3. Check for secrets using advanced detection
+echo "🔍 Checking for potential secrets in code..."
+if ./scripts/check-secrets.sh; then
+    print_status "No secrets found in code"
+else
+    print_error "Secrets detected - please review"
+fi
+
+# 4. Check for outdated dependencies
+echo "🔍 Checking for outdated dependencies..."
+if npm outdated; then
+    print_status "All dependencies are up to date"
+else
+    print_warning "Some dependencies are outdated - consider updating"
+fi
+
+# 5. Check for known vulnerable packages
+echo "🔍 Checking for known vulnerable packages..."
+if npm audit --audit-level=moderate; then
+    print_status "No moderate+ vulnerabilities found"
+else
+    print_warning "Some vulnerabilities found - run 'npm audit fix' to attempt fixes"
+fi
+
+echo ""
+echo "🔒 Security scan completed!"
+echo "For more detailed security analysis, consider:"
+echo "  - Running 'npm audit fix' to fix vulnerabilities"
+echo "  - Installing Trivy for comprehensive vulnerability scanning"
+echo "  - Using tools like Snyk or GitHub Dependabot for ongoing monitoring"

scripts/setup-database.js

@@ -6,7 +6,7 @@ const { exec } = require('child_process');
 console.log('🗄️  Setting up database...');
 
 // Set environment variables for development
-process.env.DATABASE_URL = 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public';
+process.env.DATABASE_URL = process.env.DATABASE_URL || 'postgresql://portfolio_user:portfolio_dev_pass@localhost:5432/portfolio_dev?schema=public';
 
