1 Commits

Author SHA1 Message Date
renovate 6b1ac8b17f chore(deps): update actions/checkout action to v7
PR Checks / hadolint (pull_request) Successful in 8s
PR Checks / build-test (pull_request) Successful in 17s
2026-06-18 14:20:32 +00:00
8 changed files with 40 additions and 39 deletions
+5 -5
View File
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Dockerfile
@@ -17,7 +17,7 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
@@ -26,11 +26,11 @@ jobs:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2df7f5ca915bee # v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -44,7 +44,7 @@ jobs:
images: jcabillot/ip
tags: |
type=raw,value=${{ steps.get-latest-tag.outputs.tag }}-latest,enable=${{ steps.get-latest-tag.outputs.tag != '' }}
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
- uses: docker/build-push-action@f9f3042f7e2789586610d7f5c8f03e5195baf # v7.2.0
with:
context: .
push: true
+5 -5
View File
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Dockerfile
@@ -17,7 +17,7 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
@@ -26,7 +26,7 @@ jobs:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t jcabillot/ip:${{ github.sha }} .
@@ -34,13 +34,13 @@ jobs:
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
fetch-depth: 0
- name: Configure git auth
run: |
git remote set-url origin "https://x-access-token:${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}@scm.cabillot.eu/web/ip.git"
- uses: anothrNick/github-tag-action@4ed44965e0db8dab2b466a16da04aec3cc312fd8 # v1.75.0
- uses: anothrNick/github-tag-action@ed44965e0db8dab2b46616da9f2a04ec312fd8 # v1.75.0
env:
GITHUB_TOKEN: ${{ secrets.SA_TOKEN_ACTION_PUSH_TAGS }}
DEFAULT_BUMP: patch
+2 -2
View File
@@ -8,7 +8,7 @@ jobs:
hadolint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Dockerfile
@@ -16,7 +16,7 @@ jobs:
build-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
+5 -5
View File
@@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
with:
dockerfile: Dockerfile
@@ -17,7 +17,7 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- run: docker build -t ci-image:${{ github.sha }} .
- run: bash tests/test.sh ci-image:${{ github.sha }}
@@ -26,9 +26,9 @@ jobs:
needs: [test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
- uses: docker/login-action@c99871dec2022cc055c062a10cc1a1310835ceb4 # v4
- uses: docker/login-action@650006c6eb7dba73a995cc03b0b2df7f5ca915bee # v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -39,7 +39,7 @@ jobs:
tags: |
type=ref,event=tag
type=ref,event=tag,suffix=-latest
- uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
- uses: docker/build-push-action@f9f3042f7e2789586610d7f5c8f03e5195baf # v7.2.0
with:
context: .
push: true
+3 -4
View File
@@ -6,19 +6,18 @@ Lightweight PHP micro-service that returns the client's public IP address as JSO
## 2. Folder Structure
- `root/`: Application source code served by FrankenPHP/Caddy.
- `root/`: Application source code served by Apache.
- `index.php`: Single endpoint returning `REMOTE_ADDR` as JSON.
- `Caddyfile`: FrankenPHP/Caddy web server configuration — PHP handler on `:8080` with `try_files` + `php_server`.
- `.gitea/workflows/`: Gitea Actions CI pipelines.
- `docker-build.yaml`: Build and push Docker image to Docker Hub on push/PR to master + daily cron.
- `Dockerfile`: Single-stage build from `dunglas/frankenphp:1-php8.5-alpine`, copies `root/` into `/app/public`.
- `Dockerfile`: Multi-stage build extending `jcabillot/phpapache` base image, copies `root/` into `/var/www/html`.
- `.gitlab-ci.yml`: Legacy GitLab CI config (deprecated, replaced by Gitea Actions).
- `Jenkinsfile`: Legacy Jenkins pipeline (deprecated, replaced by Gitea Actions).
## 3. Core Behaviors & Patterns
- **Request/Response Flow**: Single PHP endpoint sets `Content-Type: application/json` header and returns `$_SERVER['REMOTE_ADDR']` encoded as JSON string. No routing, no framework, no state.
- **Container Base Image Pattern**: `Dockerfile` is a single-stage build from a fixed `dunglas/frankenphp:1-php8.5-alpine` tag (Alpine-based FrankenPHP with Caddy). No `ARG VERSION` — the tag is pinned, Renovate auto-detects it. Application code is layered via `COPY root /app/public`. FrankenPHP provides PHP + Caddy pre-configured.
- **Container Base Image Pattern**: `Dockerfile` uses `ARG VERSION="latest"` to allow version pinning at build time, extends `jcabillot/phpapache` which provides PHP + Apache pre-configured. Application code is layered on top via `COPY root /var/www/html`.
- **Traefik IngressRoute with HTTPS Redirect**: Two IngressRoute resources handle traffic — `ip-websecure` serves HTTPS on the `websecure` entrypoint, `ip-web` catches HTTP on `web` entrypoint and applies a `redirectScheme` middleware for permanent HTTPS redirect. The Service reference in the HTTP IngressRoute is required by Traefik even though the middleware intercepts before reaching it.
- **Health Probes**: Deployment defines both `livenessProbe` and `readinessProbe` using `httpGet` on `/` at the named `http` port (8080). Kubernetes uses these to restart unhealthy pods and exclude unready pods from the Service endpoints.
- **Security Hardening**: Pod spec sets `automountServiceAccountToken: false` to prevent unnecessary Kubernetes API access from the container.
-11
View File
@@ -1,11 +0,0 @@
{
auto_https off
frankenphp
}
:8080 {
root * /app/public
encode zstd br gzip
try_files {path} /index.php?{query}
php_server
}
+3 -7
View File
@@ -1,9 +1,5 @@
FROM dunglas/frankenphp:1-php8.5-alpine
ARG VERSION="latest"
FROM "jcabillot/phpapache:${VERSION}"
LABEL maintainer="Julien Cabillot <dockerimages@cabillot.eu>"
WORKDIR /app
COPY Caddyfile /etc/frankenphp/Caddyfile
COPY --chown=www-data:www-data root /app/public
USER www-data
COPY "root" "/var/www/html"
+17
View File
@@ -0,0 +1,17 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"customManagers": [
{
"customType": "regex",
"description": "Detect ARG VERSION pin for jcabillot/phpapache base image",
"managerFilePatterns": [
"/^Dockerfile$/"
],
"matchStrings": [
"ARG\\s+VERSION=\"(?<currentValue>[^\"]+)\""
],
"depNameTemplate": "jcabillot/phpapache",
"datasourceTemplate": "docker"
}
]
}