Termas_LibreCloud/wordpress-fpm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

chore: build and pipeline

Browse Source
This commit is contained in:
Jesús Pérez Lorenzo 2021-06-23 04:22:09 +01:00
parent 48ef99f502
commit 765f8a6a1a
12 changed files with 905 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
pipeline/PersistentVolumeCDCI.yaml Normal file
View File

@ -0,0 +1,29 @@
kind: PersistentVolume
apiVersion: v1
metadata:
name: cdci-wordpress-fpm-pvc-volume
namespace: cdci-librecloud-online
labels:
type: local
spec:
storageClassName: manual
persistentVolumeReclaimPolicy: Delete
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/cdci"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: cdci-wordpress-fpm-pvc
namespace: cdci-librecloud-online
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

6
pipeline/down.sh Executable file
View File

@ -0,0 +1,6 @@
#/bin/bash
kubectl delete -f pipeline-run.yaml 2>/dev/null
kubectl delete -f pipeline.yaml 2>/dev/null
kubectl delete -f task.yaml 2>/dev/null
kubectl delete -f PersistentVolumeCDCI.yaml 2>/dev/null
kubectl delete -f pipe-resource.yaml 2>/dev/null

24
pipeline/pipe-resource.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: librecloud-wordpress-fpm-img
namespace: cdci-librecloud-online
spec:
type: image
params:
- name: url
value: termas.librecloud.online/termas_librecloud/wordpress-fpm:8.0
---
apiVersion: tekton.dev/v1alpha1
kind: PipelineResource
metadata:
name: librecloud-wordpress-fpm-git
namespace: cdci-librecloud-online
spec:
type: git
params:
- name: revision
value: master
- name: url
value: https://rlung.librecloud.online/Termas_LibreCloud/wordpress-fpm.git

22
pipeline/pipeline-run.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
name: cdci-wordpress-fpm
namespace: cdci-librecloud-online
spec:
serviceAccountName: build-bot
pipelineRef:
name: cdci-wordpress-fpm
# podTemplate:
#volumes:
#- name: cdci-volume
# #emptyDir: {}
# persistentVolumeClaim:
# claimName: cdci-wordpress-fpm-pvc
resources:
- name: source-repo
resourceRef:
name: librecloud-wordpress-fpm-git
- name: target-image
resourceRef:
name: librecloud-wordpress-fpm-img

32
pipeline/pipeline.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
name: cdci-wordpress-fpm
namespace: cdci-librecloud-online
spec:
#serviceAccount: build-bot
resources:
- name: source-repo
type: git
#resourceRef:
# name: librecloud-wordpress-fpm-git
- name: target-image
type: image
#resourceRef:
# name: librecloud-wordpress-fpm-img
tasks:
- name: build-wordpress-fpm-img
taskRef:
name: wordpress-fpm-build-image-from-git-source
params:
- name: pathToDockerFile
value: /workspace/source/src
- name: pathToContext
value: /workspace/source/src #configure: may change according to your source
resources:
inputs:
- name: source
resource: source-repo
outputs:
- name: builtImage
resource: target-image

91
pipeline/task.yaml Normal file
View File

@ -0,0 +1,91 @@
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: wordpress-fpm-build-image-from-git-source
namespace: cdci-librecloud-online
spec:
#serviceAccount: build-bot
inputs:
params:
- name: pathToDockerFile
type: string
description: The path to the dockerfile to build
default: /workspace/source/src/Dockerfile
- name: pathToContext
type: string
description:
The build context used by Kaniko
(https://github.com/GoogleContainerTools/kaniko#kaniko-build-contexts)
default: /workspace/source/src
- name: DOCKERFILE
type: string
description: The name of the Dockerfile
default: "Dockerfile"
- name: BUILDKIT_CLIENT_IMAGE
type: string
description: The name of the BuildKit client (buildctl) image
default: "moby/buildkit:v0.6.2"
- name: BUILDKIT_DAEMON_ADDRESS
type: string
description: The address of the BuildKit daemon (buildkitd) service
default: "tcp://buildkitd:1234"
resources:
- name: source
type: git
outputs:
resources:
- name: builtImage
type: image
volumes:
- name: dckr-cfg-volume
secret:
secretName: regcred
- name: ssh-volume
secret:
secretName: ssh-key
- name: certs
secret:
secretName: buildkit-client-certs
steps:
- name: build-and-push
image: $(inputs.params.BUILDKIT_CLIENT_IMAGE)
workingDir: /workspace/source
command: [ "buildctl" ]
args:
- --tlscacert
- /certs/ca.pem
- --tlscert
- /certs/cert.pem
- --tlskey
- /certs/key.pem
- --debug
- --addr=$(inputs.params.BUILDKIT_DAEMON_ADDRESS)
- build
- --progress=plain
- --frontend=dockerfile.v0
- --opt
- filename=$(inputs.params.DOCKERFILE)
- --local
- context=$(inputs.params.pathToContext)
- --local
- dockerfile=$(inputs.params.pathToDockerFile)
- --output
- type=image,name=$(outputs.resources.builtImage.url),push=true
- --export-cache
- type=inline
- --import-cache
- type=registry,ref=$(outputs.resources.builtImage.url)
volumeMounts:
- name: certs
readOnly: true
mountPath: /certs
- name: ssh-volume
readOnly: true
mountPath: /.ssh

