From da31582c11679b5587da09ae0564aa32ad8dd8f4 Mon Sep 17 00:00:00 2001
From: JesusPerez <jpl@jesusperez.pro>
Date: Tue, 29 Jun 2021 12:51:05 +0100
Subject: [PATCH] chore: src & pipeline

---
 pipeline/PersistentVolumeCDCI.yaml |  29 +++
 pipeline/down.sh                   |   6 +
 pipeline/pipe-resource.yaml        |  24 +++
 pipeline/pipeline-run.yaml         |  22 +++
 pipeline/pipeline.yaml             |  32 ++++
 pipeline/task.yaml                 |  91 +++++++++
 pipeline/up.sh                     |  24 +++
 repo-config.yaml                   |  18 ++
 src/Dockerfile                     | 138 ++++++++++++++
 src/ant_docker-entrypoint.sh       | 292 +++++++++++++++++++++++++++++
 src/docker-entrypoint.sh           |  99 ++++++++++
 src/wp-config-docker.php           | 133 +++++++++++++
 12 files changed, 908 insertions(+)
 create mode 100644 pipeline/PersistentVolumeCDCI.yaml
 create mode 100755 pipeline/down.sh
 create mode 100644 pipeline/pipe-resource.yaml
 create mode 100644 pipeline/pipeline-run.yaml
 create mode 100644 pipeline/pipeline.yaml
 create mode 100644 pipeline/task.yaml
 create mode 100755 pipeline/up.sh
 create mode 100644 repo-config.yaml
 create mode 100644 src/Dockerfile
 create mode 100755 src/ant_docker-entrypoint.sh
 create mode 100755 src/docker-entrypoint.sh
 create mode 100644 src/wp-config-docker.php

diff --git a/pipeline/PersistentVolumeCDCI.yaml b/pipeline/PersistentVolumeCDCI.yaml
new file mode 100644
index 0000000..e1ff4a1
--- /dev/null
+++ b/pipeline/PersistentVolumeCDCI.yaml
@@ -0,0 +1,29 @@
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: cdci-wordpress-fpm-pvc-volume
+  namespace: cdci-librecloud-online
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  persistentVolumeReclaimPolicy: Delete
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/mnt/cdci"
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: cdci-wordpress-fpm-pvc
+  namespace: cdci-librecloud-online
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/pipeline/down.sh b/pipeline/down.sh
new file mode 100755
index 0000000..28f48ff
--- /dev/null
+++ b/pipeline/down.sh
@@ -0,0 +1,6 @@
+#/bin/bash
+kubectl delete -f pipeline-run.yaml 2>/dev/null
+kubectl delete -f pipeline.yaml 2>/dev/null
+kubectl delete -f task.yaml 2>/dev/null
+kubectl delete -f PersistentVolumeCDCI.yaml 2>/dev/null
+kubectl delete -f pipe-resource.yaml 2>/dev/null
diff --git a/pipeline/pipe-resource.yaml b/pipeline/pipe-resource.yaml
new file mode 100644
index 0000000..1bdb383
--- /dev/null
+++ b/pipeline/pipe-resource.yaml
@@ -0,0 +1,24 @@
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+  name: librecloud-wordpress-fpm-img
+  namespace: cdci-librecloud-online
+spec:
+  type: image
+  params:
+    - name: url
+      value: termas.librecloud.online/termas_librecloud/wordpress-fpm:7.4
+---
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineResource
+metadata:
+  name: librecloud-wordpress-fpm-git
+  namespace: cdci-librecloud-online
+spec:
+  type: git
+  params:
+    - name: revision
+      value: master
+    - name: url
+      value: https://rlung.librecloud.online/Termas_LibreCloud/wordpress-fpm.git
+      
diff --git a/pipeline/pipeline-run.yaml b/pipeline/pipeline-run.yaml
new file mode 100644
index 0000000..804576c
--- /dev/null
+++ b/pipeline/pipeline-run.yaml
@@ -0,0 +1,22 @@
+apiVersion: tekton.dev/v1alpha1
+kind: PipelineRun
+metadata:
+  name: cdci-wordpress-fpm
+  namespace: cdci-librecloud-online
+spec:
+  serviceAccountName: build-bot
+  pipelineRef:
+    name: cdci-wordpress-fpm
+    #  podTemplate:
+    #volumes:
+    #- name: cdci-volume
+    #  #emptyDir: {}
+    #  persistentVolumeClaim:
+    #     claimName: cdci-wordpress-fpm-pvc
+  resources:
+    - name: source-repo
+      resourceRef:
+        name: librecloud-wordpress-fpm-git
+    - name: target-image
+      resourceRef:
+        name: librecloud-wordpress-fpm-img
diff --git a/pipeline/pipeline.yaml b/pipeline/pipeline.yaml
new file mode 100644
index 0000000..8c68b9b
--- /dev/null
+++ b/pipeline/pipeline.yaml
@@ -0,0 +1,32 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Pipeline
+metadata:
+  name: cdci-wordpress-fpm
+  namespace: cdci-librecloud-online
+spec:
+  #serviceAccount: build-bot
+  resources:
+    - name: source-repo
+      type: git
+      #resourceRef:
+      #  name: librecloud-wordpress-fpm-git
+    - name: target-image
+      type: image
+      #resourceRef:
+      #  name: librecloud-wordpress-fpm-img
+  tasks:
+    - name: build-wordpress-fpm-img
+      taskRef:
+        name: wordpress-fpm-build-image-from-git-source
