Sonarqube temporarily turned off

Error pages in correct design
Static file serving out of DEBUG mode addressed
2026-01-19 14:44:48 +01:00 · 2026-01-19 13:52:07 +01:00 · 2026-01-19 13:26:26 +01:00 · 2026-01-15 17:07:15 +01:00 · 2026-01-15 17:05:22 +01:00 · 2026-01-15 16:59:24 +01:00
44 changed files with 4482 additions and 84 deletions
--- a/.argocdignore
+++ b/.argocdignore
@@ -0,0 +1,22 @@
 # ArgoCD ignore patterns
 # Exclude template files from ArgoCD deployment
 # Secret templates (deployed separately by scripts)
 templates/
 **/secret.yaml
 # Documentation and scripts
 docs/
 scripts/
 *.md
 README*
 # Development files
 .env*
 .git*
 .vscode/
 .idea/
 # CI/CD files
 .gitea/
 .github/
--- a/.gitea/workflows/build-containers-on-demand.yml
+++ b/.gitea/workflows/build-containers-on-demand.yml
@@ -60,7 +60,7 @@ jobs:
          chmod +x /usr/local/bin/yq
          yq --version
-      - name: Read ${{ matrix.description }} image from deployment (old vs new)
+      - name: Read ${{ matrix.description }} image from deployment 
        id: img
        shell: bash
        run: |
@@ -211,28 +211,17 @@ jobs:
            echo "ERROR: Found $ctype \"$cname\" image repo is \"$new_repo\" but expected \"$expected_repo\""
            exit 1
          fi
          if [ -n "${old_image:-}" ]; then
            old_tag="${old_image##*:}"
          else
            old_tag=""
          fi
          registry="$(echo "$new_repo" | awk -F/ '{print $1}')"
          {
            echo "changed=$([ "$old_tag" != "$new_tag" ] && echo true || echo false)"
            echo "new_image=$new_image"
            echo "new_repo=$new_repo"
            echo "new_tag=$new_tag"
            echo "registry=$registry"
          } >> "$GITHUB_OUTPUT"
      - name: Skip if tag unchanged
        if: steps.img.outputs.changed != 'true'
        run: echo "${{ matrix.description }} image tag unchanged; skipping build."
      - name: Check if image exists on registry
        if: steps.img.outputs.changed == 'true'
        id: check_image
        shell: bash
        run: |
@@ -267,15 +256,15 @@ jobs:
          fi
      - name: Skip if image already exists
-        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'true'
+        if: steps.check_image.outputs.exists == 'true'
        run: echo "${{ matrix.description }} image ${{ steps.img.outputs.new_image }} already exists on registry; skipping build."
      - name: Set up Buildx
-        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
+        if: steps.check_image.outputs.exists == 'false'
        uses: docker/setup-buildx-action@v3
      - name: Log in to registry
-        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
+        if: steps.check_image.outputs.exists == 'false'
        uses: docker/login-action@v3
        with:
          registry: ${{ steps.img.outputs.registry }}
@@ -283,7 +272,7 @@ jobs:
          password: ${{ secrets.REGISTRY_PASSWORD }}
      - name: Build and push ${{ matrix.description }} (exact tag from deployment)
-        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
+        if: steps.check_image.outputs.exists == 'false'
        uses: docker/build-push-action@v6
        with:
          context: ${{ matrix.build_context }}
--- a/.gitea/workflows/check_code_in_sonarqube.yaml.off
+++ b/.gitea/workflows/check_code_in_sonarqube.yaml.off
@@ -0,0 +1,67 @@
 on:
  push:
    # branches:
      # - main
      # - development
  pull_request:
      types: [opened, synchronize, reopened]
 name: SonarQube Scan
 jobs:
  sonarqube:
    name: SonarQube Trigger
    runs-on: ubuntu-latest
    steps:
    - name: Checking out
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.11'
    - name: Install dependencies
      run: |
        pip install -r requirements.txt
    - name: Run tests with coverage
      run: |
        coverage run --source='.' manage.py test
        coverage xml
    - name: Set up JDK 17
      uses: actions/setup-java@v3
      with:
        java-version: '17'
        distribution: 'temurin'
    - name: Cache SonarQube packages
      uses: actions/cache@v3
      with:
        path: ~/.sonar/cache
        key: ${{ runner.os }}-sonar
        restore-keys: ${{ runner.os }}-sonar
    - name: Download and setup SonarScanner
      run: |
        mkdir -p $HOME/.sonar
        wget -q https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip
        unzip -q sonar-scanner-cli-5.0.1.3006-linux.zip -d $HOME/.sonar/
        echo "$HOME/.sonar/sonar-scanner-5.0.1.3006-linux/bin" >> $GITHUB_PATH
    - name: Verify Java version
      run: java -version
    - name: SonarQube Scan
      env:
        SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
        SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
      run: |
        sonar-scanner \
          -Dsonar.projectKey=${{ github.event.repository.name }} \
          -Dsonar.sources=. \
          -Dsonar.host.url=${SONAR_HOST_URL} \
          -Dsonar.token=${SONAR_TOKEN} \
          -Dsonar.python.coverage.reportPaths=coverage.xml
--- a/18
+++ b/18
@@ -1,4 +1,4 @@
-FROM python:3.13-slim AS baustelle
+FROM python:3.15-rc-trixie AS baustelle
 RUN mkdir /app
 WORKDIR /app
 ENV PYTHONDONTWRITEBYTECODE=1
@@ -7,22 +7,23 @@ RUN pip install  --upgrade pip
 COPY requirements.txt /app/
 RUN pip install --no-cache-dir -r requirements.txt
-FROM python:3.13-slim
+FROM python:3.15-rc-slim-trixie
 RUN useradd -m -r appuser && \
    mkdir /app && \
    chown -R appuser /app
-COPY --from=baustelle /usr/local/lib/python3.13/site-packages/ /usr/local/lib/python3.13/site-packages/
+COPY --from=baustelle /usr/local/lib/python3.15/site-packages/ /usr/local/lib/python3.15/site-packages/
 COPY --from=baustelle /usr/local/bin/ /usr/local/bin/
-RUN rm /usr/bin/tar
+RUN rm /usr/bin/tar /usr/lib/x86_64-linux-gnu/libncur*
 RUN rm /usr/lib/x86_64-linux-gnu/libncur*
 WORKDIR /app
 COPY --chown=appuser:appuser . .
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 USER appuser
 EXPOSE 8000
-RUN rm -rf /app/Dockerfile* \
+# Set build environment variable to enable fallback secret key during build
 ENV DOCKER_BUILDKIT=1
 RUN rm -rvf /app/Dockerfile* \
           /app/README.md \
           /app/argocd \
           /app/k8s \
@@ -31,7 +32,8 @@ RUN rm -rf /app/Dockerfile* \
           /app/requirements.txt \
           /app/node_modules \
           /app/*.json \
-           /app/test_*.py
+           /app/scripts \
-RUN python3 manage.py collectstatic
+           /app/test_*.py && \
       python3 /app/manage.py collectstatic --noinput
 CMD ["gunicorn","--bind","0.0.0.0:8000","--workers","3","VorgabenUI.wsgi:application"]
--- a/Documentation/diagramm.md
+++ b/Documentation/diagramm.md
@@ -540,5 +540,5 @@ digraph {
 Bei Fragen oder Problemen mit Diagrammen:
 1. Code auf https://kroki.io/ testen
 2. Syntax-Dokumentation des jeweiligen Diagrammtyps konsultieren
-3. Diagramm-Cache leeren: `python manage.py clear_diagram_cache`
+3. (Nur mit Shell-Zugriff auf Kubernetes-Pod möglich): Diagramm-Cache leeren: `python manage.py clear_diagram_cache`
 4. Bei technischen Problemen: Information Security Management BIT kontaktieren
--- a/VorgabenUI/settings-docker.py
+++ b/VorgabenUI/settings-docker.py
@@ -24,7 +24,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 SECRET_KEY = os.environ.get("SECRET_KEY")
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = bool(os.environ.get("DEBUG", default=0)
+DEBUG = bool(os.environ.get("DEBUG", default=0))
 ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS","127.0.0.1").split(",")
--- a/VorgabenUI/settings.py
+++ b/VorgabenUI/settings.py
@@ -20,13 +20,34 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = '429ti9tugj9güLLO))(G&G94KF452R3Fieaek$&6s#zlao-ca!#)_@j6*u+8s&bvfil^qyo%&-sov$ysi'
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = os.environ.get('DEBUG', 'True').lower() in ('true', '1', 'yes', 'on')
-ALLOWED_HOSTS = ["10.128.128.144","localhost","127.0.0.1","*"]
+# SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = os.environ.get('VORGABENUI_SECRET')
 if not SECRET_KEY:
    # Check if we're in a build environment (Docker build, CI, etc.)
    is_build_env = any([
        os.environ.get('DOCKER_BUILDKIT'),  # Docker build
        os.environ.get('CI'),               # CI environment
        os.environ.get('GITHUB_ACTIONS'),   # GitHub Actions
        os.environ.get('GITEA_ACTIONS'),    # Gitea Actions
    ])
    # Use DEBUG environment variable or assume debug mode for local development
    debug_mode = os.environ.get('DEBUG', 'True').lower() in ('true', '1', 'yes', 'on')
    if debug_mode or is_build_env:
        # Fixed fallback key for local development and build environments
        SECRET_KEY = 'dev-fallback-key-for-local-debugging-only-not-for-production-use-12345'
        if not is_build_env:  # Don't log during build to avoid noise
            import logging
            logging.warning("🚨 Using fallback SECRET_KEY for local development. This should NEVER happen in production!")
    else:
        raise ValueError("VORGABENUI_SECRET environment variable is required")
 ALLOWED_HOSTS = os.environ.get('DJANGO_ALLOWED_HOSTS', "10.128.128.144,localhost,127.0.0.1,*").split(",")
 # Application definition
@@ -37,6 +58,7 @@ INSTALLED_APPS = [
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'whitenoise',
    'dokumente',
    'abschnitte',
    'stichworte',
@@ -48,6 +70,7 @@ INSTALLED_APPS = [
 ]
 MIDDLEWARE = [
    'whitenoise.middleware.WhiteNoiseMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
@@ -127,7 +150,7 @@ USE_TZ = True
 STATIC_URL = '/static/'
 #STATIC_ROOT="/home/adebaumann/VorgabenUI/staticfiles/"
-STATIC_ROOT="/app/staticfiles/"
+STATIC_ROOT="staticfiles/"
 STATICFILES_DIRS= (
    os.path.join(BASE_DIR,"static"),
    )
@@ -143,6 +166,12 @@ DIAGRAM_CACHE_DIR = 'diagram_cache'  # relative to MEDIA_ROOT
 # https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 # Custom error pages
 handler400 = 'pages.views.custom_400'
 handler403 = 'pages.views.custom_403'
 handler404 = 'pages.views.custom_404'
 handler500 = 'pages.views.custom_500'
 DATA_UPLOAD_MAX_NUMBER_FIELDS=10250
 NESTED_ADMIN_LAZY_INLINES = True
@@ -151,6 +180,24 @@ LOGIN_URL = 'login'
 LOGIN_REDIRECT_URL = '/'
 LOGOUT_REDIRECT_URL = 'login'
 AUTH_PASSWORD_VALIDATORS = [
    {
        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
        "OPTIONS": {
            "min_length": 12,
        },
    },
    {
        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
    },
    {
        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
    },
 ]
 #LOGGING = {
 #    "version": 1,
 #    "handlers"  :{
--- a/VorgabenUI/urls.py
+++ b/VorgabenUI/urls.py
@@ -40,9 +40,7 @@ urlpatterns = [
    path('password_change/done/', auth_views.PasswordChangeDoneView.as_view(template_name='registration/password_change_done.html'), name='password_change_done'),
 ]
 # Serve static files
 urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
 # Serve media files (including cached diagrams)
 if settings.DEBUG:
    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
    urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
--- a/argocd/configmap.yaml
+++ b/argocd/configmap.yaml
@@ -0,0 +1,25 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: django-config
  namespace: vorgabenui
 data:
  # Django Configuration
  DEBUG: "false"
  DJANGO_ALLOWED_HOSTS: "vorgabenportal.knowyoursecurity.com,localhost,127.0.0.1,*"
  DJANGO_SETTINGS_MODULE: "VorgabenUI.settings"
  # Application Configuration
  LANGUAGE_CODE: "de-ch"
  TIME_ZONE: "UTC"
  # Static and Media Configuration  
  STATIC_URL: "/static/"
  MEDIA_URL: "/media/"
  # Database Configuration (for future use)
  # DATABASE_ENGINE: "django.db.backends.sqlite3"
  # DATABASE_NAME: "/app/data/db.sqlite3"
  # Security Configuration
  # CSRF_TRUSTED_ORIGINS: "https://vorgabenportal.knowyoursecurity.com"
--- a/argocd/deployment.yaml
+++ b/argocd/deployment.yaml
@@ -18,15 +18,38 @@ spec:
        fsGroupChangePolicy: "OnRootMismatch"
      initContainers:
        - name: loader
-          image: git.baumann.gr/adebaumann/vui-data-loader:0.10
+          image: git.baumann.gr/adebaumann/vui-data-loader:0.11
          command: [ "sh","-c","cp -n preload/preload.sqlite3 /data/db.sqlite3; chown -R 999:999 /data; ls -la /data; sleep 10; exit 0" ]
          volumeMounts:
            - name: data
              mountPath: /data
      containers:
        - name: web
-          image: git.baumann.gr/adebaumann/vui:0.961
+          image: git.baumann.gr/adebaumann/vui:0.980
          imagePullPolicy: Always
          env:
          # Secret configuration
          - name: VORGABENUI_SECRET
            valueFrom:
              secretKeyRef:
                name: vorgabenui-secrets
                key: vorgabenui_secret
          # ConfigMap configuration
          - name: DEBUG
            valueFrom:
              configMapKeyRef:
                name: django-config
                key: DEBUG
          - name: DJANGO_ALLOWED_HOSTS
            valueFrom:
              configMapKeyRef:
                name: django-config
                key: DJANGO_ALLOWED_HOSTS
          - name: DJANGO_SETTINGS_MODULE
            valueFrom:
              configMapKeyRef:
                name: django-config
                key: DJANGO_SETTINGS_MODULE
          ports:
            - containerPort: 8000
          volumeMounts:
--- a/data-loader/preload.sqlite3
+++ b/data-loader/preload.sqlite3
--- a/data/db.sqlite3
+++ b/data/db.sqlite3
--- a/docs/kubernetes-secrets.md
+++ b/docs/kubernetes-secrets.md
@@ -0,0 +1,383 @@
 # Kubernetes Configuration Management for VorgabenUI Django
 This document describes how to manage Django configuration using Kubernetes secrets and ConfigMaps.