 // Function to run command and return promise
 function runCommand(command) {

scripts/setup-gitea-runner.sh

@@ -0,0 +1,192 @@
+#!/bin/bash
+
+# Gitea Runner Setup Script
+# Installiert und konfiguriert einen lokalen Gitea Runner
+
+set -e
+
+# Configuration
+GITEA_URL="${GITEA_URL:-http://localhost:3000}"
+RUNNER_NAME="${RUNNER_NAME:-portfolio-runner}"
+RUNNER_LABELS="${RUNNER_LABELS:-ubuntu-latest,self-hosted,portfolio}"
+RUNNER_WORK_DIR="${RUNNER_WORK_DIR:-/tmp/gitea-runner}"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Logging function
+log() {
+    echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
+}
+
+error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+success() {
+    echo -e "${GREEN}[SUCCESS]${NC} $1"
+}
+
+warning() {
+    echo -e "${YELLOW}[WARNING]${NC} $1"
+}
+
+# Check if running as root
+if [[ $EUID -eq 0 ]]; then
+   error "This script should not be run as root"
+   exit 1
+fi
+
+log "🚀 Setting up Gitea Runner for Portfolio"
+
+# Check if Gitea URL is accessible
+log "🔍 Checking Gitea server accessibility..."
+if ! curl -f "$GITEA_URL" > /dev/null 2>&1; then
+    error "Cannot access Gitea server at $GITEA_URL"
+    error "Please make sure Gitea is running and accessible"
+    exit 1
+fi
+success "✅ Gitea server is accessible"
+
+# Create runner directory
+log "📁 Creating runner directory..."
+mkdir -p "$RUNNER_WORK_DIR"
+cd "$RUNNER_WORK_DIR"
+
+# Download Gitea Runner
+log "📥 Downloading Gitea Runner..."
+RUNNER_VERSION="latest"
+RUNNER_ARCH="linux-amd64"
+
+# Get latest version
+if [ "$RUNNER_VERSION" = "latest" ]; then
+    RUNNER_VERSION=$(curl -s https://api.github.com/repos/woodpecker-ci/woodpecker/releases/latest | grep -o '"tag_name": "[^"]*' | grep -o '[^"]*$')
+fi
+
+RUNNER_URL="https://github.com/woodpecker-ci/woodpecker/releases/download/${RUNNER_VERSION}/woodpecker-agent_${RUNNER_VERSION}_${RUNNER_ARCH}.tar.gz"
+
+log "Downloading from: $RUNNER_URL"
+curl -L -o woodpecker-agent.tar.gz "$RUNNER_URL"
+
+# Extract runner
+log "📦 Extracting Gitea Runner..."
+tar -xzf woodpecker-agent.tar.gz
+chmod +x woodpecker-agent
+
+success "✅ Gitea Runner downloaded and extracted"
+
+# Create systemd service
+log "⚙️ Creating systemd service..."
+sudo tee /etc/systemd/system/gitea-runner.service > /dev/null <<EOF
+[Unit]
+Description=Gitea Runner for Portfolio
+After=network.target
+
+[Service]
+Type=simple
+User=$USER
+WorkingDirectory=$RUNNER_WORK_DIR
+ExecStart=$RUNNER_WORK_DIR/woodpecker-agent
+Restart=always
+RestartSec=5
+Environment=WOODPECKER_SERVER=$GITEA_URL
+Environment=WOODPECKER_AGENT_SECRET=
+Environment=WOODPECKER_LOG_LEVEL=info
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Reload systemd
+sudo systemctl daemon-reload
+
+success "✅ Systemd service created"
+
+# Instructions for manual registration
+log "📋 Manual registration required:"
+echo ""
+echo "1. Go to your Gitea instance: $GITEA_URL"
+echo "2. Navigate to: Settings → Actions → Runners"
+echo "3. Click 'Create new Runner'"
+echo "4. Copy the registration token"
+echo "5. Run the following command:"
+echo ""
+echo "   cd $RUNNER_WORK_DIR"
+echo "   ./woodpecker-agent register --server $GITEA_URL --token YOUR_TOKEN"
+echo ""
+echo "6. After registration, start the service:"
+echo "   sudo systemctl enable gitea-runner"
+echo "   sudo systemctl start gitea-runner"
+echo ""
+echo "7. Check status:"
+echo "   sudo systemctl status gitea-runner"
+echo ""
+
+# Create helper scripts
+log "📝 Creating helper scripts..."
+
+# Start script
+cat > "$RUNNER_WORK_DIR/start-runner.sh" << 'EOF'
+#!/bin/bash
+echo "Starting Gitea Runner..."
+sudo systemctl start gitea-runner
+sudo systemctl status gitea-runner
+EOF
+
+# Stop script
+cat > "$RUNNER_WORK_DIR/stop-runner.sh" << 'EOF'
+#!/bin/bash
+echo "Stopping Gitea Runner..."
+sudo systemctl stop gitea-runner
+EOF
+
+# Status script
+cat > "$RUNNER_WORK_DIR/status-runner.sh" << 'EOF'
+#!/bin/bash
+echo "Gitea Runner Status:"
+sudo systemctl status gitea-runner
+echo ""
+echo "Logs (last 20 lines):"
+sudo journalctl -u gitea-runner -n 20 --no-pager
+EOF
+
+# Logs script
+cat > "$RUNNER_WORK_DIR/logs-runner.sh" << 'EOF'
+#!/bin/bash
+echo "Gitea Runner Logs:"
+sudo journalctl -u gitea-runner -f
+EOF
+
+chmod +x "$RUNNER_WORK_DIR"/*.sh
+
+success "✅ Helper scripts created"
+
+# Create environment file
+cat > "$RUNNER_WORK_DIR/.env" << EOF
+# Gitea Runner Configuration
+GITEA_URL=$GITEA_URL
+RUNNER_NAME=$RUNNER_NAME
+RUNNER_LABELS=$RUNNER_LABELS
+RUNNER_WORK_DIR=$RUNNER_WORK_DIR
+EOF
+
+log "📋 Setup Summary:"
+echo "  • Runner Directory: $RUNNER_WORK_DIR"
+echo "  • Gitea URL: $GITEA_URL"
+echo "  • Runner Name: $RUNNER_NAME"
+echo "  • Labels: $RUNNER_LABELS"
+echo "  • Helper Scripts: $RUNNER_WORK_DIR/*.sh"
+echo ""
+
+log "🎯 Next Steps:"
+echo "1. Register the runner in Gitea web interface"
+echo "2. Enable and start the service"
+echo "3. Test with a workflow run"
+echo ""
+
+success "🎉 Gitea Runner setup completed!"
+log "📁 All files are in: $RUNNER_WORK_DIR"