Modern cloud-native WordPress boilerplate

[LouisLetcher]

Adds a reusable make smoke target for local and CI smoke tests to ensure consistent verification of the local development stack.

---

 

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[gemini-code-assist]

Summary of Changes

Hello @LouisLetcher, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request establishes a robust, modern cloud-native WordPress boilerplate designed for streamlined development and deployment. It leverages Roots Bedrock for WordPress management, Docker for containerization, and Helm for Kubernetes orchestration. The setup includes comprehensive local development tools, hardened production configurations, and a new 'make smoke' target to ensure consistent verification of the local development stack and CI environments. The boilerplate emphasizes security, reproducibility, and adherence to cloud-native best practices.

Highlights

• Cloud-Native WordPress Boilerplate: Introduced a new project structure for a modern WordPress boilerplate based on Roots Bedrock, optimized for cloud environments.
• Comprehensive Docker Integration: Implemented multi-stage Dockerfiles for PHP-FPM and Nginx, along with detailed Docker Compose configurations for both local development and production.
• Kubernetes-First Deployment with Helm: Provided a full Helm chart for deploying the WordPress application to Kubernetes, including configurations for secrets, persistent storage, and cron jobs.
• Enhanced Local Development Experience: Added a Makefile with convenient commands for bootstrapping, managing services, and performing preflight checks ('doctor') and smoke tests ('smoke').
• Improved Security and Best Practices: Incorporated .dockerignore, .gitignore, .editorconfig, SECURITY.md, and CONTRIBUTING.md files, along with hardened Docker image configurations and Nginx security headers.
• Automated Dependency Management: Configured Dependabot for automatic updates of Composer, GitHub Actions, and Docker dependencies.

