Build swoole from source without stdext to unblock JIT#71
Conversation
Swap base image from phpswoole/swoole (which forces --enable-swoole-stdext) to php:8.5-alpine pinned by digest, and build swoole 6.2.0 in-tree without stdext. stdext registers user opcode handlers (ZEND_INIT_METHOD_CALL etc.) that opcache's JIT compatibility check rejects, forcing JIT off in downstream images — this lets downstream re-enable JIT. Swoole configure flags: drop --enable-swoole-ftp and --with-swoole-ssh2; add --enable-openssl/--with-openssl-dir=/usr and --enable-cares. Other changes bundled in: - /artifacts pattern in each builder stage replaces hardcoded PHP_BUILD_DATE paths, so the Dockerfile no longer needs to know PHP's module-API date. - Parallel make: make -j"\$(nproc)" everywhere, MAKEFLAGS for pecl, -j for docker-php-ext-install. Builds 4-8x faster on multi-core CI. - Drop apk upgrade in both stages — undermines the digest pin. CVEs are patched by bumping the base digest deliberately. - Drop dead $TZ/etc/localtime lines (TZ was never set, symlink was broken). - docker-php-ext-install sockets moved to compile stage (build-time prereq for swoole; previously rebuilt in core-extensions). - Comment + style cleanup across builder stages. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Greptile SummaryThis PR swaps the pre-built Confidence Score: 5/5Safe to merge; the Dockerfile refactor is well-structured with no logic errors, and the only finding is a P2 test-coverage gap for the new Swoole compile flags. No P0 or P1 issues found. Runtime dependency chain for the newly-compiled Swoole (OpenSSL via base image, c-ares and brotli/zstd via explicit apk installs) is complete. Extension load ordering (sockets before swoole) is correct alphabetically. The /artifacts glob pattern has no naming collisions across stages. The single P2 comment is a test-coverage suggestion that doesn't affect correctness. No files require special attention. Important Files Changed
Reviews (3): Last reviewed commit: "Bump container-structure PHP assertion t..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
php:8.5-alpine ships 8.5.5; the old phpswoole base was on 8.5.4. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 participant
Summary
phpswoole/swoole:6.2.0-php8.5-alpinetophp:8.5-alpine(pinned by digest) and build swoole 6.2.0 from source without--enable-swoole-stdext. stdext registers user opcode handlers that opcache's JIT compatibility check rejects, silently forcing JIT off in downstream images. This change lets downstream re-enable JIT.--enable-swoole-ftpand--with-swoole-ssh2; add--enable-openssl/--with-openssl-dir=/usrand--enable-cares.make -j"$(nproc)",/artifactspattern eliminatesPHP_BUILD_DATEcoupling, dropapk upgrade(undermined digest pin), drop dead$TZ//etc/localtimelines, comment/style cleanup.Test plan
docker build --target final -t appwrite/base:swoole-test .succeedsphp -r 'echo SWOOLE_VERSION;'→6.2.0nm -D swoole.so | grep stdext_minit→ empty (stdext absent)php -d opcache.enable_cli=1 -d opcache.jit=tracing -d opcache.jit_buffer_size=64M -r 'var_dump(opcache_get_status()["jit"]["enabled"]);'→bool(true)(infinalstage)php --ri swooleconfirmsopenssl => OpenSSL 3.5.6,c-ares => 1.34.6are linked; noftp/ssh2tests.yaml,tests-xdebug.yaml) pass against the rebuilt image🤖 Generated with Claude Code