24
pipeline/up.sh Executable file
View File

@ -0,0 +1,24 @@
#/bin/bash
FOLLOW_UP="yes"
NS_DOMAIN="cdci-librecloud-online"
PIPELINE_NAME="cdci-wordpress-fpm"
[ "$1" == "-s" ] && FOLLOW_UP=""
is_running=`kubectl get pods -n $NS_DOMAIN | grep $PIPELINE_NAME 2>/dev/null`
if [ -n "$is_running" ] ; then
kubectl delete -f pipeline-run.yaml 2>/dev/null
kubectl delete -f pipeline.yaml 2>/dev/null
kubectl delete -f task.yaml 2>/dev/null
kubectl delete -f pipe-resource.yaml 2>/dev/null
fi
kubectl delete -f PersistentVolumeCDCI.yaml 2>/dev/null
kubectl create -f PersistentVolumeCDCI.yaml
#. lib_dply.sh
#make_host_alias task
kubectl apply -f pipe-resource.yaml
kubectl apply -f task.yaml
kubectl apply -f pipeline.yaml
kubectl apply -f pipeline-run.yaml
if [ -n "$FOLLOW_UP" ] ; then
has_tkn=`type tkn 2>/dev/null`
[ -n "$has_tkn" ] && tkn pipelinerun logs -f $PIPELINE_NAME -n $NS_DOMAIN
fi

17
repo-config.yaml Normal file
View File

@ -0,0 +1,17 @@
Active: true
# Active: false # to not follow up webhook workflow
# Sources for src file
Repo: https://github.com/docker-library/wordpress.git
Source: wordpress/php8.0/fpm-alpine
TargetGit: ssh://git@rlung.librecloud.online:32225/Termas.LibreCloud.online/wordpress-fpm.git
# Name - Version, etc
Name: wordpress-fpm
Version: 8.0
# To get latest
IMAGE_NAME: wordpress
IMAGE_MATCH: 8.

