Start the implementation of WP project deployments

README.md

@@ -54,6 +54,7 @@ Examples for different project types can be found under the molecule folder:
 * [Tomcat](molecule/tomcat/converge.yml)
 * [Drupal](molecule/drupal/converge.yml)
 * [Symfony](molecule/symfony/converge.yml)
+* [Wordpress](molecule/wordpress/converge.yml)
 
 Development
 ------------

molecule/wordpress/converge.yml

@@ -0,0 +1,89 @@
+---
+- name: Converge
+  hosts: instance
+  become: true
+  pre_tasks:
+    - name: Create project groups
+      ansible.builtin.group:
+        name: "test_wpapp"
+        state: present
+    - name: Create project app user test_wpapp
+      ansible.builtin.user:
+        name: "test_wpapp"
+        password: "*"
+        home: "/test_wp/.app"
+        createhome: true
+        group: "test_wpapp"
+        append: true
+  tasks:
+    - name: Include php versions role
+      ansible.builtin.include_role:
+        name: geerlingguy.php-versions
+      vars:
+        php_version: "8.2"
+    - name: Include php role
+      ansible.builtin.include_role:
+        name: geerlingguy.php
+      vars:
+        php_version: "8.2"
+        php_install_recommends: false
+        php_enable_php_fpm: true
+        php_webserver_daemon: "nginx"
+        php_date_timezone: "Europe/Paris"
+        php_expose_php: false
+        php_fpm_pool_user: test_wpapp
+        php_fpm_pool_group: test_wpapp
+    - name: Include nginx role
+      ansible.builtin.include_role:
+        name: geerlingguy.nginx
+      vars:
+        nginx_remove_default_vhost: true
+        nginx_worker_processes: "{{ ansible_processor_vcpus|default(ansible_processor_count) }}"
+        nginx_vhosts:
+          - listen: "80"
+            server_name: "localhost"
+            index: "/"
+            extra_parameters: |
+              root /test_wp/project_root/www/public;
+              location / {
+                try_files $uri /index.php$is_args$args;
+              }
+              location ~ ^/index\.php(/|$) {
+                fastcgi_pass 127.0.0.1:9000;
+                fastcgi_split_path_info ^(.+\.php)(/.*)$;
+                include fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+                fastcgi_param DOCUMENT_ROOT $realpath_root;
+                internal;
+              }
+              location ~ \.php$ {
+                return 404;
+              }
+    - name: Include steamengine role
+      ansible.builtin.include_role:
+        name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+      vars:
+        steamengine_project_name: test_wp
+        steamengine_project_type: wp
+        steamengine_build_url: https://delivery.steamulo.org/france-competences/mon-cep/wordpress-0.0.1-integration.zip
+        steamengine_build_checksum: sha1:7e5b076696bbbbdbb57130697ddf64de1cda754c
+        steamengine_project_configuration:
+          DB_NAME: "test_wp"
+          DB_USER: "test_wpapp"
+          DB_PASSWORD: "dev"
+          DB_HOST: "localhost"
+          WP_ENV: development
+          WP_HOME: http://moncep-refonte.localhost
+          WP_SITEURL: ${steamengine_project_root_path}/wp
+          WP_USE_CACHE: "false"
+          AUTH_KEY: ""
+          SECURE_AUTH_KEY: ""
+          LOGGED_IN_KEY: ""
+          NONCE_KEY: ""
+          AUTH_SALT: ""
+          SECURE_AUTH_SALT: ""
+          LOGGED_IN_SALT: ""
+          NONCE_SALT: ""
+          FORCE_SSL_LOGIN: "false"
+          FORCE_SSL_ADMIN: "false"
+          DB_PREFIX: wptest_

molecule/wordpress/molecule.yml

@@ -0,0 +1,3 @@
+---
+scenario:
+  name: wordpress

molecule/wordpress/requirements.yml

@@ -0,0 +1,10 @@
+---
+
+- src: geerlingguy.php
+  version: 4.8.0
+
+- src: geerlingguy.php-versions
+  version: 5.0.0
+
+- src: geerlingguy.nginx
+  version: 3.1.1

molecule/wordpress/tests/test_default.py

@@ -0,0 +1,21 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_app_running_and_enabled(host):
+    app_service = host.service("nginx")
+    assert app_service.is_running
+    assert app_service.is_enabled
+
+
+def test_app_listening(host):
+    assert host.socket("tcp://0.0.0.0:80").is_listening
+
+
+def test_app_response(host):
+    resp = host.run("curl localhost").stdout
+    assert "Your application is now ready and you can start" in resp

