From 4469996f1a8dc9879f4cd970ffc13ae3751b4338 Mon Sep 17 00:00:00 2001 From: Andrew Matthews Date: Tue, 22 Nov 2022 14:30:45 -0500 Subject: [PATCH] Add core files for creating image --- Dockerfile | 7 +++ entrypoint.sh | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++ exclude.txt | 60 +++++++++++++++++++++++++ 3 files changed, 185 insertions(+) create mode 100644 Dockerfile create mode 100755 entrypoint.sh create mode 100644 exclude.txt diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..32d66ca --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM instrumentisto/rsync-ssh:alpine3.13-r4 +# Intsall dependencies +RUN apk add bash php +# Add entrypoint and excludes +ADD entrypoint.sh /entrypoint.sh +ADD exclude.txt /exclude.txt +ENTRYPOINT ["/entrypoint.sh"] diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..92c1fa7 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,118 @@ +#!/bin/bash -l + +set -e + +: "${INPUT_WPE_SSHG_KEY_PRIVATE?Required secret not set.}" + +#Alias logic for ENV names +if [[ -n ${INPUT_WPE_ENV} ]]; then + WPE_ENV_NAME="${INPUT_WPE_ENV}"; + elif [[ -n ${INPUT_PRD_ENV} ]]; then + WPE_ENV_NAME="${INPUT_PRD_ENV}"; + elif [[ -n ${INPUT_STG_ENV} ]]; then + WPE_ENV_NAME="${INPUT_STG_ENV}"; + elif [[ -n ${INPUT_DEV_ENV} ]]; then + WPE_ENV_NAME="${INPUT_DEV_ENV}"; + else echo "Failure: Missing environment variable..." && exit 1; +fi + +echo "Deploying ${GITHUB_REF} to ${WPE_ENV_NAME} ..." + +# Deploy Vars +WPE_SSH_HOST="$WPE_ENV_NAME.ssh.wpengine.net" +DIR_PATH="$INPUT_REMOTE_PATH" +SRC_PATH="$INPUT_SRC_PATH" + +# Set up our user and path +WPE_SSH_USER="$WPE_ENV_NAME"@"$WPE_SSH_HOST" +WPE_FULL_HOST=wpe_gha+"$WPE_SSH_USER" +WPE_DESTINATION=wpe_gha+"$WPE_SSH_USER":sites/"$WPE_ENV_NAME"/"$DIR_PATH" + + +# Setup our SSH Connection & use keys +if [ ! -d "${HOME}"/.ssh ]; then + mkdir "${HOME}/.ssh" + SSH_PATH="${HOME}/.ssh" + mkdir "${SSH_PATH}/ctl/" + # Set Key Perms + chmod -R 700 "$SSH_PATH" + else + SSH_PATH="${HOME}/.ssh" + echo "using established SSH KEY path..."; +fi + +# Copy Secret Keys to container +WPE_SSHG_KEY_PRIVATE_PATH="$SSH_PATH/github_action" +echo "$INPUT_WPE_SSHG_KEY_PRIVATE" > "$WPE_SSHG_KEY_PRIVATE_PATH" +chmod 600 "$WPE_SSHG_KEY_PRIVATE_PATH" + +#establish known hosts +KNOWN_HOSTS_PATH="$SSH_PATH/known_hosts" +ssh-keyscan -t rsa "$WPE_SSH_HOST" >> "$KNOWN_HOSTS_PATH" +chmod 644 "$KNOWN_HOSTS_PATH" + +echo "prepping file perms..." +find "$SRC_PATH" -type d -exec chmod -R 775 {} \; +find "$SRC_PATH" -type f -exec chmod -R 664 {} \; +echo "file perms set..." + +# pre deploy php lint +if [ "${INPUT_PHP_LINT^^}" == "TRUE" ]; then + echo "Begin PHP Linting." + find "$SRC_PATH"/ -name "*.php" -type f -print0 | while IFS= read -r -d '' file; do + php -l "$file" + status=$? + if [[ $status -ne 0 ]]; then + echo "FAILURE: Linting failed - $file :: $status" && exit 1 + fi + done + echo "PHP Lint Successful! No errors detected!" +else + echo "Skipping PHP Linting." +fi + +# post deploy script +if [[ -n ${INPUT_SCRIPT} ]]; then + SCRIPT="&& sh ${INPUT_SCRIPT}"; + else + SCRIPT="" +fi + +# post deploy cache clear +if [ "${INPUT_CACHE_CLEAR^^}" == "TRUE" ]; then + CACHE_CLEAR="&& wp --skip-plugins --skip-themes page-cache flush && wp --skip-plugins --skip-themes cdn-cache flush" + elif [ "${INPUT_CACHE_CLEAR^^}" == "FALSE" ]; then + CACHE_CLEAR="" + else echo "CACHE_CLEAR must be TRUE or FALSE only... Cache not cleared..." && exit 1; +fi + +# Deploy via SSH +# setup master ssh connection +ssh -nNf -v -i "${WPE_SSHG_KEY_PRIVATE_PATH}" -o StrictHostKeyChecking=no -o ControlMaster=yes -o