136
src/Dockerfile Normal file
View File

@ -0,0 +1,136 @@
FROM php:8.0-fpm-alpine
# docker-entrypoint.sh dependencies
# persistent dependencies
RUN apk add --no-cache \
freetype \
libpng \
libjpeg \
libjpeg-turbo \
# in theory, docker-entrypoint.sh is POSIX-compliant, but priority is a working, consistent image
bash \
# BusyBox sed is not sufficient for some of our sed expressions
sed \
# Ghostscript is required for rendering PDF previews
ghostscript \
# Alpine package for "imagemagick" contains ~120 .so files, see: https://github.com/docker-library/wordpress/pull/497
# imagemagick \
;
# install the PHP extensions we need (https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions)
# --enable-gd-native-ttf \
RUN set -ex; \
\
apk add --no-cache --virtual .build-deps \
$PHPIZE_DEPS \
freetype-dev \
# imagemagick-dev \
libjpeg-turbo-dev \
libpng-dev \
libzip-dev \
gmp \
gmp-dev \
; \
docker-php-ext-configure gmp \
;\
docker-php-ext-configure gd --with-freetype --with-jpeg \
; \
docker-php-ext-install -j "$(nproc)" \
bcmath \
exif \
gd \
gmp \
mysqli \
zip \
; \
# pecl install imagick-3.4.4; \
# docker-php-ext-install gmp; \
# docker-php-ext-enable imagick; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --virtual .wordpress-phpexts-rundeps $runDeps; \
apk del .build-deps
# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN set -eux; \
docker-php-ext-enable opcache; \
{ \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=4000'; \
echo 'opcache.revalidate_freq=2'; \
echo 'opcache.fast_shutdown=1'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging
RUN { \
# https://www.php.net/manual/en/errorfunc.constants.php
# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
echo 'display_errors = Off'; \
echo 'display_startup_errors = Off'; \
echo 'log_errors = On'; \
echo 'error_log = /dev/stderr'; \
echo 'log_errors_max_len = 1024'; \
echo 'ignore_repeated_errors = On'; \
echo 'ignore_repeated_source = Off'; \
echo 'html_errors = Off'; \
} > /usr/local/etc/php/conf.d/error-logging.ini
RUN set -eux; \
version='5.7.2'; \
sha1='c97c037d942e974eb8524213a505268033aff6c8'; \
\
curl -o wordpress.tar.gz -fL "https://wordpress.org/wordpress-$version.tar.gz"; \
echo "$sha1 *wordpress.tar.gz" | sha1sum -c -; \
\
# upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
tar -xzf wordpress.tar.gz -C /usr/src/; \
rm wordpress.tar.gz; \
\
# https://wordpress.org/support/article/htaccess/
[ ! -e /usr/src/wordpress/.htaccess ]; \
{ \
echo '# BEGIN WordPress'; \
echo ''; \
echo 'RewriteEngine On'; \
echo 'RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]'; \
echo 'RewriteBase /'; \
echo 'RewriteRule ^index\.php$ - [L]'; \
echo 'RewriteCond %{REQUEST_FILENAME} !-f'; \
echo 'RewriteCond %{REQUEST_FILENAME} !-d'; \
echo 'RewriteRule . /index.php [L]'; \
echo ''; \
echo '# END WordPress'; \
} > /usr/src/wordpress/.htaccess; \
\
chown -R www-data:www-data /usr/src/wordpress; \
# pre-create wp-content (and single-level children) for folks who want to bind-mount themes, etc so permissions are pre-created properly instead of root:root
# wp-content/cache: https://github.com/docker-library/wordpress/issues/534#issuecomment-705733507
mkdir wp-content; \
for dir in /usr/src/wordpress/wp-content/*/ cache; do \
dir="$(basename "${dir%/}")"; \
mkdir "wp-content/$dir"; \
done; \
chown -R www-data:www-data wp-content; \
chmod -R 777 wp-content; \
curl -o wp-cli.phar -fSL "https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar"; \
chmod +x wp-cli.phar; \
mv wp-cli.phar /usr/local/bin/wp
RUN apk add ssmtp
#VOLUME /var/www/html
VOLUME /var/www
COPY --chown=www-data:www-data wp-config-docker.php /usr/src/wordpress/
COPY docker-entrypoint.sh /usr/local/bin/
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["php-fpm"]

