generated from bisco/codex-bootstrap
feat: add wordpress site variant
This commit is contained in:
@@ -1,73 +1,126 @@
|
||||
# codex-bootstrap
|
||||
# Azione!Lab WordPress
|
||||
|
||||
A repository template for AI-assisted development with Codex.
|
||||
A warm, editorial single-page website for the Azione!Lab contemporary theatre
|
||||
workshop. WordPress manages the content, a custom theme owns the visual system, and
|
||||
Docker Compose provides MariaDB, NGINX, optional Let's Encrypt, WP-CLI, and isolated
|
||||
browser tests.
|
||||
|
||||
This template defines a repeatable workflow for using Codex as an autonomous coding agent that can create branches, modify code, run Docker-based tests, update documentation, write ADRs, and commit changes using Conventional Commits.
|
||||
## Architecture
|
||||
|
||||
## Purpose
|
||||
- `wordpress/`: pinned WordPress 7/PHP 8.3 image, custom theme, and structured-content
|
||||
must-use plugin.
|
||||
- `db`: MariaDB 11.8 LTS, available only on the internal data network.
|
||||
- `proxy`: the only published service; routes `azionelab.org` to WordPress and applies
|
||||
edge security controls.
|
||||
- `certbot`: optional HTTP-01 certificate issue/renewal service.
|
||||
- `wp-cli`: opt-in bootstrap and maintenance service.
|
||||
- `tests/functional`: Playwright tests running only through the public virtual host.
|
||||
|
||||
Use this template to bootstrap repositories where Codex must operate with clear rules, minimal changes, pragmatic TDD, security guardrails, and explicit documentation requirements.
|
||||
See [architecture](docs/architecture.md) and
|
||||
[ADR-0001](docs/adr/0001-wordpress-single-page.md).
|
||||
|
||||
## Repository structure
|
||||
## Prerequisites
|
||||
|
||||
```text
|
||||
.
|
||||
├── AGENTS.md
|
||||
├── README.md
|
||||
├── .codex/
|
||||
│ ├── project.md
|
||||
│ ├── workflow.md
|
||||
│ ├── security.md
|
||||
│ ├── quality.md
|
||||
│ ├── orchestration.md
|
||||
│ ├── prompts/
|
||||
│ │ ├── task.md
|
||||
│ │ ├── bugfix.md
|
||||
│ │ ├── refactor.md
|
||||
│ │ ├── security-review.md
|
||||
│ │ └── documentation.md
|
||||
│ ├── agents/
|
||||
│ │ ├── architect.md
|
||||
│ │ ├── developer.md
|
||||
│ │ ├── reviewer.md
|
||||
│ │ ├── security-reviewer.md
|
||||
│ │ ├── test-engineer.md
|
||||
│ │ └── documentation-writer.md
|
||||
│ └── profiles/
|
||||
│ ├── docker.md
|
||||
│ ├── ansible.md
|
||||
│ └── python.md
|
||||
└── docs/
|
||||
├── adr/
|
||||
│ └── 0000-template.md
|
||||
├── architecture.md
|
||||
├── deployment.md
|
||||
├── operations.md
|
||||
├── security.md
|
||||
├── testing.md
|
||||
└── runbook.md
|
||||
- Docker Engine with Docker Compose v2.
|
||||
- Local ports `8080` and `8443` available.
|
||||
- `127.0.0.1 azionelab.org` in the local hosts file.
|
||||
|
||||
No host PHP, database, Node.js, or WordPress installation is required.
|
||||
|
||||
## Start locally
|
||||
|
||||
```bash
|
||||
cp .env.example .env
|
||||
docker compose up --build -d
|
||||
docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh
|
||||
docker compose ps
|
||||
```
|
||||
|
||||
## How to use
|
||||
Open:
|
||||
|
||||
1. Copy this template into a new or existing repository.
|
||||
2. Edit `.codex/project.md` and configure:
|
||||
- project mode;
|
||||
- enabled profiles;
|
||||
- Docker-based test command;
|
||||
- branch naming rules if needed.
|
||||
3. Add project-specific details to the documentation under `docs/`.
|
||||
4. When asking Codex to work on a task, use one of the prompt templates under `.codex/prompts/`.
|
||||
- site: <http://azionelab.org:8080>
|
||||
- admin: <http://azionelab.org:8080/wp-admin/>
|
||||
|
||||
## Core rules
|
||||
Use the development credentials copied into `.env` only locally. Change them before
|
||||
sharing the environment.
|
||||
|
||||
Codex must:
|
||||
## Edit content
|
||||
|
||||
- start work from `develop`;
|
||||
- create a dedicated `feature/`, `fix/`, or `hotfix/` branch;
|
||||
- use pragmatic TDD;
|
||||
- keep changes minimal and focused;
|
||||
- run the configured Docker-based test command before completion;
|
||||
- update documentation and ADRs when needed;
|
||||
- produce a final report with summary, tests, risks, and rollback notes;
|
||||
- commit using Conventional Commits.
