├── .bowerrc ├── .github └── workflows │ └── build.yaml ├── .gitignore ├── Dockerfile ├── README.md ├── build ├── install-composer.sh ├── install-node.sh └── install-wpcli.sh ├── entrypoint.sh ├── requirements.txt └── scripts ├── all-scripts ├── php-syntax ├── slack-message └── virus-scan /.bowerrc: -------------------------------------------------------------------------------- 1 | { "allow_root": true } 2 | -------------------------------------------------------------------------------- /.github/workflows/build.yaml: -------------------------------------------------------------------------------- 1 | name: Build Docker image 2 | 3 | on: 4 | push: 5 | branches: 6 | - "trunk" 7 | schedule: 8 | - cron: "0 4 * * 0" 9 | 10 | jobs: 11 | build_push_to_dockerhub: 12 | strategy: 13 | matrix: 14 | base_container: ["php:7.4-bullseye", "php:8.0-bullseye", "php:8.1-bullseye", "php:8.2-bullseye", "php:8.3-bullseye"] 15 | runs-on: ubuntu-20.04 16 | 17 | steps: 18 | # no need to use actions/checkout with docker/build-push-action workflow 19 | # https://github.com/docker/build-push-action 20 | 21 | ## Set environment variables for the build container by matrix 22 | 23 | # 7.4 is the current "latest" default version and gets this extra tag 24 | # upon EOL, this should move to 8.0 25 | # Oct 10, 2023 - NOTE: https://tenup.teamwork.com/app/tasks/19362336 26 | # 7.4 has already reached EoL, we can consider 8.0 as default version now 27 | - name: Set PHP 7.4 settings 28 | if: ${{ matrix.base_container == 'php:7.4-bullseye' }} 29 | run: | 30 | echo "BUILD_TAGS=10up/wordpress-ci:latest,10up/wordpress-ci:php-7.4" >> $GITHUB_ENV 31 | echo "COMPOSER_VERSION=1" >> $GITHUB_ENV 32 | 33 | - name: Set PHP 8.0 settings 34 | if: ${{ matrix.base_container == 'php:8.0-bullseye' }} 35 | run: | 36 | echo "BUILD_TAGS=10up/wordpress-ci:php-8.0" >> $GITHUB_ENV 37 | echo "COMPOSER_VERSION=2" >> $GITHUB_ENV 38 | 39 | - name: Set PHP 8.1 settings 40 | if: ${{ matrix.base_container == 'php:8.1-bullseye' }} 41 | run: | 42 | echo "BUILD_TAGS=10up/wordpress-ci:php-8.1" >> $GITHUB_ENV 43 | echo "COMPOSER_VERSION=2" >> $GITHUB_ENV 44 | 45 | - name: Set PHP 8.2 settings 46 | if: ${{ matrix.base_container == 'php:8.2-bullseye' }} 47 | run: | 48 | echo "BUILD_TAGS=10up/wordpress-ci:php-8.2" >> $GITHUB_ENV 49 | echo "COMPOSER_VERSION=2" >> $GITHUB_ENV 50 | 51 | - name: Set PHP 8.3 settings 52 | if: ${{ matrix.base_container == 'php:8.3-bullseye' }} 53 | run: | 54 | echo "BUILD_TAGS=10up/wordpress-ci:php-8.3" >> $GITHUB_ENV 55 | echo "COMPOSER_VERSION=2" >> $GITHUB_ENV 56 | 57 | ## GitHub Action validation testing before starting workflow ## 58 | 59 | - name: Ensure Docker token is present 60 | env: 61 | DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} 62 | if: ${{ env.DOCKERHUB_TOKEN == '' }} 63 | run: | 64 | echo "Dockerhub token is not defined in GitHub secrets, exiting run" 65 | exit 1 66 | 67 | - name: Ensure Docker username is present 68 | env: 69 | DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} 70 | if: ${{ env.DOCKERHUB_USERNAME == '' }} 71 | run: | 72 | echo "Dockerhub username is not defined in GitHub secrets, exiting run" 73 | exit 1 74 | 75 | ## Begin workflow ## 76 | 77 | - name: Set up QEMU 78 | uses: docker/setup-qemu-action@v1 79 | 80 | - name: Set up Docker Buildx 81 | uses: docker/setup-buildx-action@v1 82 | 83 | - name: Login to DockerHub 