292
src/ant_docker-entrypoint.sh Executable file
View File

@ -0,0 +1,292 @@
#!/bin/bash
set -euo pipefail
NO_COPY_IFNOT_EXISTS=1
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
if [[ "$1" == apache2* ]] || [ "$1" == php-fpm ]; then
if [ "$(id -u)" = '0' ]; then
case "$1" in
apache2*)
user="${APACHE_RUN_USER:-www-data}"
group="${APACHE_RUN_GROUP:-www-data}"
# strip off any '#' symbol ('#1000' is valid syntax for Apache)
pound='#'
user="${user#$pound}"
group="${group#$pound}"
;;
*) # php-fpm
user='www-data'
group='www-data'
;;
esac
else
user="$(id -u)"
group="$(id -g)"
fi
if [ -z "$NO_COPY_IFNOT_EXISTS" ] && [ ! -e index.php ] && [ ! -e wp-includes/version.php ]; then
# if the directory exists and WordPress doesn't appear to be installed AND the permissions of it are root:root, let's chown it (likely a Docker-created directory)
if [ "$(id -u)" = '0' ] && [ "$(stat -c '%u:%g' .)" = '0:0' ]; then
chown "$user:$group" .
fi
echo >&2 "WordPress not found in $PWD - copying now..."
if [ -n "$(ls -A)" ]; then
echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
fi
sourceTarArgs=(
--create
--file -
--directory /usr/src/wordpress
--owner "$user" --group "$group"
)
targetTarArgs=(
--extract
--file -
)
if [ "$user" != '0' ]; then
# avoid "tar: .: Cannot utime: Operation not permitted" and "tar: .: Cannot change mode to rwxr-xr-x: Operation not permitted"
targetTarArgs+=( --no-overwrite-dir )
fi
tar "${sourceTarArgs[@]}" . | tar "${targetTarArgs[@]}"
echo >&2 "Complete! WordPress has been successfully copied to $PWD"
if [ ! -e .htaccess ]; then
# NOTE: The "Indexes" option is disabled in the php:apache base image
cat > .htaccess <<-'EOF'
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
EOF
chown "$user:$group" .htaccess
fi
fi
# allow any of these "Authentication Unique Keys and Salts." to be specified via
# environment variables with a "WORDPRESS_" prefix (ie, "WORDPRESS_AUTH_KEY")
uniqueEnvs=(
AUTH_KEY
SECURE_AUTH_KEY
LOGGED_IN_KEY
NONCE_KEY
AUTH_SALT
SECURE_AUTH_SALT
LOGGED_IN_SALT
NONCE_SALT
)
envs=(
WORDPRESS_DB_HOST
WORDPRESS_DB_USER
WORDPRESS_DB_PASSWORD
WORDPRESS_DB_NAME
WORDPRESS_DB_CHARSET
WORDPRESS_DB_COLLATE
"${uniqueEnvs[@]/#/WORDPRESS_}"
WORDPRESS_TABLE_PREFIX
WORDPRESS_DEBUG
WORDPRESS_CONFIG_EXTRA
)
haveConfig=
for e in "${envs[@]}"; do
file_env "$e"
if [ -z "$haveConfig" ] && [ -n "${!e}" ]; then
haveConfig=1
fi
done
# linking backwards-compatibility
if [ -n "${!MYSQL_ENV_MYSQL_*}" ]; then
haveConfig=1
# host defaults to "mysql" below if unspecified
: "${WORDPRESS_DB_USER:=${MYSQL_ENV_MYSQL_USER:-root}}"
if [ "$WORDPRESS_DB_USER" = 'root' ]; then
: "${WORDPRESS_DB_PASSWORD:=${MYSQL_ENV_MYSQL_ROOT_PASSWORD:-}}"
else
: "${WORDPRESS_DB_PASSWORD:=${MYSQL_ENV_MYSQL_PASSWORD:-}}"
fi
: "${WORDPRESS_DB_NAME:=${MYSQL_ENV_MYSQL_DATABASE:-}}"
fi
# only touch "wp-config.php" if we have environment-supplied configuration values
if [ "$haveConfig" ]; then
: "${WORDPRESS_DB_HOST:=mysql}"
: "${WORDPRESS_DB_USER:=root}"
: "${WORDPRESS_DB_PASSWORD:=}"
: "${WORDPRESS_DB_NAME:=wordpress}"
: "${WORDPRESS_DB_CHARSET:=utf8}"
: "${WORDPRESS_DB_COLLATE:=}"
# version 4.4.1 decided to switch to windows line endings, that breaks our seds and awks
# https://github.com/docker-library/wordpress/issues/116
# https://github.com/WordPress/WordPress/commit/1acedc542fba2482bab88ec70d4bea4b997a92e4
sed -ri -e 's/\r$//' wp-config*
if [ ! -e wp-config.php ]; then
awk '
/^\/\*.*stop editing.*\*\/$/ && c == 0 {
c = 1
system("cat")
if (ENVIRON["WORDPRESS_CONFIG_EXTRA"]) {
print "// WORDPRESS_CONFIG_EXTRA"
print ENVIRON["WORDPRESS_CONFIG_EXTRA"] "\n"
}
}
{ print }
' wp-config-sample.php > wp-config.php <<'EOPHP'
// If we're behind a proxy server and using HTTPS, we need to alert Wordpress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