+      params:
+        - name: pathToDockerFile
+          value: /workspace/source/src
+        - name: pathToContext
+          value: /workspace/source/src #configure: may change according to your source
+      resources:
+        inputs:
+          - name: source
+            resource: source-repo
+        outputs:
+          - name: builtImage
+            resource: target-image
diff --git a/pipeline/task.yaml b/pipeline/task.yaml
new file mode 100644
index 0000000..7fb25da
--- /dev/null
+++ b/pipeline/task.yaml
@@ -0,0 +1,91 @@
+apiVersion: tekton.dev/v1alpha1
+kind: Task
+metadata:
+  name: wordpress-fpm-build-image-from-git-source
+  namespace: cdci-librecloud-online
+spec:
+  #serviceAccount: build-bot
+  inputs:
+    params:
+    - name: pathToDockerFile
+      type: string
+      description: The path to the dockerfile to build
+      default: /workspace/source/src/Dockerfile
+    - name: pathToContext
+      type: string
+      description:
+        The build context used by Kaniko
+        (https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
+      default: /workspace/source/src
+    - name: DOCKERFILE
+      type: string
+      description: The name of the Dockerfile
+      default: "Dockerfile"
+    - name: BUILDKIT_CLIENT_IMAGE
+      type: string
+      description: The name of the BuildKit client (buildctl) image
+
+      default: "docker.io/moby/buildkit:master-rootless"
+    - name: BUILDKIT_DAEMON_ADDRESS
+      type: string
+      description: The address of the BuildKit daemon (buildkitd) service
+      default: "tcp://buildkitd:1234"
+    resources:
+    - name: source
+      type: git
+  outputs:
+    resources:
+    - name: builtImage
+      type: image
+  volumes:
+
+    - name: dckr-cfg-volume
+      secret:
+        secretName: regcred
+    - name: ssh-volume
+      secret:
+        secretName: ssh-key
+    - name: certs
+      secret:
+        secretName: buildkit-client-certs
+
+  steps:
+  - name: build-and-push
+    image: $(inputs.params.BUILDKIT_CLIENT_IMAGE)
+
+
+    workingDir: /workspace/source
+
+    command: [ "buildctl" ]
+    args:
+      - --tlscacert
+      - /certs/ca.pem
+      - --tlscert
+      - /certs/cert.pem
+      - --tlskey
+      - /certs/key.pem
+      - --debug
+      - --addr=$(inputs.params.BUILDKIT_DAEMON_ADDRESS)
+      - build
+      - --progress=plain
+      - --frontend=dockerfile.v0
+      - --opt
+      - filename=$(inputs.params.DOCKERFILE)
+      - --local
+      - context=$(inputs.params.pathToContext)
+      - --local
+      - dockerfile=$(inputs.params.pathToDockerFile)
+      - --output
+      - type=image,name=$(outputs.resources.builtImage.url),push=true
+      - --export-cache
+      - type=inline
+      - --import-cache
+      - type=registry,ref=$(outputs.resources.builtImage.url)
+    volumeMounts:
+      - name: certs
+        readOnly: true
+        mountPath: /certs
+      - name: ssh-volume
+        readOnly: true
+        mountPath: /.ssh
+
diff --git a/pipeline/up.sh b/pipeline/up.sh
new file mode 100755
index 0000000..99d157f
--- /dev/null
+++ b/pipeline/up.sh
@@ -0,0 +1,24 @@
+#/bin/bash
+FOLLOW_UP="yes"
+NS_DOMAIN="cdci-librecloud-online"
+PIPELINE_NAME="cdci-wordpress-fpm"
+[ "$1" == "-s" ]  && FOLLOW_UP=""
+is_running=`kubectl get pods -n $NS_DOMAIN | grep $PIPELINE_NAME 2>/dev/null`
+if [ -n "$is_running" ] ; then
+   kubectl delete -f pipeline-run.yaml 2>/dev/null
+   kubectl delete -f pipeline.yaml 2>/dev/null
+   kubectl delete -f task.yaml 2>/dev/null
+   kubectl delete -f pipe-resource.yaml 2>/dev/null
+fi
+kubectl delete -f PersistentVolumeCDCI.yaml 2>/dev/null
+kubectl create -f PersistentVolumeCDCI.yaml
+#.  lib_dply.sh
+#make_host_alias task
+kubectl apply -f pipe-resource.yaml
+kubectl apply -f task.yaml
+kubectl apply -f pipeline.yaml
+kubectl apply -f pipeline-run.yaml
+if [ -n "$FOLLOW_UP" ] ; then
+  has_tkn=`type tkn 2>/dev/null`
+  [ -n "$has_tkn" ] &&  tkn pipelinerun logs -f $PIPELINE_NAME -n $NS_DOMAIN
+fi
diff --git a/repo-config.yaml b/repo-config.yaml
new file mode 100644
index 0000000..c725076
--- /dev/null
+++ b/repo-config.yaml
@@ -0,0 +1,18 @@
+
+Active: true
+# Active: false  # to not follow up webhook workflow
+
+# Sources for src file
+Repo: https://github.com/docker-library/wordpress.git
+Source: wordpress/php8.0/fpm-alpine
+
+TargetGit: ssh://git@rlung.librecloud.online:32225/Termas.LibreCloud.online/wordpress-fpm.git
+
+# Name - Version, etc
+Name: wordpress-fpm
+Version: 7.4
+
+# To get latest
+IMAGE_NAME: wordpress
+IMAGE_MATCH: 7.