Changelog

• .dockerignore
  • Added a new file to specify files and directories to be ignored by Docker builds.
• .editorconfig
  • Added a new file to define consistent coding styles for various file types.
• .env.example
  • Added a new example environment configuration file for WordPress and Docker settings.
• .gitattributes
  • Added a new file to configure Git attributes, including 'export-ignore' for specific directories.
• .github/dependabot.yml
  • Added a new Dependabot configuration file to automate dependency updates for Composer, GitHub Actions, and Docker.
• .gitignore
  • Added a new file to specify intentionally untracked files to be ignored by Git.
• CONTRIBUTING.md
  • Added a new file outlining contribution guidelines, workflow, and local development instructions.
• Dockerfile
  • Added a new multi-stage Dockerfile for building PHP (base, build, runtime, dev) and Nginx (base, runtime, dev) images.
• LICENSE
  • Added a new file containing the MIT License.
• Makefile
  • Added a new Makefile with various commands for local development, including 'doctor', 'smoke', 'bootstrap', 'up', 'down', 'wp', and 'composer'.
• README.md
  • Updated the README with a detailed description of the boilerplate, quickstart guide, production image details, configuration, Kubernetes deployment, WP-Cron, secrets management, and supply chain information.
• SECURITY.md
  • Added a new security policy document.
• compose.prod.yaml
  • Added a new Docker Compose configuration file for the production environment, emphasizing security and read-only filesystems.
• compose.yaml
  • Added a new Docker Compose configuration file for local development, including services for web, PHP, database, Redis, and optional tools like Caddy, MailHog, phpMyAdmin, WP-CLI, Composer, and Prometheus exporters.
• composer.json
  • Added a new Composer configuration file for the WordPress Bedrock boilerplate, defining dependencies, scripts, and installer paths.
• composer.lock
  • Added a new Composer lock file, detailing exact versions of dependencies.
• config/application.php
  • Added a new main application configuration file for WordPress, handling environment variables, database settings, security keys, and optional integrations like Redis and S3 uploads.
• config/environments/development.php
  • Added a new configuration file for development-specific overrides.
• config/environments/production.php
  • Added a new configuration file for production-specific overrides.
• config/environments/staging.php
  • Added a new configuration file for staging-specific overrides.
• docker/caddy/Caddyfile
  • Added a new Caddy configuration file for local HTTPS development.
• docker/caddy/Caddyfile.mkcert
  • Added a new Caddy configuration file for trusted local HTTPS using mkcert.
• docker/nginx/conf.d/default.conf
  • Added a new Nginx default server configuration file, including security headers, health checks, and PHP-FPM integration.
• docker/nginx/snippets/security-headers.conf
  • Added a new Nginx snippet for common security headers.
• docker/php/conf.d/50-apcu.ini
  • Added a new PHP-FPM configuration file for APCu.
• docker/php/conf.d/99-opcache-dev.ini
  • Added a new PHP-FPM configuration file for OPcache in development.
• docker/php/conf.d/99-opcache-prod.ini
  • Added a new PHP-FPM configuration file for OPcache in production.
• docker/php/fpm-pool.conf
  • Added a new PHP-FPM pool configuration file.
• docker/php/php.ini
  • Added a new minimal baseline PHP configuration file.
• docs/kubernetes/README.md
  • Added new documentation for Kubernetes deployment notes.
• docs/kubernetes/configmap-bedrock.example.yaml
  • Added a new example Kubernetes ConfigMap for Bedrock environment variables.
• docs/kubernetes/external-secrets/README.md
  • Added new documentation for External Secrets Operator examples.
• docs/kubernetes/external-secrets/clustersecretstore-aws-secretsmanager.example.yaml
  • Added a new example ClusterSecretStore for AWS Secrets Manager.
• docs/kubernetes/external-secrets/externalsecret-wordpress.example.yaml
  • Added a new example ExternalSecret for WordPress keys.
• docs/kubernetes/helm-values-production.example.yaml
  • Added new example Helm values for production deployment.
• docs/kubernetes/sealed-secrets/README.md
  • Added new documentation for SealedSecrets examples.
• docs/kubernetes/sealed-secrets/sealedsecret-wordpress.example.yaml
  • Added a new example SealedSecret for WordPress keys.
• docs/kubernetes/secrets-required.md
  • Added new documentation detailing required secrets and environment variables for Bedrock.
• docs/kubernetes/uploads-s3.md
  • Added new documentation for the S3-compatible uploads offload strategy.
• docs/local-dev/tls-mkcert.md
  • Added new documentation for trusted local TLS with mkcert.
• docs/supply-chain/README.md
  • Added new documentation for supply chain and image verification.
• docs/supply-chain/cosign.md
  • Added new documentation for Cosign (keyless) verification.
• helm/wp-boilerplate/.helmignore
  • Added a new Helm ignore file.
• helm/wp-boilerplate/Chart.yaml
  • Added a new Helm chart metadata file.
• helm/wp-boilerplate/README.md
  • Added a new Helm chart README.
• helm/wp-boilerplate/templates/_helpers.tpl
  • Added new Helm chart helper templates.
• helm/wp-boilerplate/templates/configmap.yaml
  • Added a new Helm template for ConfigMap.
• helm/wp-boilerplate/templates/cronjob.yaml
  • Added a new Helm template for CronJob.
• helm/wp-boilerplate/templates/deployment.yaml
  • Added a new Helm template for Deployment.
• helm/wp-boilerplate/templates/hpa.yaml
  • Added a new Helm template for Horizontal Pod Autoscaler.
• helm/wp-boilerplate/templates/ingress.yaml
  • Added a new Helm template for Ingress.
• helm/wp-boilerplate/templates/networkpolicy.yaml
  • Added a new Helm template for NetworkPolicy.
• helm/wp-boilerplate/templates/pdb.yaml
  • Added a new Helm template for Pod Disruption Budget.
• helm/wp-boilerplate/templates/pvc-uploads.yaml
  • Added a new Helm template for Persistent Volume Claim for uploads.
• helm/wp-boilerplate/templates/secret.yaml
  • Added a new Helm template for Secret.
• helm/wp-boilerplate/templates/service.yaml
  • Added a new Helm template for Service.
• helm/wp-boilerplate/templates/serviceaccount.yaml
  • Added a new Helm template for ServiceAccount.
• helm/wp-boilerplate/templates/servicemonitor.yaml
  • Added a new Helm template for ServiceMonitor.
• helm/wp-boilerplate/values.yaml
  • Added new Helm chart default values.
• pint.json
  • Added a new PHP-CS-Fixer configuration file for code style.
• scripts/doctor.sh
  • Added a new shell script for performing preflight checks on the development environment.
• scripts/smoke.sh
  • Added a new shell script for running smoke tests on the local stack.
• web/app/cache/.gitkeep
  • Added a new .gitkeep file to ensure the 'cache' directory is tracked by Git.
• web/app/mu-plugins/bedrock-autoloader.php
  • Added a new Bedrock autoloader must-use plugin.
• web/app/plugins/.gitkeep
  • Added a new .gitkeep file to ensure the 'plugins' directory is tracked by Git.
• web/app/themes/starter-theme/README.md
  • Added a new README for the starter theme.
• web/app/themes/starter-theme/footer.php
  • Added a new footer template for the starter theme.
• web/app/themes/starter-theme/functions.php
  • Added a new functions file for the starter theme.
• web/app/themes/starter-theme/header.php
  • Added a new header template for the starter theme.
• web/app/themes/starter-theme/index.php
  • Added a new index template for the starter theme.
• web/app/themes/starter-theme/style.css
  • Added a new stylesheet for the starter theme.
• web/app/uploads/.gitkeep
  • Added a new .gitkeep file to ensure the 'uploads' directory is tracked by Git.
• web/index.php
  • Added a new WordPress view bootstrapper file.
• web/wp-config.php
  • Added a new WordPress configuration file.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/ci.yml
  • .github/workflows/codeql.yml
  • .github/workflows/container-build.yml
  • .github/workflows/dependency-review.yml

Activity

• The pull request introduces a new 'make smoke' target, designed to standardize verification processes for local development and CI pipelines.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This is an excellent pull request that establishes a comprehensive, modern, and secure boilerplate for WordPress development and deployment. It impressively follows best practices for Docker, Docker Compose, and Kubernetes, with a strong focus on security and production-readiness. The documentation, Makefile, and helper scripts are well-crafted and greatly enhance usability. My review includes a few minor suggestions to further improve the project's robustness and portability.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fe2fcdbbc1

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".