web/ip
5
0
Fork 0
Code Issues 1 Pull Requests Actions Releases Wiki Activity
Files
37cf75f7b07229753c0593fa768a8cfba0cc7294
ip/AGENTS.md
T
Hermes Agent 4e10bdc92d
PR Checks / hadolint (pull_request) Successful in 20s
Details
PR Checks / build-test (pull_request) Successful in 20s
Details
fix: remove obsolete jcabillot/phpapache references 
- Delete renovate.json: custom manager for jcabillot/phpapache ARG VERSION
  is obsolete since migration to dunglas/frankenphp.
- Update AGENTS.md: reflect FrankenPHP/Caddy base image, /app/public,
  no ARG VERSION, fixed tag.
2026-06-29 19:32:35 +00:00

2.8 KiB
Raw Blame History

AGENTS.md

1. Overview

Lightweight PHP micro-service that returns the client's public IP address as JSON. Containerized with Docker and deployed on Kubernetes.

2. Folder Structure

  • root/: Application source code served by FrankenPHP/Caddy.
    • index.php: Single endpoint returning REMOTE_ADDR as JSON.
  • Caddyfile: FrankenPHP/Caddy web server configuration — PHP handler on :8080 with try_files + php_server.
  • .gitea/workflows/: Gitea Actions CI pipelines.
    • docker-build.yaml: Build and push Docker image to Docker Hub on push/PR to master + daily cron.
  • Dockerfile: Single-stage build from dunglas/frankenphp:1-php8.5-alpine, copies root/ into /app/public.
  • .gitlab-ci.yml: Legacy GitLab CI config (deprecated, replaced by Gitea Actions).
  • Jenkinsfile: Legacy Jenkins pipeline (deprecated, replaced by Gitea Actions).

3. Core Behaviors & Patterns

  • Request/Response Flow: Single PHP endpoint sets Content-Type: application/json header and returns $_SERVER['REMOTE_ADDR'] encoded as JSON string. No routing, no framework, no state.
  • Container Base Image Pattern: Dockerfile is a single-stage build from a fixed dunglas/frankenphp:1-php8.5-alpine tag (Alpine-based FrankenPHP with Caddy). No ARG VERSION — the tag is pinned, Renovate auto-detects it. Application code is layered via COPY root /app/public. FrankenPHP provides PHP + Caddy pre-configured.
  • Traefik IngressRoute with HTTPS Redirect: Two IngressRoute resources handle traffic — ip-websecure serves HTTPS on the websecure entrypoint, ip-web catches HTTP on web entrypoint and applies a redirectScheme middleware for permanent HTTPS redirect. The Service reference in the HTTP IngressRoute is required by Traefik even though the middleware intercepts before reaching it.
  • Health Probes: Deployment defines both livenessProbe and readinessProbe using httpGet on / at the named http port (8080). Kubernetes uses these to restart unhealthy pods and exclude unready pods from the Service endpoints.
  • Security Hardening: Pod spec sets automountServiceAccountToken: false to prevent unnecessary Kubernetes API access from the container.

4. Conventions

  • Kubernetes Labels: Pods use app: "front" for Service selector matching and owner: "jcabillot" for resource attribution. Deployment-level labels use app: "front".
  • Named Ports: Container port is named http (8080) and referenced by name in probes and Service targetPort, avoiding hardcoded port numbers.
  • Docker Image Tagging: CI uses docker/metadata-action to generate tags — latest for master branch pushes, branch/PR/SHA tags for other events. Push is skipped on pull requests.
  • CI Secrets: Docker Hub credentials are stored as Gitea Actions secrets (DOCKERHUB_USERNAME, DOCKERHUB_TOKEN), never hardcoded.
Reference in New Issue View Git Blame Copy Permalink