update templates latest automation

Author: jdbranham

.github/workflows/.main.yml

@@ -1,9 +1,3 @@
-env:
-  AWS_REGION: us-east-2
-  ECR_REPOSITORY: savantly
-  SHA_TAG: ${{ github.sha }}
-  IMAGE_TAG: $(cat VERSION)
-
 on:
   push:
     branches:
@@ -20,7 +14,7 @@ jobs:
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: us-east-2
 
       - name: Login to Amazon ECR
         id: login-ecr
@@ -29,11 +23,32 @@ jobs:
       - name: Build, tag, and push image to Amazon ECR
         env:
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: ${{ env.ECR_REPOSITORY }}
-          SHA_TAG: ${{ github.sha }}
         run: |
-          export IMAGE_TAG=${{ env.IMAGE_TAG }}
-          docker buildx build --platform linux/amd64 -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:$SHA_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
+          export IMAGE_TAG=$(cat VERSION)
+          export SHORT_SHA=$(echo $GITHUB_SHA | cut -c1-7)
+          ECR_REPOSITORY=$(cat project.mk | grep ECR_REPOSITORY | cut -d'=' -f2)
+          ECR_REPOSITORY=$(echo $ECR_REPOSITORY | cut -d' ' -f1)
+          docker buildx build --platform linux/amd64 \
+            -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
+            -t $ECR_REGISTRY/$ECR_REPOSITORY:$SHORT_SHA \
+            -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$SHA_TAG
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$SHORT_SHA
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
+
+      - name: Set outputs for kubernetes deployment
+        id: set-k8s-outputs
+        run: |
+          export K8S_NAMESPACE=$(cat project.mk | grep K8S_NAMESPACE_DEV | cut -d'=' -f2)
+          export K8S_DEPLOYMENT=$(cat project.mk | grep K8S_DEPLOYMENT_DEV | cut -d'=' -f2)
+          echo "::set-output name=K8S_NAMESPACE::$K8S_NAMESPACE"
+          echo "::set-output name=K8S_DEPLOYMENT::$K8S_DEPLOYMENT"
+
+      - name: Rollout deployment
+        uses: ianbelcher/eks-kubectl-action@master
+        with:
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_region: us-east-2
+          cluster_name: production
+          args: rollout restart deployment ${{ steps.set-k8s-outputs.outputs.K8S_DEPLOYMENT }} -n ${{ steps.set-k8s-outputs.outputs.K8S_NAMESPACE }}

.github/workflows/scan.yml

@@ -0,0 +1,30 @@
+name: Run PHPStan
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  phpstan:
+    name: Static Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "latest"
+          coverage: none
+          tools: composer, cs2pr
+
+      - name: Install PHP dependencies
+        uses: ramsey/composer-install@v2
+        with:
+          composer-options: "--prefer-dist --no-scripts"
+
+      - name: PHPStan
+        run: composer phpstan

.gitignore

@@ -0,0 +1,37 @@
+uploads/
+
+# ignore log files and databases
+db
+*.log
+*.sql
+*.sqlite
+.env
+
+**/.DS_Store
+.DS_Store
+
+
+**/*disabled
+
+**/*.bak
+**/*.zip
+**/*.gz
+**/*.tar
+**/*.rar
+**/*.7z
+**/*.tgz
+**/*.bz2
+**/*.iso
+**/*.dmg
+**/*.bin
+**/*.exe
+**/*.msi
+**/*.apk
+**/*.ipa
+**/*.deb
+**/*.rpm
+
+wflogs/
+backup/
+./vendor/
+docker-compose.prod.yml

Dockerfile

@@ -1,12 +1,10 @@
 ARG BASE_IMAGE=savantly/wordpress
-ARG BASE_TAG=6.6.1-apache
+ARG BASE_TAG=6.6-php8.1-fpm
 FROM ${BASE_IMAGE}:${BASE_TAG}
 
 WORKDIR /usr/src/wordpress
-RUN set -eux; \
-    find /etc/apache2 -name '*.conf' -type f -exec sed -ri -e "s!/var/www/html!$PWD!g" -e "s!Directory /var/www/!Directory $PWD!g" '{}' +; \
-    cp -s wp-config-docker.php wp-config.php
 