+
diff --git a/src/Dockerfile b/src/Dockerfile
new file mode 100644
index 0000000..5ff5c04
--- /dev/null
+++ b/src/Dockerfile
@@ -0,0 +1,138 @@
+FROM php:7.4-fpm-alpine
+
+# docker-entrypoint.sh dependencies
+# persistent dependencies
+RUN set -eux; \
+  apk add --no-cache \
+    freetype \
+    libpng \
+    libjpeg \
+    libjpeg-turbo \
+# in theory, docker-entrypoint.sh is POSIX-compliant, but priority is a working, consistent image
+		bash \
+# BusyBox sed is not sufficient for some of our sed expressions
+		sed \
+# Ghostscript is required for rendering PDF previews
+		ghostscript \
+# Alpine package for "imagemagick" contains ~120 .so files, see: https://github.com/docker-library/wordpress/pull/497
+		imagemagick
+
+# install the PHP extensions we need (https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions)
+# --enable-gd-native-ttf \
+RUN set -ex; \
+  \
+  apk add --no-cache --virtual .build-deps \
+  $PHPIZE_DEPS \
+  freetype-dev \
+  imagemagick-dev \
+  libjpeg-turbo-dev \
+  libpng-dev \
+  libzip-dev \
+  gmp \
+  gmp-dev \
+  ; \
+  docker-php-ext-configure gmp \
+  ;\
+	docker-php-ext-configure gd \
+		--with-freetype \
+		--with-jpeg \
+	; \
+  docker-php-ext-install -j "$(nproc)" \
+  bcmath \
+  exif \
+  gd \ 
+  gmp \
+  mysqli \
+  opcache \
+  zip \
+  ; \
+  pecl install imagick-3.4.4; \
+  docker-php-ext-install gmp; \
+  docker-php-ext-enable imagick; \
+  \
+  runDeps="$( \
+  scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
+  | tr ',' '\n' \
+  | sort -u \
+  | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+  )"; \
+  apk add --virtual .wordpress-phpexts-rundeps $runDeps; \
+  apk del .build-deps
+
+# set recommended PHP.ini settings
+# see https://secure.php.net/manual/en/opcache.installation.php
+RUN { \
+  echo 'opcache.memory_consumption=128'; \
+  echo 'opcache.interned_strings_buffer=8'; \
+  echo 'opcache.max_accelerated_files=4000'; \
+  echo 'opcache.revalidate_freq=2'; \
+  echo 'opcache.fast_shutdown=1'; \
+  } > /usr/local/etc/php/conf.d/opcache-recommended.ini
+# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging
+RUN { \
+  # https://www.php.net/manual/en/errorfunc.constants.php
+  # https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670
+  echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
+  echo 'display_errors = Off'; \
+  echo 'display_startup_errors = Off'; \
+  echo 'log_errors = On'; \
+  echo 'error_log = /dev/stderr'; \
+  echo 'log_errors_max_len = 1024'; \
+  echo 'ignore_repeated_errors = On'; \
+  echo 'ignore_repeated_source = Off'; \
+  echo 'html_errors = Off'; \
+  } > /usr/local/etc/php/conf.d/error-logging.ini
+
+ENV WORDPRESS_VERSION 5.5.3
+ENV WORDPRESS_SHA1 61015720c679a6cbf9ad51701f0f3fedb51b3273
+
+
+RUN set -eux; \
+	version='5.7.2'; \
