web/ip
5
0
Fork 0
Code Issues 1 Pull Requests Actions Releases Wiki Activity

feat: add test #10

Merged
jcabillot merged 7 commits from feat/test into master 2026-06-08 14:22:50 -04:00
Conversation 0 Commits 7 Files Changed 3
+162 -24
3 changed files with 162 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/docker-build.yaml
+60 -24
View File
@@ -9,38 +9,74 @@ on:
- cron: '0 0 * * *'
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- name: Hadolint
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: Dockerfile
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
- name: Build image
run: docker build -t ci-image:${{ github.sha }} .
- name: Save image
run: docker save -o image.tar ci-image:${{ github.sha }}
- name: Upload artifact
uses: https://github.com/ChristopherHX/gitea-upload-artifact@62ac910c5d3dfa85c7cb2df15afe2e342b2407c2 # main
with:
name: docker-image
path: image.tar
retention-days: 1
test:
runs-on: ubuntu-latest
needs: [lint, build]
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
- name: Download artifact
uses: https://github.com/ChristopherHX/gitea-download-artifact@75635f32b4c1c41c4b3d64e8f85210112ed4c9c7 # main
with:
name: docker-image
- name: Load image
run: docker load < image.tar
- name: Run tests
run: bash tests/test.sh ci-image:${{ github.sha }}
push:
runs-on: ubuntu-latest
needs: test
if: github.event_name != 'pull_request'
steps:
- name: Download artifact
uses: https://github.com/ChristopherHX/gitea-download-artifact@75635f32b4c1c41c4b3d64e8f85210112ed4c9c7 # main
with:
name: docker-image
- name: Load image
run: docker load < image.tar
- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v4
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v6
with:
images: jcabillot/ip
tags: |
#type=ref,event=branch
#type=ref,event=pr
#type=sha
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
- name: Build and push
uses: docker/build-push-action@v7
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
pull: true
- name: Tag and push
run: |
docker tag ci-image:${{ github.sha }} jcabillot/ip:latest
docker push jcabillot/ip:latest
AGENTS.md
+30
View File
@@ -0,0 +1,30 @@
# AGENTS.md
## 1. Overview
Lightweight PHP micro-service that returns the client's public IP address as JSON. Containerized with Docker and deployed on Kubernetes.
## 2. Folder Structure
- `root/`: Application source code served by Apache.
- `index.php`: Single endpoint returning `REMOTE_ADDR` as JSON.
- `.gitea/workflows/`: Gitea Actions CI pipelines.
- `docker-build.yaml`: Build and push Docker image to Docker Hub on push/PR to master + daily cron.
- `Dockerfile`: Multi-stage build extending `jcabillot/phpapache` base image, copies `root/` into `/var/www/html`.
- `.gitlab-ci.yml`: Legacy GitLab CI config (deprecated, replaced by Gitea Actions).
- `Jenkinsfile`: Legacy Jenkins pipeline (deprecated, replaced by Gitea Actions).
## 3. Core Behaviors & Patterns
- **Request/Response Flow**: Single PHP endpoint sets `Content-Type: application/json` header and returns `$_SERVER['REMOTE_ADDR']` encoded as JSON string. No routing, no framework, no state.
- **Container Base Image Pattern**: `Dockerfile` uses `ARG VERSION="latest"` to allow version pinning at build time, extends `jcabillot/phpapache` which provides PHP + Apache pre-configured. Application code is layered on top via `COPY root /var/www/html`.
- **Traefik IngressRoute with HTTPS Redirect**: Two IngressRoute resources handle traffic — `ip-websecure` serves HTTPS on the `websecure` entrypoint, `ip-web` catches HTTP on `web` entrypoint and applies a `redirectScheme` middleware for permanent HTTPS redirect. The Service reference in the HTTP IngressRoute is required by Traefik even though the middleware intercepts before reaching it.
- **Health Probes**: Deployment defines both `livenessProbe` and `readinessProbe` using `httpGet` on `/` at the named `http` port (8080). Kubernetes uses these to restart unhealthy pods and exclude unready pods from the Service endpoints.
- **Security Hardening**: Pod spec sets `automountServiceAccountToken: false` to prevent unnecessary Kubernetes API access from the container.
## 4. Conventions
- **Kubernetes Labels**: Pods use `app: "front"` for Service selector matching and `owner: "jcabillot"` for resource attribution. Deployment-level labels use `app: "front"`.
- **Named Ports**: Container port is named `http` (8080) and referenced by name in probes and Service targetPort, avoiding hardcoded port numbers.
- **Docker Image Tagging**: CI uses `docker/metadata-action` to generate tags — `latest` for master branch pushes, branch/PR/SHA tags for other events. Push is skipped on pull requests.
- **CI Secrets**: Docker Hub credentials are stored as Gitea Actions secrets (`DOCKERHUB_USERNAME`, `DOCKERHUB_TOKEN`), never hardcoded.
tests/test.sh
Executable
+72
View File
@@ -0,0 +1,72 @@
#!/usr/bin/env bash
set -euo pipefail
IMAGE="${1:?Usage: test.sh <image>}"
CONTAINER_NAME="test-$(echo "$IMAGE" | tr ':/' '-')-$$"
PASSED=0
FAILED=0
TOTAL=0
cleanup() {
docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true
}
trap cleanup EXIT
assert() {
local name="$1" expected="$2" actual="$3"
TOTAL=$((TOTAL + 1))
if [ "$expected" = "$actual" ]; then
echo " PASS: $name"
PASSED=$((PASSED + 1))
else
echo " FAIL: $name (expected: '$expected', got: '$actual')"
FAILED=$((FAILED + 1))
fi
}
assert_match() {
local name="$1" pattern="$2" actual="$3"
TOTAL=$((TOTAL + 1))
if echo "$actual" | grep -qE "$pattern"; then
echo " PASS: $name"
PASSED=$((PASSED + 1))
else
echo " FAIL: $name (pattern: '$pattern', got: '$actual')"
FAILED=$((FAILED + 1))
fi
}
echo "Running container: $IMAGE"
docker run -d --name "$CONTAINER_NAME" -p 8080:8080 "$IMAGE" >/dev/null
DOCKER_GW=$(docker network inspect bridge --format '{{range .IPAM.Config}}{{.Gateway}}{{end}}')
BASE_URL="http://${DOCKER_GW}:8080"
echo "Waiting for container on ${DOCKER_GW}:8080..."
for i in $(seq 1 30); do
if curl -sf "$BASE_URL/" >/dev/null 2>&1; then
echo "Container ready after ${i}s"
break
fi
if [ "$i" -eq 30 ]; then
echo "FAIL: Container did not become ready within 30s"
docker logs "$CONTAINER_NAME"
exit 1
fi
sleep 1
done
echo ""
echo "Test: GET /"
RESPONSE=$(curl -sf -D - "$BASE_URL/")
STATUS=$(echo "$RESPONSE" | head -1 | grep -oP '\d{3}')
CONTENT_TYPE=$(echo "$RESPONSE" | grep -i 'content-type' | tr -d '\r' | cut -d: -f2- | xargs)
BODY=$(echo "$RESPONSE" | tail -1)
assert "HTTP status is 200" "200" "$STATUS"
assert_match "Content-Type is application/json" "application/json" "$CONTENT_TYPE"
assert_match "Body contains valid IP" '^(\"[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\"|\"[0-9a-fA-F:]+\")$' "$BODY"
echo ""
echo "Results: $PASSED/$TOTAL passed, $FAILED failed"
[ "$FAILED" -eq 0 ]