fix: return HTTP 503 on fatal bootstrap error in index.php

Uncaught exceptions thrown during bootstrap (before Symfony starts)
produced a PHP fatal error page with HTTP 200. Narrow the try-catch
to only the env validation block so monitoring systems receive a 503
JSON response consistent with the monitor-bundle DOWN format, without
interfering with response sending or kernel termination.

Closes #1936

Author: kayjoosten

public/index.php

@@ -6,16 +6,29 @@
 
 require dirname(__DIR__).'/vendor/autoload.php';
 
-// Validate required envs
-if (!isset($_ENV['APP_ENV'])) {
-    throw new RuntimeException('APP_ENV environment variable is not defined.');
-}
-if (!isset($_ENV['APP_SECRET']) || trim($_ENV['APP_SECRET']) === '') {
-    throw new \RuntimeException('APP_SECRET is missing or empty. Set it in your environment configuration.');
-}
-if ($_ENV['APP_ENV'] === 'prod' && strlen($_ENV['APP_SECRET']) < 32) {
-    throw new \RuntimeException('APP_SECRET must be at least 32 characters long in production.');
+try {
+    // Validate required envs
+    if (!isset($_ENV['APP_ENV'])) {
+        throw new RuntimeException('APP_ENV environment variable is not defined.');
+    }
+    if (!isset($_ENV['APP_SECRET']) || trim($_ENV['APP_SECRET']) === '') {
+        throw new \RuntimeException('APP_SECRET is missing or empty. Set it in your environment configuration.');
+    }
+    if ($_ENV['APP_ENV'] === 'prod' && strlen($_ENV['APP_SECRET']) < 32) {
+        throw new \RuntimeException('APP_SECRET must be at least 32 characters long in production.');
+    }
+} catch (\Throwable $e) {
+    http_response_code(503);
+    header('Content-Type: application/json');
+    $body = ['status' => 'DOWN'];
+    if (trim($e->getMessage()) !== '') {
+        $body['message'] = $e->getMessage();
+    }
+    error_log($e->getMessage());
+    echo json_encode($body) ?: '{"status":"DOWN"}';
+    exit;
 }
+
 $debug = filter_var($_ENV['APP_DEBUG'], FILTER_VALIDATE_BOOLEAN);
 
 if ($debug) {

tests/functional/OpenConext/EngineBlockBundle/Controller/MonitorControllerTest.php

@@ -50,4 +50,19 @@ public function internal_health_returns_json()
         $json = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
         $this->assertSame(['status' => 'UP'], $json);
     }
+
+    #[Test]
+    #[Group('Monitor')]
+    public function health_returns_json(): void
+    {
+        $client = self::createClient();
+        $client->request('GET', 'https://engine.dev.openconext.local/health');
+
+        $response = $client->getResponse();
+        $this->assertEquals(Response::HTTP_OK, $response->getStatusCode());
+        $this->assertJson($response->getContent());
+
+        $json = json_decode($response->getContent(), true, 512, JSON_THROW_ON_ERROR);
+        $this->assertSame(['status' => 'UP'], $json);
+    }
 }