 ## Overview
 Django configuration has been moved to Kubernetes-native resources for improved security and flexibility:
 ### **Secrets** (for sensitive data)
 - `VORGABENUI_SECRET` - Django SECRET_KEY
 - Future: Database passwords, API keys, etc.
 ### **ConfigMaps** (for non-sensitive configuration)
 - `DEBUG` - Debug mode setting
 - `DJANGO_ALLOWED_HOSTS` - Allowed hostnames
 - `DJANGO_SETTINGS_MODULE` - Settings module path
 - Application configuration settings
 This approach ensures that:
 1. Sensitive data is not stored in version control
 2. Configuration is environment-specific
 3. Non-sensitive settings are easily manageable
 4. Follows Kubernetes best practices
 5. Includes fallback for local development
 ## Files Changed
 ### VorgabenUI/settings.py
 - Replaced hardcoded `SECRET_KEY` with `VORGABENUI_SECRET` environment variable lookup
 - Added fallback secret key for local development (only works when DEBUG=True)
 - Added warning when fallback key is used
 ### Files Created/Updated
 #### **Configuration Resources**
 - `argocd/configmap.yaml` - Django configuration (DEBUG, ALLOWED_HOSTS, etc.)
 - `templates/configmap.yaml` - ConfigMap template (excluded from ArgoCD)
 - `templates/secret.yaml` - Secret template (excluded from ArgoCD deployment)
 - `argocd/secret.yaml` - ArgoCD-specific secret template with ignore annotation
 #### **Deployment Configuration**
 - `argocd/deployment.yaml` - Updated with Secret and ConfigMap environment variables
 - `.argocdignore` - ArgoCD ignore patterns for templates and scripts
 #### **Deployment Scripts**
 - `scripts/deploy-argocd-secret.sh` - ArgoCD-specific script to deploy secrets
 - `scripts/deploy-argocd-configmap.sh` - ArgoCD-specific script to deploy ConfigMap
 #### **Application Code**
 - `VorgabenUI/settings.py` - Updated to use environment variables from ConfigMap
 #### **Examples and Documentation**
 - `k8s/django-secret.yaml` - Updated for consistency (vorgabenui namespace)
 - `k8s/django-deployment-example.yaml` - Updated example deployment
 - `scripts/deploy-django-secret.sh` - Updated with new defaults
 ## Usage
 ### 1. Deploy ConfigMap (ArgoCD Production)
 **Deploy configuration first** (required before the application starts):
 ```bash
 # Deploy ConfigMap to vorgabenui namespace
 ./scripts/deploy-argocd-configmap.sh
 # Verify existing ConfigMap
 ./scripts/deploy-argocd-configmap.sh --verify-only
 # Dry run to see what would happen
 ./scripts/deploy-argocd-configmap.sh --dry-run
 # Get help
 ./scripts/deploy-argocd-configmap.sh --help
 ```
 ### 2. Deploy the Secret (ArgoCD Production)
 **Deploy secret second** (contains sensitive SECRET_KEY):
 ```bash
 # Deploy secret to vorgabenui namespace
 ./scripts/deploy-argocd-secret.sh
 # Verify existing secret
 ./scripts/deploy-argocd-secret.sh --verify-only
 # Dry run to see what would happen
 ./scripts/deploy-argocd-secret.sh --dry-run
 # Get help
 ./scripts/deploy-argocd-secret.sh --help
 ```
 ### 3. Deploy Resources for Other Environments
 For development or other environments, use the general scripts:
 ```bash
 # Deploy ConfigMap to vorgabenui namespace (default)
 ./scripts/deploy-django-secret.sh  # (includes ConfigMap deployment)
 # Deploy to specific namespace
 ./scripts/deploy-django-secret.sh -n development
 # Get help
 ./scripts/deploy-django-secret.sh --help
 ```
 ### 4. Environment Variable Configuration
 The ArgoCD deployment (`argocd/deployment.yaml`) is configured with:
 **Secret Variables:**
 ```yaml
 env:
 # Secret configuration
 - name: VORGABENUI_SECRET
  valueFrom:
    secretKeyRef:
      name: vorgabenui-secrets
      key: vorgabenui_secret
 ```
 **ConfigMap Variables:**
 ```yaml
 # ConfigMap configuration
 - name: DEBUG
  valueFrom:
    configMapKeyRef:
      name: django-config
      key: DEBUG
 - name: DJANGO_ALLOWED_HOSTS
  valueFrom:
    configMapKeyRef:
      name: django-config
      key: DJANGO_ALLOWED_HOSTS
 - name: DJANGO_SETTINGS_MODULE
  valueFrom:
    configMapKeyRef:
      name: django-config
      key: DJANGO_SETTINGS_MODULE
 ```
 For other deployments, see `k8s/django-deployment-example.yaml` for a complete example.
 ### 5. Verify the Deployment
 **Check ConfigMap:**
 ```bash
 kubectl get configmap django-config -n vorgabenui
 kubectl describe configmap django-config -n vorgabenui
 ```
 **Check Secret:**
 ```bash
 kubectl get secrets vorgabenui-secrets -n vorgabenui
 kubectl describe secret vorgabenui-secrets -n vorgabenui
 ```
 **Check Django pods can access configuration:**
 ```bash
 # Check secret variable
 kubectl exec -n vorgabenui deployment/django -- printenv VORGABENUI_SECRET
 # Check ConfigMap variables
 kubectl exec -n vorgabenui deployment/django -- printenv DEBUG
 kubectl exec -n vorgabenui deployment/django -- printenv DJANGO_ALLOWED_HOSTS
 # Check all environment variables
 kubectl exec -n vorgabenui deployment/django -- printenv | grep -E "(VORGABENUI|DEBUG|DJANGO)"
 ```
 ## Development Environment
 ### Local Development with Fallback
 The application now includes a fallback secret key for local development. When running locally:
 1. **Automatic fallback**: If `VORGABENUI_SECRET` is not set and `DEBUG=True`, a fallback key is used automatically
 2. **Warning message**: The application will log a warning when using the fallback key (except during builds)
 3. **Production safety**: Fallback only works when `DEBUG=True` or in build environments
 ### Docker Build Support
 The Django settings are designed to work seamlessly during Docker builds:
 1. **Build environment detection**: Automatically detects Docker builds, CI environments
 2. **Fallback activation**: Uses fallback key during build without requiring environment variables
 3. **No build-time secrets**: No need to provide `VORGABENUI_SECRET` during `docker build`
 4. **Runtime security**: Production containers still require the proper environment variable
 **Supported build environments:**
 - Docker builds (`DOCKER_BUILDKIT`)
 - CI environments (`CI`)
 - GitHub Actions (`GITHUB_ACTIONS`)
 - Gitea Actions (`GITEA_ACTIONS`)
 - Local development (`DEBUG=True`)
 ### Manual Environment Variable
 You can still set the environment variable manually:
 ```bash
 # Option 1: Export the variable
 export VORGABENUI_SECRET="your-development-key-here"
 python manage.py runserver
 # Option 2: Use a .env file (recommended)
 echo "VORGABENUI_SECRET=your-development-key-here" > .env
 # Then load it in your settings or use python-dotenv
 ```
 ### Development vs Production
 - **Local Development**: Fallback key works automatically when `DEBUG=True`
 - **Production**: Must have `VORGABENUI_SECRET` environment variable set, no fallback
 ## ArgoCD Integration and Exclusions
 ### Preventing ArgoCD from Deploying Secret Templates
 This setup includes multiple approaches to prevent ArgoCD from trying to deploy the secret template:
 #### 1. Template Directory (`templates/`)
 - Secret template moved to `templates/` directory
 - ArgoCD deployment script automatically uses this location
 - Excluded via `.argocdignore` file
 #### 2. ArgoCD Ignore Annotation
 - `argocd/secret.yaml` has `argocd.argoproj.io/ignore: "true"` annotation
 - Provides fallback if templates directory approach fails
 #### 3. `.argocdignore` File
 - Global exclusion patterns for templates, scripts, and documentation
 - Prevents ArgoCD from syncing non-deployment files
 ### ArgoCD Sync Behavior
 - ArgoCD will sync only the actual deployment files (`deployment.yaml`, `ingress.yaml`, etc.)
 - Secret templates are excluded and must be deployed manually using the deployment script
 - This ensures secrets are created outside of GitOps workflow for security
 ## Security Considerations
 1. **Never commit the actual SECRET_KEY** - Only templates and scripts are in version control
 2. **Use different keys per environment** - Production, staging, and development should all have unique keys
 3. **Rotate keys regularly** - Run the deployment script periodically to generate new keys
 4. **Limit access** - Use Kubernetes RBAC to control who can access secrets
 5. **ArgoCD exclusion** - Secret templates are excluded from ArgoCD to prevent empty/template secrets from being deployed
 ## Troubleshooting
 ### Django fails to start with "VORGABENUI_SECRET environment variable is required"
 This means the environment variable is not set in your pod and fallback conditions aren't met. Check:
 1. **Secret exists**: `kubectl get secret vorgabenui-secrets -n vorgabenui`
 2. **Deployment references secret correctly**: Check `argocd/deployment.yaml` env section
 3. **Pod has environment variable**: `kubectl exec <pod-name> -n vorgabenui -- env | grep VORGABENUI_SECRET`
 4. **For local development**: Ensure `DEBUG=True` to use the fallback key
 5. **For Docker builds**: Build should work automatically with fallback
 ### Docker build fails with SECRET_KEY error
 This should no longer happen with the updated settings. If you still see issues:
 1. **Check build environment variables**: Build should detect `DOCKER_BUILDKIT=1`
 2. **Verify settings changes**: Ensure the updated `settings.py` is being used
 3. **Force environment detection**: Set `CI=1` during build if needed
 4. **Use explicit DEBUG**: Set `DEBUG=True` during build as fallback
 ### Secret deployment fails
 Check that:
 1. You have kubectl access to the cluster
 2. You have permission to create secrets in the `vorgabenui` namespace
 3. Python3 is available for key generation
 4. The ArgoCD secret template exists: `argocd/secret.yaml`
 ### Key rotation
 To rotate the SECRET_KEY:
 1. **For ArgoCD production**: Run `./scripts/deploy-argocd-secret.sh` again
 2. **For other environments**: Run `./scripts/deploy-django-secret.sh` again  
 3. Restart your Django pods to pick up the new key:
   ```bash
   # For ArgoCD production
   kubectl rollout restart deployment/django -n vorgabenui
   # For other environments
   kubectl rollout restart deployment/your-django-deployment -n your-namespace
   ```
 ## Script Options
 ### ArgoCD Production Scripts
 #### **ConfigMap Script (`deploy-argocd-configmap.sh`)**
 Deploy Django configuration (non-sensitive):
 - `--verify-only` - Only verify existing ConfigMap, don't deploy
 - `--dry-run` - Show what would be deployed without applying
 - `-h, --help` - Show help message
 Configuration is hardcoded for ArgoCD:
 - Namespace: `vorgabenui`
 - ConfigMap name: `django-config`
 - ConfigMap file: `argocd/configmap.yaml`
 #### **Secret Script (`deploy-argocd-secret.sh`)**
 Deploy sensitive configuration:
 - `--verify-only` - Only verify existing secret, don't create new one
 - `--dry-run` - Show what would be done without making changes  
 - `-h, --help` - Show help message
 Configuration is hardcoded for ArgoCD:
 - Namespace: `vorgabenui`
 - Secret name: `vorgabenui-secrets`
 - Secret key: `vorgabenui_secret`
 - Template location: `templates/secret.yaml` (excluded from ArgoCD)
 ### General Script (`deploy-django-secret.sh`)
 For development and other environments:
 - `-n, --namespace NAMESPACE` - Target Kubernetes namespace (default: vorgabenui)
 - `-s, --secret-name NAME` - Secret name (default: vorgabenui-secrets)
 - `-k, --key-name NAME` - Secret key name (default: vorgabenui_secret)
 - `-h, --help` - Show help message
 Environment variables:
 - `NAMESPACE` - Override default namespace
 ## Migration from Hardcoded Key
 ### Migration from Old Setup
 If you're migrating from the previous `DJANGO_SECRET_KEY` setup:
 1. **Deploy the new secret** using `./scripts/deploy-argocd-secret.sh`
 2. **Update any existing deployments** to use `VORGABENUI_SECRET` instead of `DJANGO_SECRET_KEY`
 3. **Test locally** - the fallback key should work automatically in DEBUG mode
 4. **Deploy the updated application** - ArgoCD deployment is already configured
 ### Migration from Hardcoded Key
 If you're migrating from a completely hardcoded key:
 1. **Backup your current key** (in case you need to rollback)
 2. **Deploy the secret first** using the deployment script
 3. **Apply the updated ArgoCD deployment** (already done in this setup)
 4. **Test thoroughly** - local development should work with fallback
 5. **Deploy the updated settings.py** after confirming the secret works
 The ArgoCD deployment (`argocd/deployment.yaml`) now includes the environment variable configuration, so Django will automatically pick up the secret after deployment.
 ## Deployment Order
 **Critical: Deploy resources in this order:**
 1. **ConfigMap first** (required for Django to start):
   ```bash
   ./scripts/deploy-argocd-configmap.sh
   ```
 2. **Secret second** (contains sensitive data):
   ```bash
   ./scripts/deploy-argocd-secret.sh
   ```
 3. **Application deployment** (ArgoCD will sync this automatically):
   ```bash
   kubectl apply -f argocd/deployment.yaml
   # OR let ArgoCD sync from Git
   ```
 If you deploy in the wrong order, Django pods will fail to start because they require both the ConfigMap and Secret to be available.