|
||||
- **Appearance > Customize**: hero, manifesto, laboratory, teacher, lessons, contacts,
|
||||
social links, and footer.
|
||||
- **Shows**: poster, title, excerpt, year, place, and order.
|
||||
- **Gallery**: image, category, caption/title, and order.
|
||||
- **Settings > General**: site name and tagline.
|
||||
|
||||
Real uploaded images replace the built-in editorial SVG placeholders. The three
|
||||
participation cards remain intentional theme copy; making them reorderable is a TODO if
|
||||
the workshop later needs more than the current three fixed audiences.
|
||||
|
||||
## Production configuration
|
||||
|
||||
Set `WP_ENVIRONMENT_TYPE=production`, unique database passwords of at least 16
|
||||
characters, a strong admin password, the public HTTPS `WP_URL`, and `WORDPRESS_DEBUG=0`.
|
||||
Production startup rejects placeholder database credentials. WordPress file editing
|
||||
and web-based theme/plugin/core modification are disabled; deploy updates by rebuilding
|
||||
the pinned image.
|
||||
|
||||
When a trusted load balancer owns TLS, keep `LETSENCRYPT_ENABLED=0` and set
|
||||
`TRUST_PROXY_HEADERS=1` only if NGINX is reachable exclusively from that load balancer
|
||||
and the load balancer overwrites forwarding headers.
|
||||
|
||||
For direct exposure, point public DNS at the host, expose ports 80/443, and start with
|
||||
the Let's Encrypt staging CA:
|
||||
|
||||
```dotenv
|
||||
WP_ENVIRONMENT_TYPE=production
|
||||
WP_URL=https://azionelab.org
|
||||
LETSENCRYPT_ENABLED=1
|
||||
LETSENCRYPT_DOMAIN=azionelab.org
|
||||
LETSENCRYPT_EMAIL=operator@example.org
|
||||
LETSENCRYPT_STAGING=1
|
||||
NGINX_BIND_ADDRESS=0.0.0.0
|
||||
NGINX_HTTP_PORT=80
|
||||
NGINX_HTTPS_PORT=443
|
||||
TRUST_PROXY_HEADERS=0
|
||||
```
|
||||
|
||||
Before the first certificate exists, NGINX serves ACME challenges and returns 503 for
|
||||
application traffic. After issuance, HTTP redirects to HTTPS automatically.
|
||||
|
||||
## Useful commands
|
||||
|
||||
```bash
|
||||
docker compose logs -f proxy wordpress db certbot
|
||||
docker compose --profile tools run --rm wp-cli -c 'wp plugin list'
|
||||
docker compose --profile tools run --rm wp-cli -c 'wp core version'
|
||||
|
||||
docker compose run --rm --no-deps wordpress php -l /opt/azionelab/theme/functions.php
|
||||
docker compose run --rm --no-deps wordpress php -l /opt/azionelab/theme/front-page.php
|
||||
docker compose run --rm --no-deps wordpress php -l /opt/azionelab/azionelab-content.php
|
||||
docker compose run --rm --no-deps proxy nginx -t
|
||||
docker compose -f docker-compose.yml -f docker-compose.test.yml up --build -d db wordpress proxy
|
||||
docker compose -f docker-compose.yml -f docker-compose.test.yml --profile tools run --rm wp-cli /scripts/bootstrap.sh
|
||||
docker compose -f docker-compose.yml -f docker-compose.test.yml --profile test run --build --rm functional-tests
|
||||
docker compose config --quiet
|
||||
```
|
||||
|
||||
## Backup
|
||||
|
||||
Back up the database and WordPress files at the same logical point in time:
|
||||
|
||||
```bash
|
||||
mkdir -p backups/wordpress-files
|
||||
docker compose stop wordpress
|
||||
docker compose exec -T db sh -c 'mariadb-dump -u root -p"$MARIADB_ROOT_PASSWORD" "$MARIADB_DATABASE"' > backups/database.sql
|
||||
docker compose cp wordpress:/var/www/html/. backups/wordpress-files/
|
||||
docker compose start wordpress
|
||||
```
|
||||
|
||||
Do not commit backups or `.env`. Encrypt and test real backups off-host. See
|
||||
[operations](docs/operations.md) before restoring or deleting volumes.
|
||||
|
||||
## Rollback
|
||||
|
||||
Revert the application commit and rebuild containers. Preserve `db_data`,
|
||||
`wordpress_data`, and certificate volumes. Database restoration is a separate,
|
||||
destructive operation and requires a verified backup.
|
||||
|
||||
Reference in New Issue
Block a user