diff --git a/.gitignore b/.gitignore index be2882f88a224b7a1e9f52d87655834a41be0f07..dd86312f1307e5ed92eeafd96bb409bc73d3b09d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ *.swp charts values-local.yaml +install.sh /data/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 32f876144dd5ef1fd3b7af47bfd08799d922e7ec..88c3cb221948ed734488dc78a6280531df5a8556 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,18 +1,19 @@ --- +include: + - remote: 'https://open.greenhost.net/openappstack/openappstack/-/raw/master/.gitlab/ci_templates/kaniko.yml' + stages: - build +default: + image: "${CI_REGISTRY_IMAGE}/${KANIKO_BUILD_IMAGENAME}:${CI_COMMIT_REF_SLUG}" + build-wp-cli: - image: docker:latest - services: - # FIXME This is an older version of DIND. Update when gitlab-runner fixes - # https://gitlab.com/gitlab-org/gitlab-runner/issues/4501 - - docker:18-dind stage: build - script: - - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - - docker build -t ${CI_REGISTRY_IMAGE}/wordpress-cli-ansible:${CI_COMMIT_REF_NAME} wp-cli-docker - - docker push ${CI_REGISTRY_IMAGE}/wordpress-cli-ansible:${CI_COMMIT_REF_NAME} + variables: + KANIKO_BUILD_IMAGENAME: wordpress-cli-ansible + KANIKO_CONTEXT: wp-cli-docker + extends: .kaniko_build tags: - docker only: @@ -21,16 +22,11 @@ build-wp-cli: - .gitlab-ci.yml build-wp: - image: docker:latest - services: - # FIXME This is an older version of DIND. Update when gitlab-runner fixes - # https://gitlab.com/gitlab-org/gitlab-runner/issues/4501 - - docker:18-dind stage: build - script: - - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - - docker build -t ${CI_REGISTRY_IMAGE}/wordpress:${CI_COMMIT_REF_NAME} wp-docker - - docker push ${CI_REGISTRY_IMAGE}/wordpress:${CI_COMMIT_REF_NAME} + variables: + KANIKO_BUILD_IMAGENAME: wordpress + KANIKO_CONTEXT: wp-docker + extends: .kaniko_build tags: - docker only: diff --git a/install.sh b/install.sh.example similarity index 51% rename from install.sh rename to install.sh.example index 772a607e5d5a3e5c988bdb3e78de26324d57216b..e4676e4eb16c3710ee5aa8473faa98c367ab3cff 100755 --- a/install.sh +++ b/install.sh.example @@ -1,7 +1,11 @@ #!/bin/bash +# Use this installation script as an example for easy installation. Copy it to +# `install.sh` and edit the values file names if you need to. + set -v +# Makes sure you use docker image tags for the branch you're working on now . variables.sh # Upgrade or install application using the current git branch as docker tag diff --git a/values-local.yaml.example b/values-local.yaml.example index d1af470365977084915bed5905e47d099bc82915..211a3bf84d598f04d54e6b2026df9ad375b63a08 100644 --- a/values-local.yaml.example +++ b/values-local.yaml.example @@ -37,7 +37,8 @@ wordpress: # WordPress database fields that contain the URL. url: "http://localhost" title: "Wordpress Helm" - # If you are including a plugin to alias wp login then set an alt_path set alt_config options and then set alt_enabled to true + # If you are including a plugin to alias wp login then set an alt_path and set alt_config options + # NOTE: A value for alt_enabled must be set. Select either true or false alt_enabled: false # alt_config: PATH-SETTING-IN-OPTIONS-TABLE # alt_path: SOME-LOGIN-PATH @@ -57,6 +58,33 @@ wordpress: Require all granted + ## mu_plugins are installed as hidden and cannot be updated from the UI + ## mu_dir 'mu-plugins' maps to wp-content/mu-plugins + ## mu_plugins supplies a detailed list of mu values and plugins with versions + # NOTE: A value for mu_plugins_enabled must be set. Select either true or false + + mu_plugins_enabled: false + mu_plugins_dir: mu-plugins + mu_plugins: + block-bad-queries: + name: Block Bad Queries + version: 20191109 + phpfile: block-bad-queries.php + # redis-cache: + # name: Redis Cache + # version: 1.5.6 + # phpfile: redis-cache.php + + ## Enable externally triggered cron if a cron plugin is installed + # NOTE: A value for mu_cron_enabled must be set. Select either true or false + mu_cron_enabled: false + # mu_cron: + # name: Cron Control + # repo: https://github.com/Automattic/Cron-Control.git + # slug: cron-control + # version: master + # phpfile: cron-control.php + # These settings make sense to overwrite if you want to use the OpenID connect # plugin openid_connect_settings: diff --git a/values.yaml b/values.yaml index ad6cae10fec62162087339f1416aefbb02abefc1..aaa2a784382e6bd436ef795251e99df45b6c290a 100644 --- a/values.yaml +++ b/values.yaml @@ -90,28 +90,29 @@ wordpress: version: 5.2.3 url: "http://localhost" title: "Wordpress Helm" - # If you are including a plugin to alias wp login then set an alt_path set the alt_config and then set alt_enabled to true + ## If including a plugin to alias wp login then set an alt_path and set the alt_config + # NOTE: A value for alt_enabled must be set. Select either true or false alt_enabled: false # alt_config: PATH-SETTING-IN-OPTIONS-TABLE # alt_path: SOME-LOGIN-PATH wp_content: - # The directory to mount the files placed in wp-content. You shouldn't have to - # change this. + ## The directory to mount the files placed