--- a/dokumente/admin.py
+++ b/dokumente/admin.py
@@ -94,10 +94,18 @@ class EinleitungInline(NestedStackedInline):
 class VorgabeForm(forms.ModelForm):
    referenzen = TreeNodeMultipleChoiceField(queryset=Referenz.objects.all(), required=False)
    class Meta:
        model = Vorgabe
        fields = '__all__'
    def clean_thema(self):
        """Validate that thema is provided."""
        thema = self.cleaned_data.get('thema')
        if not thema:
            raise forms.ValidationError('Thema ist ein Pflichtfeld. Bitte wählen Sie ein Thema aus.')
        return thema
 class VorgabeInline(SortableInlineAdminMixin, NestedStackedInline):
    model = Vorgabe
    form = VorgabeForm
--- a/dokumente/management/commands/export_xml.py
+++ b/dokumente/management/commands/export_xml.py
@@ -0,0 +1,39 @@
 from django.core.management.base import BaseCommand
 import xml.etree.ElementTree as ET
 from dokumente.models import Dokument
 from dokumente.utils import build_dokument_xml_element, prettify_xml
 class Command(BaseCommand):
    help = 'Export all dokumente as XML'
    def add_arguments(self, parser):
        parser.add_argument(
            '--output',
            type=str,
            help='Output file path (default: stdout)',
        )
    def handle(self, *args, **options):
        dokumente = Dokument.objects.filter(aktiv=True).prefetch_related(
            'autoren', 'pruefende', 'vorgaben__thema',
            'vorgaben__referenzen', 'vorgaben__stichworte',
            'vorgaben__checklistenfragen', 'vorgaben__vorgabekurztext_set',
            'vorgaben__vorgabelangtext_set', 'geltungsbereich_set',
            'einleitung_set', 'changelog__autoren'
        ).order_by('nummer')
        root = ET.Element('Vorgabendokumente')
        for dokument in dokumente:
            build_dokument_xml_element(dokument, root)
        xml_str = ET.tostring(root, encoding='unicode', method='xml')
        xml_output = prettify_xml(xml_str)
        if options['output']:
            with open(options['output'], 'w', encoding='utf-8') as f:
                f.write(xml_output)
            self.stdout.write(self.style.SUCCESS(f'XML exported to {options["output"]}'))
        else:
            self.stdout.write(xml_output)
--- a/dokumente/management/commands/import-document.py
+++ b/dokumente/management/commands/import-document.py
@@ -71,6 +71,7 @@ class Command(BaseCommand):
                "name": name,
                "gueltigkeit_von": options["gueltigkeit_von"],
                "gueltigkeit_bis": options["gueltigkeit_bis"],
                "aktiv":False,
            },
        )
        if created:
@@ -319,6 +320,7 @@ class Command(BaseCommand):
                    thema=thema,
                    titel=v["titel"],
                    gueltigkeit_von=timezone.now().date(),
                    order=0,
                )
                # Stichworte
--- a/dokumente/models.py
+++ b/dokumente/models.py
@@ -54,6 +54,34 @@ class Dokument(models.Model):
    def __str__(self):
        return f"{self.nummer} – {self.name}"
    @property
    def dates(self):
        """
        Returns an array of unique, chronologically sorted dates representing
        state-change dates from all Vorgaben in this document.
        These are dates where Vorgaben become active (gueltigkeit_von) or change state
        (the day after gueltigkeit_bis). The very last date in the list is excluded
        as it has no relevance (nothing changes after it).
        """
        dates_set = set()
        # Get all vorgaben for this document
        for vorgabe in self.vorgaben.all():
            # Add gueltigkeit_von (when vorgabe becomes active)
            if vorgabe.gueltigkeit_von:
                dates_set.add(vorgabe.gueltigkeit_von)
            # Add the day after gueltigkeit_bis (when vorgabe expires/changes state)
            # Only if gueltigkeit_bis is defined (not None)
            if vorgabe.gueltigkeit_bis:
                dates_set.add(vorgabe.gueltigkeit_bis + datetime.timedelta(days=1))
        # Return sorted unique dates from oldest to newest, excluding the last date
        # (but only if there are multiple dates; single dates are kept)
        sorted_dates = sorted(list(dates_set))
        return sorted_dates[:-1] if len(sorted_dates) > 1 else sorted_dates
    class Meta:
        verbose_name_plural="Dokumente"
        verbose_name="Dokument"
@@ -141,6 +169,12 @@ class Vorgabe(models.Model):
        """
        from django.core.exceptions import ValidationError
        # Check that thema is provided
        if not self.thema_id:
            raise ValidationError({
                'thema': 'Thema ist ein Pflichtfeld. Bitte wählen Sie ein Thema aus.'
            })
        # Check for conflicts with existing Vorgaben
        conflicts = self.find_conflicts()
        if conflicts:
--- a/dokumente/templates/standards/all_comments.html
+++ b/dokumente/templates/standards/all_comments.html
@@ -0,0 +1,67 @@
 {% extends "base.html" %}
 {% block content %}
 <h1>Alle Kommentare</h1>
 {% if total_comments == 0 %}
  <div class="alert alert-info">
    <p>Es gibt noch keine Kommentare zu Vorgaben.</p>
    <p><a href="{% url 'standard_list' %}">Zu den Standards</a></p>
  </div>
 {% else %}
  <p class="text-muted">Insgesamt {{ total_comments }} Kommentar{{ total_comments|pluralize:"e" }}</p>
  {% for dokument, comments in comments_by_document.items %}
  <div class="panel panel-default" style="margin-top: 2rem;">
    <div class="panel-heading">
      <h2 style="margin: 0;">
        <a href="{% url 'standard_detail' nummer=dokument.nummer %}">
          {{ dokument.nummer }} – {{ dokument.name }}
        </a>
      </h2>
      <p style="margin: 0; color: #666; font-size: 0.9rem;">
        {{ comments|length }} Kommentar{{ comments|length|pluralize:"e" }}
      </p>
    </div>
    <div class="panel-body">
      <div class="list-group">
        {% for comment in comments %}
        <div class="list-group-item" style="border-left: 3px solid #007bff; padding: 1rem;">
          <div style="display: flex; justify-content: space-between; align-items: flex-start;">
            <div style="flex: 1;">
              <h4 style="margin: 0 0 0.5rem 0;">
                <a href="{% url 'standard_detail' nummer=comment.vorgabe.dokument.nummer %}#{{ comment.vorgabe.Vorgabennummer }}">
                  {{ comment.vorgabe.Vorgabennummer }}
                </a> {{ comment.vorgabe.titel }}
              </h4>
              <p style="margin: 0 0 0.75rem 0; color: #666; font-size: 0.9rem;">
                <strong>Benutzer:</strong> {{ comment.user.first_name }} {{ comment.user.last_name }}<br>
                <strong>Erstellt:</strong> {{ comment.created_at|date:"d.m.Y H:i" }}
                {% if comment.updated_at != comment.created_at %}
                  <br>
                  <strong>Bearbeitet:</strong> {{ comment.updated_at|date:"d.m.Y H:i" }}
                {% endif %}
              </p>
            </div>
            <form method="POST" action="{% url 'delete_vorgabe_comment' comment.id %}" 
                  style="display: inline; margin-left: 1rem;"
                  onsubmit="return confirm('Sind Sie sicher, dass Sie diesen Kommentar löschen möchten?');">
              {% csrf_token %}
              <button type="submit" class="btn btn-sm btn-danger">Löschen</button>
            </form>
          </div>
          <div style="background: #f8f9fa; padding: 0.75rem; border-radius: 4px; margin-top: 0.5rem; white-space: pre-wrap; word-wrap: break-word;">
            {{ comment.text }}
          </div>
        </div>
        {% endfor %}
      </div>
    </div>
  </div>
  {% endfor %}
 {% endif %}
 <div style="margin-top: 2rem; padding-top: 2rem; border-top: 1px solid #ddd;">
  <a href="{% url 'standard_list' %}" class="btn btn-default">Zu den Standards</a>
 </div>
 {% endblock %}
--- a/dokumente/templates/standards/standard_detail.html
+++ b/dokumente/templates/standards/standard_detail.html
@@ -16,9 +16,32 @@
  {% if standard.history == True %}
  <div class="alert alert-warning" role="alert">
    {% if standard.is_future %}
    <strong>Zukünftige Version vom {{ standard.check_date }}</strong>
    {% else %}
    <strong>Historische Version vom {{ standard.check_date }}</strong>
    {% endif %}
  </div>
  {% endif %}
  <!-- History Dates Dropdown -->
  {% if standard.dates %}
  <div class="mb-3">
    <div class="dropdown">
      <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="text-decoration: none;">
        📅 Historische Versionen
      </a>
      <ul class="dropdown-menu" role="menu">
        <li><a href="/dokumente/{{ standard.nummer }}/">Aktuelle Version</a></li>
        <li class="divider"></li>
        {% for date in standard.dates %}
        <li><a href="/dokumente/{{ standard.nummer }}/history/{{ date|date:'Y-m-d' }}/">{{ date|date:'d.m.Y' }}</a></li>
        {% endfor %}
      </ul>
    </div>
  </div>
  {% endif %}
  <!-- Einleitung -->
  {% if standard.einleitung_html %}
  <div class="row mb-4">
@@ -186,6 +209,11 @@
            download="{{ standard.nummer }}.json">
           JSON herunterladen
         </a>
         <a href="{% url 'standard_xml' standard.nummer %}"
            class="btn btn-secondary icon icon--before icon--download"
            download="{{ standard.nummer }}.xml">
           XML herunterladen
         </a>
       </p>
    </div>
  </div>
--- a/dokumente/templates/standards/user_comments.html
+++ b/dokumente/templates/standards/user_comments.html
@@ -0,0 +1,66 @@
 {% extends "base.html" %}
 {% block content %}
 <h1>Meine Kommentare</h1>
 {% if total_comments == 0 %}
  <div class="alert alert-info">
    <p>Sie haben noch keine Kommentare zu Vorgaben hinterlassen.</p>
    <p><a href="{% url 'standard_list' %}">Zu den Standards</a></p>
  </div>
 {% else %}
  <p class="text-muted">Insgesamt {{ total_comments }} Kommentar{{ total_comments|pluralize:"e" }}</p>
  {% for dokument, comments in comments_by_document.items %}
  <div class="panel panel-default" style="margin-top: 2rem;">
    <div class="panel-heading">
      <h2 style="margin: 0;">
        <a href="{% url 'standard_detail' nummer=dokument.nummer %}">
          {{ dokument.nummer }} – {{ dokument.name }}
        </a>
      </h2>
      <p style="margin: 0; color: #666; font-size: 0.9rem;">
        {{ comments|length }} Kommentar{{ comments|length|pluralize:"e" }}
      </p>
    </div>
    <div class="panel-body">
      <div class="list-group">
        {% for comment in comments %}
        <div class="list-group-item" style="border-left: 3px solid #007bff; padding: 1rem;">
          <div style="display: flex; justify-content: space-between; align-items: flex-start;">
            <div style="flex: 1;">
              <h4 style="margin: 0 0 0.5rem 0;">
                <a href="{% url 'standard_detail' nummer=comment.vorgabe.dokument.nummer %}#{{ comment.vorgabe.Vorgabennummer }}">
                  {{ comment.vorgabe.Vorgabennummer }}
                </a> {{ comment.vorgabe.titel }}
              </h4>
              <p style="margin: 0 0 0.75rem 0; color: #666; font-size: 0.9rem;">
                <strong>Erstellt:</strong> {{ comment.created_at|date:"d.m.Y H:i" }}
                {% if comment.updated_at != comment.created_at %}
                  <br>
                  <strong>Bearbeitet:</strong> {{ comment.updated_at|date:"d.m.Y H:i" }}
                {% endif %}
              </p>
            </div>
            <form method="POST" action="{% url 'delete_vorgabe_comment' comment.id %}" 
                  style="display: inline; margin-left: 1rem;"
                  onsubmit="return confirm('Sind Sie sicher, dass Sie diesen Kommentar löschen möchten?');">
              {% csrf_token %}
              <button type="submit" class="btn btn-sm btn-danger">Löschen</button>
            </form>
          </div>
          <div style="background: #f8f9fa; padding: 0.75rem; border-radius: 4px; margin-top: 0.5rem; white-space: pre-wrap; word-wrap: break-word;">
            {{ comment.text }}
          </div>
        </div>
        {% endfor %}
      </div>
    </div>
  </div>
  {% endfor %}
 {% endif %}
 <div style="margin-top: 2rem; padding-top: 2rem; border-top: 1px solid #ddd;">
  <a href="{% url 'standard_list' %}" class="btn btn-default">Zu den Standards</a>
 </div>
 {% endblock %}
--- a/dokumente/test_import_command.py
+++ b/dokumente/test_import_command.py
@@ -0,0 +1,960 @@
 """
 Tests for the import-document management command.
 This test suite covers:
 - Basic import functionality
 - Dry-run mode
 - Purge functionality
 - Error handling (missing file, dokumententyp, thema, abschnitttyp)
 - Context switching (einleitung → geltungsbereich → vorgabe)
 - Header normalization
 - Vorgaben with Kurztext, Langtext, Stichworte, Checklistenfragen
 - Edge cases and malformed input
 """
 import os
 import tempfile
 from io import StringIO
 from pathlib import Path
 from django.test import TestCase
 from django.core.management import call_command
 from django.core.management.base import CommandError
 from dokumente.models import (
    Dokumententyp,
    Dokument,
    Thema,
    Vorgabe,
    VorgabeKurztext,
    VorgabeLangtext,
    Geltungsbereich,
    Einleitung,
    Checklistenfrage,
 )
 from abschnitte.models import AbschnittTyp
 from stichworte.models import Stichwort
 class ImportDocumentCommandTestCase(TestCase):
    """Test cases for the import-document management command"""
    def setUp(self):
        """Set up test fixtures"""
        # Create required Dokumententyp
        self.dokumententyp = Dokumententyp.objects.create(
            name="IT-Sicherheit",
            verantwortliche_ve="TEST-VE"
        )
        # Create required AbschnittTyp instances
        self.text_typ = AbschnittTyp.objects.create(abschnitttyp="text")
        self.liste_geordnet_typ = AbschnittTyp.objects.create(
            abschnitttyp="liste geordnet"
        )
        self.liste_ungeordnet_typ = AbschnittTyp.objects.create(
            abschnitttyp="liste ungeordnet"
        )
        # Create test Themen
        self.thema_organisation = Thema.objects.create(
            name="Organisation",
            erklaerung="Organisatorische Anforderungen"
        )
        self.thema_technik = Thema.objects.create(
            name="Technik",
            erklaerung="Technische Anforderungen"
        )
        # Additional Themen for r009.txt example
        self.thema_informationen = Thema.objects.create(
            name="Informationen",
            erklaerung="Informationssicherheit"
        )
        self.thema_systeme = Thema.objects.create(
            name="Systeme",
            erklaerung="Systemanforderungen"
        )
        self.thema_anwendungen = Thema.objects.create(
            name="Anwendungen",
            erklaerung="Anwendungsanforderungen"
        )
        self.thema_zonen = Thema.objects.create(
            name="Zonen",
            erklaerung="Zonenanforderungen"
        )
    def create_test_file(self, content):
        """Helper to create a temporary test file with given content"""
        fd, path = tempfile.mkstemp(suffix=".txt", text=True)
        with os.fdopen(fd, 'w', encoding='utf-8') as f:
            f.write(content)
        return path
    def test_basic_import_creates_document(self):
        """Test that basic import creates a document"""
        test_content = """>>>Einleitung
 >>>text
 This is the introduction.