84 | uses: docker/login-action@v1 85 | with: 86 | username: ${{ secrets.DOCKERHUB_USERNAME }} 87 | password: ${{ secrets.DOCKERHUB_TOKEN }} 88 | 89 | # Never use cache with builds, build from scratch for security updates 90 | 91 | - name: Build and push Docker images 92 | uses: docker/build-push-action@v2 93 | with: 94 | push: true 95 | no-cache: true 96 | tags: ${{ env.BUILD_TAGS }} 97 | build-args: | 98 | PHP_IMG=${{ matrix.base_container }} 99 | COMPOSER_VERSION=${{ env.COMPOSER_VERSION }} 100 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Version Control 2 | .svn 3 | 4 | # OS 5 | .DS_Store 6 | Thumbs.db 7 | 8 | # IDEs 9 | .buildpath 10 | .project 11 | .settings/ 12 | .build/ 13 | .idea/ 14 | nbproject/ 15 | /tags 16 | .netbeans.xml 17 | 18 | # Compass/SASS/SCSS 19 | .sass-cache 20 | 21 | # Other 22 | node_modules 23 | 24 | /vendor/ 25 | /release/ 26 | sassdoc 27 | scss-lint-report.xml 28 | config.codekit 29 | 30 | id_rsa 31 | id_rsa.pub 32 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # base image should be a PHP Debian container, such as php:7.4-buster 2 | ARG PHP_IMG 3 | FROM $PHP_IMG 4 | 5 | RUN apt-get update && \ 6 | apt-get install -y \ 7 | apt-transport-https \ 8 | build-essential \ 9 | ca-certificates \ 10 | clamav \ 11 | clamav-freshclam \ 12 | curl \ 13 | fonts-liberation \ 14 | g++ \ 15 | gconf-service \ 16 | gettext \ 17 | git \ 18 | gnupg2 \ 19 | jq \ 20 | lftp \ 21 | libappindicator1 \ 22 | libasound2 \ 23 | libatk1.0-0 \ 24 | libc6 \ 25 | libcairo2 \ 26 | libcups2 \ 27 | libdbus-1-3 \ 28 | libexpat1 \ 29 | libffi-dev \ 30 | libfontconfig1 \ 31 | libgcc1 \ 32 | libgconf-2-4 \ 33 | libgdk-pixbuf2.0-0 \ 34 | libglib2.0-0 \ 35 | libgtk-3-0 \ 36 | libicu-dev \ 37 | libnspr4 \ 38 | libnss3 \ 39 | libpango-1.0-0 \ 40 | libpangocairo-1.0-0 \ 41 | libpng-dev \ 42 | libsass-dev \ 43 | libstdc++6 \ 44 | libx11-6 \ 45 | libx11-xcb1 \ 46 | libxcb1 \ 47 | libxcomposite1 \ 48 | libxcursor1 \ 49 | libxdamage1 \ 50 | libxext6 \ 51 | libxfixes3 \ 52 | libxi6 \ 53 | libxml2-dev \ 54 | libxrandr2 \ 55 | libxrender1 \ 56 | libxss1 \ 57 | libxtst6 \ 58 | libzip-dev \ 59 | lsb-release \ 60 | mercurial \ 61 | default-mysql-client \ 62 | openssh-client \ 63 | openssl \ 64 | python3 \ 65 | python3-pip \ 66 | rsync \ 67 | ruby \ 68 | ruby-dev \ 69 | shellcheck \ 70 | software-properties-common \ 71 | sshpass \ 72 | subversion \ 73 | vim \ 74 | wget \ 75 | xdg-utils \ 76 | yamllint \ 77 | zlib1g-dev && \ 78 | apt-get autoremove -y && \ 79 | apt-get clean 80 | 81 | ## Update clamav definitions ## 82 | # Run here to avoid bugs when run lower in the Dockerfile 83 | 84 | RUN /usr/bin/freshclam 85 | 86 | ## set locale properly to en_US.UTF-8 87 | RUN apt-get update && \ 88 | apt-get install -y locales && \ 89 | rm -rf /var/lib/apt/lists/* && \ 90 | localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 91 | 92 | ENV LANG en_US.utf8 93 | 94 | RUN echo "memory_limit=-1" > "$PHP_INI_DIR/conf.d/memory-limit.ini" && \ 95 | echo "date.timezone=${PHP_TIMEZONE:-UTC}" > "$PHP_INI_DIR/conf.d/date_timezone.ini" 96 | 97 | ## PHP extensions ## 98 | RUN docker-php-ext-install zip pdo pdo_mysql gd bcmath intl sockets mysqli exif soap 99 | 100 | #### Specific to building / deploying #### 101 | 102 | ## set up NVM and install node ## 103 | 104 | ENV NVM_DIR /tmp/.nvm 105 | RUN mkdir ${NVM_DIR} 106 | RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash 107 | 108 | # Workaround - Cypress installation 109 | ENV CYPRESS_CACHE_FOLDER /tmp/cypress/cache 110 | RUN mkdir -p ${CYPRESS_CACHE_FOLDER} && chmod 777 ${CYPRESS_CACHE_FOLDER} 111 | 112 | ARG NODE_VERSION=16 113 | COPY build/install-node.sh /tmp/install-node.sh 114 | RUN chmod +x /tmp/install-node.sh && /tmp/install-node.sh "${NODE_VERSION}" 115 | COPY .bowerrc /root/.bowerrc 116 | 117 | ## Compass ## 118 | 119 | RUN gem install compass 120 | 121 | ## Ansible, awscli, other Python tools ## 122 | 123 | COPY requirements.txt /tmp/requirements.txt 124 | RUN python3 -m pip -V && \ 125 | python3 -m pip install -r /tmp/requirements.txt 126 | #RUN pip3 install --upgrade pip && pip3 --no-cache-dir install -r /tmp/requirements.txt 127 | 128 | ## Composer ## 129 | ARG COMPOSER_VERSION 1 130 | 131 | ENV COMPOSER_ALLOW_SUPERUSER 1 132 | ENV COMPOSER_HOME /tmp 133 | 134 | COPY build/install-composer.sh /tmp/install-composer.sh 135 | RUN /tmp/install-composer.sh && \ 136 | composer --ansi --version --no-interaction 137 | 138 | ## WPCLI ## 139 | COPY build/install-wpcli.sh /tmp/install-wpcli.sh 140 | RUN chmod +x /tmp/install-wpcli.sh && /tmp/install-wpcli.sh 141 | 142 | ## Docker ## 143 | 144 | RUN mkdir -p /etc/apt/keyrings && \ 145 | curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \ 146 | echo \ 147 | "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ 148 | $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null && \ 149 | apt-get update && \ 150 | apt-get install -y docker-ce-cli && \ 151 | apt-get autoremove -y && \ 152 | apt-get clean 153 | 154 | ## Kubectl ## 155 | 156 | # Install latest version for Kubernetes management 157 | # this could also be a specific version 158 | RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl && \ 159 | chmod +x ./kubectl && \ 160 | mv ./kubectl /usr/local/bin/kubectl 161 | 162 | ## Terminus CLI for Pantheon managed hosting ## 163 | 164 | # Install Terminus (note - standalone PHAR method works and Terminus Installer PHAR does not) 165 | RUN mkdir ~/terminus && \ 166 | cd ~/terminus && \ 167 | curl -L https://github.com/pantheon-systems/terminus/releases/download/`curl --silent "https://api.github.com/repos/pantheon-systems/terminus/releases/latest" | perl -nle'print $& while m#"tag_name": "\K[^"]*#g'`/terminus.phar --output terminus && chmod +x terminus && \ 168 | ln -s ~/terminus/terminus /usr/local/bin/terminus 169 | 170 | ## Install Github CLI 171 | # Using Github API to get the latest release of the https://github.com/cli/cli repository 172 | RUN curl -L -o /tmp/gh_cli.tar.gz `curl -s https://api.github.com/repos/cli/cli/releases/latest | grep browser_download_url | grep linux_386.tar.gz | cut -d '"' -f 4` && \ 173 | mkdir -p /tmp/gh_cli && \ 174 | tar -zxf /tmp/gh_cli.tar.gz -C /tmp/gh_cli --strip-components 1 && \ 175 | chmod +x /tmp/gh_cli/bin/gh && \ 176 | mv /tmp/gh_cli/bin/gh /usr/local/bin/gh && \ 177 | rm -rf /tmp/gh_cli* 178 | 179 | ## Install Gitlab CLI 180 | # Using Gitlab API to get the latest release of the https://gitlab.com/gitlab-org/cli project 181 | RUN curl -L -o /tmp/gl_cli.tar.gz `curl -Ls https://gitlab.com/api/v4/projects/34675721/releases/permalink/latest | jq -c '.assets.links | map(select(.name | contains("Linux_x86_64.tar.gz")).direct_asset_url)' | cut -c 3- | rev | cut -c 3- | rev` && \ 182 | mkdir -p /tmp/gl_cli && \ 183 | tar -zxf /tmp/gl_cli.tar.gz -C /tmp/gl_cli --strip-components 1 && \ 184 | chmod +x /tmp/gl_cli/glab && \ 185 | mv /tmp/gl_cli/glab /usr/local/bin/glab && \ 186 | rm -rf /tmp/gl_cli* 187 | 188 | #### end of tool installation #### 189 | 190 | ## CI pipeline scripts and auth ## 191 | 192 | COPY scripts/* /custom-scripts/ 193 | RUN chmod +x /custom-scripts/* 194 | ENV PATH="/custom-scripts:${PATH}" 195 | 196 | # Create SSH directory 197 | # SSH keys for deploys or auth are set in entrypoint.sh 198 | 199 | RUN mkdir /root/.ssh && \ 200 | chmod 700 /root/.ssh 201 | 202 | # force CI jobs to source root's .bashrc, which will enable NVM 203 | ENV BASH_ENV "/root/.bashrc" 204 | 205 | COPY ./entrypoint.sh /entrypoint.sh 206 | RUN chmod +x /entrypoint.sh 207 | 208 | ENTRYPOINT ["/entrypoint.sh"] 209 | 210 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # WordPress CI Container 2 | 3 | > WordPress continuous integration Docker container with composer, NPM, and other common build tools for PHP projects 4 | 5 | ## Packages and Tools 6 | 7 | **A selection of packages and tools installed:** 8 | 9 | - composer 10 | - curl 11 | - gh (Github CLI) 12 | - git 13 | - glap (Gitlab CLI) 14 | - mysql-client 15 | - nodejs / npm, nvm for management 16 | - php 17 | - rsync 18 | - shellcheck 19 | - clamscan 20 | - kubectl 21 | - aws-cli 22 | - azure-cli 23 | - docker-cli 24 | - wp-cli 25 | - terminus 26 | - yamllint 27 | 28 | **npm packages installed:** 29 | - grunt-cli 30 | - gulp-cli 31 | - bower 32 | - yarn 33 | - lighthouse 34 | - serverless 35 | - firebase-tools 36 | - cypress 37 | 38 | Node and npm are managed by the `build/install-node.sh` script. 39 | 40 | ## Customize Package and Tool Configurations 41 | 42 | The tools and packages installed in this image can be customized using environment variables. See `entrypoint.sh` to see these in action. 43 | 44 | ### Git 45 | 46 | `GIT_USER_NAME` and `GIT_USER_EMAIL` set the `user.name` and `user.email` git global configuration values, for use with git-based deploys. 47 | 48 | ### Composer 49 | 50 | Custom composer configurations can be specified via the `COMPOSER_CONFIG` variable. The configuration will be applied inside the container by running the following command: `composer config -g "$COMPOSER_CONFIG"`. E.g. In order to authenticate with GitHub, set the `COMPOSER_CONFIG` variable as follow: 51 | 52 | ```bash 53 | COMPOSER_CONFIG="github-oauth.github.com token" 54 | ``` 55 | 56 | The token can be securely passed using secrets or CI/CD variables, depending on platform. 57 | 58 | ### Build Cache 59 | 60 | The `BUILD_CACHE_DIR` can be used to specify a cache directory for `composer` and `npm` in order to improve build times. Default directory paths are provided. 61 | 62 | ### Root SSH Key 63 | 64 | The variables `PRIVATE_KEY` and `PUBLIC_KEY` can be used to create a custom public and private key for the root user. 65 | 66 | ### Terminus 67 | 68 | The Terminus token can be set via the `TERMINUS_TOKEN` variable, for use with the Pantheon managed hosting platform. 69 | 70 | ## CI/CD scripts 71 | 72 | The `scripts` directory contains useful tools that can help test applications and be used in CI/CD pipelines. All scripts are copied in the `/custom-scripts` directory inside the Docker image and added to the user `PATH` for easy access. The included scripts are: 73 | 74 | - `all-scripts`: Runs all the included and additional custom scripts inside the `/custom-scripts` directory. 