+	sha1='c97c037d942e974eb8524213a505268033aff6c8'; \
+	\
+	curl -o wordpress.tar.gz -fL "https://wordpress.org/wordpress-$version.tar.gz"; \
+	echo "$sha1 *wordpress.tar.gz" | sha1sum -c -; \
+	\
+# upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
+	tar -xzf wordpress.tar.gz -C /usr/src/; \
+	rm wordpress.tar.gz; \
+# https://wordpress.org/support/article/htaccess/
+	[ ! -e /usr/src/wordpress/.htaccess ]; \
+	{ \
+		echo '# BEGIN WordPress'; \
+		echo ''; \
+		echo 'RewriteEngine On'; \
+		echo 'RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]'; \
+		echo 'RewriteBase /'; \
+		echo 'RewriteRule ^index\.php$ - [L]'; \
+		echo 'RewriteCond %{REQUEST_FILENAME} !-f'; \
+		echo 'RewriteCond %{REQUEST_FILENAME} !-d'; \
+		echo 'RewriteRule . /index.php [L]'; \
+		echo ''; \
+		echo '# END WordPress'; \
+	} > /usr/src/wordpress/.htaccess; \
+	\
+  chown -R www-data:www-data /usr/src/wordpress; \
+  # pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
+	# wp-content/cache: https://github.com/docker-library/wordpress/issues/534#issuecomment-705733507
+	mkdir wp-content; \
+	for dir in /usr/src/wordpress/wp-content/*/; do \
+		dir="$(basename "${dir%/}")"; \
+		mkdir "wp-content/$dir"; \
+	done; \
+	chown -R www-data:www-data wp-content; \
+	chmod -R 777 wp-content; \ 
+  curl -o wp-cli.phar -fSL "https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar"; \
+  chmod +x wp-cli.phar; \
+  mv wp-cli.phar /usr/local/bin/wp
+
+RUN apk add ssmtp 
+
+#VOLUME /var/www/html
+VOLUME /var/www
+
+COPY docker-entrypoint.sh /usr/local/bin/
+
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["php-fpm"]
diff --git a/src/ant_docker-entrypoint.sh b/src/ant_docker-entrypoint.sh
new file mode 100755
index 0000000..c51cd27
--- /dev/null
+++ b/src/ant_docker-entrypoint.sh
@@ -0,0 +1,292 @@
+#!/bin/bash
+set -euo pipefail
+
+NO_COPY_IFNOT_EXISTS=1
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
+	if [ "$(id -u)" = '0' ]; then
+		case "$1" in
+			apache2*)
+				user="${APACHE_RUN_USER:-www-data}"
+				group="${APACHE_RUN_GROUP:-www-data}"
+
+				# strip off any '#' symbol ('#1000' is valid syntax for Apache)
+				pound='#'
+				user="${user#$pound}"
+				group="${group#$pound}"
+				;;
+			*) # php-fpm
+				user='www-data'
+				group='www-data'
+				;;
+		esac
+	else
+		user="$(id -u)"
+		group="$(id -g)"
+	fi
+
+	if [ -z "$NO_COPY_IFNOT_EXISTS" ] && [ ! -e index.php ] && [ ! -e wp-includes/version.php ]; then
+		# if the directory exists and WordPress doesn't appear to be installed AND the permissions of it are root:root, let's chown it (likely a Docker-created directory)
+		if [ "$(id -u)" = '0' ] && [ "$(stat -c '%u:%g' .)" = '0:0' ]; then
+			chown "$user:$group" .
+		fi
+
+		echo >&2 "WordPress not found in $PWD - copying now..."