 >>>geltungsbereich
 >>>text
 This is the scope.
 >>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel
 Test Requirement
 >>>Kurztext
 >>>Text
 Short description.
 >>>Langtext
 >>>Text
 Long description.
 """
        test_file = self.create_test_file(test_content)
        try:
            out = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-001',
                '--name', 'Test Document',
                '--dokumententyp', 'IT-Sicherheit',
                stdout=out
            )
            # Check document was created
            dokument = Dokument.objects.get(nummer='TEST-001')
            self.assertEqual(dokument.name, 'Test Document')
            self.assertEqual(dokument.dokumententyp, self.dokumententyp)
            # Check output message
            output = out.getvalue()
            self.assertIn('Created Document TEST-001', output)
            self.assertIn('Imported document TEST-001', output)
        finally:
            os.unlink(test_file)
    def test_import_creates_einleitung(self):
        """Test that Einleitung sections are created"""
        test_content = """>>>Einleitung
 >>>text
 This is the introduction text.
 >>>geltungsbereich
 >>>text
 Scope text.
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-002',
                '--name', 'Test Document 2',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-002')
            einleitung = Einleitung.objects.filter(einleitung=dokument)
            self.assertEqual(einleitung.count(), 1)
            self.assertEqual(einleitung.first().inhalt, 'This is the introduction text.')
            self.assertEqual(einleitung.first().abschnitttyp, self.text_typ)
        finally:
            os.unlink(test_file)
    def test_import_creates_geltungsbereich(self):
        """Test that Geltungsbereich sections are created"""
        test_content = """>>>geltungsbereich
 >>>text
 This standard applies to all servers.
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-003',
                '--name', 'Test Document 3',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-003')
            geltungsbereich = Geltungsbereich.objects.filter(geltungsbereich=dokument)
            self.assertEqual(geltungsbereich.count(), 1)
            self.assertEqual(
                geltungsbereich.first().inhalt,
                'This standard applies to all servers.'
            )
            self.assertEqual(geltungsbereich.first().abschnitttyp, self.text_typ)
        finally:
            os.unlink(test_file)
    def test_import_creates_vorgabe_with_all_fields(self):
        """Test creating a Vorgabe with all fields"""
        test_content = """>>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel
 Complete Requirement
 >>>Kurztext
 >>>Text
 Short text here.
 >>>Langtext
 >>>Text
 Long text here.
 >>>Stichworte
 Testing, Management, Security
 >>>Checkliste
 Is the requirement met?
 Has documentation been provided?
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-004',
                '--name', 'Test Document 4',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-004')
            vorgabe = Vorgabe.objects.get(dokument=dokument, nummer=1)
            # Check basic fields
            self.assertEqual(vorgabe.titel, 'Complete Requirement')
            self.assertEqual(vorgabe.thema, self.thema_organisation)
            # Check Kurztext
            kurztext = VorgabeKurztext.objects.filter(abschnitt=vorgabe)
            self.assertEqual(kurztext.count(), 1)
            self.assertEqual(kurztext.first().inhalt, 'Short text here.')
            # Check Langtext
            langtext = VorgabeLangtext.objects.filter(abschnitt=vorgabe)
            self.assertEqual(langtext.count(), 1)
            self.assertEqual(langtext.first().inhalt, 'Long text here.')
            # Check Stichworte
            stichworte = vorgabe.stichworte.all()
            self.assertEqual(stichworte.count(), 3)
            stichwort_names = {s.stichwort for s in stichworte}
            self.assertEqual(stichwort_names, {'Testing', 'Management', 'Security'})
            # Check Checklistenfragen
            fragen = Checklistenfrage.objects.filter(vorgabe=vorgabe)
            self.assertEqual(fragen.count(), 2)
            frage_texts = {f.frage for f in fragen}
            self.assertEqual(frage_texts, {
                'Is the requirement met?',
                'Has documentation been provided?'
            })
        finally:
            os.unlink(test_file)
    def test_import_multiple_vorgaben(self):
        """Test importing multiple Vorgaben"""
        test_content = """>>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel
 First Requirement
 >>>Kurztext
 >>>Text
 First requirement text.
 >>>Vorgabe Technik
 >>>Nummer 2
 >>>Titel
 Second Requirement
 >>>Kurztext
 >>>Text
 Second requirement text.
 >>>Vorgabe Organisation
 >>>Nummer 3
 >>>Titel
 Third Requirement
 >>>Kurztext
 >>>Text
 Third requirement text.
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-005',
                '--name', 'Test Document 5',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-005')
            vorgaben = Vorgabe.objects.filter(dokument=dokument).order_by('nummer')
            self.assertEqual(vorgaben.count(), 3)
            self.assertEqual(vorgaben[0].nummer, 1)
            self.assertEqual(vorgaben[0].thema, self.thema_organisation)
            self.assertEqual(vorgaben[1].nummer, 2)
            self.assertEqual(vorgaben[1].thema, self.thema_technik)
            self.assertEqual(vorgaben[2].nummer, 3)
            self.assertEqual(vorgaben[2].thema, self.thema_organisation)
        finally:
            os.unlink(test_file)
    def test_dry_run_creates_no_data(self):
        """Test that dry-run mode creates no database records"""
        test_content = """>>>Einleitung
 >>>text
 Introduction text.
 >>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel
 Test Requirement
 >>>Kurztext
 >>>Text
 Short text.
 """
        test_file = self.create_test_file(test_content)
        try:
            out = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-DRY',
                '--name', 'Dry Run Test',
                '--dokumententyp', 'IT-Sicherheit',
                '--dry-run',
                stdout=out
            )
            # Document is created (for counting purposes) but not saved
            output = out.getvalue()
            self.assertIn('Dry run: no database changes will be made', output)
            self.assertIn('Dry run complete', output)
            # Check that Einleitung and Vorgabe were NOT created
            dokument = Dokument.objects.get(nummer='TEST-DRY')
            self.assertEqual(Einleitung.objects.filter(einleitung=dokument).count(), 0)
            self.assertEqual(Vorgabe.objects.filter(dokument=dokument).count(), 0)
        finally:
            os.unlink(test_file)
    def test_dry_run_verbose_shows_details(self):
        """Test that dry-run with verbose shows detailed output"""
        test_content = """>>>Einleitung
 >>>text
 Introduction.
 >>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel
 Test
 >>>Kurztext
 >>>Text
 Short.
 >>>Langtext
 >>>Text
 Long.
 >>>Stichworte
 Keyword1, Keyword2
 >>>Checkliste
 Question 1?
 Question 2?
 """
        test_file = self.create_test_file(test_content)
        try:
            out = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-VERBOSE',
                '--name', 'Verbose Test',
                '--dokumententyp', 'IT-Sicherheit',
                '--dry-run',
                '--verbose',
                stdout=out
            )
            output = out.getvalue()
            self.assertIn('[DRY RUN] Einleitung Abschnitt', output)
            self.assertIn('[DRY RUN] Would create Vorgabe 1', output)
            self.assertIn('Stichworte: Keyword1, Keyword2', output)
            self.assertIn('Checkliste: Question 1?', output)
            self.assertIn('Checkliste: Question 2?', output)
            self.assertIn('Kurztext', output)
            self.assertIn('Langtext', output)
        finally:
            os.unlink(test_file)
    def test_purge_deletes_existing_content(self):
        """Test that --purge deletes existing content before import"""
        test_content = """>>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel
 New Requirement
 >>>Kurztext
 >>>Text
 New text.
 """
        test_file = self.create_test_file(test_content)
        try:
            # First import
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-PURGE',
                '--name', 'Purge Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-PURGE')
            self.assertEqual(Vorgabe.objects.filter(dokument=dokument).count(), 1)
            # Second import with different content and --purge
            test_content_2 = """>>>Vorgabe Technik
 >>>Nummer 2
 >>>Titel
 Replacement Requirement
 >>>Kurztext
 >>>Text
 Replacement text.
 """
            test_file_2 = self.create_test_file(test_content_2)
            try:
                out = StringIO()
                call_command(
                    'import-document',
                    test_file_2,
                    '--nummer', 'TEST-PURGE',
                    '--name', 'Purge Test',
                    '--dokumententyp', 'IT-Sicherheit',
                    '--purge',
                    stdout=out
                )
                # Old Vorgabe should be deleted, only new one exists
                vorgaben = Vorgabe.objects.filter(dokument=dokument)
                self.assertEqual(vorgaben.count(), 1)
                self.assertEqual(vorgaben.first().nummer, 2)
                self.assertEqual(vorgaben.first().thema, self.thema_technik)
                output = out.getvalue()
                self.assertIn('Purged', output)
            finally:
                os.unlink(test_file_2)
        finally:
            os.unlink(test_file)
    def test_purge_dry_run_shows_what_would_be_deleted(self):
        """Test that --purge with --dry-run shows deletion counts"""
        test_content = """>>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel
 Original
 >>>Kurztext
 >>>Text
 Text.
 """
        test_file = self.create_test_file(test_content)
        try:
            # First import to create data
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-PURGE-DRY',
                '--name', 'Purge Dry Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
            # Dry run with purge
            out = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-PURGE-DRY',
                '--name', 'Purge Dry Test',
                '--dokumententyp', 'IT-Sicherheit',
                '--purge',
                '--dry-run',
                stdout=out
            )
            output = out.getvalue()
            self.assertIn('[DRY RUN] Would purge:', output)
            self.assertIn('1 Vorgaben', output)
        finally:
            os.unlink(test_file)
    def test_header_normalization(self):
        """Test that headers with hyphens are normalized correctly"""
        test_content = """>>>geltungsbereich
 >>>Liste-ungeordnet
 Item 1
 Item 2
 Item 3
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-NORM',
                '--name', 'Normalization Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-NORM')
            geltungsbereich = Geltungsbereich.objects.get(geltungsbereich=dokument)
            # Should have normalized "Liste-ungeordnet" to "liste ungeordnet"
            self.assertEqual(geltungsbereich.abschnitttyp, self.liste_ungeordnet_typ)
        finally:
            os.unlink(test_file)
    def test_missing_file_raises_error(self):
        """Test that missing file raises CommandError"""
        with self.assertRaises(CommandError) as cm:
            call_command(
                'import-document',
                '/nonexistent/file.txt',
                '--nummer', 'TEST-ERR',
                '--name', 'Error Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
        self.assertIn('does not exist', str(cm.exception))
    def test_missing_dokumententyp_raises_error(self):
        """Test that missing Dokumententyp raises CommandError"""
        test_content = """>>>geltungsbereich
 >>>text
 Text.
 """
        test_file = self.create_test_file(test_content)
        try:
            with self.assertRaises(CommandError) as cm:
                call_command(
                    'import-document',
                    test_file,
                    '--nummer', 'TEST-ERR',
                    '--name', 'Error Test',
                    '--dokumententyp', 'NonExistentType'
                )
            self.assertIn('does not exist', str(cm.exception))
        finally:
            os.unlink(test_file)
    def test_missing_thema_skips_vorgabe(self):
        """Test that missing Thema causes Vorgabe to be skipped with warning"""
        test_content = """>>>Vorgabe NonExistentThema
 >>>Nummer 1
 >>>Titel
 Test
 >>>Kurztext
 >>>Text
 Text.
 """
        test_file = self.create_test_file(test_content)
        try:
            out = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-SKIP',
                '--name', 'Skip Test',
                '--dokumententyp', 'IT-Sicherheit',
                stdout=out
            )
            dokument = Dokument.objects.get(nummer='TEST-SKIP')
            # Vorgabe should NOT be created
            self.assertEqual(Vorgabe.objects.filter(dokument=dokument).count(), 0)
            output = out.getvalue()
            self.assertIn('not found, skipping Vorgabe', output)
        finally:
            os.unlink(test_file)
    def test_missing_abschnitttyp_defaults_to_text(self):
        """Test that missing AbschnittTyp defaults to 'text' with warning"""
        # Delete all but text type
        AbschnittTyp.objects.exclude(abschnitttyp='text').delete()
        test_content = """>>>geltungsbereich
 >>>liste geordnet
 Item 1
 """
        test_file = self.create_test_file(test_content)
        try:
            out = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-DEFAULT',
                '--name', 'Default Test',
                '--dokumententyp', 'IT-Sicherheit',
                stdout=out
            )
            dokument = Dokument.objects.get(nummer='TEST-DEFAULT')
            geltungsbereich = Geltungsbereich.objects.get(geltungsbereich=dokument)
            # Should default to 'text' type
            self.assertEqual(geltungsbereich.abschnitttyp.abschnitttyp, 'text')
            output = out.getvalue()
            self.assertIn("not found; defaulting to 'text'", output)
        finally:
            os.unlink(test_file)
    def test_inline_titel(self):
        """Test that inline title (on same line as header) is parsed"""
        test_content = """>>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel Inline Title Here
 >>>Kurztext
 >>>Text
 Text.
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-INLINE',
                '--name', 'Inline Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-INLINE')
            vorgabe = Vorgabe.objects.get(dokument=dokument)
            self.assertEqual(vorgabe.titel, 'Inline Title Here')
        finally:
            os.unlink(test_file)
    def test_inline_stichworte(self):
        """Test that inline Stichworte (on same line as header) are parsed"""
        test_content = """>>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel Test
 >>>Stichworte Security, Testing, Compliance
 >>>Kurztext
 >>>Text
 Text.
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-INLINE-STW',
                '--name', 'Inline Stichwort Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-INLINE-STW')
            vorgabe = Vorgabe.objects.get(dokument=dokument)
            stichworte = {s.stichwort for s in vorgabe.stichworte.all()}
            self.assertEqual(stichworte, {'Security', 'Testing', 'Compliance'})
        finally:
            os.unlink(test_file)
    def test_gueltigkeit_dates(self):
        """Test that validity dates are set correctly"""
        test_content = """>>>geltungsbereich
 >>>text
 Scope.
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-DATES',
                '--name', 'Date Test',
                '--dokumententyp', 'IT-Sicherheit',
                '--gueltigkeit_von', '2024-01-01',
                '--gueltigkeit_bis', '2024-12-31'
            )
            dokument = Dokument.objects.get(nummer='TEST-DATES')
            self.assertEqual(str(dokument.gueltigkeit_von), '2024-01-01')
            self.assertEqual(str(dokument.gueltigkeit_bis), '2024-12-31')
        finally:
            os.unlink(test_file)
    def test_existing_document_updates(self):
        """Test that importing to existing document number shows warning"""
        test_content = """>>>geltungsbereich
 >>>text
 First version.