EOPHP
chown "$user:$group" wp-config.php
elif [ -e wp-config.php ] && [ -n "$WORDPRESS_CONFIG_EXTRA" ] && [[ "$(< wp-config.php)" != *"$WORDPRESS_CONFIG_EXTRA"* ]]; then
# (if the config file already contains the requested PHP code, don't print a warning)
echo >&2
echo >&2 'WARNING: environment variable "WORDPRESS_CONFIG_EXTRA" is set, but "wp-config.php" already exists'
echo >&2 ' The contents of this variable will _not_ be inserted into the existing "wp-config.php" file.'
echo >&2 ' (see https://github.com/docker-library/wordpress/issues/333 for more details)'
echo >&2
fi
# see http://stackoverflow.com/a/2705678/433558
sed_escape_lhs() {
echo "$@" | sed -e 's/[]\/$*.^|[]/\\&/g'
}
sed_escape_rhs() {
echo "$@" | sed -e 's/[\/&]/\\&/g'
}
php_escape() {
local escaped="$(php -r 'var_export(('"$2"') $argv[1]);' -- "$1")"
if [ "$2" = 'string' ] && [ "${escaped:0:1}" = "'" ]; then
escaped="${escaped//$'\n'/"' + \"\\n\" + '"}"
fi
echo "$escaped"
}
set_config() {
key="$1"
value="$2"
var_type="${3:-string}"
start="(['\"])$(sed_escape_lhs "$key")\2\s*,"
end="\);"
if [ "${key:0:1}" = '$' ]; then
start="^(\s*)$(sed_escape_lhs "$key")\s*="
end=";"
fi
sed -ri -e "s/($start\s*).*($end)$/\1$(sed_escape_rhs "$(php_escape "$value" "$var_type")")\3/" wp-config.php
}
set_config 'DB_HOST' "$WORDPRESS_DB_HOST"
set_config 'DB_USER' "$WORDPRESS_DB_USER"
set_config 'DB_PASSWORD' "$WORDPRESS_DB_PASSWORD"
set_config 'DB_NAME' "$WORDPRESS_DB_NAME"
set_config 'DB_CHARSET' "$WORDPRESS_DB_CHARSET"
set_config 'DB_COLLATE' "$WORDPRESS_DB_COLLATE"
for unique in "${uniqueEnvs[@]}"; do
uniqVar="WORDPRESS_$unique"
if [ -n "${!uniqVar}" ]; then
set_config "$unique" "${!uniqVar}"
else
# if not specified, let's generate a random value
currentVal="$(sed -rn -e "s/define\(\s*(([\'\"])$unique\2\s*,\s*)(['\"])(.*)\3\s*\);/\4/p" wp-config.php)"
if [ "$currentVal" = 'put your unique phrase here' ]; then
set_config "$unique" "$(head -c1m /dev/urandom | sha1sum | cut -d' ' -f1)"
fi
fi
done
if [ "$WORDPRESS_TABLE_PREFIX" ]; then
set_config '$table_prefix' "$WORDPRESS_TABLE_PREFIX"
fi
if [ "$WORDPRESS_DEBUG" ]; then
set_config 'WP_DEBUG' 1 boolean
fi
if ! TERM=dumb php -- <<'EOPHP'
<?php
// database might not exist, so let's try creating it (just to be safe)
$stderr = fopen('php://stderr', 'w');
// https://codex.wordpress.org/Editing_wp-config.php#MySQL_Alternate_Port
// "hostname:port"
// https://codex.wordpress.org/Editing_wp-config.php#MySQL_Sockets_or_Pipes
// "hostname:unix-socket-path"
list($host, $socket) = explode(':', getenv('WORDPRESS_DB_HOST'), 2);
$port = 0;
if (is_numeric($socket)) {
$port = (int) $socket;
$socket = null;
}
$user = getenv('WORDPRESS_DB_USER');
$pass = getenv('WORDPRESS_DB_PASSWORD');
$dbName = getenv('WORDPRESS_DB_NAME');
$maxTries = 10;
do {
$mysql = new mysqli($host, $user, $pass, '', $port, $socket);
if ($mysql->connect_error) {
fwrite($stderr, "\n" . 'MySQL Connection Error: (' . $mysql->connect_errno . ') ' . $mysql->connect_error . "\n");
--$maxTries;
if ($maxTries <= 0) {
exit(1);
}
sleep(3);
}
} while ($mysql->connect_error);
if (!$mysql->query('CREATE DATABASE IF NOT EXISTS `' . $mysql->real_escape_string($dbName) . '`')) {
fwrite($stderr, "\n" . 'MySQL "CREATE DATABASE" Error: ' . $mysql->error . "\n");
$mysql->close();
exit(1);
}
$mysql->close();
EOPHP
then
echo >&2
echo >&2 "WARNING: unable to establish a database connection to '$WORDPRESS_DB_HOST'"
echo >&2 ' continuing anyways (which might have unexpected results)'
echo >&2
fi
fi
# now that we're definitely done writing configuration, let's clear out the relevant envrionment variables (so that stray "phpinfo()" calls don't leak secrets from our code)
for e in "${envs[@]}"; do
unset "$e"
done
fi
exec "$@"

