pass certificate path to healthcheck by reference

Paraphraser · Paraphraser · commit 8a3569bc9b9d · 2025-05-02T10:00:42.000+10:00
Using the [`CMD-SHELL`](https://docs.docker.com/reference/compose-file/services/#healthcheck) form of the `healthcheck` test allows for passing the variable **name** `GITEA__server__CERT_FILE` to the check. The `$$` prefix stops docker compose from trying to substitute the variable name at "up" time. The variable will be substituted at run time, which means it will take on the **value** of that variable as specified in the `environment` clause in the service definition. This approach will automatically keep the health check in sync with the value of the environment variable (ie reducing the likelihood of any mismatch if the user "gets creative" with certificate generation). Signed-off-by: Phill Kelley <34226495+Paraphraser@users.noreply.github.com>
diff --git a/.templates/gitea/service.yml b/.templates/gitea/service.yml
@@ -20,8 +20,8 @@ gitea:
     - GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY}
     - GITEA__security__INTERNAL_TOKEN=${GITEA_INTERNAL_TOKEN}
   healthcheck:
-    test: ["CMD", "curl", "-sf4", "-o", "/dev/null", "http://gitea:3000"]
-  # test: ["CMD", "curl", "-sf4", "--cacert", "/data/git/cert.pem", "-o", "/dev/null", "https://gitea:3000"]
+    test: ["CMD-SHELL", "curl -sf4 -o /dev/null http://gitea:3000"]
+  # test: ["CMD-SHELL", "curl -sf4 --cacert $$GITEA__server__CERT_FILE -o /dev/null https://gitea:3000"]
     interval: 30s
     timeout: 10s
     retries: 5
diff --git a/docs/Containers/Gitea.md b/docs/Containers/Gitea.md
@@ -131,16 +131,16 @@ Environment variables need to be set in several stages:
 
 		``` yaml
 		healthcheck:
-		  test: ["CMD", "curl", "-sf4", "-o", "/dev/null", "http://gitea:3000"]
-		# test: ["CMD", "curl", "-sf4", "--cacert", "/data/git/cert.pem", "-o", "/dev/null", "https://gitea:3000"]
+		  test: ["CMD-SHELL", "curl -sf4 -o /dev/null http://gitea:3000"]
+		# test: ["CMD-SHELL", "curl -sf4 --cacert $$GITEA__server__CERT_FILE -o /dev/null https://gitea:3000"]
 		```
 
 		In other words, the final result should look like this:
 
 		``` yaml
 		healthcheck:
-		# test: ["CMD", "curl", "-sf4", "-o", "/dev/null", "http://gitea:3000"]
-		  test: ["CMD", "curl", "-sf4", "--cacert", "/data/git/cert.pem", "-o", "/dev/null", "https://gitea:3000"]
+		# test: ["CMD-SHELL", "curl -sf4 -o /dev/null http://gitea:3000"]
+		  test: ["CMD-SHELL", "curl -sf4 --cacert $$GITEA__server__CERT_FILE -o /dev/null https://gitea:3000"]
 		```
 
 	- Tell Gitea to enable HTTPS:
@@ -163,7 +163,7 @@ Environment variables need to be set in several stages:
 	* The certificate has a one-year lifetime. It can be regenerated at any time by re-running the command provided earlier. You could, for example, embed it in a `cron` job, like this:
 
 		``` crontab
-		5    0     1    1,7  *   docker exec gitea bash -c 'cd /data/git ; gitea cert --host gitea' >/dev/null 2>&1
+		5  0  1  1,7  *  docker exec gitea bash -c 'cd /data/git ; gitea cert --host gitea' >/dev/null 2>&1
 		```
 
 		In words, run the command "at five minutes after midnight on the first of January and the first of July".
