fix(auth): use createServerActionClient for proper PKCE cookie handling

- Change createClient() to createServerActionClient() in all auth server actions
- createClient() silently ignores cookie set failures (designed for Server Components)
- createServerActionClient() properly sets PKCE code_verifier cookie
- Add fallback error handling when OAuth redirect URL is not returned
- Fix infinite re-render in AddRepositoryCombobox by filtering organizations

Fixes production login failure where clicking login button did nothing

Author: ryota-murakami

components/Board/AddRepositoryCombobox.tsx

@@ -66,6 +66,31 @@ export const AddRepositoryCombobox = memo(function AddRepositoryCombobox({
   const [organizations, setOrganizations] = useState<GitHubOrganization[]>([])
   const [isLoadingOrgs, setIsLoadingOrgs] = useState(false)
 
+  /**
+   * Filter organizations to exclude currentUser (prevents duplicate SelectItem values)
+   * This avoids Radix Select reconciliation issues when the same value appears multiple times
+   */
+  const filteredOrganizations = useMemo(
+    () =>
+      organizations.filter(
+        (org) => org.login.toLowerCase() !== currentUser?.login?.toLowerCase(),
+      ),
+    [organizations, currentUser?.login],
+  )
+
+  /**
+   * Guarded organization filter change handler
+   * Prevents potential infinite re-render by checking if value actually changed
+   */
+  const handleOrganizationFilterChange = useCallback(
+    (value: string) => {
+      if (value !== organizationFilter) {
+        setOrganizationFilter(value)
+      }
+    },
+    [organizationFilter],
+  )
+
   // Refs
   const searchInputRef = useRef<HTMLInputElement>(null)
   const comboboxRef = useRef<HTMLDivElement>(null)
@@ -328,8 +353,7 @@ export const AddRepositoryCombobox = memo(function AddRepositoryCombobox({
             {/* Organization Filter */}
             <Select
               value={organizationFilter}
-              // eslint-disable-next-line @laststance/react-next/no-set-state-prop-drilling
-              onValueChange={setOrganizationFilter}
+              onValueChange={handleOrganizationFilterChange}
             >
               <SelectTrigger
                 className="flex-1 h-9 text-sm"
@@ -344,18 +368,19 @@ export const AddRepositoryCombobox = memo(function AddRepositoryCombobox({
                     {currentUser.login} (Personal)
                   </SelectItem>
                 )}
-                {organizations.map((org) => (
+                {filteredOrganizations.map((org) => (
                   <SelectItem key={org.id} value={org.login}>
                     {org.login}
                   </SelectItem>
                 ))}
-                {isLoadingOrgs && (
-                  <SelectItem value="loading" disabled>
-                    Loading...
-                  </SelectItem>
-                )}
               </SelectContent>
             </Select>
+            {/* Loading indicator for organizations */}
+            {isLoadingOrgs && (
+              <span className="text-xs text-gray-500 self-center">
+                Loading orgs...
+              </span>
+            )}
 
             {/* Visibility filter */}
             <select

lib/actions/auth.ts

@@ -12,15 +12,15 @@
 import { headers } from 'next/headers'
 import { redirect } from 'next/navigation'
 
-import { createClient } from '@/lib/supabase/server'
+import { createServerActionClient } from '@/lib/supabase/server'
 
 /**
  * Sign in with GitHub OAuth
  *
  * @returns Redirect URL to GitHub authentication screen
  */
 export async function signInWithGitHub() {
-  const supabase = await createClient()
+  const supabase = await createServerActionClient()
   const origin =
     (await headers()).get('origin') ?? process.env.NEXT_PUBLIC_SITE_URL
 
@@ -42,6 +42,10 @@ export async function signInWithGitHub() {
   if (data.url) {
     redirect(data.url)
   }
+
+  // Handle case where no URL is returned (unexpected state)
+  console.error('GitHub OAuth: No redirect URL returned')
+  redirect('/login?error=oauth_failed&message=No%20redirect%20URL%20returned')
 }
 
 /**
@@ -51,7 +55,7 @@ export async function signInWithGitHub() {
  * - Redirect to login page
  */
 export async function signOut() {
-  const supabase = await createClient()
+  const supabase = await createServerActionClient()
 
   const { error } = await supabase.auth.signOut()
 
@@ -69,7 +73,7 @@ export async function signOut() {
  * @returns Session information (null if not authenticated)
  */
 export async function getSession() {
-  const supabase = await createClient()
+  const supabase = await createServerActionClient()
 
   const {
     data: { session },
@@ -90,7 +94,7 @@ export async function getSession() {
  * @returns User information (null if not authenticated)
  */
 export async function getUser() {
-  const supabase = await createClient()
+  const supabase = await createServerActionClient()
 
   const {
     data: { user },