99
src/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,99 @@
#!/usr/bin/env bash
set -Eeuo pipefail
if [[ "$1" == apache2* ]] || [ "$1" = 'php-fpm' ]; then
uid="$(id -u)"
gid="$(id -g)"
if [ "$uid" = '0' ]; then
case "$1" in
apache2*)
user="${APACHE_RUN_USER:-www-data}"
group="${APACHE_RUN_GROUP:-www-data}"
# strip off any '#' symbol ('#1000' is valid syntax for Apache)
pound='#'
user="${user#$pound}"
group="${group#$pound}"
;;
*) # php-fpm
user='www-data'
group='www-data'
;;
esac
else
user="$uid"
group="$gid"
fi
if [ ! -e index.php ] && [ ! -e wp-includes/version.php ]; then
# if the directory exists and WordPress doesn't appear to be installed AND the permissions of it are root:root, let's chown it (likely a Docker-created directory)
if [ "$uid" = '0' ] && [ "$(stat -c '%u:%g' .)" = '0:0' ]; then
chown "$user:$group" .
fi
echo >&2 "WordPress not found in $PWD - copying now..."
if [ -n "$(find -mindepth 1 -maxdepth 1 -not -name wp-content)" ]; then
echo >&2 "WARNING: $PWD is not empty! (copying anyhow)"
fi
sourceTarArgs=(
--create
--file -
--directory /usr/src/wordpress
--owner "$user" --group "$group"
)
targetTarArgs=(
--extract
--file -
)
if [ "$uid" != '0' ]; then
# avoid "tar: .: Cannot utime: Operation not permitted" and "tar: .: Cannot change mode to rwxr-xr-x: Operation not permitted"
targetTarArgs+=( --no-overwrite-dir )
fi
# loop over "pluggable" content in the source, and if it already exists in the destination, skip it
# https://github.com/docker-library/wordpress/issues/506 ("wp-content" persisted, "akismet" updated, WordPress container restarted/recreated, "akismet" downgraded)
for contentPath in \
/usr/src/wordpress/.htaccess \
/usr/src/wordpress/wp-content/*/*/ \
; do
contentPath="${contentPath%/}"
[ -e "$contentPath" ] || continue
contentPath="${contentPath#/usr/src/wordpress/}" # "wp-content/plugins/akismet", etc.
if [ -e "$PWD/$contentPath" ]; then
echo >&2 "WARNING: '$PWD/$contentPath' exists! (not copying the WordPress version)"
sourceTarArgs+=( --exclude "./$contentPath" )
fi
done
tar "${sourceTarArgs[@]}" . | tar "${targetTarArgs[@]}"
echo >&2 "Complete! WordPress has been successfully copied to $PWD"
fi
wpEnvs=( "${!WORDPRESS_@}" )
if [ ! -s wp-config.php ] && [ "${#wpEnvs[@]}" -gt 0 ]; then
for wpConfigDocker in \
wp-config-docker.php \
/usr/src/wordpress/wp-config-docker.php \
; do
if [ -s "$wpConfigDocker" ]; then
echo >&2 "No 'wp-config.php' found in $PWD, but 'WORDPRESS_...' variables supplied; copying '$wpConfigDocker' (${wpEnvs[*]})"
# using "awk" to replace all instances of "put your unique phrase here" with a properly unique string (for AUTH_KEY and friends to have safe defaults if they aren't specified with environment variables)
awk '
/put your unique phrase here/ {
cmd = "head -c1m /dev/urandom | sha1sum | cut -d\\ -f1"
cmd | getline str
close(cmd)
gsub("put your unique phrase here", str)
}
{ print }
' "$wpConfigDocker" > wp-config.php
if [ "$uid" = '0' ]; then
# attempt to ensure that wp-config.php is owned by the run user
# could be on a filesystem that doesn't allow chown (like some NFS setups)
chown "$user:$group" wp-config.php || true
fi
break
fi
done
fi
fi
exec "$@"

