add renovate & fix some bugs

Signed-off-by: ffais <[email protected]>

.github/renovate-configs.json5

@@ -0,0 +1,14 @@
+{
+  "extends": ["config:best-practices"],
+  "packageRules": [
+    {
+      "enabled": true,
+      "matchDatasources": [
+        "docker"
+      ],
+      "matchUpdateTypes": [
+        "major"
+      ]
+    }
+  ],
+}

.github/workflows/renovate.yaml

@@ -0,0 +1,32 @@
+name: Renovate
+on:
+  schedule:
+    - cron: "0 * * * *"
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get token
+        id: get_token
+        uses: actions/create-github-app-token@v1
+        with:
+          private-key: ${{ secrets.private_key }}
+          app-id: ${{ secrets.app_id }}
+          owner: ${{ github.repository_owner }}
+          repositories: 'wordpress'
+      - name: Checkout
+        uses: actions/[email protected]
+      - name: Self-hosted Renovate
+        uses: renovatebot/[email protected]
+        with:
+          configurationFile: .github/renovate-config.json5
+          token: '${{ steps.get_token.outputs.token }}'

.gitignore

@@ -1,3 +1,4 @@
 tmp/
 wordpress/charts/
 wordpress/Chart.lock
+sites/

dockerfiles/php-fpm-healtcheck-Dockerfile

@@ -0,0 +1,8 @@
+FROM wordpress:6.6.1-php8.2-fpm-alpine
+RUN apk add --no-cache fcgi
+
+# Enable php fpm status page
+RUN set -xe && echo "pm.status_path = /status" >> /usr/local/etc/php-fpm.d/zz-docker.conf
+
+# Source https://github.com/renatomefi/php-fpm-healthcheck
+COPY --chmod=0755 ./dockerfiles/php-fpm-healthcheck /usr/local/bin/

