This PR uses `zend_array_dup` to simplify and optimize the environment sandboxing
logic. It also guarantees no environment leakage on FrankenPHP restarts.
Bumps the go-modules group with 3 updates in the /caddy directory:
[github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic),
[github.com/dunglas/mercure](https://github.com/dunglas/mercure) and
[github.com/dunglas/mercure/caddy](https://github.com/dunglas/mercure).
Updates `github.com/caddyserver/certmagic` from 0.25.0 to 0.25.1
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d2a72863e6"><code>d2a7286</code></a>
Upgrade dependencies, esp. zerossl</li>
<li><a
href="20b57b0b0d"><code>20b57b0</code></a>
Bump golang.org/x/crypto from 0.41.0 to 0.45.0 (<a
href="https://redirect.github.com/caddyserver/certmagic/issues/358">#358</a>)</li>
<li><a
href="80e9a59765"><code>80e9a59</code></a>
Explicitly allow small RSA key sizes for testing</li>
<li><a
href="d66689d310"><code>d66689d</code></a>
Add TryLock for use with optional tasks like ARI updates to reduce lock
conte...</li>
<li><a
href="aba1313fdf"><code>aba1313</code></a>
Fix edge case panic in case of repeated account recreation failure (fix
<a
href="https://redirect.github.com/caddyserver/certmagic/issues/354">#354</a>)</li>
<li><a
href="14972fd692"><code>14972fd</code></a>
Don't log about OCSP when disabled (Fixes <a
href="https://redirect.github.com/caddyserver/certmagic/issues/353">#353</a>)</li>
<li>See full diff in <a
href="https://github.com/caddyserver/certmagic/compare/v0.25.0...v0.25.1">compare
view</a></li>
</ul>
</details>
<br />
Updates `github.com/dunglas/mercure` from 0.21.4 to 0.21.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dunglas/mercure/releases">github.com/dunglas/mercure's
releases</a>.</em></p>
<blockquote>
<h2>helm-chart-0.21.5</h2>
<p>A Helm chart to install a Mercure Hub in a Kubernetes cluster.
Mercure is a protocol to push data updates to web browsers and other
HTTP clients in a convenient, fast, reliable and battery-efficient
way.</p>
<h2>v0.21.5</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: prevent context cancellation for critical write by <a
href="https://github.com/dunglas"><code>@dunglas</code></a> in <a
href="https://redirect.github.com/dunglas/mercure/pull/1151">dunglas/mercure#1151</a></li>
<li>chore: bump deps by <a
href="https://github.com/dunglas"><code>@dunglas</code></a> in <a
href="https://redirect.github.com/dunglas/mercure/pull/1152">dunglas/mercure#1152</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dunglas/mercure/compare/v0.21.4...v0.21.5">https://github.com/dunglas/mercure/compare/v0.21.4...v0.21.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="142944de73"><code>142944d</code></a>
chore: prepare release 0.21.5</li>
<li><a
href="124f2f86c4"><code>124f2f8</code></a>
ci: bump io.gatling:gatling-maven-plugin in /gatling</li>
<li><a
href="e444581233"><code>e444581</code></a>
chore: bump deps (<a
href="https://redirect.github.com/dunglas/mercure/issues/1152">#1152</a>)</li>
<li><a
href="aa6539d075"><code>aa6539d</code></a>
fix: prevent context cancellation for critical write (<a
href="https://redirect.github.com/dunglas/mercure/issues/1151">#1151</a>)</li>
<li><a
href="19b3850840"><code>19b3850</code></a>
ci: bump actions/upload-artifact from 5 to 6</li>
<li><a
href="4c684fef3f"><code>4c684fe</code></a>
ci: bump net.alchim31.maven:scala-maven-plugin in /gatling</li>
<li>See full diff in <a
href="https://github.com/dunglas/mercure/compare/v0.21.4...v0.21.5">compare
view</a></li>
</ul>
</details>
<br />
Updates `github.com/dunglas/mercure/caddy` from 0.21.4 to 0.21.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dunglas/mercure/releases">github.com/dunglas/mercure/caddy's
releases</a>.</em></p>
<blockquote>
<h2>helm-chart-0.21.5</h2>
<p>A Helm chart to install a Mercure Hub in a Kubernetes cluster.