75 | - `php-syntax`: Checks the syntax of all PHP files inside the `workdir` 76 | - `virus-scan`: Runs `clamscan` against the `workdir`. 77 | - `slack-message`: Sends Slack notifications via webhook. 78 | 79 | ### Using slack-message 80 | 81 | The script allows customizable messages using the following flags: `[-u webhook_url -m text_message] -p pre_text_message -c message_color -a author_name -l author_link -i author_icon -t title -n title_link`. `-u` and `-m` are the only mandatory parameters. 82 | 83 | ### Adding custom scripts 84 | 85 | Additional scripts can be added inside the `/custom-scripts` directory for pipeline use. All scripts with `.sh` extension inside the `/custom-scripts` directory can be executed by the `all-scripts` script. 86 | 87 | ### Custom-scripts | PHP Syntax - Debug flag for detailed logs 88 | 89 | > In a recent patch for performance enhacnement, stdout and verbose logging withing the php-syntax checking processes was removed. For reference, kindly review [PR#23](https://github.com/10up/wordpress-ci-container/pull/23). 90 | 91 | For php-syntax checks detailed logs could be enabled by setting a `IS_DEBUG_ENABLED` environment variable within your container or your CI. 92 | 93 | This will enable detailed logs in php-syntax checking for debugging, trading off time for logging with increased build time for your environment. 94 | 95 | ## Node Version 96 | 97 | For convenience, `nvm` is installed to easily manage the node version in the CI container. To install a different node version from CI just add a step to execute the command: `nvm install `; you can also execute the command from within a build script. 98 | 99 | [![Support Level](https://img.shields.io/badge/support-stable-blue.svg)](#support-level) 100 | 101 | ## Support Level 102 | 103 | **Stable:** 10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress. 104 | 105 | ## Like what you see? 106 | 107 |

108 | 109 |

110 | -------------------------------------------------------------------------------- /build/install-composer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # COMPOSER_VERSION is set in the Dockerfile 4 | 5 | EXPECTED_SIGNATURE="$(curl https://composer.github.io/installer.sig)" 6 | php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" 7 | ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" 8 | 9 | if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ] 10 | then 11 | >&2 echo 'ERROR: Invalid installer signature' 12 | rm composer-setup.php 13 | exit 1 14 | fi 15 | 16 | # Install both composer 1 and 2 under their own paths to support future 17 | # conditional scripting 18 | php composer-setup.php --no-ansi --install-dir=/usr/local/bin --filename=composer1-bin --1 19 | php composer-setup.php --no-ansi --install-dir=/usr/local/bin --filename=composer2-bin --2 20 | 21 | # Install a default composer in the standard location, set version in Dockerfile or with --build-arg 22 | php composer-setup.php --no-ansi --install-dir=/usr/local/bin --filename=composer --${COMPOSER_VERSION} 23 | 24 | RESULT=$? 25 | rm composer-setup.php 26 | exit $RESULT 27 | -------------------------------------------------------------------------------- /build/install-node.