 
 COPY --chown=www-data:www-data plugins/ ./wp-content/plugins/
-COPY --chown=www-data:www-data themes/ ./wp-content/themes/
+COPY --chown=www-data:www-data themes/ ./wp-content/themes/
+COPY --chown=www-data:www-data config/.user.ini /usr/src/wordpress/.user.ini

Makefile

@@ -1,20 +1,44 @@
+# Makefile version 1.0
+
+# Load the project configuration
+include project.mk
+
+
 PROJECT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 BASE_IMAGE := "savantly/wordpress"
-BASE_TAG := "6.6.1-apache"
+BASE_TAG := "6.6.1-php8.1-fpm"
 
 VERSION := $(shell cat VERSION)
 TAGGED_VERSION := $(VERSION)
 NEXT_VERSION := $(shell echo $(VERSION) | awk -F. '{$$NF = $$NF + 1;} 1' | sed 's/ /./g')
 
-IMAGE_NAME := "savantly/my-wordpress"
+# IMAGE_NAME - from project.mk
 IMAGE_TAG := "$(IMAGE_NAME):$(BASE_TAG)-$(TAGGED_VERSION)"
 
 GIT_COMMIT := $(shell git rev-parse --short HEAD)
 
 IMAGE_TAG_LATEST := "$(IMAGE_NAME):$(BASE_TAG)"
 
-K8S_NAMESPACE := 'default'
-K8S_DEPLOYMENT := 'wordpress'
+# Define a variable to check if Composer is installed
+COMPOSER_CHECK := $(shell command -v composer > /dev/null 2>&1 && echo "yes" || echo "no")
+
+
+.PHONY: setup
+setup:
+	@echo "Checking for composer..."
+	@if [ "$(COMPOSER_CHECK)" = "no" ]; then \
+		echo "Composer is not installed. Please install composer and try again."; \
+		exit 1; \
+	fi
+	@echo "Setting up..."
+	@command composer require --dev phpstan/phpstan
+
+
+.PHONY: analyze
+analyze:
+	@echo "Analyzing..."
+	@vendor/bin/phpstan --memory-limit=1024M analyse themes
+
 
 .PHONY: build
 build:
@@ -72,5 +96,41 @@ dev:
 download-pod:
 	@echo "Downloading from pod..."
 	export POD_NAME=$(shell kubectl get pods -n $(K8S_NAMESPACE) -l app.kubernetes.io/instance=$(K8S_DEPLOYMENT) -o jsonpath='{.items[0].metadata.name}') && \
-	kubectl cp $(K8S_NAMESPACE)/$$POD_NAME:/var/www/html/wp-content/plugins $(PROJECT_DIR)/plugins/ && \
-	kubectl cp $(K8S_NAMESPACE)/$$POD_NAME:/var/www/html/wp-content/themes $(PROJECT_DIR)/themes/	
+	kubectl cp $(K8S_NAMESPACE)/$$POD_NAME:/usr/src/wordpress/wp-content/plugins/ $(PROJECT_DIR)/plugins/ && \
+	kubectl cp $(K8S_NAMESPACE)/$$POD_NAME:/usr/src/wordpress/wp-content/uploads/ $(PROJECT_DIR)/uploads/ && \
+	kubectl cp $(K8S_NAMESPACE)/$$POD_NAME:/usr/src/wordpress/wp-content/themes/ $(PROJECT_DIR)/themes/	
+
+
+.PHONY: upload-pod
+upload-pod:
+	@echo "Uploading to pod..."
+	export POD_NAME=$(shell kubectl get pods -n $(K8S_NAMESPACE) -l app.kubernetes.io/instance=$(K8S_DEPLOYMENT) -o jsonpath='{.items[0].metadata.name}') && \
+	kubectl cp $(PROJECT_DIR)/plugins $(K8S_NAMESPACE)/$$POD_NAME:/usr/src/wordpress/wp-content/ --no-preserve=true && \
+	kubectl cp $(PROJECT_DIR)/uploads $(K8S_NAMESPACE)/$$POD_NAME:/usr/src/wordpress/wp-content/ --no-preserve=true && \
+	kubectl cp $(PROJECT_DIR)/themes $(K8S_NAMESPACE)/$$POD_NAME:/usr/src/wordpress/wp-content/ --no-preserve=true
+
+
+.PHONY: upload-pod-themes
+upload-pod-themes:
+	@echo "Uploading to pod..."
+	export POD_NAME=$(shell kubectl get pods -n $(K8S_NAMESPACE) -l app.kubernetes.io/instance=$(K8S_DEPLOYMENT) -o jsonpath='{.items[0].metadata.name}') && \
+	kubectl cp $(PROJECT_DIR)/themes $(K8S_NAMESPACE)/$$POD_NAME:/usr/src/wordpress/wp-content/ --no-preserve=true 
+
+.PHONY: pod-shell
+pod-shell:
+	@echo "Opening shell in pod..."
+	export POD_NAME=$(shell kubectl get pods -n $(K8S_NAMESPACE) -l app.kubernetes.io/instance=$(K8S_DEPLOYMENT) -o jsonpath='{.items[0].metadata.name}') && \
+	kubectl exec -it $$POD_NAME -n $(K8S_NAMESPACE) -- /bin/bash
+
+.PHONY: pod-logs
+pod-logs:
+	@echo "Getting logs from pod..."
+	export POD_NAME=$(shell kubectl get pods -n $(K8S_NAMESPACE) -l app.kubernetes.io/instance=$(K8S_DEPLOYMENT) -o jsonpath='{.items[0].metadata.name}') && \
+	kubectl logs -f $$POD_NAME -n $(K8S_NAMESPACE)
+
+# uses kubectl to get the secret and decode the base64 encoded values
+.PHONY: reveal-cicd-creds
+reveal-cicd-creds:
+	@echo "Revealing cicd creds..."
+	@kubectl get secret cicd -n $(K8S_NAMESPACE) -o jsonpath="{.data.AWS_ACCESS_KEY_ID}" | base64 --decode
+	@kubectl get secret cicd -n $(K8S_NAMESPACE) -o jsonpath="{.data.AWS_SECRET_ACCESS_KEY}" | base64 --decode