dockerfiles/php-fpm-healthcheck

@@ -0,0 +1,139 @@
+#!/bin/sh
+# vim: set filetype=sh :
+
+# Author: <Renato Mefi [email protected]> https://github.com/renatomefi
+# The original code lives in https://github.com/renatomefi/php-fpm-healthcheck
+#
+# A POSIX compliant shell script to healthcheck PHP fpm status, can be used only for pinging the status page
+# or check for specific metrics
+#
+# i.e.: ./php-fpm-healthcheck --verbose --active-processes=6
+# The script will fail in case the 'active processes' is bigger than 6.
+#
+# You can combine multiple options as well, the first one to fail will fail the healthcheck
+# i.e.: ./php-fpm-healthcheck --listen-queue-len=10 --active-processes=6
+#
+# Ping mode (exit 0 if php-fpm returned data): ./php-fpm-healthcheck
+#
+# Ping mode with data (outputs php-fpm status text): ./php-fpm-healthcheck -v
+#
+# Exit status codes:
+# 2,9,111 - Couldn't connect to PHP fpm, is it running?
+# 8 - Couldn't reach PHP fpm status page, have you configured it with `pm.status_path = /status`?
+# 1 - A healthcheck condition has failed
+# 3 - Invalid option given
+# 4 - One or more required softwares are missing
+#
+# Available options:
+# -v|--verbose
+# 
+# Metric options, fails in case the CURRENT VALUE is bigger than the GIVEN VALUE
+# --accepted-conn=n
+# --listen-queue=n
+# --max-listen-queue=n
+# --idle-processes=n
+# --active-processes=n
+# --total-processes=n
+# --max-active-processes=n
+# --max-children-reached=n
+# --slow-requests=n
+#
+
+set -eu
+
+OPTIND=1 # Reset getopt in case it has been used previously in the shell
+
+# Required software
+FCGI_CMD_PATH=$(command -v cgi-fcgi) || { >&2 echo "Make sure fcgi is installed (i.e. apk add --no-cache fcgi). Aborting."; exit 4; }
+command -v sed 1> /dev/null || { >&2 echo "Make sure sed is installed (i.e. apk add --no-cache busybox). Aborting."; exit 4; }
+command -v tail 1> /dev/null || { >&2 echo "Make sure tail is installed (i.e. apk add --no-cache busybox). Aborting."; exit 4; }
+command -v grep 1> /dev/null || { >&2 echo "Make sure grep is installed (i.e. apk add --no-cache grep). Aborting."; exit 4; }
+
+# Get status from fastcgi connection
+# $1 - cgi-fcgi connect argument
+get_fpm_status() {
+    if test "$VERBOSE" = 1; then printf "Trying to connect to php-fpm via: %s%s\\n" "$1" "$SCRIPT_NAME"; fi;
+
+    # Since I cannot use pipefail I'll just split these in two commands
+    FPM_STATUS=$(env -i REQUEST_METHOD="$REQUEST_METHOD" SCRIPT_NAME="$SCRIPT_NAME" SCRIPT_FILENAME="$SCRIPT_FILENAME" "$FCGI_CMD_PATH" -bind -connect "$1" 2> /dev/null)
+    FPM_STATUS=$(echo "$FPM_STATUS" | tail -n +5)
+
+    if test "$VERBOSE" = 1; then printf "php-fpm status output:\\n%s\\n" "$FPM_STATUS"; fi;
+
+    if test "$FPM_STATUS" = "File not found."; then
+        >&2 printf "php-fpm status page non reachable\\n";
+        exit 8;
+    fi;
+}
+
+# $1 - fpm option
+# $2 - expected value threshold
+check_fpm_health_by() {
+    OPTION=$(echo "$1" | sed 's/--//g; s/-/ /g;')
+    VALUE_EXPECTED="$2";
+    VALUE_ACTUAL=$(echo "$FPM_STATUS" | grep "^$OPTION:" | cut -d: -f2 | sed 's/ //g')
+
+    if test "$VERBOSE" = 1; then printf "'%s' value '%s' and expected is less than '%s'\\n" "$OPTION" "$VALUE_ACTUAL" "$VALUE_EXPECTED"; fi;
+
+    if test "$VALUE_ACTUAL" -gt "$VALUE_EXPECTED"; then
+        >&2 printf "'%s' value '%s' is greater than expected '%s'\\n" "$OPTION" "$VALUE_ACTUAL" "$VALUE_EXPECTED";
+        exit 1;
+    fi;
+}
+
+PARAM_AMOUNT=0
+
+# $1 - fpm option
+# $2 - expected value threshold
+check_later() {
+    # The POSIX sh way to check if it's an integer, also the output is supressed since it's polution
+    if ! test "$2" -eq "$2" 2> /dev/null; then
+        >&2 printf "'%s' option value must be an integer, '%s' given\\n" "$1" "$2"; exit 3;
+    fi
+
+    PARAM_AMOUNT=$(( PARAM_AMOUNT + 1 ))
+
+    eval "PARAM_TO_CHECK$PARAM_AMOUNT=$1"
+    eval "VALUE_TO_CHECK$PARAM_AMOUNT=$2"
+}
+
+# From the PARAM_TO_CHECK/VALUE_TO_CHECK magic variables, do all the checks
+check_fpm_health() {
+    j=1
+    while [ $j -le $PARAM_AMOUNT ]; do
+        eval "CURRENT_PARAM=\$PARAM_TO_CHECK$j"
+        eval "CURRENT_VALUE=\$VALUE_TO_CHECK$j"
+        check_fpm_health_by "$CURRENT_PARAM" "$CURRENT_VALUE"
+        j=$(( j + 1 ))
+    done
+}
+
+if ! GETOPT=$(getopt -o v --long verbose,accepted-conn:,listen-queue:,max-listen-queue:,listen-queue-len:,idle-processes:,active-processes:,total-processes:,max-active-processes:,max-children-reached:,slow-requests: -n 'php-fpm-healthcheck' -- "$@"); then
+    >&2 echo "Invalid options, terminating." ; exit 3
+fi;
+
+eval set -- "$GETOPT"
+
+# FastCGI variables
+FCGI_CONNECT_DEFAULT="localhost:9000"
+FCGI_STATUS_PATH_DEFAULT="/status"
+
+export REQUEST_METHOD="GET"
+export SCRIPT_NAME="${FCGI_STATUS_PATH:-$FCGI_STATUS_PATH_DEFAULT}"
+export SCRIPT_FILENAME="${FCGI_STATUS_PATH:-$FCGI_STATUS_PATH_DEFAULT}"
+FCGI_CONNECT="${FCGI_CONNECT:-$FCGI_CONNECT_DEFAULT}"
+
+VERBOSE=0
+
+while test "$1"; do
+    case "$1" in
+        -v|--verbose ) VERBOSE=1; shift ;;
+        --) shift ; break ;;
+        * ) check_later "$1" "$2"; shift 2 ;;
+    esac
+done
+
+FPM_STATUS=false
+
+get_fpm_status "$FCGI_CONNECT"
+check_fpm_health