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Install only the current LTS version and npm packages 4 | # This avoids extra GB of build container image size and maintains security 5 | # nvm can be used in individual pipelines to install other versions 6 | 7 | # LTS calendar: https://nodejs.org/en/about/releases/ 8 | 9 | # TODO: NODE_VERSION variable could be centralized in the Dockerfile for quicker management 10 | 11 | # catch Errors 12 | set -euo pipefail 13 | 14 | #Get node version from Docker build argument 15 | NODE_VERSION="$1" 16 | 17 | # set up nvm in this script 18 | . "$NVM_DIR/nvm.sh" 19 | 20 | echo "Building node environment for version ${NODE_VERSION}" 21 | 22 | nvm install "${NODE_VERSION}" 23 | 24 | # Cypress version added since latest supports v18.x and above. Setting Cypress version to 13.1.0 according to cypress changelog for supporting node v16.x releases. 25 | # Lighthouse breaking changes for [v11.x / latest](https://github.com/GoogleChrome/lighthouse/releases/tag/v11.0.0), release tag for Aug 4, 2023. Setting latest stable version for node 16 support. (~10.4) 26 | npm install -g \ 27 | grunt-cli \ 28 | gulp-cli \ 29 | bower \ 30 | yarn \ 31 | lighthouse@~10.4 \ 32 | serverless \ 33 | firebase-tools \ 34 | cypress@~13.1 35 | 36 | npm cache clean --force 37 | 38 | echo "node ${NODE_VERSION} build completed..." 39 | 40 | nvm alias default ${NODE_VERSION} 41 | -------------------------------------------------------------------------------- /build/install-wpcli.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # catch Errors 4 | set -euo pipefail 5 | 6 | # Downlaod latest WPCLI utility 7 | curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar 8 | 9 | # Validate the wp-cli 10 | WPCLI_VALIDATE=$(php wp-cli.phar --info > /dev/null 2>&1; echo $?) 11 | if [[ "$WPCLI_VALIDATE" -ne 0 ]] 12 | then 13 | echo 'Error in wp-cli file' 14 | exit 1 15 | fi 16 | 17 | # Install WPCLI 18 | #chmod +x wp-cli.phar 19 | mv wp-cli.phar /usr/local/bin/wp-cli.phar 20 | 21 | # Add an alias for wp without --allow-root 22 | echo 'alias wp="php /usr/local/bin/wp-cli.phar --allow-root"' >> ~/.bashrc 23 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # set up nvm in this script 4 | . "${NVM_DIR}/nvm.sh" 5 | 6 | if [ -n "${PRIVATE_KEY}" ]; then 7 | echo "${PRIVATE_KEY}" > /root/.ssh/id_rsa 8 | chmod 600 /root/.ssh/id_rsa 9 | fi 10 | 11 | if [ -n "${PUBLIC_KEY}" ]; then 12 | echo "${PUBLIC_KEY}" > /root/.ssh/id_rsa.pub 13 | fi 14 | 15 | if [ -z "${TERMINUS_TOKEN}" ]; then 16 | echo "TERMINUS_TOKEN is not set, skipping terminus setup."; 17 | else 18 | echo "TERMINUS_TOKEN is set. Logging In."; 19 | terminus auth:login --machine-token="${TERMINUS_TOKEN}" 20 | fi 21 | 22 | # Set git user.name if GIT_USER_NAME env variable is present 23 | if [ -n "${GIT_USER_NAME}" ]; then 24 | echo "Setting Git user.name to ${GIT_USER_NAME}" 25 | git config --global user.name "${GIT_USER_NAME}" 26 | fi 27 | 28 | # Set git user.email if GIT_USER_EMAIL env variable is present 29 | if [ -n "${GIT_USER_EMAIL}" ]; then 30 | echo "Setting Git user.email to ${GIT_USER_EMAIL}" 31 | git config --global user.email "${GIT_USER_EMAIL}" 32 | fi 33 | 34 | # Set custom composer configs if COMPOSER_CONFIG env variable is present 35 | if [ -n "${COMPOSER_CONFIG}" ]; then 36 | echo "Setting composer configs - ${COMPOSER_CONFIG}" 37 | /usr/local/bin/composer config -g "${COMPOSER_CONFIG}" 38 | fi 39 | 40 | # Some CI/CD tools