+		if [ -n "$(ls -A)" ]; then
+			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
+		fi
+		sourceTarArgs=(
+			--create
+			--file -
+			--directory /usr/src/wordpress
+			--owner "$user" --group "$group"
+		)
+		targetTarArgs=(
+			--extract
+			--file -
+		)
+		if [ "$user" != '0' ]; then
+			# avoid "tar: .: Cannot utime: Operation not permitted" and "tar: .: Cannot change mode to rwxr-xr-x: Operation not permitted"
+			targetTarArgs+=( --no-overwrite-dir )
+		fi
+		tar "${sourceTarArgs[@]}" . | tar "${targetTarArgs[@]}"
+		echo >&2 "Complete! WordPress has been successfully copied to $PWD"
+		if [ ! -e .htaccess ]; then
+			# NOTE: The "Indexes" option is disabled in the php:apache base image
+			cat > .htaccess <<-'EOF'
+				# BEGIN WordPress
+				<IfModule mod_rewrite.c>
+				RewriteEngine On
+				RewriteBase /
+				RewriteRule ^index\.php$ - [L]
+				RewriteCond %{REQUEST_FILENAME} !-f
+				RewriteCond %{REQUEST_FILENAME} !-d
+				RewriteRule . /index.php [L]
+				</IfModule>
+				# END WordPress
+			EOF
+			chown "$user:$group" .htaccess
+		fi
+	fi
+
+	# allow any of these "Authentication Unique Keys and Salts." to be specified via
+	# environment variables with a "WORDPRESS_" prefix (ie, "WORDPRESS_AUTH_KEY")
+	uniqueEnvs=(
+		AUTH_KEY
+		SECURE_AUTH_KEY
+		LOGGED_IN_KEY
+		NONCE_KEY
+		AUTH_SALT
+		SECURE_AUTH_SALT
+		LOGGED_IN_SALT
+		NONCE_SALT
+	)
+	envs=(
+		WORDPRESS_DB_HOST
+		WORDPRESS_DB_USER
+		WORDPRESS_DB_PASSWORD
+		WORDPRESS_DB_NAME
+		WORDPRESS_DB_CHARSET
+		WORDPRESS_DB_COLLATE
+		"${uniqueEnvs[@]/#/WORDPRESS_}"
+		WORDPRESS_TABLE_PREFIX
+		WORDPRESS_DEBUG
+		WORDPRESS_CONFIG_EXTRA
+	)
+	haveConfig=
+	for e in "${envs[@]}"; do
+		file_env "$e"
+		if [ -z "$haveConfig" ] && [ -n "${!e}" ]; then
+			haveConfig=1
+		fi
+	done
+
+	# linking backwards-compatibility
+	if [ -n "${!MYSQL_ENV_MYSQL_*}" ]; then
+		haveConfig=1
+		# host defaults to "mysql" below if unspecified
+		: "${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}"
+		if [ "$WORDPRESS_DB_USER" = 'root' ]; then
+			: "${WORDPRESS_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}}"
+		else
+			: "${WORDPRESS_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD:-}}"
+		fi
+		: "${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-}}"
+	fi
+
+	# only touch "wp-config.php" if we have environment-supplied configuration values
+	if [ "$haveConfig" ]; then
+		: "${WORDPRESS_DB_HOST:=mysql}"
+		: "${WORDPRESS_DB_USER:=root}"
+		: "${WORDPRESS_DB_PASSWORD:=}"
+		: "${WORDPRESS_DB_NAME:=wordpress}"
+		: "${WORDPRESS_DB_CHARSET:=utf8}"
+		: "${WORDPRESS_DB_COLLATE:=}"
+
+		# version 4.4.1 decided to switch to windows line endings, that breaks our seds and awks
+		# https://github.com/docker-library/wordpress/issues/116
+		# https://github.com/WordPress/WordPress/commit/1acedc542fba2482bab88ec70d4bea4b997a92e4
+		sed -ri -e 's/\r$//' wp-config*
+
+		if [ ! -e wp-config.php ]; then
+			awk '
+				/^\/\*.*stop editing.*\*\/$/ && c == 0 {
+					c = 1
+					system("cat")
+					if (ENVIRON["WORDPRESS_CONFIG_EXTRA"]) {
+						print "// WORDPRESS_CONFIG_EXTRA"
+						print ENVIRON["WORDPRESS_CONFIG_EXTRA"] "\n"
+					}
+				}
+				{ print }
+			' wp-config-sample.php > wp-config.php <<'EOPHP'
+// If we're behind a proxy server and using HTTPS, we need to alert Wordpress of that fact
+// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+	$_SERVER['HTTPS'] = 'on';
+}
+
+EOPHP
+			chown "$user:$group" wp-config.php
+		elif [ -e wp-config.php ] && [ -n "$WORDPRESS_CONFIG_EXTRA" ] && [[ "$(< wp-config.php)" != *"$WORDPRESS_CONFIG_EXTRA"* ]]; then
+			# (if the config file already contains the requested PHP code, don't print a warning)
+			echo >&2
+			echo >&2 'WARNING: environment variable "WORDPRESS_CONFIG_EXTRA" is set, but "wp-config.php" already exists'
+			echo >&2 '  The contents of this variable will _not_ be inserted into the existing "wp-config.php" file.'