in wp-content. You shouldn't have to + ## change this. mount_path: /var/www/wp-content-mount wp_upload: - # The directory to mount the files placed in wp-content/uploads. You shouldn't - # have to change this. + ## The directory to mount the files placed in wp-content/uploads. You shouldn't + ## have to change this. mount_path: /var/www/wp-uploads-mount - # Contents of the .htaccess file that is mounted in the `wpUploadMnt` directory + ## Contents of the .htaccess file that is mounted in the `wpUploadMnt` directory htaccess: | - # Disable access to all file types except the following + ## Disable access to all file types except the following Require all denied Require all granted persistence: - # Enable the use of a persistent volume + ## Enable the use of a persistent volume enabled: true size: 1Gi accessMode: ReadWriteOnce @@ -123,7 +124,7 @@ service: port: 8080 -## dictionary with variables that are inserted into the wordpress-init default +## Dictionary with variables that are inserted into the wordpress-init default ## task. Feel free to override these if necessary ansibleVars: wordpress_homedir: /var/www/html @@ -147,6 +148,28 @@ ansibleVars: ## Plugins wordpress_default_plugins: "[classic-editor]" + ## Detailed list of mu values and plugins with versions + ## mu_plugins_dir 'mu-plugins' maps to wp-content/mu-plugins + ## mu_plugins are installed as hidden and cannot be updated from the UI + # NOTE: A value for mu_plugins_enabled must be set. Use either true or false + mu_plugins_enabled: false + #mu_plugins_dir: mu-plugins + #mu_plugins: + # example-plugin-slug: + # name: Example PLugin + # version: 0.1 + # phpfile: example-plugin-phpfile.php + + ## Enable externally triggered cron if a cron plugin is installed + # NOTE: A value for mu_cron_enabled must be set. Use either true or false + mu_cron_enabled: false + #mu_cron: + # name: Cron Control + # repo: https://github.com/Automattic/Cron-Control.git + # slug: cron-control + # version: master + # phpfile: wp-cron-control.php + wpSalts: {} image: @@ -268,6 +291,11 @@ ansibleSecrets: | WP_ALT_ENABLED: {{ .Values.wordpress.site.alt_enabled }} WP_ALT_CONFIG: {{ .Values.wordpress.site.alt_config }} WP_ALT_PATH: {{ .Values.wordpress.site.alt_path }} + WP_MU_PLUGINS_ENABLED: {{ .Values.wordpress.mu_plugins_enabled }} + WP_MU_PLUGINS_DIR: {{ .Values.wordpress.mu_plugins_dir }} + WP_MU_PLUGINS: {{ .Values.wordpress.mu_plugins | toJson }} + WP_MU_CRON_ENABLED: {{ .Values.wordpress.mu_cron_enabled }} + WP_MU_CRON_SETTINGS: {{ .Values.wordpress.mu_cron | toJson }} WP_MULTILINGUAL_ENABLED: {{ .Values.wordpress.site.multilingual.enabled }} WP_MULTILINGUAL_PLUGINS: {{ .Values.wordpress.site.multilingual.plugins }} WP_MULTILINGUAL_CONFIG: {{ quote .Values.wordpress.site.multilingual.config }} diff --git a/wp-cli-docker/Dockerfile b/wp-cli-docker/Dockerfile index 51d105d81c06cf828dc450099a291e456c19d232..92c155a1fafb51aa800ed0e743f7c2bab194f1f5 100644 --- a/wp-cli-docker/Dockerfile +++ b/wp-cli-docker/Dockerfile @@ -4,6 +4,8 @@ USER root RUN apk add ansible git rsync ADD . /var/local/ansible +ENV ANSIBLE_CONFIG /var/local/ansible/ansible.cfg + # Chown the files to the Debian www-data user, because that's the only WP # container that runs Apache too. RUN chown -R 33:33 /var/local/ansible; \ diff --git a/wp-cli-docker/roles/wordpress-init/tasks/main.yml b/wp-cli-docker/roles/wordpress-init/tasks/main.yml index e7f71216999e80500f3265081ff27596c52fb3af..5922862f6dc17a3e0c7614ad8a57eeb2a52a861e 100644 --- a/wp-cli-docker/roles/wordpress-init/tasks/main.yml +++ b/wp-cli-docker/roles/wordpress-init/tasks/main.yml @@ -133,7 +133,10 @@ - name: Set alt path shell: wp {{ cli_args }} option set {{ WP_ALT_CONFIG }} {{ WP_ALT_PATH }} when: WP_ALT_ENABLED - + +- import_tasks: mu-plugins-cron.yml + when: WP_MU_PLUGINS_ENABLED + - import_tasks: redis.yml when: WP_REDIS_ENABLED diff --git a/wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml b/wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml new file mode 100644 index 0000000000000000000000000000000000000000..3f2d2566c9c32d717e24bde37188c5112c1c9dc6 --- /dev/null +++ b/wp-cli-docker/roles/wordpress-init/tasks/mu-plugins-cron.yml @@ -0,0 +1,67 @@ +--- + +# WP Configuration for MU + +- name: Set content directory variable in wp-config + shell: wp {{ cli_args }} config set 'WP_CONTENT_DIR' "ABSPATH . 'wp-content'" --raw --type=constant + +- name: Set MU plugins directory in wp-config + shell: wp {{ cli_args }} config set 'WPMU_PLUGIN_DIR' "WP_CONTENT_DIR . '/{{ WP_MU_PLUGINS_DIR }}'" --raw --type=constant + + +# MU plugins directory and loader + +- name: Add a MU plugins directory when WP_MU_PLUGINS_DIR is set + file: + path: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}" + mode: 0750 + state: directory + +- name: Add MU plugins load.php file + file: + path: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}/load.php" + mode: 0640 + +- name: Insert the base code into MU plugins load.php file + lineinfile: + dest: "{{ wordpress_homedir }}/wp-content/{{ WP_MU_PLUGINS_DIR }}/load.php" + line: "