require cache to be in the working directory and not 41 | # in default Composer or npm locations, so we use custom paths 42 | # In GitLab, BUILD_CACHE_DIR should be set to ${CI_PROJECT_DIR} 43 | 44 | if [ -n "${BUILD_CACHE_DIR}" ]; then 45 | # Set a local cache path for composer, so we can cache between builds and make things faster 46 | echo "Setting composer cache directory to ${BUILD_CACHE_DIR}/.composer-cache" 47 | /usr/local/bin/composer config -g cache-files-dir "${BUILD_CACHE_DIR}/.composer-cache" 48 | 49 | # Set a local cache path for npm, so we can cache between builds and make things faster 50 | # node_modules_cache was choosen since we already ignore *node_modules* in rsync-excludes 51 | echo "Setting npm cache directory to ${BUILD_CACHE_DIR}/node_modules_cache" 52 | npm config set cache "${BUILD_CACHE_DIR}/node_modules_cache" --global 53 | fi 54 | 55 | # Output versions of various installed packages 56 | set -x 57 | php --version 58 | composer --version 59 | node --version 60 | npm --version 61 | grunt --version 62 | gulp --version 63 | bower --version 64 | yarn --version 65 | php /usr/local/bin/wp-cli.phar --allow-root --version 66 | set +x 67 | 68 | exec "$@" 69 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | awscli 2 | pyyaml 3 | ruamel.yaml 4 | yamale 5 | yq 6 | python-gitlab 7 | awesome-codename 8 | cryptography 9 | ansible-core==2.11.12 10 | dnspython 11 | -------------------------------------------------------------------------------- /scripts/all-scripts: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Wrapper script for running a default set of scripts on every deploy 4 | # All scripts are deployed to the `/custom-scripts/` directory which is also added to PATH, but calling directly 5 | # just to be sure 6 | 7 | # Catch Errors 8 | set -euo pipefail 9 | 10 | # Source all custom scripts with .sh extension 11 | ALL_SCRIPTS=$(find /custom-scripts -name '*.sh' | awk -F '/' '{ print $3 }') 12 | for SCRIPT in $ALL_SCRIPTS; do 13 | source /custom-scripts/"$SCRIPT" 14 | done 15 | 16 | source /custom-scripts/php-syntax 17 | source /custom-scripts/virus-scan 18 | 19 | -------------------------------------------------------------------------------- /scripts/php-syntax: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Checking if the IS_DEBUG_ENABLED flag is put in the CI environment 4 | if [ "${IS_DEBUG_ENABLED:-false}" = "true" ]; then 5 | # The -P10 option specifies the number of parallel processes (In constrainted CPUs will take approx time for 1 available cpu) 6 | # This will output stdout logs 7 | find . -type f -name '*.php' -not -path '*/vendor/*' -print0 | xargs -0 -n1 -P10 php -l 8 | else 9 | # The -P10 option specifies the number of parallel processes (In constrainted CPUs will take approx time for 1 available cpu) 10 | # This will NOT output stdout logs 11 | find . -type f -name '*.php' -not -path '*/vendor/*' -print0 | xargs -0 -n1 -P10 php -l 1>/dev/null 12 | fi 13 | -------------------------------------------------------------------------------- /scripts/slack-message: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Set default values 4 | WEBHOOK_URL="" 5 | TEXT_MESSAGE="" 6 | PRE_TEXT_MESSAGE="" 7 | MESSAGE_COLOR="" 8 | AUTHOR_NAME="" 9 | AUTHOR_LINK="" 10 | AUTHOR_ICON="" 11 | TITLE="" 12 | TITLE_LINK="" 13 | 14 | #Display command usage function## 15 | exit_usage () { 16 | cat <