Mercure is a protocol to push data updates to web browsers and other
HTTP clients in a convenient, fast, reliable and battery-efficient
way.</p>
<h2>v0.21.5</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: prevent context cancellation for critical write by <a
href="https://github.com/dunglas"><code>@dunglas</code></a> in <a
href="https://redirect.github.com/dunglas/mercure/pull/1151">dunglas/mercure#1151</a></li>
<li>chore: bump deps by <a
href="https://github.com/dunglas"><code>@dunglas</code></a> in <a
href="https://redirect.github.com/dunglas/mercure/pull/1152">dunglas/mercure#1152</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dunglas/mercure/compare/v0.21.4...v0.21.5">https://github.com/dunglas/mercure/compare/v0.21.4...v0.21.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="142944de73"><code>142944d</code></a>
chore: prepare release 0.21.5</li>
<li><a
href="124f2f86c4"><code>124f2f8</code></a>
ci: bump io.gatling:gatling-maven-plugin in /gatling</li>
<li><a
href="e444581233"><code>e444581</code></a>
chore: bump deps (<a
href="https://redirect.github.com/dunglas/mercure/issues/1152">#1152</a>)</li>
<li><a
href="aa6539d075"><code>aa6539d</code></a>
fix: prevent context cancellation for critical write (<a
href="https://redirect.github.com/dunglas/mercure/issues/1151">#1151</a>)</li>
<li><a
href="19b3850840"><code>19b3850</code></a>
ci: bump actions/upload-artifact from 5 to 6</li>
<li><a
href="4c684fef3f"><code>4c684fe</code></a>
ci: bump net.alchim31.maven:scala-maven-plugin in /gatling</li>
<li>See full diff in <a
href="https://github.com/dunglas/mercure/compare/v0.21.4...v0.21.5">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This one is interesting — though I’m not sure the best way to provide a
test. I will have to look into maybe an integration test because it is a
careful dance between how we resolve paths in the Caddy module vs.
workers. I looked into making a proper change (literally using the same
logic everywhere), but I think it is best to wait until #1646 is merged.
But anyway, this change deals with some interesting edge cases. I will
use gherkin to describe them:
```gherkin
Feature: FrankenPHP symlinked edge cases
Background:
Given a `test` folder
And a `public` folder linked to `test`
And a worker script located at `test/index.php`
And a `test/nested` folder
And a worker script located at `test/nested/index.php`
Scenario: neighboring worker script
Given frankenphp located in the test folder
When I execute `frankenphp php-server --listen localhost:8080 -w index.php` from `public`
Then I expect to see the worker script executed successfully
Scenario: nested worker script
Given frankenphp located in the test folder
When I execute `frankenphp --listen localhost:8080 -w nested/index.php` from `public`
Then I expect to see the worker script executed successfully
Scenario: outside the symlinked folder
Given frankenphp located in the root folder
When I execute `frankenphp --listen localhost:8080 -w public/index.php` from the root folder
Then I expect to see the worker script executed successfully
Scenario: specified root directory
Given frankenphp located in the root folder
When I execute `frankenphp --listen localhost:8080 -w public/index.php -r public` from the root folder
Then I expect to see the worker script executed successfully
```
Trying to write that out in regular English would be more complex IMHO.
These scenarios should all pass now with this PR.
---------
Signed-off-by: Marc <m@pyc.ac>
Co-authored-by: henderkes <m@pyc.ac>
Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
This patch brings hot reloading capabilities to PHP apps: in
development, the browser will automatically refresh the page when any
source file changes!
It's similar to HMR in JavaScript.
It is built on top of [the watcher
mechanism](https://frankenphp.dev/docs/config/#watching-for-file-changes)
and of the [Mercure](https://frankenphp.dev/docs/mercure/) integration.
Each time a watched file is modified, a Mercure update is sent, giving
the ability to the client to reload the page, or part of the page
(assets, images...).
Here is an example implementation:
```caddyfile
root ./public
mercure {
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY}
anonymous
}
php_server {
hot_reload
}
```
```php
<?php
header('Content-Type: text/html');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Test</title>
<script>
const es = new EventSource('<?=$_SERVER['FRANKENPHP_HOT_RELOAD']?>');
es.onmessage = () => location.reload();
</script>
</head>
<body>
Hello
```
I plan to create a helper JS library to handle more advanced cases
(reloading CSS, JS, etc), similar to [HotWire
Spark](https://github.com/hotwired/spark). Be sure to attend my
SymfonyCon to learn more!
There is still room for improvement:
- Provide an option to only trigger the update without reloading the
worker for some files (ex, images, JS, CSS...)
- Support classic mode (currently, only the worker mode is supported)
- Don't reload all workers when only the files used by one change
However, this PR is working as-is and can be merged as a first step.
This patch heavily refactors the watcher module. Maybe it will be
possible to extract it as a standalone library at some point (would be
useful to add a similar feature but not tight to PHP as a Caddy module).
---------
Signed-off-by: Kévin Dunglas <kevin@dunglas.fr>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* delete source/downloads after building in script, not in dockerfile
* add editorconfig
* eol
* cs fix
* added \n there
* we expect Hello\n
* Change tab width for shell scripts to 4 spaces
* bring back embed comment
