test(ci): assert prerender output is only /hilfe/transkription

Addresses Sara's review request on #515. Without this gate, a future regression that turns prerender.crawl back on (or adds a new prerender entry whose nav links into protected routes) would silently bake /, /documents, /persons etc. to "redirect-to-login" HTML and re-introduce #514. Verified the script catches the current broken build state: $ find build/prerendered ... -not -path 'hilfe/*' ... build/prerendered/{index,documents,persons,geschichten,stammbaum}.html Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
fix(frontend): disable prerender crawl so /, /documents, /persons aren't baked
2026-05-11 17:00:54 +02:00 · 2026-05-11 17:00:10 +02:00 · 2026-05-11 16:59:59 +02:00
2 changed files with 34 additions and 1 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -59,6 +59,29 @@ jobs:
        run: npm run build
        working-directory: frontend

+      # ── Prerender output is exactly the public help page ───────────────────
+      # SvelteKit prerender + crawl follows nav links and bakes "redirect to
+      # /login" HTML for every protected route, served BEFORE runtime hooks
+      # (see #514). With `crawl: false` only the explicit entry should land
+      # in build/prerendered/. Anything else is a regression — fail the build.
+      - name: Assert prerender output is only /hilfe/transkription
+        run: |
+          cd frontend
+          set -e
+          extra=$(find build/prerendered -type f \
+                  -not -path 'build/prerendered/hilfe/*' \
+                  -not -name '*.br' -not -name '*.gz' \
+                  || true)
+          if [ -n "$extra" ]; then
+            echo "FAIL: unexpected prerendered files (would shadow runtime hooks):"
+            echo "$extra"
+            exit 1
+          fi
+          # And the help page must still be there.
+          test -f build/prerendered/hilfe/transkription.html \
+            || { echo "FAIL: /hilfe/transkription.html missing from prerender output"; exit 1; }
+          echo "PASS: only /hilfe/transkription.html prerendered."
+
      - name: Upload screenshots
        if: always()
        uses: actions/upload-artifact@v4
--- a/frontend/svelte.config.js
+++ b/frontend/svelte.config.js
@@ -8,7 +8,17 @@ const config = {
 	preprocess: vitePreprocess(),
 	kit: {
 		adapter: adapter(),
-		prerender: { entries: ['/hilfe/transkription'] }
+		prerender: {
+			entries: ['/hilfe/transkription'],
+			// Disable crawl: by default SvelteKit follows nav links from
+			// prerendered pages and prerenders the targets too. The targets
+			// (/, /documents, /persons, …) throw redirect('/login') during
+			// the build (no auth cookie), so SvelteKit bakes a
+			// `<script>location.href='/login'</script>` HTML page and serves
+			// it before the runtime hooks ever run. Result: authenticated
+			// users with a valid cookie still get bounced. See #514.
+			crawl: false
+		}
 	}
 };
Author	SHA1	Message	Date
Marcel	6ba7254344	test(ci): assert prerender output is only /hilfe/transkription Some checks failed CI / Unit & Component Tests (push) Has been cancelled Details CI / OCR Service Tests (push) Has been cancelled Details CI / Backend Unit Tests (push) Has been cancelled Details CI / fail2ban Regex (push) Has been cancelled Details CI / Compose Bucket Idempotency (push) Has been cancelled Details CI / Unit & Component Tests (pull_request) Has been cancelled Details CI / OCR Service Tests (pull_request) Has been cancelled Details CI / Backend Unit Tests (pull_request) Has been cancelled Details CI / fail2ban Regex (pull_request) Has been cancelled Details CI / Compose Bucket Idempotency (pull_request) Has been cancelled Details Addresses Sara's review request on #515. Without this gate, a future regression that turns prerender.crawl back on (or adds a new prerender entry whose nav links into protected routes) would silently bake /, /documents, /persons etc. to "redirect-to-login" HTML and re-introduce #514. Verified the script catches the current broken build state: $ find build/prerendered ... -not -path 'hilfe/*' ... build/prerendered/{index,documents,persons,geschichten,stammbaum}.html Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 17:00:54 +02:00
Marcel	b2955fb695	fix(frontend): disable prerender crawl so /, /documents, /persons aren't baked Closes #514. The build was prerendering protected routes via crawl from /hilfe/transkription. Their load functions throw redirect('/login') during the build (no auth cookie), so SvelteKit captured the redirect as static HTML and shipped /app/build/prerendered/{index,documents, persons,geschichten,stammbaum}.html with a `location.href=/login` script. In production these files are served BEFORE hooks.server.ts runs, so an authenticated user with a valid cookie is still served the baked bounce-back page. Setting `crawl: false` keeps the explicit /hilfe/transkription entry prerendered (needed for the public help page) without dragging the nav targets along with it. Verified locally: build now emits only `hilfe/transkription.html` under build/prerendered/, no index.html or documents.html etc. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-11 17:00:10 +02:00
marcel	5d2888e038	Merge pull request 'fix(compose): mark create-buckets as one-shot for `up --wait` (#510 )' (#511 ) from fix/issue-510-compose-wait-oneshot-create-buckets into main Some checks failed CI / Unit & Component Tests (push) Has been cancelled Details CI / OCR Service Tests (push) Has been cancelled Details CI / Backend Unit Tests (push) Has been cancelled Details CI / fail2ban Regex (push) Has been cancelled Details CI / Compose Bucket Idempotency (push) Has been cancelled Details	2026-05-11 16:59:59 +02:00