ControlPath="$SSH_PATH/ctl/%C" "$WPE_FULL_HOST" + +echo "!!! MASTER SSH CONNECTION ESTABLISHED !!!" +#rsync +rsync --rsh="ssh -v -p 22 -i ${WPE_SSHG_KEY_PRIVATE_PATH} -o StrictHostKeyChecking=no -o 'ControlPath=$SSH_PATH/ctl/%C'" $INPUT_FLAGS --exclude-from='/exclude.txt' "$SRC_PATH" "$WPE_DESTINATION" + +# post deploy script and cache clear +if [[ -n ${SCRIPT} || -n ${CACHE_CLEAR} ]]; then + + if [[ -n ${SCRIPT} ]]; then + if ! ssh -v -p 22 -i "${WPE_SSHG_KEY_PRIVATE_PATH}" -o StrictHostKeyChecking=no -o ControlPath="$SSH_PATH/ctl/%C" "$WPE_FULL_HOST" "test -s sites/${WPE_ENV_NAME}/${INPUT_SCRIPT}"; then + status=1 + fi + + if [[ $status -ne 0 && -f ${INPUT_SCRIPT} ]]; then + ssh -v -p 22 -i "${WPE_SSHG_KEY_PRIVATE_PATH}" -o StrictHostKeyChecking=no -o ControlPath="$SSH_PATH/ctl/%C" "$WPE_FULL_HOST" "mkdir -p sites/${WPE_ENV_NAME}/$(dirname "${INPUT_SCRIPT}")" + + rsync --rsh="ssh -v -p 22 -i ${WPE_SSHG_KEY_PRIVATE_PATH} -o StrictHostKeyChecking=no -o 'ControlPath=$SSH_PATH/ctl/%C'" "${INPUT_SCRIPT}" "wpe_gha+$WPE_SSH_USER:sites/$WPE_ENV_NAME/$(dirname "${INPUT_SCRIPT}")" + fi + fi + + ssh -v -p 22 -i "${WPE_SSHG_KEY_PRIVATE_PATH}" -o StrictHostKeyChecking=no -o ControlPath="$SSH_PATH/ctl/%C" "$WPE_FULL_HOST" "cd sites/${WPE_ENV_NAME} ${SCRIPT} ${CACHE_CLEAR}" +fi + +#close master ssh +ssh -O exit -o ControlPath="$SSH_PATH/ctl/%C" "$WPE_FULL_HOST" + +echo "SUCCESS: Your code has been deployed to WP Engine!" \ No newline at end of file diff --git a/exclude.txt b/exclude.txt new file mode 100644 index 0000000..e0738f3 --- /dev/null +++ b/exclude.txt @@ -0,0 +1,60 @@ +# Version Control +# NOTE: +# WP Engine does not support server side versioning so hosting any version control +# on the server would not be advantageous. + +*~ +.git +.github +.gitignore +.DS_Store +.svn +.cvs +*.bak +*.swp +Thumbs.db + +# WordPress specific files +# NOTE: +# These files are excluded from the deploy so as to prevent unwanted errors from occurring, +# such as accidentally deploying a local version of wp-config.php or accidentally deleting +# wp-content/uploads/ if a --delete flag is passed while deploying root. Most paths here +# are ingnored in the WPE sample .gitignore per best practice. +wp-config.php +wp-content/uploads/ +wp-content/blogs.dir/ +wp-content/upgrade/* +wp-content/backup-db/* +wp-content/advanced-cache.php +wp-content/wp-cache-config.php +wp-content/cache/* +wp-content/cache/supercache/* + +# WP Engine specific files +# NOTE: +# These files are specific to running a WordPress site at WP Engine and would +# likely result in a broken production site if modified in production (in +# fact, permissions would prevent modification for many of these files). While +# some of these files (such as those in /_wpeprivate) would be extremely large +# and completely useless in the context of local WordPress development, others +# (such as some of the WP Engine managed plugins) might be useful in rare +# circumstances to have as a reference for debugging purposes. +.smushit-status +.gitattributes +.wpe-devkit/ +.wpengine-conf/ +_wpeprivate +wp-content/object-cache.php +wp-content/mu-plugins/mu-plugin.php +wp-content/mu-plugins/slt-force-strong-passwords.php +wp-content/mu-plugins/wpengine-security-auditor.php +wp-content/mu-plugins/stop-long-comments.php +wp-content/mu-plugins/force-strong-passwords* +wp-content/mu-plugins/wpengine-common* +wp-content/mu-plugins/wpe-wp-sign-on-plugin* +wp-content/mu-plugins/wpe-elasticpress-autosuggest-logger* +wp-content/mu-plugins/wpe-cache-plugin* +wp-content/mysql.sql + +# Local specific +wp-content/mu-plugins/local-by-flywheel-live-link-helper.php