feat: seed required wordpress plugins via wp-cli

README.md

@@ -22,6 +22,7 @@ This repository contains a hardened Docker Compose stack for the DigitechFlow Wo
 ## Services
 - **db**: `mysql:latest` with persistent volume `db_data/`.
 - **wordpress**: `wordpress:php8.3-fpm` serving PHP over FastCGI.
+- **wpcli_seed**: one-shot `wordpress:cli` job that installs/activates plugins listed in `config/plugins.txt`.
 - **wordpress_nginx**: `nginx:latest` front-end with custom config tuned for Traefik and FastCGI.
 - **redis**: `valkey/valkey:latest` for object caching with persistence and healthcheck.
 
@@ -30,6 +31,7 @@ This repository contains a hardened Docker Compose stack for the DigitechFlow Wo
 - `config/nginx/default.conf` contains gzip, caching, and FastCGI tuning. Adjust if you need custom routes.
 - `wordpress.ini` sets PHP limits and Opcache recommendations.
 - Local data directories (`db_data/`, `wordpress_data/`, `redis_data/`) plus `wp-config.php` are gitignored to prevent leaking content/secrets.
+- `config/plugins.txt` lists plugin slugs to auto-install. Add one per line and rerun `docker compose up wpcli_seed`.
 
 ## Operations
 - Update images: `docker compose pull && docker compose up -d`.

config/plugins.txt

@@ -0,0 +1,4 @@
+# List WordPress plugin slugs to ensure installed/active
+# Example:
+# wordpress-seo
+# woocommerce

docker-compose.yaml

@@ -42,6 +42,22 @@ services:
       - wordpress_network
     extra_hosts:
       - "host.docker.internal:host-gateway" # For crowdsec plugin to connect to host crowdsec api
+# One-shot WP-CLI job to seed plugins listed in config/plugins.txt
+  wpcli_seed:
+    image: wordpress:cli
+    depends_on:
+      wordpress:
+        condition: service_started
+    env_file:
+      - .env
+    volumes:
+      - ./wordpress_data:/var/www/html
+      - ./config/plugins.txt:/config/plugins.txt:ro
+      - ./scripts/seed-plugins.sh:/seed-plugins.sh:ro
+    entrypoint: ["/bin/sh", "/seed-plugins.sh"]
+    restart: "no"
+    networks:
+      - wordpress_network
 # Nginx front-end for WordPress (Traefik faces this container)
   wordpress_nginx:
     depends_on:

scripts/seed-plugins.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+set -eu
+PLUGINS_FILE=${PLUGINS_FILE:-/config/plugins.txt}
+WP_PATH=${WP_PATH:-/var/www/html}
+SLEEP=${SLEEP:-5}
+
+if [ ! -f "$PLUGINS_FILE" ]; then
+  echo "[seed-plugins] plugins file $PLUGINS_FILE not found, skipping"
+  exit 0
+fi
+
+# wait for WordPress to finish installing
+while ! wp core is-installed --path="$WP_PATH" --allow-root >/dev/null 2>&1; do
+  echo "[seed-plugins] waiting for WordPress database..."
+  sleep "$SLEEP"
+done
+
+while IFS= read -r plugin || [ -n "$plugin" ]; do
+  plugin=$(printf '%s' "$plugin" | tr -d '\r')
+  case "$plugin" in
+    ''|\#*) continue ;;
+  esac
+  if wp plugin is-installed "$plugin" --path="$WP_PATH" --allow-root >/dev/null 2>&1; then
+    echo "[seed-plugins] ensuring $plugin is active"
+    wp plugin activate "$plugin" --path="$WP_PATH" --allow-root >/dev/null || true
+  else
+    echo "[seed-plugins] installing $plugin"
+    wp plugin install "$plugin" --activate --path="$WP_PATH" --allow-root
+  fi
+done < "$PLUGINS_FILE"
+
+echo "[seed-plugins] complete"