feat: add wordpress site variant

This commit is contained in:
bisco
2026-06-25 07:36:25 +02:00
parent cae9180bc6
commit c66dd7e511
46 changed files with 2091 additions and 136 deletions
+114 -61
View File
@@ -1,73 +1,126 @@
# codex-bootstrap
# Azione!Lab WordPress
A repository template for AI-assisted development with Codex.
A warm, editorial single-page website for the Azione!Lab contemporary theatre
workshop. WordPress manages the content, a custom theme owns the visual system, and
Docker Compose provides MariaDB, NGINX, optional Let's Encrypt, WP-CLI, and isolated
browser tests.
This template defines a repeatable workflow for using Codex as an autonomous coding agent that can create branches, modify code, run Docker-based tests, update documentation, write ADRs, and commit changes using Conventional Commits.
## Architecture
## Purpose
- `wordpress/`: pinned WordPress 7/PHP 8.3 image, custom theme, and structured-content
must-use plugin.
- `db`: MariaDB 11.8 LTS, available only on the internal data network.
- `proxy`: the only published service; routes `azionelab.org` to WordPress and applies
edge security controls.
- `certbot`: optional HTTP-01 certificate issue/renewal service.
- `wp-cli`: opt-in bootstrap and maintenance service.
- `tests/functional`: Playwright tests running only through the public virtual host.
Use this template to bootstrap repositories where Codex must operate with clear rules, minimal changes, pragmatic TDD, security guardrails, and explicit documentation requirements.
See [architecture](docs/architecture.md) and
[ADR-0001](docs/adr/0001-wordpress-single-page.md).
## Repository structure
## Prerequisites
```text
.
├── AGENTS.md
├── README.md
├── .codex/
│ ├── project.md
│ ├── workflow.md
│ ├── security.md
│ ├── quality.md
│ ├── orchestration.md
│ ├── prompts/
│ │ ├── task.md
│ │ ├── bugfix.md
│ │ ├── refactor.md
│ │ ├── security-review.md
│ │ └── documentation.md
│ ├── agents/
│ │ ├── architect.md
│ │ ├── developer.md
│ │ ├── reviewer.md
│ │ ├── security-reviewer.md
│ │ ├── test-engineer.md
│ │ └── documentation-writer.md
│ └── profiles/
│ ├── docker.md
│ ├── ansible.md
│ └── python.md
└── docs/
├── adr/
│ └── 0000-template.md
├── architecture.md
├── deployment.md
├── operations.md
├── security.md
├── testing.md
└── runbook.md
- Docker Engine with Docker Compose v2.
- Local ports `8080` and `8443` available.
- `127.0.0.1 azionelab.org` in the local hosts file.
No host PHP, database, Node.js, or WordPress installation is required.
## Start locally
```bash
cp .env.example .env
docker compose up --build -d
docker compose --profile tools run --rm wp-cli /scripts/bootstrap.sh
docker compose ps
```
## How to use
Open:
1. Copy this template into a new or existing repository.
2. Edit `.codex/project.md` and configure:
- project mode;
- enabled profiles;
- Docker-based test command;
- branch naming rules if needed.
3. Add project-specific details to the documentation under `docs/`.
4. When asking Codex to work on a task, use one of the prompt templates under `.codex/prompts/`.
- site: <http://azionelab.org:8080>
- admin: <http://azionelab.org:8080/wp-admin/>
## Core rules
Use the development credentials copied into `.env` only locally. Change them before
sharing the environment.
Codex must:
## Edit content
- start work from `develop`;
- create a dedicated `feature/`, `fix/`, or `hotfix/` branch;
- use pragmatic TDD;
- keep changes minimal and focused;
- run the configured Docker-based test command before completion;
- update documentation and ADRs when needed;
- produce a final report with summary, tests, risks, and rollback notes;
- commit using Conventional Commits.
- **Appearance > Customize**: hero, manifesto, laboratory, teacher, lessons, contacts,
social links, and footer.
- **Shows**: poster, title, excerpt, year, place, and order.
- **Gallery**: image, category, caption/title, and order.
- **Settings > General**: site name and tagline.
Real uploaded images replace the built-in editorial SVG placeholders. The three
participation cards remain intentional theme copy; making them reorderable is a TODO if
the workshop later needs more than the current three fixed audiences.
## Production configuration
Set `WP_ENVIRONMENT_TYPE=production`, unique database passwords of at least 16
characters, a strong admin password, the public HTTPS `WP_URL`, and `WORDPRESS_DEBUG=0`.
Production startup rejects placeholder database credentials. WordPress file editing
and web-based theme/plugin/core modification are disabled; deploy updates by rebuilding
the pinned image.
When a trusted load balancer owns TLS, keep `LETSENCRYPT_ENABLED=0` and set
`TRUST_PROXY_HEADERS=1` only if NGINX is reachable exclusively from that load balancer
and the load balancer overwrites forwarding headers.
For direct exposure, point public DNS at the host, expose ports 80/443, and start with
the Let's Encrypt staging CA:
```dotenv
WP_ENVIRONMENT_TYPE=production
WP_URL=https://azionelab.org
LETSENCRYPT_ENABLED=1
LETSENCRYPT_DOMAIN=azionelab.org
LETSENCRYPT_EMAIL=operator@example.org
LETSENCRYPT_STAGING=1
NGINX_BIND_ADDRESS=0.0.0.0
NGINX_HTTP_PORT=80
NGINX_HTTPS_PORT=443
TRUST_PROXY_HEADERS=0
```
Before the first certificate exists, NGINX serves ACME challenges and returns 503 for
application traffic. After issuance, HTTP redirects to HTTPS automatically.
## Useful commands
```bash
docker compose logs -f proxy wordpress db certbot
docker compose --profile tools run --rm wp-cli -c 'wp plugin list'
docker compose --profile tools run --rm wp-cli -c 'wp core version'
docker compose run --rm --no-deps wordpress php -l /opt/azionelab/theme/functions.php
docker compose run --rm --no-deps wordpress php -l /opt/azionelab/theme/front-page.php
docker compose run --rm --no-deps wordpress php -l /opt/azionelab/azionelab-content.php
docker compose run --rm --no-deps proxy nginx -t
docker compose -f docker-compose.yml -f docker-compose.test.yml up --build -d db wordpress proxy
docker compose -f docker-compose.yml -f docker-compose.test.yml --profile tools run --rm wp-cli /scripts/bootstrap.sh
docker compose -f docker-compose.yml -f docker-compose.test.yml --profile test run --build --rm functional-tests
docker compose config --quiet
```
## Backup
Back up the database and WordPress files at the same logical point in time:
```bash
mkdir -p backups/wordpress-files
docker compose stop wordpress
docker compose exec -T db sh -c 'mariadb-dump -u root -p"$MARIADB_ROOT_PASSWORD" "$MARIADB_DATABASE"' > backups/database.sql
docker compose cp wordpress:/var/www/html/. backups/wordpress-files/
docker compose start wordpress
```
Do not commit backups or `.env`. Encrypt and test real backups off-host. See
[operations](docs/operations.md) before restoring or deleting volumes.
## Rollback
Revert the application commit and rebuild containers. Preserve `db_data`,
`wordpress_data`, and certificate volumes. Database restoration is a separate,
destructive operation and requires a verified backup.