 """
        test_file = self.create_test_file(test_content)
        try:
            # First import
            out = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-EXISTS',
                '--name', 'Existing Test',
                '--dokumententyp', 'IT-Sicherheit',
                stdout=out
            )
            output1 = out.getvalue()
            self.assertIn('Created Document TEST-EXISTS', output1)
            # Second import with same number
            out2 = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-EXISTS',
                '--name', 'Existing Test',
                '--dokumententyp', 'IT-Sicherheit',
                stdout=out2
            )
            output2 = out2.getvalue()
            self.assertIn('already exists', output2)
        finally:
            os.unlink(test_file)
    def test_multiple_kurztext_sections(self):
        """Test Vorgabe with multiple Kurztext sections"""
        test_content = """>>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel Multiple Sections
 >>>Kurztext
 >>>Text
 First kurztext section.
 >>>Liste ungeordnet
 Item A
 Item B
 >>>Langtext
 >>>Text
 Langtext.
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-MULTI',
                '--name', 'Multi Section Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-MULTI')
            vorgabe = Vorgabe.objects.get(dokument=dokument)
            kurztext_sections = VorgabeKurztext.objects.filter(abschnitt=vorgabe).order_by('id')
            self.assertEqual(kurztext_sections.count(), 2)
            self.assertEqual(kurztext_sections[0].abschnitttyp.abschnitttyp, 'text')
            self.assertEqual(kurztext_sections[1].abschnitttyp.abschnitttyp, 'liste ungeordnet')
        finally:
            os.unlink(test_file)
    def test_empty_file(self):
        """Test importing an empty file"""
        test_content = ""
        test_file = self.create_test_file(test_content)
        try:
            out = StringIO()
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-EMPTY',
                '--name', 'Empty Test',
                '--dokumententyp', 'IT-Sicherheit',
                stdout=out
            )
            dokument = Dokument.objects.get(nummer='TEST-EMPTY')
            # Document created but no content
            self.assertEqual(Einleitung.objects.filter(einleitung=dokument).count(), 0)
            self.assertEqual(Geltungsbereich.objects.filter(geltungsbereich=dokument).count(), 0)
            self.assertEqual(Vorgabe.objects.filter(dokument=dokument).count(), 0)
            output = out.getvalue()
            self.assertIn('with 0 Vorgaben', output)
        finally:
            os.unlink(test_file)
    def test_unicode_content(self):
        """Test that Unicode characters (German umlauts, etc.) are handled correctly"""
        test_content = """>>>Einleitung
 >>>text
 Übersicht über die Sicherheitsanforderungen für IT-Systeme.
 >>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel
 Überprüfung der Systemkonfiguration
 >>>Kurztext
 >>>Text
 Die Konfiguration muss regelmäßig überprüft werden.
 >>>Stichworte
 Überprüfung, Sicherheit, Qualität
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-UNICODE',
                '--name', 'Unicode Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-UNICODE')
            # Check Einleitung
            einleitung = Einleitung.objects.get(einleitung=dokument)
            self.assertIn('Übersicht', einleitung.inhalt)
            # Check Vorgabe
            vorgabe = Vorgabe.objects.get(dokument=dokument)
            self.assertEqual(vorgabe.titel, 'Überprüfung der Systemkonfiguration')
            # Check Kurztext
            kurztext = VorgabeKurztext.objects.get(abschnitt=vorgabe)
            self.assertIn('regelmäßig', kurztext.inhalt)
            # Check Stichworte
            stichworte = {s.stichwort for s in vorgabe.stichworte.all()}
            self.assertIn('Überprüfung', stichworte)
        finally:
            os.unlink(test_file)
    def test_context_switching(self):
        """Test that context switches correctly between sections"""
        test_content = """>>>Einleitung
 >>>text
 Intro text 1.
 >>>text
 Intro text 2.
 >>>geltungsbereich
 >>>text
 Scope text 1.
 >>>text
 Scope text 2.
 >>>Vorgabe Organisation
 >>>Nummer 1
 >>>Titel Test
 >>>Kurztext
 >>>text
 Kurztext 1.
 >>>text
 Kurztext 2.
 >>>Langtext
 >>>text
 Langtext 1.
 """
        test_file = self.create_test_file(test_content)
        try:
            call_command(
                'import-document',
                test_file,
                '--nummer', 'TEST-CONTEXT',
                '--name', 'Context Test',
                '--dokumententyp', 'IT-Sicherheit'
            )
            dokument = Dokument.objects.get(nummer='TEST-CONTEXT')
            # Check Einleitung has 2 sections
            einleitung = Einleitung.objects.filter(einleitung=dokument)
            self.assertEqual(einleitung.count(), 2)
            # Check Geltungsbereich has 2 sections
            geltungsbereich = Geltungsbereich.objects.filter(geltungsbereich=dokument)
            self.assertEqual(geltungsbereich.count(), 2)
            # Check Vorgabe has correct Kurztext and Langtext counts
            vorgabe = Vorgabe.objects.get(dokument=dokument)
            kurztext = VorgabeKurztext.objects.filter(abschnitt=vorgabe)
            langtext = VorgabeLangtext.objects.filter(abschnitt=vorgabe)
            self.assertEqual(kurztext.count(), 2)
            self.assertEqual(langtext.count(), 1)
        finally:
            os.unlink(test_file)
    def test_real_world_example(self):
        """Test importing the real r009.txt example document"""
        # Use the actual example file
        example_file = Path(__file__).parent.parent / 'Documentation' / 'import formats' / 'r009.txt'
        if not example_file.exists():
            self.skipTest("r009.txt example file not found")
        out = StringIO()
        call_command(
            'import-document',
            str(example_file),
            '--nummer', 'R009',
            '--name', 'IT-Sicherheit Serversysteme',
            '--dokumententyp', 'IT-Sicherheit',
            stdout=out
        )
        dokument = Dokument.objects.get(nummer='R009')
        # Check that Einleitung was created
        self.assertGreater(Einleitung.objects.filter(einleitung=dokument).count(), 0)
        # Check that Geltungsbereich was created
        self.assertGreater(Geltungsbereich.objects.filter(geltungsbereich=dokument).count(), 0)
        # Check that multiple Vorgaben were created (r009.txt has 23 Vorgaben)
        vorgaben = Vorgabe.objects.filter(dokument=dokument)
        self.assertGreaterEqual(vorgaben.count(), 20)
        # Verify output message
        output = out.getvalue()
        self.assertIn('Imported document R009', output)
--- a/dokumente/tests.py
+++ b/dokumente/tests.py
--- a/dokumente/urls.py
+++ b/dokumente/urls.py
@@ -4,11 +4,14 @@ from . import views
 urlpatterns = [
    path('', views.standard_list, name='standard_list'),
    path('unvollstaendig/', views.incomplete_vorgaben, name='incomplete_vorgaben'),
    path('meine-kommentare/', views.user_comments, name='user_comments'),
    path('alle-kommentare/', views.all_comments, name='all_comments'),
    path('<str:nummer>/', views.standard_detail, name='standard_detail'),
    path('<str:nummer>/history/<str:check_date>/', views.standard_detail),
    path('<str:nummer>/history/', views.standard_detail, {"check_date":"today"}, name='standard_history'),
    path('<str:nummer>/checkliste/', views.standard_checkliste, name='standard_checkliste'),
    path('<str:nummer>/json/', views.standard_json, name='standard_json'),
    path('<str:nummer>/xml/', views.standard_xml, name='standard_xml'),
    path('comments/<int:vorgabe_id>/', views.get_vorgabe_comments, name='get_vorgabe_comments'),
    path('comments/<int:vorgabe_id>/add/', views.add_vorgabe_comment, name='add_vorgabe_comment'),
    path('comments/delete/<int:comment_id>/', views.delete_vorgabe_comment, name='delete_vorgabe_comment'),
--- a/dokumente/utils.py
+++ b/dokumente/utils.py
@@ -1,7 +1,9 @@
 """
-Utility functions for Vorgaben sanity checking
+Utility functions for Vorgaben sanity checking and XML export
 """
 import datetime
 import xml.etree.ElementTree as ET
 import xml.dom.minidom
 from django.db.models import Count
 from itertools import combinations
 from dokumente.models import Vorgabe
@@ -121,3 +123,190 @@ def format_conflict_report(conflicts, verbose=False):
            lines.append(f"   Overlap starts: {overlap_start} (no end)")
    return "\n".join(lines)
 # XML Export utilities
 def parse_markdown_table(markdown_content):
    """
    Parse markdown table content and return XML element with <table><header><row><column> structure
    """
    lines = [line.strip() for line in markdown_content.strip().split('\n') if line.strip()]
    if not lines:
        return None
    # Create table element
    table = ET.Element('table')
    # Parse first row as header
    header_row = [cell.strip() for cell in lines[0].split('|') if cell.strip()]
    header = ET.SubElement(table, 'header')
    for cell in header_row:
        column = ET.SubElement(header, 'column')
        column.text = cell
    # Parse remaining rows (skip separator row if it exists)
    for line in lines[2:] if len(lines) > 1 and all(c in '-| ' for c in lines[1]) else lines[1:]:
        # Check if this is a separator row
        if all(c in '-| ' for c in line):
            continue
        row = ET.SubElement(table, 'row')
        row_cells = [cell.strip() for cell in line.split('|') if cell.strip()]
        for cell in row_cells:
            column = ET.SubElement(row, 'column')
            column.text = cell
    return table
 def prettify_xml(xml_string):
    """
    Prettify XML string with proper indentation
    """
    dom = xml.dom.minidom.parseString(xml_string)
    return dom.toprettyxml(indent="  ", encoding="UTF-8").decode('utf-8')
 def build_dokument_xml_element(dokument, parent_element):
    """
    Build XML element for a single Dokument and append it to parent_element.
    Args:
        dokument: Dokument instance (should be prefetched with related data)
        parent_element: Parent XML element to append to
    Returns:
        The created document element
    """
    doc_element = ET.SubElement(parent_element, 'Vorgabendokument')
    ET.SubElement(doc_element, 'Typ').text = dokument.dokumententyp.name if dokument.dokumententyp else ""
    ET.SubElement(doc_element, 'Nummer').text = dokument.nummer
    ET.SubElement(doc_element, 'Name').text = dokument.name
    autoren_element = ET.SubElement(doc_element, 'Autoren')
    for autor in dokument.autoren.all():
        ET.SubElement(autoren_element, 'Autor').text = autor.name
    pruefende_element = ET.SubElement(doc_element, 'Pruefende')
    for pruefender in dokument.pruefende.all():
        ET.SubElement(pruefende_element, 'Pruefender').text = pruefender.name
    gueltigkeit_element = ET.SubElement(doc_element, 'Gueltigkeit')
    ET.SubElement(gueltigkeit_element, 'Von').text = dokument.gueltigkeit_von.strftime("%Y-%m-%d") if dokument.gueltigkeit_von else ""
    ET.SubElement(gueltigkeit_element, 'Bis').text = dokument.gueltigkeit_bis.strftime("%Y-%m-%d") if dokument.gueltigkeit_bis else None
    ET.SubElement(doc_element, 'SignaturCSO').text = dokument.signatur_cso
    geltungsbereich_sections = dokument.geltungsbereich_set.all().order_by('order')
    if geltungsbereich_sections:
        geltungsbereich_element = ET.SubElement(doc_element, 'Geltungsbereich')
        for gb in geltungsbereich_sections:
            section_type = gb.abschnitttyp.abschnitttyp if gb.abschnitttyp else "text"
            if section_type in ('tabelle', 'table'):
                table = parse_markdown_table(gb.inhalt)
                if table is not None:
                    abschnitt_element = ET.SubElement(geltungsbereich_element, 'Abschnitt')
                    abschnitt_element.set('typ', section_type)
                    abschnitt_element.append(table)
            else:
                abschnitt_element = ET.SubElement(geltungsbereich_element, 'Abschnitt')
                abschnitt_element.set('typ', section_type)
                abschnitt_element.text = gb.inhalt
    einleitung_sections = dokument.einleitung_set.all().order_by('order')
    if einleitung_sections:
        einleitung_element = ET.SubElement(doc_element, 'Einleitung')
        for ei in einleitung_sections:
            section_type = ei.abschnitttyp.abschnitttyp if ei.abschnitttyp else "text"
            if section_type in ('tabelle', 'table'):
                table = parse_markdown_table(ei.inhalt)
                if table is not None:
                    abschnitt_element = ET.SubElement(einleitung_element, 'Abschnitt')
                    abschnitt_element.set('typ', section_type)
                    abschnitt_element.append(table)
            else:
                abschnitt_element = ET.SubElement(einleitung_element, 'Abschnitt')
                abschnitt_element.set('typ', section_type)
                abschnitt_element.text = ei.inhalt
    ET.SubElement(doc_element, 'Ziel').text = ""
    ET.SubElement(doc_element, 'Grundlagen').text = ""
    changelog_element = ET.SubElement(doc_element, 'Changelog')
    for cl in dokument.changelog.all().order_by('-datum'):
        entry = ET.SubElement(changelog_element, 'Eintrag')
        ET.SubElement(entry, 'Datum').text = cl.datum.strftime("%Y-%m-%d")
        autoren = ET.SubElement(entry, 'Autoren')
        for autor in cl.autoren.all():
            ET.SubElement(autoren, 'Autor').text = autor.name
        ET.SubElement(entry, 'Aenderung').text = cl.aenderung
    anhaenge_element = ET.SubElement(doc_element, 'Anhaenge')
    ET.SubElement(anhaenge_element, 'Anhang').text = dokument.anhaenge
    ET.SubElement(doc_element, 'Verantwortlich').text = "Information Security Management BIT"
    ET.SubElement(doc_element, 'Klassifizierung').text = ""
    glossar_element = ET.SubElement(doc_element, 'Glossar')
    vorgaben_element = ET.SubElement(doc_element, 'Vorgaben')
    for vorgabe in dokument.vorgaben.all().order_by('order'):
        vorgabe_el = ET.SubElement(vorgaben_element, 'Vorgabe')
        ET.SubElement(vorgabe_el, 'Nummer').text = str(vorgabe.nummer)
        ET.SubElement(vorgabe_el, 'Titel').text = vorgabe.titel
        ET.SubElement(vorgabe_el, 'Thema').text = vorgabe.thema.name if vorgabe.thema else ""
        kurztext_sections = vorgabe.vorgabekurztext_set.all().order_by('order')
        if kurztext_sections:
            kurztext_element = ET.SubElement(vorgabe_el, 'Kurztext')
            for kt in kurztext_sections:
                section_type = kt.abschnitttyp.abschnitttyp if kt.abschnitttyp else "text"
                if section_type in ('tabelle', 'table'):
                    table = parse_markdown_table(kt.inhalt)
                    if table is not None:
                        abschnitt = ET.SubElement(kurztext_element, 'Abschnitt')
                        abschnitt.set('typ', section_type)
                        abschnitt.append(table)
                else:
