While this repository has been inactive for some time, this formal notice, issued on December 10, 2024, serves as the official declaration to clarify the situation. Consequently, this repository and all associated resources (including related projects, code, documentation, and distributed packages such as Docker images, PyPI packages, etc.) are now explicitly declared unmaintained and abandoned.
I would like to remind everyone that this project’s free license has always been based on the principle that the software is provided "AS-IS", without any warranty or expectation of liability or maintenance from the maintainer. As such, it is used solely at the user's own risk, with no warranty or liability from the maintainer, including but not limited to any damages arising from its use.
Due to the enactment of the Cyber Resilience Act (EU Regulation 2024/2847), which significantly alters the regulatory framework, including penalties of up to €15M, combined with its demands for unpaid and indefinite liability, it has become untenable for me to continue maintaining all my Open Source Projects as a natural person. The new regulations impose personal liability risks and create an unacceptable burden, regardless of my personal situation now or in the future, particularly when the work is done voluntarily and without compensation.
No further technical support, updates (including security patches), or maintenance, of any kind, will be provided.
These resources may remain online, but solely for public archiving, documentation, and educational purposes.
Users are strongly advised not to use these resources in any active or production-related projects, and to seek alternative solutions that comply with the new legal requirements (EU CRA).
Using these resources outside of these contexts is strictly prohibited and is done at your own risk.
Regarding the potential transfer of the project to another entity, discussions are ongoing, but no final decision has been made yet. As a last resort, if the project and its associated resources are not transferred, I may begin removing any published resources related to this project (e.g., from PyPI, Docker Hub, GitHub, etc.) starting March 15, 2025, especially if the CRA’s risks remain disproportionate.
Idea is to create it with a wonderful python tool called cookiecutter
if ! ( virtualenv --version 2>&1 >/dev/null );then echo "ERROR: install venv, on debian/ubuntu: apt install -y virtualenv,fi";fi
virtualenv --python=python3 ~/tools/cookiecutter
~/tools/cookiecutter/bin/pip install cookiecutter
-
create on gitlab your project
-
then locally (replace with your values)
cd ~/.cookiecutters/cookiecutter-wordpress \ && git fetch origin && git reset --hard origin/master \ && cd - cookiecutter --no-input -f -o ~/out_dir \ https://github.com/corpusops/cookiecutter-wordpress.git \ name=foo \ tld_domain=mydomain.com \ git_server=git.foo.com \ git_ns=bar \ dev_port=40001 staging_port=40003 qa_host="" prod_port=40010 cd ~/out_dir # review before commit # for relative checkout to work, we need remote objects locally git commit local -m "Add deploy"
-
Read cookiecutter.json for all options
-
notable options behaviors:
use_submodule_for_deploy_code=: copy deploy submodule inside project for a standalone deployment (no common deploy)py_ver=X.Yy: python version to useremove_cron=y: will remove cron image and related configurationenable_cron=: will soft disable (comment crontab) without removing cron.(qa|staging)_host=: will disable generation for this envtests_(staging|tests)=: will disable those specific tests in CIregistry_is_gitlab_registry=y: act that registry is gitlab based and use token to register image against and autofillregister_userandregistry_password.db_mode=<mode>: one ofpostgres|postgis|mysqlhaproxy=y: generate haproxy related jobs
cd local
ssh-keygen -t rsa -b 2048 -N '' -C deploy -f deploy
export CORPUSOPS_VAULT_PASSWORD=SuperVerySecretPassword
.ansible/scripts/setup_vaults.sh- Also add that variable
CORPUSOPS_VAULT_PASSWORDin the gitlab CI/CD variables - You would certainly also add
REGISTRY_USER®ISTRY_PASSWORD.
For each file which needs to be crypted
# to find them
find .ansible/inventory/group_vars/|grep encryptAlso open and read both your project top README.md and the .ansible/README.md
You need to
-
open in a editor:
$EDITOR .ansible/inventory/group_vars/dev/default.movemetoencryptedvault.yml -
In another window/shell, use Ansible vault to create/edit that file without the "encrypted" in the filename and copy/paste/adapt the content
.ansible/scripts/edit_vault.sh .ansible/inventory/group_vars/dev/default.yml
-
Delete the original file
rm -f .ansible/inventory/group_vars/dev/default.movemetoencryptedvault.yml
- Wash, rince, repeat for each needing-to-be-encrypted vault.
⚠️ Please note⚠️ : that you will need to put the previously generated ssh deploy key inall/default.yml
./control.sh init # init conf files
./control.sh build wordpress
./control.sh build # will be faster as many images are based on wordpress- Push to gitlab and run the dev job until it succeeds
- Trigger the dev image release job until it succeeds
-
Deploy manually one time to see everything is in place
Remember:- Your local copy is synced as the working directory on target env (with exclusions, see playbooks)
- The
cops_wordpress_docker_tagcontrols which docker image is deployed.
.ansible/scripts/call_ansible.sh .ansible/playbooks/deploy_key_setup.yml .ansible/scripts/call_ansible.sh -vvv .ansible/playbooks/ping.yml -l dev # or staging .ansible/scripts/call_ansible.sh -vvv .ansible/playbooks/app.yml \ -e "{cops_wordpress_docker_tag: dev}" -l dev # or staging
You can regenerate at a later time the project
local/regen.sh # and verify new files and updates