ci: add demo WordPress deployment workflow#53
Conversation
Deploys a full WordPress demo site on merge to develop. Uses WP-CLI to install WordPress, import demo content, and configure the Axeptio plugin on the QA server.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6c0f0d6ece
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| MYSQL_USER: ${{ secrets.DEMO_MYSQL_USER }} | ||
| MYSQL_PASS: ${{ secrets.DEMO_MYSQL_PASS }} | ||
| run: | | ||
| ssh ${{ env.DEMO_USER }}@${{ env.DEMO_HOST }} bash -s << 'DEPLOY_SCRIPT' |
There was a problem hiding this comment.
When this step runs, the secrets declared in the step env exist only in the GitHub runner process. This SSH invocation starts a fresh remote bash without forwarding those variables, and the quoted heredoc prevents local expansion, so set -u will abort on the first remote use such as ${MYSQL_DB} before WordPress is deployed. Pass the required values as environment assignments to ssh/bash or otherwise render them safely into the remote script.
Useful? React with 👍 / 👎.
| rm -f /tmp/plugin.tar.gz | ||
|
|
||
| # --- Activate plugin -------------------------------------------------- | ||
| sudo -u www-data wp plugin activate "${PLUGIN_SLUG}" --path="$WP_PATH" |
There was a problem hiding this comment.
On a fresh demo site this activation runs before wp-consent-api is installed, but axeptio-wordpress-plugin.php declares Requires Plugins: wp-consent-api. WordPress 6.5's dependency handling also affects WP-CLI: “dependent plugins cannot be activated using WP-CLI until their dependencies are activated,” so this command fails until the companion plugin is installed and active; move the wp-consent-api install/activate step before activating Axeptio.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
Adds a new GitHub Actions workflow to automatically build and deploy a demo WordPress site (including this plugin) to the wordpress-qa.axept.io server on pushes to develop, using SSH + WP-CLI for installation/configuration.
Changes:
- Introduces a CI workflow that builds production JS/PHP assets and packages the plugin as an artifact.
- Adds a deploy job that uploads the plugin to a remote host and runs WP-CLI commands to install/update WordPress and configure Axeptio settings.
- Adds a simple post-deploy HTTP status check.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| with: | ||
| sparse-checkout: | | ||
| .github/scripts |
| - name: Setup SSH | ||
| run: | | ||
| mkdir -p ~/.ssh | ||
| echo "${{ secrets.DEMO_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa | ||
| chmod 600 ~/.ssh/id_rsa | ||
| ssh-keyscan -H ${{ env.DEMO_HOST }} >> ~/.ssh/known_hosts | ||
|
|
| run: | | ||
| ssh ${{ env.DEMO_USER }}@${{ env.DEMO_HOST }} bash -s << 'DEPLOY_SCRIPT' | ||
| set -euo pipefail | ||
|
|
||
| WP_PATH="${{ env.WP_PATH }}" | ||
| DOMAIN="${{ env.DEMO_DOMAIN }}" | ||
| PLUGIN_SLUG="${{ env.PLUGIN_SLUG }}" | ||
| PLUGIN_FILE="${{ env.PLUGIN_FILE }}" |
| sudo mysql -e "CREATE DATABASE IF NOT EXISTS ${MYSQL_DB} CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" | ||
| sudo mysql -e "CREATE USER IF NOT EXISTS '${MYSQL_USER}'@'localhost' IDENTIFIED BY '${MYSQL_PASS}';" | ||
| sudo mysql -e "GRANT ALL PRIVILEGES ON ${MYSQL_DB}.* TO '${MYSQL_USER}'@'localhost'; FLUSH PRIVILEGES;" | ||
|
|
| WP_PATH="${{ env.WP_PATH }}" | ||
| DOMAIN="${{ env.DEMO_DOMAIN }}" | ||
| PLUGIN_SLUG="${{ env.PLUGIN_SLUG }}" | ||
| PLUGIN_FILE="${{ env.PLUGIN_FILE }}" |
| curl -sO https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar | ||
| chmod +x wp-cli.phar | ||
| sudo mv wp-cli.phar /usr/local/bin/wp |
| HTTP_STATUS=$(curl -sk -o /dev/null -w "%{http_code}" "https://${{ env.DEMO_DOMAIN }}") | ||
| if [ "$HTTP_STATUS" -ge 200 ] && [ "$HTTP_STATUS" -lt 400 ]; then | ||
| echo "✅ Demo site responding with HTTP $HTTP_STATUS" | ||
| else | ||
| echo "❌ Demo site returned HTTP $HTTP_STATUS" |
Instead of SSH from GitHub runners, the workflow: 1. Builds and zips the plugin 2. Uploads the zip to the server via HTTPS 3. Triggers a webhook that starts the deploy via systemd
| curl -sk --fail \ | ||
| -X PUT \ | ||
| -H "Host: ${{ env.DEMO_DOMAIN }}" \ | ||
| -H "X-Webhook-Signature: ${SIGNATURE}" \ | ||
| --data-binary @/tmp/plugin.zip \ | ||
| "https://${{ env.DEMO_IP }}/deploy-artifact.php" |
| - name: Wait for deployment | ||
| run: sleep 30 | ||
|
|
||
| - name: Verify deployment | ||
| run: | | ||
| HTTP_STATUS=$(curl -sk -o /dev/null -w "%{http_code}" "https://${{ env.DEMO_DOMAIN }}") | ||
| if [ "$HTTP_STATUS" -ge 200 ] && [ "$HTTP_STATUS" -lt 400 ]; then | ||
| echo "✅ Demo site responding with HTTP $HTTP_STATUS" | ||
| else | ||
| echo "❌ Demo site returned HTTP $HTTP_STATUS" | ||
| exit 1 | ||
| fi |
| on: | ||
| push: | ||
| branches: [develop, ci/deploy-demo] | ||
| workflow_dispatch: |
|
|
||
| - name: Upload plugin zip to server | ||
| run: | | ||
| SIGNATURE="sha256=$(echo -n "@/tmp/plugin.zip" | openssl dgst -sha256 -hmac "${{ secrets.DEMO_WEBHOOK_SECRET }}" | awk '{print $2}')" |
Summary
developwordpress-qa.axept.io(63.34.106.0)What it does
Secrets required
All secrets have been configured:
DEMO_SSH_PRIVATE_KEY,DEMO_MYSQL_USER,DEMO_MYSQL_PASSDEMO_WP_ADMIN_USER,DEMO_WP_ADMIN_PASSWORD,DEMO_WP_ADMIN_EMAILDEMO_AXEPTIO_CLIENT_ID,DEMO_AXEPTIO_VERSIONTest plan