+			echo >&2 '  (see https://github.com/docker-library/wordpress/issues/333 for more details)'
+			echo >&2
+		fi
+
+		# see http://stackoverflow.com/a/2705678/433558
+		sed_escape_lhs() {
+			echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g'
+		}
+		sed_escape_rhs() {
+			echo "$@" | sed -e 's/[\/&]/\\&/g'
+		}
+		php_escape() {
+			local escaped="$(php -r 'var_export(('"$2"') $argv[1]);' -- "$1")"
+			if [ "$2" = 'string' ] && [ "${escaped:0:1}" = "'" ]; then
+				escaped="${escaped//$'\n'/"' + \"\\n\" + '"}"
+			fi
+			echo "$escaped"
+		}
+		set_config() {
+			key="$1"
+			value="$2"
+			var_type="${3:-string}"
+			start="(['\"])$(sed_escape_lhs "$key")\2\s*,"
+			end="\);"
+			if [ "${key:0:1}" = '$' ]; then
+				start="^(\s*)$(sed_escape_lhs "$key")\s*="
+				end=";"
+			fi
+			sed -ri -e "s/($start\s*).*($end)$/\1$(sed_escape_rhs "$(php_escape "$value" "$var_type")")\3/" wp-config.php
+		}
+
+		set_config 'DB_HOST' "$WORDPRESS_DB_HOST"
+		set_config 'DB_USER' "$WORDPRESS_DB_USER"
+		set_config 'DB_PASSWORD' "$WORDPRESS_DB_PASSWORD"
+		set_config 'DB_NAME' "$WORDPRESS_DB_NAME"
+		set_config 'DB_CHARSET' "$WORDPRESS_DB_CHARSET"
+		set_config 'DB_COLLATE' "$WORDPRESS_DB_COLLATE"
+
+		for unique in "${uniqueEnvs[@]}"; do
+			uniqVar="WORDPRESS_$unique"
+			if [ -n "${!uniqVar}" ]; then
+				set_config "$unique" "${!uniqVar}"
+			else
+				# if not specified, let's generate a random value
+				currentVal="$(sed -rn -e "s/define\(\s*(([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\s*\);/\4/p" wp-config.php)"
+				if [ "$currentVal" = 'put your unique phrase here' ]; then
+					set_config "$unique" "$(head -c1m /dev/urandom | sha1sum | cut -d' ' -f1)"
+				fi
+			fi
+		done
+
+		if [ "$WORDPRESS_TABLE_PREFIX" ]; then
+			set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX"
+		fi
+
+		if [ "$WORDPRESS_DEBUG" ]; then
+			set_config 'WP_DEBUG' 1 boolean
+		fi
+
+		if ! TERM=dumb php -- <<'EOPHP'
+<?php
+// database might not exist, so let's try creating it (just to be safe)
+
+$stderr = fopen('php://stderr', 'w');
+
+// https://codex.wordpress.org/Editing_wp-config.php#MySQL_Alternate_Port
+//   "hostname:port"
+// https://codex.wordpress.org/Editing_wp-config.php#MySQL_Sockets_or_Pipes
+//   "hostname:unix-socket-path"
+list($host, $socket) = explode(':', getenv('WORDPRESS_DB_HOST'), 2);
+$port = 0;
+if (is_numeric($socket)) {
+	$port = (int) $socket;
+	$socket = null;
+}
+$user = getenv('WORDPRESS_DB_USER');
+$pass = getenv('WORDPRESS_DB_PASSWORD');
+$dbName = getenv('WORDPRESS_DB_NAME');
+
+$maxTries = 10;
+do {
+	$mysql = new mysqli($host, $user, $pass, '', $port, $socket);
+	if ($mysql->connect_error) {
+		fwrite($stderr, "\n" . 'MySQL Connection Error: (' . $mysql->connect_errno . ') ' . $mysql->connect_error . "\n");
+		--$maxTries;
+		if ($maxTries <= 0) {
+			exit(1);
+		}
+		sleep(3);
+	}
+} while ($mysql->connect_error);
+
+if (!$mysql->query('CREATE DATABASE IF NOT EXISTS `' . $mysql->real_escape_string($dbName) . '`')) {
+	fwrite($stderr, "\n" . 'MySQL "CREATE DATABASE" Error: ' . $mysql->error . "\n");
+	$mysql->close();
+	exit(1);
+}
+
+$mysql->close();
+EOPHP
+		then
+			echo >&2
+			echo >&2 "WARNING: unable to establish a database connection to '$WORDPRESS_DB_HOST'"
+			echo >&2 '  continuing anyways (which might have unexpected results)'
+			echo >&2
+		fi
+	fi
+
+	# now that we're definitely done writing configuration, let's clear out the relevant envrionment variables (so that stray "phpinfo()" calls don't leak secrets from our code)
+	for e in "${envs[@]}"; do
+		unset "$e"
+	done
+fi
+
+exec "$@"
diff --git a/src/docker-entrypoint.sh b/src/docker-entrypoint.sh
new file mode 100755
index 0000000..1034f1d
--- /dev/null
+++ b/src/docker-entrypoint.sh
@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+if [[ "$1" == apache2* ]] || [ "$1" = 'php-fpm' ]; then
+	uid="$(id -u)"
+	gid="$(id -g)"
+	if [ "$uid" = '0' ]; then
+		case "$1" in
+			apache2*)
+				user="${APACHE_RUN_USER:-www-data}"
+				group="${APACHE_RUN_GROUP:-www-data}"
+
+				# strip off any '#' symbol ('#1000' is valid syntax for Apache)
+				pound='#'
+				user="${user#$pound}"
+				group="${group#$pound}"
+				;;
+			*) # php-fpm
+				user='www-data'
+				group='www-data'
+				;;
+		esac
+	else
+		user="$uid"
+		group="$gid"
+	fi
+
+	if [ ! -e index.php ] && [ ! -e wp-includes/version.php ]; then
+		# if the directory exists and WordPress doesn't appear to be installed AND the permissions of it are root:root, let's chown it (likely a Docker-created directory)
+		if [ "$uid" = '0' ] && [ "$(stat -c '%u:%g' .)" = '0:0' ]; then
+			chown "$user:$group" .