dockerfiles/php-fpm-redis-Dockerfile

@@ -0,0 +1,15 @@
+FROM wordpress:6.6.1-php8.2-fpm-alpine
+
+RUN apk add --no-cache fcgi
+
+# Enable php fpm status page
+RUN set -xe && echo "pm.status_path = /status" >> /usr/local/etc/php-fpm.d/zz-docker.conf
+
+# Source https://github.com/renatomefi/php-fpm-healthcheck
+COPY --chmod=0755 ./dockerfiles/php-fpm-healthcheck /usr/local/bin/
+
+RUN apk --no-cache add pcre-dev ${PHPIZE_DEPS} \
+  && pecl install redis memcached \
+  && docker-php-ext-enable redis memcached\
+  && apk del pcre-dev ${PHPIZE_DEPS} \
+  && rm -rf /tmp/pear

wordpress/confs/php/zz-custom-pool.conf

@@ -7,4 +7,4 @@ pm.min_spare_servers = {{ .Values.php.poolConfigOverride.pmMinSpareServers }}
 pm.max_spare_servers = {{ .Values.php.poolConfigOverride.pmMaxSpareServers }}
 slowlog = /proc/self/fd/2
 request_slowlog_timeout = 30s
-access.log = /dev/null
+access.log = {{ if .Values.debug.enabled }}/proc/self/fd/2{{ else }}/dev/null{{ end }}

wordpress/confs/wordpress/backup-script.sh

@@ -7,7 +7,7 @@ wp maintenance-mode activate
 
 echo "Database backup in progress.."
 wp db export --single-transaction "/mnt/backup-dir/${WORDPRESS_TITLE}-${NOW}-${RND}.sql"
-tar -vczf "/mnt/backup-dir/${WORDPRESS_TITLE}-${NOW}-${RND}-db.tar.gz" "."
+tar -vczf "/mnt/backup-dir/${WORDPRESS_TITLE}-${NOW}-${RND}-db.tar.gz" "/mnt/backup-dir/${WORDPRESS_TITLE}-${NOW}-${RND}.sql"
 echo "Database backup in complete.."
 echo "Wordpress backup in progress.."
 tar -vczf "/mnt/backup-dir/${WORDPRESS_TITLE}-${NOW}-${RND}-site.tar.gz" "."

wordpress/templates/debug-pod.yaml

@@ -35,7 +35,7 @@ spec:
     {{- end }}
     envFrom:
       - secretRef:
-          name: {{ .Release.Name }}-db-vars
+          name: db-vars
     volumeMounts:
     {{- if .Values.persistence.enabled }}
       - name: shared-dir

wordpress/templates/php-deployment.yaml

@@ -69,7 +69,7 @@ spec:
           {{- end }}
           envFrom:
             - secretRef:
-                name: {{ .Release.Name }}-db-vars
+                name: db-vars
           ports:
             - name: fastcgi
               containerPort: {{ .Values.php.service.port }}

wordpress/templates/wordpress-backup-azure-cronjob.yaml

@@ -38,7 +38,7 @@ spec:
               {{- end }}
             envFrom:
               - secretRef:
-                  name: {{ .Release.Name }}-db-vars
+                  name: db-vars
               - secretRef:
                   name: {{ .Release.Name }}-wordpress-site-vars
               - configMapRef:

