feat: add health check endpoint and Docker HEALTHCHECK#1
Merged
Conversation
Add GET /healthz endpoint that returns 200 OK without authentication or IP checks, intended for container orchestrators. Add a "healthcheck" subcommand to the binary that probes /healthz, used as the Dockerfile HEALTHCHECK since the scratch image has no shell or curl. The subcommand respects LISTEN_ADDR to derive the correct port.
There was a problem hiding this comment.
Pull request overview
Adds a lightweight readiness endpoint and container-level health probing so orchestrators can verify the proxy is up without needing auth/IP allowlisting.
Changes:
- Add unauthenticated
GET /healthzendpoint returning200 OKand rejecting non-GET methods. - Add
healthchecksubcommand used by DockerHEALTHCHECKto probe/healthzfrom a scratch-based image. - Update tests and implementation plan to cover/mark the new health endpoint behavior.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/proxy/handler.go | Registers new /healthz route on the main mux. |
| internal/proxy/handler_test.go | Adds unit tests validating /healthz behavior and auth bypass. |
| IMPLEMENTATION_PLAN.md | Marks health endpoint + Docker healthcheck tasks as complete. |
| Dockerfile | Adds Docker HEALTHCHECK invoking /proxy healthcheck. |
| cmd/proxy/main.go | Implements healthcheck subcommand and dispatch logic in main(). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add 2s HTTP client timeout to the healthcheck subcommand instead of relying solely on Docker's HEALTHCHECK timeout. Add tests covering success, unreachable server, non-200 response, custom LISTEN_ADDR, and invalid address parsing.
Prevents flaky test by ensuring the server is accepting connections before the healthcheck probe runs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GET /healthzendpoint that returns200 OKwithout authentication or IP checks, for container orchestratorshealthchecksubcommand to the binary, used as the DockerfileHEALTHCHECK(scratch image has no shell/curl)LISTEN_ADDRto derive the correct portTest plan
go test ./... -coverpasses (97.6% coverage on internal/proxy)go vet ./...cleanhealthystatus