+		fi
+
+		echo >&2 "WordPress not found in $PWD - copying now..."
+		if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
+			echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
+		fi
+		sourceTarArgs=(
+			--create
+			--file -
+			--directory /usr/src/wordpress
+			--owner "$user" --group "$group"
+		)
+		targetTarArgs=(
+			--extract
+			--file -
+		)
+		if [ "$uid" != '0' ]; then
+			# avoid "tar: .: Cannot utime: Operation not permitted" and "tar: .: Cannot change mode to rwxr-xr-x: Operation not permitted"
+			targetTarArgs+=( --no-overwrite-dir )
+		fi
+		# loop over "pluggable" content in the source, and if it already exists in the destination, skip it
+		# https://github.com/docker-library/wordpress/issues/506 ("wp-content" persisted, "akismet" updated, WordPress container restarted/recreated, "akismet" downgraded)
+		for contentPath in \
+			/usr/src/wordpress/.htaccess \
+			/usr/src/wordpress/wp-content/*/*/ \
+		; do
+			contentPath="${contentPath%/}"
+			[ -e "$contentPath" ] || continue
+			contentPath="${contentPath#/usr/src/wordpress/}" # "wp-content/plugins/akismet", etc.
+			if [ -e "$PWD/$contentPath" ]; then
+				echo >&2 "WARNING: '$PWD/$contentPath' exists! (not copying the WordPress version)"
+				sourceTarArgs+=( --exclude "./$contentPath" )
+			fi
+		done
+		tar "${sourceTarArgs[@]}" . | tar "${targetTarArgs[@]}"
+		echo >&2 "Complete! WordPress has been successfully copied to $PWD"
+	fi
+
+	wpEnvs=( "${!WORDPRESS_@}" )
+	if [ ! -s wp-config.php ] && [ "${#wpEnvs[@]}" -gt 0 ]; then
+		for wpConfigDocker in \
+			wp-config-docker.php \
+			/usr/src/wordpress/wp-config-docker.php \
+		; do
+			if [ -s "$wpConfigDocker" ]; then
+				echo >&2 "No 'wp-config.php' found in $PWD, but 'WORDPRESS_...' variables supplied; copying '$wpConfigDocker' (${wpEnvs[*]})"
+				# using "awk" to replace all instances of "put your unique phrase here" with a properly unique string (for AUTH_KEY and friends to have safe defaults if they aren't specified with environment variables)
+				awk '
+					/put your unique phrase here/ {
+						cmd = "head -c1m /dev/urandom | sha1sum | cut -d\\  -f1"
+						cmd | getline str
+						close(cmd)
+						gsub("put your unique phrase here", str)
+					}
+					{ print }
+				' "$wpConfigDocker" > wp-config.php
+				if [ "$uid" = '0' ]; then
+					# attempt to ensure that wp-config.php is owned by the run user
+					# could be on a filesystem that doesn't allow chown (like some NFS setups)
+					chown "$user:$group" wp-config.php || true
+				fi
+				break
+			fi
+		done
+	fi
+fi
+
+exec "$@"
diff --git a/src/wp-config-docker.php b/src/wp-config-docker.php
new file mode 100644
index 0000000..dc0b500
--- /dev/null
+++ b/src/wp-config-docker.php
@@ -0,0 +1,133 @@
+<?php
+/**
+ * The base configuration for WordPress
+ *
+ * The wp-config.php creation script uses this file during the installation.
+ * You don't have to use the web site, you can copy this file to "wp-config.php"
+ * and fill in the values.
+ *
+ * This file contains the following configurations:
+ *
+ * * MySQL settings
+ * * Secret keys
+ * * Database table prefix
+ * * ABSPATH
+ *
+ * This has been slightly modified (to read environment variables) for use in Docker.