                    abschnitt = ET.SubElement(kurztext_element, 'Abschnitt')
                    abschnitt.set('typ', section_type)
                    abschnitt.text = kt.inhalt
        langtext_sections = vorgabe.vorgabelangtext_set.all().order_by('order')
        if langtext_sections:
            langtext_element = ET.SubElement(vorgabe_el, 'Langtext')
            for lt in langtext_sections:
                section_type = lt.abschnitttyp.abschnitttyp if lt.abschnitttyp else "text"
                if section_type in ('tabelle', 'table'):
                    table = parse_markdown_table(lt.inhalt)
                    if table is not None:
                        abschnitt = ET.SubElement(langtext_element, 'Abschnitt')
                        abschnitt.set('typ', section_type)
                        abschnitt.append(table)
                else:
                    abschnitt = ET.SubElement(langtext_element, 'Abschnitt')
                    abschnitt.set('typ', section_type)
                    abschnitt.text = lt.inhalt
        referenz_element = ET.SubElement(vorgabe_el, 'Referenzen')
        for ref in vorgabe.referenzen.all():
            ref_text = f"{ref.name_nummer}: {ref.name_text}" if ref.name_text else ref.name_nummer
            ET.SubElement(referenz_element, 'Referenz').text = ref_text
        vorgabe_gueltigkeit = ET.SubElement(vorgabe_el, 'Gueltigkeit')
        ET.SubElement(vorgabe_gueltigkeit, 'Von').text = vorgabe.gueltigkeit_von.strftime("%Y-%m-%d") if vorgabe.gueltigkeit_von else ""
        ET.SubElement(vorgabe_gueltigkeit, 'Bis').text = vorgabe.gueltigkeit_bis.strftime("%Y-%m-%d") if vorgabe.gueltigkeit_bis else None
        checklistenfragen_element = ET.SubElement(vorgabe_el, 'Checklistenfragen')
        for cf in vorgabe.checklistenfragen.all():
            ET.SubElement(checklistenfragen_element, 'Frage').text = cf.frage
        stichworte_element = ET.SubElement(vorgabe_el, 'Stichworte')
        for stw in vorgabe.stichworte.all():
            ET.SubElement(stichworte_element, 'Stichwort').text = stw.stichwort
    return doc_element
--- a/dokumente/views.py
+++ b/dokumente/views.py
@@ -1,13 +1,15 @@
 from django.shortcuts import render, get_object_or_404
 from django.contrib.auth.decorators import login_required, user_passes_test
-from django.http import JsonResponse
+from django.http import JsonResponse, HttpResponse
 from django.core.serializers.json import DjangoJSONEncoder
 from django.views.decorators.http import require_POST
 from django.views.decorators.csrf import csrf_exempt
 from django.utils.html import escape, mark_safe
 from django.utils.safestring import SafeString
 import json
 import xml.etree.ElementTree as ET
 from .models import Dokument, Vorgabe, VorgabeKurztext, VorgabeLangtext, Checklistenfrage, VorgabeComment
 from .utils import build_dokument_xml_element, prettify_xml
 from abschnitte.utils import render_textabschnitte
 from datetime import date
@@ -29,9 +31,11 @@ def standard_detail(request, nummer,check_date=""):
    if check_date:
        check_date = calendar.parseDT(check_date)[0].date()
        standard.history = True
        standard.is_future = check_date > date.today()
    else:
        check_date = date.today()
        standard.history = False
        standard.is_future = False
    standard.check_date=check_date
    vorgaben = list(standard.vorgaben.order_by("thema","nummer").select_related("thema","dokument"))  # convert queryset to list so we can attach attributes
@@ -252,6 +256,37 @@ def standard_json(request, nummer):
    return JsonResponse(doc_data, json_dumps_params={'indent': 2, 'ensure_ascii': False}, encoder=DjangoJSONEncoder)
 def standard_xml(request, nummer):
    """
    Export a single Dokument as XML
    """
    # Get the document with all related data
    dokument = get_object_or_404(
        Dokument.objects.prefetch_related(
            'autoren', 'pruefende', 'vorgaben__thema',
            'vorgaben__referenzen', 'vorgaben__stichworte',
            'vorgaben__checklistenfragen', 'vorgaben__vorgabekurztext_set',
            'vorgaben__vorgabelangtext_set', 'geltungsbereich_set',
            'einleitung_set', 'changelog__autoren'
        ),
        nummer=nummer
    )
    # Create a temporary root element to build the document
    root = ET.Element('root')
    build_dokument_xml_element(dokument, root)
    # Get the actual document element (first child of root)
    doc_element = root[0]
    xml_str = ET.tostring(doc_element, encoding='unicode', method='xml')
    xml_output = prettify_xml(xml_str)
    response = HttpResponse(xml_output, content_type='application/xml; charset=utf-8')
    response['Content-Disposition'] = f'attachment; filename="{dokument.nummer}.xml"'
    return response
@login_required
 def get_vorgabe_comments(request, vorgabe_id):
    """Get comments for a specific Vorgabe"""
@@ -366,3 +401,57 @@ def delete_vorgabe_comment(request, comment_id):
        response['Content-Security-Policy'] = "default-src 'self'"
        response['X-Content-Type-Options'] = 'nosniff'
        return response
@login_required
 def user_comments(request):
    """
    Display all comments made by the logged-in user, grouped by document.
    """
    # Get all comments by the current user
    user_comments = VorgabeComment.objects.filter(
        user=request.user
    ).select_related('vorgabe', 'vorgabe__dokument').order_by(
        'vorgabe__dokument__nummer', '-created_at'
    )
    # Group comments by document
    comments_by_document = {}
    for comment in user_comments:
        dokument = comment.vorgabe.dokument
        if dokument not in comments_by_document:
            comments_by_document[dokument] = []
        comments_by_document[dokument].append(comment)
    return render(request, 'standards/user_comments.html', {
        'comments_by_document': comments_by_document,
        'total_comments': user_comments.count(),
    })
@login_required
@user_passes_test(is_staff_user)
 def all_comments(request):
    """
    Display all comments from all users, grouped by document.
    Staff only.
    """
    # Get all comments
    all_comments_qs = VorgabeComment.objects.select_related(
        'vorgabe', 'vorgabe__dokument', 'user'
    ).order_by(
        'vorgabe__dokument__nummer', '-created_at'
    )
    # Group comments by document
    comments_by_document = {}
    for comment in all_comments_qs:
        dokument = comment.vorgabe.dokument
        if dokument not in comments_by_document:
            comments_by_document[dokument] = []
        comments_by_document[dokument].append(comment)
    return render(request, 'standards/all_comments.html', {
        'comments_by_document': comments_by_document,
        'total_comments': all_comments_qs.count(),
    })
--- a/k8s/deployment.yaml
+++ b/k8s/deployment.yaml
@@ -25,7 +25,7 @@ spec:
              mountPath: /data
      containers:
         - name: web
-          image: docker.io/adebaumann/vui:0.917
+           image: docker.io/adebaumann/vui:0.918
          imagePullPolicy: Always
          ports:
            - containerPort: 8000
--- a/k8s/django-deployment-example.yaml
+++ b/k8s/django-deployment-example.yaml
@@ -0,0 +1,52 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: vgui-cicd-django
  namespace: vorgabenui
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: vgui-cicd-django
  template:
    metadata:
      labels:
        app: vgui-cicd-django
    spec:
      containers:
      - name: django
        image: your-django-image:latest
        ports:
        - containerPort: 8000
        env:
        # Django SECRET_KEY from Kubernetes secret
        - name: VORGABENUI_SECRET
          valueFrom:
            secretKeyRef:
              name: vorgabenui-secrets
              key: vorgabenui_secret
        # Other environment variables can be added here
        - name: DEBUG
          value: "False"
        # Add database configuration, etc.
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: vgui-cicd-django-service
  namespace: vorgabenui
 spec:
  selector:
    app: vgui-cicd-django
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8000
  type: ClusterIP
--- a/k8s/django-secret.yaml
+++ b/k8s/django-secret.yaml
@@ -0,0 +1,9 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: vorgabenui-secrets
  namespace: vorgabenui
 type: Opaque
 data:
  # Base64 encoded SECRET_KEY - will be populated by deployment script
  vorgabenui_secret: ""
--- a/pages/templates/400.html
+++ b/pages/templates/400.html
@@ -0,0 +1,16 @@
 {% extends "base.html" %}
 {% block title %}Ungültige Anfrage{% endblock %}
 {% block content %}
 <div class="row">
  <div class="col-md-12">
    <div class="alert alert-warning">
      <h2><i class="icon icon--alert"></i> Ungültige Anfrage (400)</h2>
      <p>Ihre Anfrage konnte nicht verarbeitet werden.</p>
      <p>Bitte überprüfen Sie die eingegebenen Daten und versuchen Sie es erneut.</p>
      <p><a href="/" class="btn btn-primary">Zur Startseite</a></p>
    </div>
  </div>
 </div>
 {% endblock %}
--- a/pages/templates/403.html
+++ b/pages/templates/403.html
@@ -0,0 +1,21 @@
 {% extends "base.html" %}
 {% block title %}Zugriff verweigert{% endblock %}
 {% block content %}
 <div class="row">
  <div class="col-md-12">
    <div class="alert alert-warning">
      <h2><i class="icon icon--alert"></i> Zugriff verweigert (403)</h2>
      <p>Sie haben keine Berechtigung, auf diese Seite zuzugreifen.</p>
      <p>Bitte melden Sie sich an oder wenden Sie sich an den Administrator.</p>
      <p>
        <a href="/" class="btn btn-primary">Zur Startseite</a>
        {% if not user.is_authenticated %}
        <a href="{% url 'login' %}" class="btn btn-secondary">Anmelden</a>
        {% endif %}
      </p>
    </div>
  </div>
 </div>
 {% endblock %}
--- a/pages/templates/404.html
+++ b/pages/templates/404.html
@@ -0,0 +1,21 @@
 {% extends "base.html" %}
 {% block title %}Seite nicht gefunden{% endblock %}
 {% block content %}
 <div class="row">
  <div class="col-md-12">
    <div class="alert alert-danger">
      <h2><i class="icon icon--alert"></i> Seite nicht gefunden (404)</h2>
      <p>Die gewünschte Seite konnte nicht gefunden werden.</p>
      <p>Mögliche Gründe:</p>
      <ul>
        <li>Sie haben eine falsche URL eingegeben</li>
        <li>Die Seite wurde verschoben oder gelöscht</li>
        <li>Sie haben keine Berechtigung für diese Seite</li>
      </ul>
      <p><a href="/" class="btn btn-primary">Zur Startseite</a></p>
    </div>
  </div>
 </div>
 {% endblock %}
--- a/pages/templates/500.html
+++ b/pages/templates/500.html
@@ -0,0 +1,16 @@
 {% extends "base.html" %}
 {% block title %}Serverfehler{% endblock %}
 {% block content %}
 <div class="row">
  <div class="col-md-12">
    <div class="alert alert-danger">
      <h2><i class="icon icon--alert"></i> Serverfehler (500)</h2>
      <p>Bei der Verarbeitung Ihrer Anfrage ist ein interner Fehler aufgetreten.</p>
      <p>Der Administrator wurde über dieses Problem informiert.</p>
      <p><a href="/" class="btn btn-primary">Zur Startseite</a></p>
    </div>
  </div>
 </div>
 {% endblock %}
--- a/pages/templates/base.html
+++ b/pages/templates/base.html
@@ -52,6 +52,10 @@
          <span class="caret" style="margin-left: 8px;"></span>
        </a>
         <ul class="dropdown-menu dropdown-menu-right" role="menu">
            <li><a href="{% url 'user_comments' %}">Meine Kommentare</a></li>
            {% if user.is_staff %}
            <li><a href="{% url 'all_comments' %}">Alle Kommentare</a></li>
            {% endif %}
            <li><a href="{% url 'password_change' %}">Passwort ändern</a></li>
            <li class="divider"></li>
            <li>
@@ -102,7 +106,7 @@
                  <li><a href="/dokumente">Standards</a></li>
                  {% if user.is_staff %}
                  <li><a href="/dokumente/unvollstaendig/">Unvollständig</a></li>
-                  <li><a href="/autorenumgebung/">Autorenumgebung</a></li>
+                  <li><a href="/autorenumgebung/">Autor</a></li>
                  {% endif %}
                  <li><a href="/referenzen">Referenzen</a></li>
                  <li><a href="/stichworte">Stichworte</a></li>
@@ -133,7 +137,7 @@
        <a href="/dokumente/unvollstaendig/">Unvollständig</a>
      </li>
      <li class="dropdown {% if 'autorenumgebung' in request.path %}current{% endif %}">
-        <a href="/autorenumgebung/">Autorenumgebung</a>
+        <a href="/autorenumgebung/">Autor</a>
      </li>
      {% endif %}
      <li class="dropdown {% if 'referenzen' in request.path %}current{% endif %}">
@@ -215,7 +219,7 @@
          </p>
        </div>
        <div class="col-sm-6 text-right">
-          <p class="text-muted">Version {{ version|default:"0.961" }}</p>
+           <p class="text-muted">Version {{ version|default:"0.980" }}</p>
         </div>
      </div>
    </div>
--- a/pages/views.py
+++ b/pages/views.py
@@ -69,3 +69,15 @@ def search(request):
        return render(request,"results.html",{"suchbegriff":safe_search_term,"resultat":result})
 def custom_400(request, exception):
    return render(request, '400.html', status=400)
 def custom_403(request, exception):
    return render(request, '403.html', status=403)
 def custom_404(request, exception):
    return render(request, '404.html', status=404)
 def custom_500(request):
    return render(request, '500.html', status=500)
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ certifi==2025.8.3
 charset-normalizer==3.4.3
 curtsies==0.4.3
 cwcwidth==0.1.10
-Django==5.2.5
+Django==5.2.9
 django-admin-sortable2==2.2.8
 django-js-asset==3.1.2
 django-mptt==0.17.0
@@ -30,6 +30,8 @@ pyxdg==0.28
 requests==2.32.5
 six==1.17.0
 sqlparse==0.5.3
-urllib3==2.5.0
+urllib3==2.6.3
 wcwidth==0.2.13
 bleach==6.1.0
 coverage==7.6.1
 whitenoise==6.8.2
--- a/scripts/deploy-argocd-configmap.sh
+++ b/scripts/deploy-argocd-configmap.sh
@@ -0,0 +1,216 @@
 #!/bin/bash
 # deploy-argocd-configmap.sh
 # Script to deploy Django ConfigMap to vorgabenui namespace for ArgoCD
 set -euo pipefail
 # ArgoCD-specific configuration (hardcoded for consistency)
 NAMESPACE="vorgabenui"
 CONFIGMAP_NAME="django-config"
 SCRIPT_DIR="$(dirname "$0")"
 ARGOCD_DIR="$SCRIPT_DIR/../argocd"
 CONFIGMAP_FILE="$ARGOCD_DIR/configmap.yaml"
 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color
 # Logging functions
 log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
 }
 log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
 }
 log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
 }
 log_step() {
    echo -e "${BLUE}[STEP]${NC} $1"
 }
 # Function to check if kubectl is available
 check_kubectl() {
    if ! command -v kubectl &> /dev/null; then
        log_error "kubectl is not installed or not in PATH"
        exit 1
    fi
 }
 # Function to check if configmap file exists
 check_configmap_file() {
    if [ ! -f "$CONFIGMAP_FILE" ]; then
        log_error "ConfigMap file not found: $CONFIGMAP_FILE"
        log_error "Expected ArgoCD ConfigMap file at: $CONFIGMAP_FILE"
        exit 1
    fi
 }
 # Function to deploy the configmap
 deploy_configmap() {
    log_step "Deploying ConfigMap '$CONFIGMAP_NAME' to namespace '$NAMESPACE'..."
