From 0813f468a6fb6b5610707ee986454b741ed4a1ea Mon Sep 17 00:00:00 2001
From: supahgreg <supahgreg@users.noreply.github.com>
Date: Sat, 11 Oct 2025 03:53:34 +0000
Subject: Address 'JSONArgsRecommended' warning for app image.

https://docs.docker.com/reference/build-checks/json-args-recommended/
---
 .docker/app/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.docker/app/Dockerfile b/.docker/app/Dockerfile
index 4abd0f3cd..9805b28f0 100644
--- a/.docker/app/Dockerfile
+++ b/.docker/app/Dockerfile
@@ -100,4 +100,4 @@ ENV TTRSS_DB_PORT="5432"
 ENV TTRSS_PHP_EXECUTABLE="/usr/bin/php${PHP_SUFFIX}"
 ENV TTRSS_PLUGINS="auth_internal, note, nginx_xaccel"
 
-CMD ${SCRIPT_ROOT}/startup.sh
+CMD ["/bin/sh", "-c", "${SCRIPT_ROOT}/startup.sh"]
-- 
cgit v1.2.3-54-g00ecf


From 72085a217679fe5fa228712083efaf770e7fa6b1 Mon Sep 17 00:00:00 2001
From: supahgreg <supahgreg@users.noreply.github.com>
Date: Sat, 11 Oct 2025 03:54:36 +0000
Subject: Add a 'Docker Code Quality' GitHub workflow.

Initially just checks that the 'Dockerfile' files are valid.
---
 .github/workflows/docker-code-quality.yml | 39 +++++++++++++++++++++++++++++++
 .github/workflows/publish.yml             |  4 ++++
 2 files changed, 43 insertions(+)
 create mode 100644 .github/workflows/docker-code-quality.yml

diff --git a/.github/workflows/docker-code-quality.yml b/.github/workflows/docker-code-quality.yml
new file mode 100644
index 000000000..e96baf281
--- /dev/null
+++ b/.github/workflows/docker-code-quality.yml
@@ -0,0 +1,39 @@
+name: Docker Code Quality
+
+on:
+  pull_request:
+    paths:
+    - '.docker/**'
+  # Allow manual triggering
+  workflow_dispatch:
+  # Allow other workflows (e.g. Publish) to invoke this one.
+  workflow_call:
+
+
+permissions:
+  contents: read
+
+
+jobs:
+  check:
+    name: Check Docker image ${{ matrix.image.name }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+        - name: app
+          dockerfile: ./.docker/app/Dockerfile
+        - name: web-nginx
+          dockerfile: ./.docker/web-nginx/Dockerfile
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v5
+
+    - name: Validate configuration
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        file: ${{ matrix.image.dockerfile }}
+        call: check
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 1ef46b631..1a5e19e22 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -24,12 +24,16 @@ permissions:
 
 
 jobs:
+  test-docker:
+    uses: ./.github/workflows/docker-code-quality.yml
+
   test-php:
     uses: ./.github/workflows/php-code-quality.yml
 
   publish:
     name: Publish Docker image ${{ matrix.image.name }}
     needs:
+    - test-docker
     - test-php
     runs-on: ubuntu-latest
     permissions:
-- 
cgit v1.2.3-54-g00ecf


From a38fc031f016aeb36d4eadf9ec6ca1a21ef66768 Mon Sep 17 00:00:00 2001
From: supahgreg <supahgreg@users.noreply.github.com>
Date: Sat, 11 Oct 2025 04:43:32 +0000
Subject: web-nginx image: fix undefined var errors, improve healthcheck.

Previously the healthcheck wouldn't respect an 'APP_BASE' env var override at runtime.  This also sets some HEALTHCHECK+curl options.
---
 .docker/web-nginx/Dockerfile | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/.docker/web-nginx/Dockerfile b/.docker/web-nginx/Dockerfile
index 3c7b42e2d..d9f99c56c 100644
--- a/.docker/web-nginx/Dockerfile
+++ b/.docker/web-nginx/Dockerfile
@@ -1,29 +1,36 @@
 FROM nginx:1.29.2-alpine
 
-HEALTHCHECK CMD curl --fail http://localhost${APP_BASE}/index.php || exit 1
-
-COPY .docker/web-nginx/nginx.conf /etc/nginx/templates/nginx.conf.template
+ARG APP_UPSTREAM=app
+ARG APP_FASTCGI_PASS=\$backend
+ARG APP_WEB_ROOT=/var/www/html
+ARG APP_BASE=/tt-rss
+ARG RESOLVER=127.0.0.11
 
 # By default, nginx will send the php requests to "app" server, but this server
 # name can be overridden at runtime by passing an APP_UPSTREAM env var
-ENV APP_UPSTREAM=${APP_UPSTREAM:-app}
-ENV APP_FASTCGI_PASS="${APP_FASTCGI_PASS:-\$backend}"
+ENV APP_UPSTREAM=${APP_UPSTREAM}
+ENV APP_FASTCGI_PASS="${APP_FASTCGI_PASS}"
 
-# Webroot (defaults to /var/www/html)
-ENV APP_WEB_ROOT=${APP_WEB_ROOT:-/var/www/html}
+# Web root (defaults to /var/www/html)
+ENV APP_WEB_ROOT=${APP_WEB_ROOT}
 
 # Base location for tt-rss (defaults to /tt-rss)
-ENV APP_BASE=${APP_BASE:-/tt-rss}
+ENV APP_BASE=${APP_BASE}
 
-# Resolver for nginx (kube-dns.kube-system.svc.cluster.local for k8s)
-ENV RESOLVER=${RESOLVER:-127.0.0.11}
-
-# In order to make tt-rss appear on website root without /tt-rss/ set above as follows in .env:
+# NOTE: In order to make tt-rss appear on website root without /tt-rss/ set the following in .env:
 # APP_WEB_ROOT=/var/www/html/tt-rss
 # APP_BASE=
 
+# Resolver for nginx (kube-dns.kube-system.svc.cluster.local for k8s)
+ENV RESOLVER=${RESOLVER}
+
 # It's necessary to set the following NGINX_ENVSUBST_OUTPUT_DIR env var to tell
 # nginx to replace the env vars of /etc/nginx/templates/nginx.conf.template
 # and put the result in /etc/nginx/nginx.conf (instead of /etc/nginx/conf.d/nginx.conf)
 # See https://github.com/docker-library/docs/tree/master/nginx#using-environment-variables-in-nginx-configuration-new-in-119
 ENV NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx
+
+COPY .docker/web-nginx/nginx.conf /etc/nginx/templates/nginx.conf.template
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+  CMD ["sh", "-c", "curl --fail --silent --show-error \"http://localhost${APP_BASE}/index.php\" || exit 1"]
-- 
cgit v1.2.3-54-g00ecf