+ *
+ * @link https://wordpress.org/support/article/editing-wp-config-php/
+ *
+ * @package WordPress
+ */
+
+// IMPORTANT: this file needs to stay in-sync with https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
+// (it gets parsed by the upstream wizard in https://github.com/WordPress/WordPress/blob/f27cb65e1ef25d11b535695a660e7282b98eb742/wp-admin/setup-config.php#L356-L392)
+
+// a helper function to lookup "env_FILE", "env", then fallback
+if (!function_exists('getenv_docker')) {
+	// https://github.com/docker-library/wordpress/issues/588 (WP-CLI will load this file 2x)
+	function getenv_docker($env, $default) {
+		if ($fileEnv = getenv($env . '_FILE')) {
+			return rtrim(file_get_contents($fileEnv), "\r\n");
+		}
+		else if (($val = getenv($env)) !== false) {
+			return $val;
+		}
+		else {
+			return $default;
+		}
+	}
+}
+
+// ** MySQL settings - You can get this info from your web host ** //
+/** The name of the database for WordPress */
+define( 'DB_NAME', getenv_docker('WORDPRESS_DB_NAME', 'wordpress') );
+
+/** MySQL database username */
+define( 'DB_USER', getenv_docker('WORDPRESS_DB_USER', 'example username') );
+
+/** MySQL database password */
+define( 'DB_PASSWORD', getenv_docker('WORDPRESS_DB_PASSWORD', 'example password') );
+
+/**
+ * Docker image fallback values above are sourced from the official WordPress installation wizard:
+ * https://github.com/WordPress/WordPress/blob/f9cc35ebad82753e9c86de322ea5c76a9001c7e2/wp-admin/setup-config.php#L216-L230
+ * (However, using "example username" and "example password" in your database is strongly discouraged.  Please use strong, random credentials!)
+ */
+
+/** MySQL hostname */
+define( 'DB_HOST', getenv_docker('WORDPRESS_DB_HOST', 'mysql') );
+
+/** Database charset to use in creating database tables. */
+define( 'DB_CHARSET', getenv_docker('WORDPRESS_DB_CHARSET', 'utf8') );
+
+/** The database collate type. Don't change this if in doubt. */
+define( 'DB_COLLATE', getenv_docker('WORDPRESS_DB_COLLATE', '') );
+
+/**#@+
+ * Authentication unique keys and salts.
+ *
+ * Change these to different unique phrases! You can generate these using
+ * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
+ *
+ * You can change these at any point in time to invalidate all existing cookies.
+ * This will force all users to have to log in again.
+ *
+ * @since 2.6.0
+ */
+define( 'AUTH_KEY',         getenv_docker('WORDPRESS_AUTH_KEY',         'put your unique phrase here') );
+define( 'SECURE_AUTH_KEY',  getenv_docker('WORDPRESS_SECURE_AUTH_KEY',  'put your unique phrase here') );
+define( 'LOGGED_IN_KEY',    getenv_docker('WORDPRESS_LOGGED_IN_KEY',    'put your unique phrase here') );
+define( 'NONCE_KEY',        getenv_docker('WORDPRESS_NONCE_KEY',        'put your unique phrase here') );
+define( 'AUTH_SALT',        getenv_docker('WORDPRESS_AUTH_SALT',        'put your unique phrase here') );
+define( 'SECURE_AUTH_SALT', getenv_docker('WORDPRESS_SECURE_AUTH_SALT', 'put your unique phrase here') );
+define( 'LOGGED_IN_SALT',   getenv_docker('WORDPRESS_LOGGED_IN_SALT',   'put your unique phrase here') );
+define( 'NONCE_SALT',       getenv_docker('WORDPRESS_NONCE_SALT',       'put your unique phrase here') );
+// (See also https://wordpress.stackexchange.com/a/152905/199287)
+
+/**#@-*/
+
+/**
+ * WordPress database table prefix.
+ *
+ * You can have multiple installations in one database if you give each
+ * a unique prefix. Only numbers, letters, and underscores please!
+ */
+$table_prefix = getenv_docker('WORDPRESS_TABLE_PREFIX', 'wp_');
+
+/**
+ * For developers: WordPress debugging mode.
+ *
+ * Change this to true to enable the display of notices during development.
+ * It is strongly recommended that plugin and theme developers use WP_DEBUG
+ * in their development environments.
+ *
+ * For information on other constants that can be used for debugging,
+ * visit the documentation.
+ *
+ * @link https://wordpress.org/support/article/debugging-in-wordpress/
+ */
+define( 'WP_DEBUG', !!getenv_docker('WORDPRESS_DEBUG', '') );
+
+/* Add any custom values between this line and the "stop editing" line. */
+
+// If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact
+// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+	$_SERVER['HTTPS'] = 'on';
+}
+// (we include this by default because reverse proxying is extremely common in container environments)
+
+if ($configExtra = getenv_docker('WORDPRESS_CONFIG_EXTRA', '')) {
+	eval($configExtra);
+}
+
+/* That's all, stop editing! Happy publishing. */
+
+/** Absolute path to the WordPress directory. */
+if ( ! defined( 'ABSPATH' ) ) {
+	define( 'ABSPATH', __DIR__ . '/' );
+}
+
+/** Sets up WordPress vars and included files. */
+require_once ABSPATH . 'wp-settings.php';