    kubectl apply -f "$CONFIGMAP_FILE"
    if [ $? -eq 0 ]; then
        log_info "Successfully deployed ConfigMap '$CONFIGMAP_NAME'"
        return 0
    else
        log_error "Failed to deploy ConfigMap '$CONFIGMAP_NAME'"
        return 1
    fi
 }
 # Function to verify the configmap
 verify_configmap() {
    log_step "Verifying ConfigMap deployment..."
    if kubectl get configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE" &> /dev/null; then
        log_info "✅ ConfigMap '$CONFIGMAP_NAME' exists in namespace '$NAMESPACE'"
        echo ""
        log_info "ConfigMap details:"
        kubectl describe configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE"
        echo ""
        log_info "ConfigMap data:"
        kubectl get configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE" -o yaml | grep -A 20 "^data:"
        return 0
    else
        log_error "❌ ConfigMap '$CONFIGMAP_NAME' not found in namespace '$NAMESPACE'"
        return 1
    fi
 }
 # Function to show usage
 show_usage() {
    echo "ArgoCD ConfigMap Deployment Script for VorgabenUI"
    echo ""
    echo "Usage: $0 [OPTIONS]"
    echo ""
    echo "This script deploys Django configuration to the vorgabenui namespace for ArgoCD."
    echo ""
    echo "Options:"
    echo "  -h, --help                   Show this help message"
    echo "  --verify-only               Only verify existing ConfigMap, don't deploy"
    echo "  --dry-run                   Show what would be deployed without applying"
    echo ""
    echo "Configuration (hardcoded for ArgoCD):"
    echo "  Namespace: $NAMESPACE"
    echo "  ConfigMap Name: $CONFIGMAP_NAME"
    echo "  ConfigMap File: $CONFIGMAP_FILE"
    echo ""
    echo "Examples:"
    echo "  $0                          # Deploy ConfigMap"
    echo "  $0 --verify-only           # Verify existing ConfigMap"
    echo "  $0 --dry-run               # Preview deployment"
    echo ""
    echo "Note: Run this before deploying the ArgoCD deployment to ensure configuration is available."
 }
 # Parse command line arguments
 VERIFY_ONLY=false
 DRY_RUN=false
 while [[ $# -gt 0 ]]; do
    case $1 in
        --verify-only)
            VERIFY_ONLY=true
            shift
            ;;
        --dry-run)
            DRY_RUN=true
            shift
            ;;
        -h|--help)
            show_usage
            exit 0
            ;;
        *)
            log_error "Unknown option: $1"
            show_usage
            exit 1
            ;;
    esac
 done
 # Main execution
 main() {
    echo ""
    log_info "🚀 ArgoCD Django ConfigMap Deployment Script"
    log_info "============================================"
    echo ""
    log_info "Target Configuration:"
    log_info "  Namespace: $NAMESPACE"
    log_info "  ConfigMap Name: $CONFIGMAP_NAME"
    log_info "  ConfigMap File: $CONFIGMAP_FILE"
    echo ""
    # Perform checks
    log_step "Performing pre-flight checks..."
    check_kubectl
    check_configmap_file
    log_info "✅ All pre-flight checks passed"
    echo ""
    # Verify-only mode
    if [ "$VERIFY_ONLY" = true ]; then
        log_info "🔍 Verify-only mode - checking existing ConfigMap"
        verify_configmap
        exit $?
    fi
    # Dry-run mode
    if [ "$DRY_RUN" = true ]; then
        log_info "🔍 Dry-run mode - showing what would be deployed:"
        echo ""
        log_info "ConfigMap content that would be deployed:"
        cat "$CONFIGMAP_FILE"
        echo ""
        log_info "Would run: kubectl apply -f $CONFIGMAP_FILE"
        echo ""
        log_info "Run without --dry-run to execute the deployment"
        exit 0
    fi
    # Create namespace if it doesn't exist
    if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
        log_warn "Namespace '$NAMESPACE' does not exist, creating..."
        kubectl create namespace "$NAMESPACE"
        log_info "✅ Created namespace '$NAMESPACE'"
    fi
    # Deploy the ConfigMap
    if deploy_configmap; then
        echo ""
        # Verify deployment
        verify_configmap
        echo ""
        log_info "🎉 ConfigMap deployment completed successfully!"
        echo ""
        log_info "📋 Next steps:"
        log_info "1. Deploy the secret (if not already done):"
        echo "    ./scripts/deploy-argocd-secret.sh"
        echo ""
        log_info "2. Apply the updated deployment:"
        echo "    kubectl apply -f argocd/deployment.yaml"
        echo ""
        log_info "3. Verify Django pods start with proper configuration"
        echo ""
    else
        log_error "ConfigMap deployment failed"
        exit 1
    fi
 }
 # Run main function
 main
--- a/scripts/deploy-argocd-secret.sh
+++ b/scripts/deploy-argocd-secret.sh
@@ -0,0 +1,311 @@
 #!/bin/bash
 # deploy-argocd-secret.sh
 # ArgoCD-specific script to generate and deploy Django SECRET_KEY to vorgabenui namespace
 set -euo pipefail
 # ArgoCD-specific configuration (hardcoded for consistency)
 NAMESPACE="vorgabenui"
 SECRET_NAME="vorgabenui-secrets"
 SECRET_KEY_NAME="vorgabenui_secret"
 SCRIPT_DIR="$(dirname "$0")"
 ARGOCD_DIR="$SCRIPT_DIR/../argocd"
 TEMPLATES_DIR="$SCRIPT_DIR/../templates"
 SECRET_TEMPLATE="$TEMPLATES_DIR/secret.yaml"
 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color
 # Logging functions
 log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
 }
 log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
 }
 log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
 }
 log_step() {
    echo -e "${BLUE}[STEP]${NC} $1"
 }
 # Function to generate a secure Django SECRET_KEY
 generate_secret_key() {
    # Generate a 50-character secret key using Python (same as Django's default)
    python3 -c "
 import secrets
 import string
 # Django-style secret key generation
 chars = string.ascii_letters + string.digits + '!@#$%^&*(-_=+)'
 print(''.join(secrets.choice(chars) for _ in range(50)))
 "
 }
 # Function to check if kubectl is available
 check_kubectl() {
    if ! command -v kubectl &> /dev/null; then
        log_error "kubectl is not installed or not in PATH"
        exit 1
    fi
 }
 # Function to check if Python3 is available
 check_python() {
    if ! command -v python3 &> /dev/null; then
        log_error "python3 is not installed or not in PATH"
        exit 1
    fi
 }
 # Function to check if secret template exists
 check_template() {
    if [ ! -f "$SECRET_TEMPLATE" ]; then
        # Fallback to argocd directory if templates directory doesn't exist
        FALLBACK_TEMPLATE="$ARGOCD_DIR/secret.yaml"
        if [ -f "$FALLBACK_TEMPLATE" ]; then
            SECRET_TEMPLATE="$FALLBACK_TEMPLATE"
            log_warn "Using fallback template: $SECRET_TEMPLATE"
        else
            log_error "Secret template not found at either:"
            log_error "  Primary: $TEMPLATES_DIR/secret.yaml"
            log_error "  Fallback: $FALLBACK_TEMPLATE"
            exit 1
        fi
    fi
 }
 # Function to create the secret
 create_secret() {
    local secret_key="$1"
    log_step "Creating Kubernetes secret '$SECRET_NAME' in namespace '$NAMESPACE'..."
    # Create the secret directly with kubectl (this will create or update)
    kubectl create secret generic "$SECRET_NAME" \
        --from-literal="$SECRET_KEY_NAME=$secret_key" \
        --namespace="$NAMESPACE" \
        --dry-run=client -o yaml | kubectl apply -f -
    if [ $? -eq 0 ]; then
        log_info "Successfully created/updated secret '$SECRET_NAME'"
        return 0
    else
        log_error "Failed to create/update secret '$SECRET_NAME'"
        return 1
    fi
 }
 # Function to verify the secret
 verify_secret() {
    log_step "Verifying secret deployment..."
    if kubectl get secret "$SECRET_NAME" --namespace="$NAMESPACE" &> /dev/null; then
        log_info "✅ Secret '$SECRET_NAME' exists in namespace '$NAMESPACE'"
        # Show secret metadata (without revealing the actual key)
        echo ""
        log_info "Secret details:"
        kubectl describe secret "$SECRET_NAME" --namespace="$NAMESPACE" | grep -E "^(Name|Namespace|Type|Data)"
        # Verify the key exists in the secret
        if kubectl get secret "$SECRET_NAME" --namespace="$NAMESPACE" -o jsonpath="{.data.$SECRET_KEY_NAME}" &> /dev/null; then
            log_info "✅ Secret key '$SECRET_KEY_NAME' is present in the secret"
            return 0
        else
            log_error "❌ Secret key '$SECRET_KEY_NAME' not found in secret"
            return 1
        fi
    else
        log_error "❌ Secret '$SECRET_NAME' not found in namespace '$NAMESPACE'"
        return 1
    fi
 }
 # Function to test secret in pod (if deployment exists)
 test_secret_in_pod() {
    log_step "Testing secret accessibility in Django deployment..."
    # Check if Django deployment exists
    if kubectl get deployment django --namespace="$NAMESPACE" &> /dev/null; then
        log_info "Django deployment found, testing secret access..."
        # Try to get the secret value from a pod (this will fail if env var not configured)
        local pod_name
        pod_name=$(kubectl get pods -l app=django --namespace="$NAMESPACE" -o jsonpath="{.items[0].metadata.name}" 2>/dev/null)
        if [ -n "$pod_name" ] && [ "$pod_name" != "" ]; then
            log_info "Testing secret in pod: $pod_name"
            if kubectl exec "$pod_name" --namespace="$NAMESPACE" -- printenv VORGABENUI_SECRET &> /dev/null; then
                log_info "✅ VORGABENUI_SECRET environment variable is accessible in pod"
            else
                log_warn "⚠️ VORGABENUI_SECRET environment variable not found in pod"
                log_warn "   This is expected if the deployment hasn't been updated yet"
            fi
        else
            log_warn "⚠️ No running Django pods found"
        fi
    else
        log_info "Django deployment not found - secret will be available when deployment is updated"
    fi
 }
 # Function to show usage
 show_usage() {
    echo "ArgoCD Secret Deployment Script for VorgabenUI"
    echo ""
    echo "Usage: $0 [OPTIONS]"
    echo ""
    echo "This script deploys Django SECRET_KEY to the vorgabenui namespace for ArgoCD."
    echo ""
    echo "Options:"
    echo "  -h, --help                   Show this help message"
    echo "  --verify-only               Only verify existing secret, don't create new one"
    echo "  --dry-run                   Show what would be done without making changes"
    echo ""
    echo "Configuration (hardcoded for ArgoCD):"
    echo "  Namespace: $NAMESPACE"
    echo "  Secret Name: $SECRET_NAME"
    echo "  Secret Key: $SECRET_KEY_NAME"
    echo "  Template: $SECRET_TEMPLATE"
    echo ""
    echo "Examples:"
    echo "  $0                          # Generate and deploy new secret"
    echo "  $0 --verify-only           # Verify existing secret"
    echo "  $0 --dry-run               # Preview changes"
    echo ""
    echo "After running this script, update argocd/deployment.yaml to reference the secret."
 }
 # Parse command line arguments
 VERIFY_ONLY=false
 DRY_RUN=false
 while [[ $# -gt 0 ]]; do
    case $1 in
        --verify-only)
            VERIFY_ONLY=true
            shift
            ;;
        --dry-run)
            DRY_RUN=true
            shift
            ;;
        -h|--help)
            show_usage
            exit 0
            ;;
        *)
            log_error "Unknown option: $1"
            show_usage
            exit 1
            ;;
    esac
 done
 # Main execution
 main() {
    echo ""
    log_info "🚀 ArgoCD Django SECRET_KEY Deployment Script"
    log_info "============================================="
    echo ""
    log_info "Target Configuration:"
    log_info "  Namespace: $NAMESPACE"
    log_info "  Secret Name: $SECRET_NAME"
    log_info "  Secret Key Name: $SECRET_KEY_NAME"
    echo ""
    # Perform checks
    log_step "Performing pre-flight checks..."
    check_kubectl
    check_python
    check_template
    log_info "✅ All pre-flight checks passed"
    echo ""
    # Verify-only mode
    if [ "$VERIFY_ONLY" = true ]; then
        log_info "🔍 Verify-only mode - checking existing secret"
        verify_secret
        test_secret_in_pod
        exit $?
    fi
    # Generate new secret key
    log_step "Generating new Django SECRET_KEY..."
