feat: add health check endpoints for API readiness and health status

Author: juliankoehn

.github/workflows/release-cd.yml

@@ -0,0 +1,57 @@
+name: Release CD Version
+
+on:
+  workflow_call:
+    inputs:
+      VERSION:
+        description: "The version of the Helm chart to release"
+        required: true
+        type: string
+
+env:
+    OPS_REPO: kopexa-grc/envs
+    IMAGE_NAME: ghcr.io/kopexa-grc/docs
+    DOCKER_PLATFORM: linux/amd64
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Validate input version
+        env:
+          INPUT_VERSION: ${{ inputs.VERSION }}
+        run: |
+          set -euo pipefail
+          # Validate input version format (expects clean semver without 'v' prefix)
+          if [[ ! "$INPUT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "❌ Error: Invalid version format. Must be clean semver (e.g., 1.2.3, 1.2.3-alpha)"
+            echo "Expected: clean version without 'v' prefix"
+            echo "Provided: $INPUT_VERSION"
+            exit 1
+          fi
+
+          # Store validated version in environment variable
+          echo "VERSION<<EOF" >> $GITHUB_ENV
+          echo "$INPUT_VERSION"
+          
+      - name: Trigger GitOps Update (dev)
+        uses: peter-evans/repository-dispatch@v3
+        with:
+          token: ${{ secrets.KOPEXA_CLOUD_REPO_ACCESS_TOKEN }}
+          repository: ${{ env.OPS_REPO }}
+          event-type: update-docs-image
+          client-payload: '{"image": "${{ env.IMAGE_NAME }}:${{ inputs.VERSION }}", "environment": "platform-iac"}'

.github/workflows/release.yml

@@ -17,4 +17,13 @@ jobs:
     uses: ./.github/workflows/release-docker-github.yml
     secrets: inherit
     with:
-      IS_PRERELEASE: ${{ github.event.release.prerelease }}
+      IS_PRERELEASE: ${{ github.event.release.prerelease }}
+
+  devops-release:
+    name: Push Tag to DevOps
+    uses: ./.github/workflows/release-cd.yml
+    secrets: inherit
+    needs:
+      - docker-build
+    with:
+      VERSION: ${{ needs.docker-build.outputs.VERSION }}

src/app/api/healthz/route.ts

@@ -0,0 +1,22 @@
+import type { NextRequest } from "next/server";
+
+export const dynamic = "force-dynamic";
+
+export function GET(_req: NextRequest) {
+	return new Response("ok", {
+		status: 200,
+		headers: {
+			"content-type": "text/plain; charset=utf-8",
+			"cache-control": "no-store",
+		},
+	});
+}
+
+export function HEAD(_req: NextRequest) {
+	return new Response(null, {
+		status: 200,
+		headers: {
+			"cache-control": "no-store",
+		},
+	});
+}

src/app/api/readyz/route.ts

@@ -0,0 +1,23 @@
+import type { NextRequest } from "next/server";
+
+export const dynamic = "force-dynamic";
+
+// In the future, add checks here (e.g., required env vars, ability to read content directory)
+export function GET(_req: NextRequest) {
+	return new Response("ready", {
+		status: 200,
+		headers: {
+			"content-type": "text/plain; charset=utf-8",
+			"cache-control": "no-store",
+		},
+	});
+}
+
+export function HEAD(_req: NextRequest) {
+	return new Response(null, {
+		status: 200,
+		headers: {
+			"cache-control": "no-store",
+		},
+	});
+}