README.md

@@ -1,5 +1,11 @@
 # wordpress-hosted
 
+---
+
+These instructions should be updated to reflect the current state of the project.
+
+---
+
 Template repository for Savantly Wordpress Enterprise hosting
 
 Savantly provide a container based Wordpress hosting solution that is designed to be scalable, secure and easy to manage.  

composer.json

@@ -0,0 +1,6 @@
+{
+    "require-dev": {
+        "phpstan/phpstan": "^1.12",
+        "szepeviktor/phpstan-wordpress": "^1.3"
+    }
+}

config/.user.ini

@@ -0,0 +1,2 @@
+memory_limit = 512M
+max_input_vars = 3000

docker-compose.yml

@@ -1,16 +1,17 @@
 version: "3.9"
 services:
   webapp:
-    image: savantly/wordpress:6.6.1-apache
+    image: savantly/wordpress:6.6-php8.1-fpm
     build:
       context: .
       dockerfile: Dockerfile
     ports:
       - "8080:80"
     volumes:
-      - ./plugins:/var/www/html/wp-content/plugins
-      - ./themes:/var/www/html/wp-content/themes
-      - ./uploads:/var/www/html/wp-content/uploads
+      - ./plugins:/usr/src/wordpress/wp-content/plugins
+      - ./themes:/usr/src/wordpress/wp-content/themes
+      - ./uploads:/usr/src/wordpress/wp-content/uploads
+      - ./test/info.php:/usr/src/wordpress/info.php
     environment:
       SERVER_NAME: localhost
       WORDPRESS_CONFIG_EXTRA: |

project.mk.example

@@ -0,0 +1,15 @@
+ECR_REPOSITORY := xyz
+IMAGE_NAME := "123.dkr.ecr.us-east-2.amazonaws.com/$(ECR_REPOSITORY)"
+K8S_NAMESPACE_DEV := abc
+K8S_DEPLOYMENT_DEV := xyz
+K8S_NAMESPACE_PROD := abc
+K8S_DEPLOYMENT_PROD := xyz
+PROFILE := 'dev'
+
+ifeq ($(PROFILE),'dev')
+	K8S_NAMESPACE := $(K8S_NAMESPACE_DEV)
+	K8S_DEPLOYMENT := $(K8S_DEPLOYMENT_DEV)
+else
+	K8S_NAMESPACE := $(K8S_NAMESPACE_PROD)
+	K8S_DEPLOYMENT := $(K8S_DEPLOYMENT_PROD)
+endif