tasks/include/deploy_database.yml

@@ -0,0 +1,36 @@
+---
+
+- name: Download project db dump
+  ansible.builtin.get_url:
+    url: "{{ steamengine_project_dump_bdd_url }}"
+    dest: "{{ steamengine_home_path }}/db_dump.zip"
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+    mode: u=rwx,g=rx,o=
+  register: db_dump
+
+- name: Unzip project db dump
+  ansible.builtin.unarchive:
+    src: "{{ steamengine_home_path }}/db_dump.zip"
+    dest: "{{ steamengine_project_name }}"
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+    mode: u=rwx,g=rx,o=
+    remote_src: true
+    list_files: true
+  register: archive_contents
+
+- name: Deploy db dump
+  ansible.builtin.shell: >
+    mariadb --host={{ steamengine_project_configuration_env.DB_HOST }} --user={{ steamengine_project_configuration_env.DB_USER }} --password={{ steamengine_project_configuration_env.DB_PASSWORD }} < {{ steamengine_home_path }}/dump.sql
+  when: project_dump_bdd_url is defined and project_dump_bdd_url
+
+- name: Delete db dump
+  ansible.builtin.file:
+    path: "{{ steamengine_home_path }}/{{ archive_contents.files[0] }}"
+    state: absent
+
+- name: Delete archive db dump
+  ansible.builtin.file:
+    path: "{{ steamengine_home_path }}/db_dump.zip"
+    state: absent

tasks/include/update_from_archive.yml

@@ -8,13 +8,13 @@
     list_files: true
   register: front_static_unzip_output
 
-- name: Registring all existing files
+- name: Registering all existing files
   ansible.builtin.find:
     paths: "{{ dest_path }}"
     recurse: true
   register: front_static_find_output
 
-- name: Registring new and old files
+- name: Registering new and old files
   ansible.builtin.set_fact:
     front_static_old_files: "{{ front_static_find_output.files | map(attribute='path') | list | map('regex_replace', dest_path + '/', '' ) | list }}"
     front_static_new_files: "{{ front_static_unzip_output.files }}"

tasks/wordpress/asserts.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Verify build extension
+  ansible.builtin.assert:
+    that: (steamengine_build_url | basename | splitext)[1] == ".zip"
+  when: steamengine_build_url is defined and steamengine_build_url
+  tags:
+    - steamengine_deploy_static

