Files
azionelab-v2/docs/adr/0001-wordpress-single-page.md
T
2026-06-25 07:36:25 +02:00

59 lines
2.5 KiB
Markdown

# ADR-0001: WordPress single-page architecture
Date: 2026-06-24
Status: Accepted
## Context
Azione!Lab needs a warm editorial single page whose primary content can be edited by
non-developers. This branch explicitly explores WordPress as an alternative product
architecture and starts independently from `main`.
## Decision
Use pinned WordPress 7.0/PHP 8.3 with MariaDB 11.8 LTS. Build a dependency-free custom
classic theme for exact semantic markup and responsive design. Store homepage fields as
sanitized theme modifications, while a must-use plugin owns Shows and Gallery custom
post types so structured content is not lost when changing themes.
NGINX is the only public entry point. WP-CLI provides an idempotent opt-in bootstrap;
Certbot provides opt-in direct TLS. Docker networks isolate the database and functional
tests use separate volumes.
## Consequences
- Editors use familiar WordPress screens without a page builder or required plugin.
- WordPress renders the page directly; there is no headless API/frontend deployment.
- WordPress and MariaDB replace Astro, Wagtail, Django, and PostgreSQL in this branch.
- Core/theme/plugin patches require an image rebuild in production.
- Fixed participation cards remain code until editorial requirements justify another
structured content type.
## Alternatives considered
- A block theme was not selected because the first version prioritizes controlled
markup and a compact implementation over full-site editing.
- A commercial/custom-fields plugin was rejected as an unnecessary dependency.
- A headless WordPress frontend was rejected because it would recreate the operational
complexity this variant is intended to remove.
## Security impact
The architecture inherits WordPress's public CMS attack surface. The implementation
reduces it with network isolation, no direct application port, disabled file editing
and XML-RPC, production immutability, sanitization/escaping, rate limiting, security
headers, and fail-closed TLS. Admin MFA and allowlisting remain external controls.
## Operational impact
Database and WordPress files are coordinated state and must be backed up together.
Operators must monitor upstream security releases and rebuild pinned images. SMTP and
off-host storage are not part of this minimal base.
## Rollback
Revert the implementation commit and rebuild. Preserve WordPress, database, and
certificate volumes unless data deletion is intentional. Restore data only from a
verified coordinated backup.