wordpress/templates/wordpress-db-secret.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Release.Name }}-db-vars
+  name: db-vars
 type: kubernetes.io/Opaque
 data:
   WORDPRESS_DB_NAME: {{ .Values.wordpress.database.name | b64enc }}

wordpress/templates/wordpress-init-job.yaml

@@ -38,7 +38,7 @@ spec:
           {{- end }}
         envFrom:
           - secretRef:
-              name: {{ .Release.Name }}-db-vars
+              name: db-vars
           - secretRef:
               name: {{ .Release.Name }}-wordpress-site-vars
           - configMapRef:

wordpress/templates/wordpress-plugins-job.yaml

@@ -44,7 +44,7 @@ spec:
           {{- end }}
         envFrom:
           - secretRef:
-              name: {{ .Release.Name }}-db-vars
+              name: db-vars
           - secretRef:
               name: {{ .Release.Name }}-wordpress-site-vars
           - configMapRef:

wordpress/templates/wordpress-update-all-cronjob.yaml

@@ -38,7 +38,7 @@ spec:
               {{- end }}
             envFrom:
               - secretRef:
-                  name: {{ .Release.Name }}-db-vars
+                  name: db-vars
               - secretRef:
                   name: {{ .Release.Name }}-wordpress-site-vars
               - configMapRef:

wordpress/values.yaml

@@ -3,23 +3,23 @@ fullnameOverride: ""
 
 persistence:
   enabled: true
-  storageClassName: "rook-cephfs" #ReadWriteMany support
+  storageClassName: "" #ReadWriteMany support
   size: "10Gi"
   existingPvc: ""
 
 wordpress:
-  url: &url "wp-test.wordpress.smartcommunitylab.it"
-  title: "wp-test"
+  url: &url ""
+  title: ""
   admin:
-    username: "admin"
-    password: "admin"
-    email: "[email protected]"
+    username: ""
+    password: ""
+    email: ""
   database:
-    name: "wptest"
-    tablePrefix: "test"
+    name: "wp"
+    tablePrefix: "wp_"
     auth:
-      username: "admin"
-      password: "admin"
+      username: ""
+      password: ""
       existingSecret:
         enabled: false
         name: ""
@@ -34,15 +34,15 @@ ingress:
   enabled: true
   className: "nginx"
   annotations: 
-    cert-manager.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+    # cert-manager.io/cluster-issuer: letsencrypt-prod
+    # nginx.ingress.kubernetes.io/proxy-body-size: "100m"
   hosts:
     - host: *url
       paths:
         - path: /
           pathType: ImplementationSpecific
   tls:
-    - secretName: wp-cert
+    - secretName: ""
       hosts:
         - *url
 
@@ -177,19 +177,18 @@ php:
       command:
         - php-fpm-healthcheck
         - --listen-queue=10 # fails if there are more than 10 processes waiting in the fpm queue
-    initialDelaySeconds: 25
-    periodSeconds: 30
+    periodSeconds: 123
   readinessProbe:
     exec:
       command:
         - php-fpm-healthcheck # a simple ping since this means it's ready to handle traffic
-    initialDelaySeconds: 25
-    periodSeconds: 15
+    initialDelaySeconds: 23
+    periodSeconds: 60
   startupProbe:
     tcpSocket:
       port: 9000
-    initialDelaySeconds: 25
-    periodSeconds: 10
+    failureThreshold: 30
+    periodSeconds: 12
   autoscaling:
     enabled: false
     minReplicas: 1
@@ -247,7 +246,7 @@ mariadb:
       limits:
         cpu: 3
         memory: 1024Mi
-    extraEnvVarsSecret: "wp-test-db-vars"
+    extraEnvVarsSecret: "db-vars"
     persistence:
       enabled: true
       existingClaim: ""
@@ -326,7 +325,7 @@ jobs:
         tag: 10
       resources:
         limits:
-          memory: "4096Mi"
+          memory: "1024Mi"
           cpu: "1"
         requests:
           memory: "64Mi"