133
src/wp-config-docker.php Normal file
View File

@ -0,0 +1,133 @@
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the installation.
* You don't have to use the web site, you can copy this file to "wp-config.php"
* and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* This has been slightly modified (to read environment variables) for use in Docker.
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/
// IMPORTANT: this file needs to stay in-sync with https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php
// (it gets parsed by the upstream wizard in https://github.com/WordPress/WordPress/blob/f27cb65e1ef25d11b535695a660e7282b98eb742/wp-admin/setup-config.php#L356-L392)
// a helper function to lookup "env_FILE", "env", then fallback
if (!function_exists('getenv_docker')) {
// https://github.com/docker-library/wordpress/issues/588 (WP-CLI will load this file 2x)
function getenv_docker($env, $default) {
if ($fileEnv = getenv($env . '_FILE')) {
return rtrim(file_get_contents($fileEnv), "\r\n");
}
else if (($val = getenv($env)) !== false) {
return $val;
}
else {
return $default;
}
}
}
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', getenv_docker('WORDPRESS_DB_NAME', 'wordpress') );
/** MySQL database username */
define( 'DB_USER', getenv_docker('WORDPRESS_DB_USER', 'example username') );
/** MySQL database password */
define( 'DB_PASSWORD', getenv_docker('WORDPRESS_DB_PASSWORD', 'example password') );
/**
* Docker image fallback values above are sourced from the official WordPress installation wizard:
* https://github.com/WordPress/WordPress/blob/f9cc35ebad82753e9c86de322ea5c76a9001c7e2/wp-admin/setup-config.php#L216-L230
* (However, using "example username" and "example password" in your database is strongly discouraged. Please use strong, random credentials!)
*/
/** MySQL hostname */
define( 'DB_HOST', getenv_docker('WORDPRESS_DB_HOST', 'mysql') );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', getenv_docker('WORDPRESS_DB_CHARSET', 'utf8') );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', getenv_docker('WORDPRESS_DB_COLLATE', '') );
/**#@+
* Authentication unique keys and salts.
*
* Change these to different unique phrases! You can generate these using
* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
*
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', getenv_docker('WORDPRESS_AUTH_KEY', 'put your unique phrase here') );
define( 'SECURE_AUTH_KEY', getenv_docker('WORDPRESS_SECURE_AUTH_KEY', 'put your unique phrase here') );
define( 'LOGGED_IN_KEY', getenv_docker('WORDPRESS_LOGGED_IN_KEY', 'put your unique phrase here') );
define( 'NONCE_KEY', getenv_docker('WORDPRESS_NONCE_KEY', 'put your unique phrase here') );
define( 'AUTH_SALT', getenv_docker('WORDPRESS_AUTH_SALT', 'put your unique phrase here') );
define( 'SECURE_AUTH_SALT', getenv_docker('WORDPRESS_SECURE_AUTH_SALT', 'put your unique phrase here') );
define( 'LOGGED_IN_SALT', getenv_docker('WORDPRESS_LOGGED_IN_SALT', 'put your unique phrase here') );
define( 'NONCE_SALT', getenv_docker('WORDPRESS_NONCE_SALT', 'put your unique phrase here') );
// (See also https://wordpress.stackexchange.com/a/152905/199287)
/**#@-*/
/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = getenv_docker('WORDPRESS_TABLE_PREFIX', 'wp_');
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', !!getenv_docker('WORDPRESS_DEBUG', '') );
/* Add any custom values between this line and the "stop editing" line. */
// If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
// (we include this by default because reverse proxying is extremely common in container environments)
if ($configExtra = getenv_docker('WORDPRESS_CONFIG_EXTRA', '')) {
eval($configExtra);
}
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';