tasks/wordpress/deploy.yml

@@ -0,0 +1,162 @@
+#file: noinspection YAMLSchemaValidation
+---
+
+- name: "Create configuration file for projects"
+  ansible.builtin.template:
+    src: wordpress.j2
+    dest: "{{ steamengine_project_root_path }}/.env"
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+    mode: u=rwx,g=rx,o=
+  tags:
+    - steamengine_deploy_env
+
+- name: "Download build {{ steamengine_build_url }}"
+  ansible.builtin.get_url:
+    url: "{{ steamengine_build_url }}"
+    dest: "{{ steamengine_project_root_path }}/project.zip"
+    checksum: "{{ checksum_verified }}"
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+    mode: u=rwx,g=rx,o=
+    headers: "{{ steamengine_build_url_headers }}"
+    validate_certs: "{{ steamengine_build_url_validate_certs }}"
+  register: get_url_build
+  tags:
+    - steamengine_deploy_wordpress
+
+- name: "Is there a new build: {{ get_url_build.changed }}"
+  ansible.builtin.set_fact:
+    new_build_to_deploy: "{{ get_url_build.changed }}"
+
+- include_tasks:
+    file: "include/deploy_database.yml"
+    apply:
+      tags:
+        - deploy
+  when: new_build_to_deploy is defined and new_build_to_deploy and steamengine_project_dump_bdd_url is defined and steamengine_project_dump_bdd_url != ''
+  tags:
+    - steamengine_deploy_wordpress
+    - steamengine_deploy_database
+
+- name: "Create www directory"
+  ansible.builtin.file:
+    path: "{{ steamengine_project_root_path_web }}"
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+    mode: u=rwx,g=rx,o=
+    state: directory
+  tags:
+    - steamengine_deploy_wordpress
+
+- name: Update www directory
+  include_tasks: include/update_from_archive.yml
+  vars:
+    archive_path: "{{ steamengine_project_root_path }}/project.zip"
+    dest_path: "{{ steamengine_project_wordpress_new_release_path }}"
+  when: new_build_to_deploy is defined and new_build_to_deploy
+  args:
+    apply:
+      tags:
+        - steamengine_deploy
+        - steamengine_deploy_wordpress
+  tags:
+    - steamengine_deploy_wordpress
+
+- name: "Add read permission for {{ steamengine_app_user }}"
+  ansible.builtin.file:
+    path: "{{ steamengine_project_root_path_web }}"
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+    recurse: true
+    mode: u=rwx,g=rx,o=
+  tags:
+    - steamengine_deploy_wordpress
+
+- name: Is there a uploads directory
+  ansible.builtin.stat:
+    path: "{{ steamengine_project_wordpress_uploads_path }}"
+  register: project_uploads_directory_exist
+  when: new_build_to_deploy is defined and new_build_to_deploy
+
+- name: "Is there a current release : {{ steamengine_project_wordpress_current_release_path }}"
+  ansible.builtin.stat:
+    path: "{{ steamengine_project_wordpress_current_release_path }}"
+  register: project_current_release_exist
+  when: new_build_to_deploy is defined and new_build_to_deploy
+
+- name: Copy uploads directory from current release to home
+  ansible.builtin.copy:
+    src: "{{ steamengine_project_wordpress_current_release_path }}/web/app/uploads"
+    dest: "{{ steamengine_project_root_path }}"
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+    remote_src: true
+    mode: u=rwx,g=rx,o=
+  when: new_build_to_deploy is defined and new_build_to_deploy and not project_uploads_directory_exist.stat.exists and project_current_release_exist.stat.exists
+
+- name: "Ensure {{ steamengine_project_wordpress_uploads_path }} has the right permissions"
+  ansible.builtin.file:
+    path: "{{ steamengine_project_wordpress_uploads_path }}"
+    state: directory
+    mode: u=rwx,g=rx,o=
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+  when: new_build_to_deploy is defined and new_build_to_deploy
+
+- name: Clean new release directory
+  ansible.builtin.file:
+    path: "{{ steamengine_project_wordpress_new_release_path }}"
+    state: absent
+  when: new_build_to_deploy is defined and new_build_to_deploy
+
+- name: Create new release directory
+  ansible.builtin.file:
+    path: "{{ steamengine_project_wordpress_new_release_path }}"
+    state: directory
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+    mode: u=rwx,g=rx,o=
+  when: new_build_to_deploy is defined and new_build_to_deploy
+
+- name: Create all symlink
+  ansible.builtin.file:
+    src: "{{ item.path }}"
+    dest: "{{ project_new_release }}/{{ item.symlink_src }}"
+    state: link
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+  with_items: "{{ steamengine_project_wordpress_symlinks }}"
+  when: new_build_to_deploy is defined and new_build_to_deploy
+
+- name: Move current release to old release
+  ansible.builtin.command: "mv {{ steamengine_project_wordpress_current_release_path }} {{ steamengine_project_wordpress_old_release_path }}"
+  when: new_build_to_deploy is defined and new_build_to_deploy and project_current_release_exist.stat.exists
+
+- name: Switch symlink on old release
+  ansible.builtin.file:
+    src: "{{ steamengine_project_wordpress_old_release_path }}"
+    dest: "{{ steamengine_project_root_path }}"
+    state: link
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+  when: new_build_to_deploy is defined and new_build_to_deploy and project_current_release_exist.stat.exists
+
+- name: Clean old release directory
+  ansible.builtin.file:
+    path: "{{ steamengine_project_wordpress_old_release_path }}"
+    state: absent
+  when: new_build_to_deploy is defined and new_build_to_deploy
+
+- name: Move next release to current release
+  ansible.builtin.command: "mv {{ steamengine_project_wordpress_new_release_path }} {{ steamengine_project_wordpress_current_release_path }}"
+  when: new_build_to_deploy is defined and new_build_to_deploy
+
+- name: Switch symlink on the new current release
+  ansible.builtin.file:
+    src: "{{ steamengine_project_wordpress_current_release_path }}"
+    dest: "{{ steamengine_project_root_path }}"
+    state: link
+    owner: "{{ steamengine_project_user }}"
+    group: "{{ steamengine_app_user }}"
+  when: new_build_to_deploy is defined and new_build_to_deploy

tasks/wordpress/runtime.yml

@@ -0,0 +1,9 @@
+---
+
+- name: "Add nginx user in {{ steamengine_app_user }} group"
+  ansible.builtin.user:
+    name: "{{ (ansible_os_family == 'RedHat') | ternary('nginx', 'www-data') }}"
+    groups: "{{ steamengine_app_user }}"
+    append: true
+  tags:
+    - steamengine_runtime_static

templates/wordpress.env.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for key, value in steamengine_project_configuration_env.items() -%}
+    {{ key }}={{ value ~ '\n'}}
+{%- endfor -%}

vars/main.yml

@@ -31,6 +31,9 @@ steamengine_bin_path: "{{ steamengine_home_path }}/bin"
 steamengine_logs_path: "{{ steamengine_home_path }}/logs"
 steamengine_persistent_base_path: "/{{ steamengine_project_name }}/storage"
 
+# DB dump URL
+steamengine_project_dump_bdd_url: "{{ steamengine_project_dump_bdd_url }} | default('') }}"
+
 # OTHERS
 steamengine_project_types:
   - springboot
@@ -40,3 +43,4 @@ steamengine_project_types:
   - drupal
   - play
   - symfony
+  - wordpress