Open
Conversation
…gured-multisite Exempt from `is-installed` check the DB error dump PHP warning for not yet set up multisite sites
Limit ansible version range in `>=2.10.0,<6`
Newer versions of `ansible.builtin.git` puts error message in `msg` instead of `stderr`.
Fix ansible incompatibility with `Failed connection to remote repo`
Stop old process(es) before starting a new one. Fixes #1394 Signed-off-by: Rob Record <rob@robrecord.com>
Stop old php-fpm services before starting new one
Set max journal log file size
Use new `requirements.yml` format
Fix shared folder permissions
Fixes #1393 Importing `cli` from `__main__` no longer works as of ansible 2.13.1 This import is no longer used anyway so the fix is to remove it.
Fix Ansible 6 support - remove broken and unused cli import
Fixes #905 Replaces the old h5bp location specific `expires.conf` with a new `cache_expiration` directive-only conf. The config just sets a mapping of expiration headers which is then used in the site specific server template.
Update hb5p configs
Fix warnings for missing paths
Update mailhog galaxy role
Ref #741 This changes the default for HSTS' `includeSubdomains` value from `true` to `false`. Previously a user visiting a WordPress site would result in HSTS being enabled in their browser for _all_ subdomains of the site's domain. Now HSTS will only apply to the hostnames activately managed by Trellis in the `wordpress_sites.yml` config. This is a safer default since subdomains can frequently exist without SSL.
…y-default Disable HSTS includeSubdomains by default
These tasks related to creating directories are run on mounted directories for local VMs. Using `sudo` as the `become_method` can provide better guarantees that the UID/GIDs mapping are preserved properly. This might only matter for VM solutions like LXD but it shouldn't change solutions like Lima that already work correctly.
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
* Sets ansible_python_interpreter to /usr/bin/python3 for CI tests running against localhost. This ensures Ansible uses system Python where apt-installed python3-pymysql is available, rather than the virtualenv Python which lacks MySQL libraries. * Ansible 2.19's stricter templating no longer implicitly converts string dict literals to actual dicts. Use Jinja2's dict() constructor with zip() to properly build the letsencrypt_cert_ids dictionary. * Ansible 2.19's stricter undefined handling causes errors when using 'is defined' on nested dict attributes that don't exist. Use the 'in' operator to safely check for optional keys in ssl and xmlrpc configs.
The previous solution relied on matching against ANSI control codes which was brittle. This broke (again) on Ansible 2.20 because color codes are now displayed which breaks this `intersect` substring match expression. The simpler solution is to just check for the Ansible `CHANGED` output which means the raw command and connection succeeded.
* Add template render helper and baseline smoke test * Add wordpress-site template regression tests * Add nginx template stale-cache regression tests * Run template render tests in CI and export-ignore test infra
…1646) * Add pytest integration assertions for current workflow checks * Run integration verification through pytest assertions
…edis health (#1647) * Expand integration assertions for HTTP behavior and Redis health * Add canonical redirect, HSTS, and cache header assertions * Expand 404 negative-path assertions across all sites
Scope fastcgi_cache_valid to 200 responses only, preventing nginx from caching 301/302 redirects which can cause redirect loops when cached redirect target points back through WordPress/canonical redirects. Also add $upstream_http_location to fastcgi_no_cache as an additional guard against caching any response with a Location header. Closes #1594 Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix fastcgi cache serving stale content for unpublished pages Remove `updating` from `fastcgi_cache_use_stale` by default so nginx waits for the fresh upstream response instead of serving stale cached content. This prevents unpublished/drafted pages from continuing to be served from cache indefinitely. Add `nginx_cache_use_stale_updating` variable (default: false) so users who prefer stale-while-revalidate behavior can opt back in. This is a behavior change: previously nginx served stale cache entries while background updates fetched fresh content. The new default favors correctness (fresh responses) over latency during cache refreshes. Closes #1551 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Make fastcgi_cache_use_stale fully configurable as a variable Replace the boolean `nginx_cache_use_stale_updating` toggle with a `nginx_cache_use_stale` variable containing the full directive value. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
#1648) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Adds the `custom-headers` auth type introduced in Composer 2.9, allowing private repositories that use custom HTTP headers for authentication. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.