    SECRET_KEY=$(generate_secret_key)
    if [ -z "$SECRET_KEY" ]; then
        log_error "Failed to generate secret key"
        exit 1
    fi
    log_info "✅ Generated secret key (first 10 chars): ${SECRET_KEY:0:10}..."
    echo ""
    # Dry-run mode
    if [ "$DRY_RUN" = true ]; then
        log_info "🔍 Dry-run mode - showing what would be done:"
        echo ""
        log_info "Would create secret with the following command:"
        echo "  kubectl create secret generic $SECRET_NAME \\"
        echo "    --from-literal=$SECRET_KEY_NAME='[GENERATED_KEY]' \\"
        echo "    --namespace=$NAMESPACE \\"
        echo "    --dry-run=client -o yaml | kubectl apply -f -"
        echo ""
        log_info "Secret key would be: ${SECRET_KEY:0:10}...${SECRET_KEY: -5}"
        echo ""
        log_info "Run without --dry-run to execute the deployment"
        exit 0
    fi
    # Create namespace if it doesn't exist
    if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
        log_warn "Namespace '$NAMESPACE' does not exist, creating..."
        kubectl create namespace "$NAMESPACE"
        log_info "✅ Created namespace '$NAMESPACE'"
    fi
    # Create the secret
    if create_secret "$SECRET_KEY"; then
        echo ""
        # Verify deployment
        verify_secret
        echo ""
        test_secret_in_pod
        echo ""
        log_info "🎉 Secret deployment completed successfully!"
        echo ""
        log_info "📋 Next steps:"
        log_info "1. Update argocd/deployment.yaml to include environment variable:"
        echo ""
        echo "    env:"
        echo "    - name: VORGABENUI_SECRET"
        echo "      valueFrom:"
        echo "        secretKeyRef:"
        echo "          name: $SECRET_NAME"
        echo "          key: $SECRET_KEY_NAME"
        echo ""
        log_info "2. Apply the updated deployment:"
        echo "    kubectl apply -f argocd/deployment.yaml"
        echo ""
        log_info "3. Verify Django pods restart and pick up the new secret"
        echo ""
    else
        log_error "Secret deployment failed"
        exit 1
    fi
 }
 # Run main function
 main
--- a/scripts/deploy-django-secret.sh
+++ b/scripts/deploy-django-secret.sh
@@ -0,0 +1,201 @@
 #!/bin/bash
 # deploy-django-secret.sh
 # Script to generate a secure Django SECRET_KEY and deploy it to Kubernetes
 set -euo pipefail
 # Configuration
 NAMESPACE="${NAMESPACE:-vorgabenui}"
 SECRET_NAME="vorgabenui-secrets"
 SECRET_KEY_NAME="vorgabenui_secret"
 K8S_DIR="$(dirname "$0")/../k8s"
 SECRET_YAML="$K8S_DIR/django-secret.yaml"
 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 # Logging functions
 log_info() {
    echo -e "${GREEN}[INFO]${NC} $1"
 }
 log_warn() {
    echo -e "${YELLOW}[WARN]${NC} $1"
 }
 log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
 }
 # Function to generate a secure Django SECRET_KEY
 generate_secret_key() {
    # Generate a 50-character secret key using Python (same as Django's default)
    python3 -c "
 import secrets
 import string
 # Django-style secret key generation
 chars = string.ascii_letters + string.digits + '!@#$%^&*(-_=+)'
 print(''.join(secrets.choice(chars) for _ in range(50)))
 "
 }
 # Function to check if kubectl is available
 check_kubectl() {
    if ! command -v kubectl &> /dev/null; then
        log_error "kubectl is not installed or not in PATH"
        exit 1
    fi
 }
 # Function to check if Python3 is available
 check_python() {
    if ! command -v python3 &> /dev/null; then
        log_error "python3 is not installed or not in PATH"
        exit 1
    fi
 }
 # Function to create the secret
 create_secret() {
    local secret_key="$1"
    local encoded_key
    # Base64 encode the secret key
    encoded_key=$(echo -n "$secret_key" | base64 -w 0)
    log_info "Creating Kubernetes secret '$SECRET_NAME' in namespace '$NAMESPACE'..."
    # Create the secret directly with kubectl
    kubectl create secret generic "$SECRET_NAME" \
        --from-literal="$SECRET_KEY_NAME=$secret_key" \
        --namespace="$NAMESPACE" \
        --dry-run=client -o yaml | kubectl apply -f -
    if [ $? -eq 0 ]; then
        log_info "Successfully created/updated secret '$SECRET_NAME'"
    else
        log_error "Failed to create/update secret '$SECRET_NAME'"
        exit 1
    fi
 }
 # Function to verify the secret
 verify_secret() {
    log_info "Verifying secret deployment..."
    if kubectl get secret "$SECRET_NAME" --namespace="$NAMESPACE" &> /dev/null; then
        log_info "Secret '$SECRET_NAME' exists in namespace '$NAMESPACE'"
        # Show secret (without revealing the actual key)
        kubectl describe secret "$SECRET_NAME" --namespace="$NAMESPACE"
        return 0
    else
        log_error "Secret '$SECRET_NAME' not found in namespace '$NAMESPACE'"
        return 1
    fi
 }
 # Function to show usage
 show_usage() {
    echo "Usage: $0 [OPTIONS]"
    echo ""
    echo "Options:"
    echo "  -n, --namespace NAMESPACE    Kubernetes namespace (default: vorgabenui)"
    echo "  -s, --secret-name NAME       Secret name (default: django-secrets)"
    echo "  -k, --key-name NAME          Secret key name (default: django-secret-key)"
    echo "  -h, --help                   Show this help message"
    echo ""
    echo "Environment variables:"
    echo "  NAMESPACE                    Override default namespace"
    echo ""
    echo "Examples:"
    echo "  $0                           # Deploy to vorgabenui namespace"
    echo "  $0 -n production             # Deploy to production namespace"
    echo "  NAMESPACE=staging $0         # Deploy to staging namespace"
 }
 # Parse command line arguments
 while [[ $# -gt 0 ]]; do
    case $1 in
        -n|--namespace)
            NAMESPACE="$2"
            shift 2
            ;;
        -s|--secret-name)
            SECRET_NAME="$2"
            shift 2
            ;;
        -k|--key-name)
            SECRET_KEY_NAME="$2"
            shift 2
            ;;
        -h|--help)
            show_usage
            exit 0
            ;;
        *)
            log_error "Unknown option: $1"
            show_usage
            exit 1
            ;;
    esac
 done
 # Main execution
 main() {
    log_info "Django SECRET_KEY Deployment Script"
    log_info "==================================="
    log_info "Namespace: $NAMESPACE"
    log_info "Secret Name: $SECRET_NAME"
    log_info "Secret Key Name: $SECRET_KEY_NAME"
    echo ""
    # Perform checks
    check_kubectl
    check_python
    # Generate new secret key
    log_info "Generating new Django SECRET_KEY..."
    SECRET_KEY=$(generate_secret_key)
    if [ -z "$SECRET_KEY" ]; then
        log_error "Failed to generate secret key"
        exit 1
    fi
    log_info "Generated secret key (first 10 chars): ${SECRET_KEY:0:10}..."
    # Create namespace if it doesn't exist
    if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
        log_warn "Namespace '$NAMESPACE' does not exist, creating..."
        kubectl create namespace "$NAMESPACE"
    fi
    # Create the secret
    create_secret "$SECRET_KEY"
    # Verify deployment
    verify_secret
    echo ""
    log_info "Deployment completed successfully!"
    log_info "To use this secret in your Django deployment, add the following to your pod spec:"
    echo ""
    echo "    env:"
    echo "    - name: VORGABENUI_SECRET"
    echo "      valueFrom:"
    echo "        secretKeyRef:"
    echo "          name: $SECRET_NAME"
    echo "          key: $SECRET_KEY_NAME"
    echo ""
    log_warn "The old secret key in settings.py has been replaced with environment variable lookup."
    log_warn "Make sure your Django deployment uses the environment variable before deploying."
 }
 # Run main function
 main
--- a/scripts/deploy_secret.sh
+++ b/scripts/deploy_secret.sh
@@ -0,0 +1,45 @@
 #!/bin/bash
 # Generate and deploy Django secret key to Kubernetes
 NAMESPACE="vorgabenui"
 SECRET_NAME="django-secret"
 SECRET_FILE="argocd/secret.yaml"
 # Check if secret file exists
 if [ ! -f "$SECRET_FILE" ]; then
    echo "Error: $SECRET_FILE not found"
    exit 1
 fi
 # Generate random secret key
 SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_urlsafe(50))")
 # Create temporary secret file with generated key
 TEMP_SECRET_FILE=$(mktemp)
 cat "$SECRET_FILE" | sed "s/CHANGE_ME_TO_RANDOM_STRING/$SECRET_KEY/g" > "$TEMP_SECRET_FILE"
 # Check if secret already exists
 if kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" &>/dev/null; then
    echo "Secret $SECRET_NAME already exists in namespace $NAMESPACE"
    read -p "Do you want to replace it? (y/N): " -n 1 -r
    echo
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "Aborted"
        rm "$TEMP_SECRET_FILE"
        exit 0
    fi
    kubectl apply -f "$TEMP_SECRET_FILE"
    echo "Secret updated successfully"
 else
    kubectl apply -f "$TEMP_SECRET_FILE"
    echo "Secret created successfully"
 fi
 # Clean up
 rm "$TEMP_SECRET_FILE"
 echo ""
 echo "Secret deployed:"
 echo "  Name: $SECRET_NAME"
 echo "  Namespace: $NAMESPACE"
 echo "  Key: secret-key"
--- a/scripts/full_deploy.sh
+++ b/scripts/full_deploy.sh
@@ -0,0 +1,45 @@
 #!/bin/bash
 # Full deployment script - bumps both container versions by 0.001 and copies database
 DEPLOYMENT_FILE="argocd/deployment.yaml"
 DB_SOURCE="data/db.sqlite3"
 DB_DEST="data-loader/preload.sqlite3"
 # Check if deployment file exists
 if [ ! -f "$DEPLOYMENT_FILE" ]; then
    echo "Error: $DEPLOYMENT_FILE not found"
    exit 1
 fi
 # Check if source database exists
 if [ ! -f "$DB_SOURCE" ]; then
    echo "Error: $DB_SOURCE not found"
    exit 1
 fi
 # Extract current version of data-loader
 LOADER_VERSION=$(grep -E "image: git.baumann.gr/adebaumann/vgui-data-loader:[0-9]" "$DEPLOYMENT_FILE" | sed -E 's/.*:([0-9.]+)/\1/')
 # Extract current version of main container
 MAIN_VERSION=$(grep -E "image: git.baumann.gr/adebaumann/vgui:[0-9]" "$DEPLOYMENT_FILE" | grep -v "data-loader" | sed -E 's/.*:([0-9.]+)/\1/')
 if [ -z "$LOADER_VERSION" ] || [ -z "$MAIN_VERSION" ]; then
    echo "Error: Could not find current versions"
    exit 1
 fi
 # Calculate new versions (add 0.001), preserve leading zero
 NEW_LOADER_VERSION=$(echo "$LOADER_VERSION + 0.001" | bc | sed 's/^\./0./')
 NEW_MAIN_VERSION=$(echo "$MAIN_VERSION + 0.001" | bc | sed 's/^\./0./')
 # Update the deployment file
 sed -i "s|image: git.baumann.gr/adebaumann/labhelper-data-loader:$LOADER_VERSION|image: git.baumann.gr/adebaumann/labhelper-data-loader:$NEW_LOADER_VERSION|" "$DEPLOYMENT_FILE"
 sed -i "s|image: git.baumann.gr/adebaumann/labhelper:$MAIN_VERSION|image: git.baumann.gr/adebaumann/labhelper:$NEW_MAIN_VERSION|" "$DEPLOYMENT_FILE"
 # Copy database
 cp "$DB_SOURCE" "$DB_DEST"
 echo "Full deployment prepared:"
 echo "  Data loader: $LOADER_VERSION -> $NEW_LOADER_VERSION"
 echo "  Main container: $MAIN_VERSION -> $NEW_MAIN_VERSION"
 echo "  Database copied to $DB_DEST"
--- a/scripts/partial_deploy.sh
+++ b/scripts/partial_deploy.sh
@@ -0,0 +1,27 @@
 #!/bin/bash
 # Partial deployment script - bumps main container version by 0.001
 DEPLOYMENT_FILE="argocd/deployment.yaml"
 # Check if file exists
 if [ ! -f "$DEPLOYMENT_FILE" ]; then
    echo "Error: $DEPLOYMENT_FILE not found"
    exit 1
 fi
 # Extract current version of main container (labhelper, not labhelper-data-loader)
 CURRENT_VERSION=$(grep -E "image: git.baumann.gr/adebaumann/vui:[0-9]" "$DEPLOYMENT_FILE" | grep -v "data-loader" | sed -E 's/.*:([0-9.]+)/\1/')
 if [ -z "$CURRENT_VERSION" ]; then
    echo "Error: Could not find current version"
    exit 1
 fi
 # Calculate new version (add 0.001), preserve leading zero
 NEW_VERSION=$(echo "$CURRENT_VERSION + 0.001" | bc | sed 's/^\./0./')
 # Update the deployment file (only the main container, not the data-loader)
 sed -i "s|image: git.baumann.gr/adebaumann/vui:$CURRENT_VERSION|image: git.baumann.gr/adebaumann/vui:$NEW_VERSION|" "$DEPLOYMENT_FILE"
 echo "Partial deployment prepared:"
 echo "  Main container: $CURRENT_VERSION -> $NEW_VERSION"
--- a/templates/configmap.yaml
+++ b/templates/configmap.yaml
@@ -0,0 +1,28 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: django-config
  namespace: vorgabenui
 data:
  # Django Configuration
  DEBUG: "false"
  DJANGO_ALLOWED_HOSTS: "vorgabenportal.knowyoursecurity.com,localhost,127.0.0.1"
  DJANGO_SETTINGS_MODULE: "VorgabenUI.settings"
  # Application Configuration
  LANGUAGE_CODE: "de-ch"
  TIME_ZONE: "UTC"
  # Static and Media Configuration  
  STATIC_URL: "/static/"
  MEDIA_URL: "/media/"
  # Database Configuration (for future use)
  # DATABASE_ENGINE: "django.db.backends.sqlite3"
  # DATABASE_NAME: "/app/data/db.sqlite3"
  # Security Configuration
  # CSRF_TRUSTED_ORIGINS: "https://vorgabenportal.knowyoursecurity.com"
  # Performance Configuration
  # DATA_UPLOAD_MAX_NUMBER_FIELDS: "10250"
--- a/templates/secret.yaml
+++ b/templates/secret.yaml
@@ -0,0 +1,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: vorgabenui-secrets
  namespace: vorgabenui
 type: Opaque
 data:
  # Base64 encoded SECRET_KEY - populated by deployment script
  # This is a TEMPLATE FILE in templates/ directory - not deployed by ArgoCD
  vorgabenui_secret: ""
--- a/0
+++ b/0