CI / CD – Example

Example CI/CD Pipeline

This CI/CD pipeline automates the build and deployment process for a WordPress project, specifically targeting theme and plugin management. It consists of two main stages: build, and deploy, all triggered only on the master branch to ensure production stability.

stages:
  - build
  - deploy

variables:
  THEME_PATH: 'wp-content/themes/chisel-theme'
  PLUGINS_PATH: 'wp-content/plugins'
  
build_composer:
  image: php:8.3-alpine
  stage: build
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - $THEME_PATH/vendor/
  artifacts:
    paths:
      - $THEME_PATH/vendor/
  script:
    - echo "Building composer packages..."
    - cd $THEME_PATH
    - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
    - php composer-setup.php
    - php -r "unlink('composer-setup.php');"
    - php composer.phar install --no-dev --prefer-dist --no-interaction

build_node:
  image: node:24.11.1
  stage: build
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - $THEME_PATH/node_modules/
  artifacts:
    paths:
      - $THEME_PATH/build/
  script:
    - echo "Building node packages..."
    - cd $THEME_PATH
    - npm install
    - npm run build-scripts

deploy:
  image: alpine:latest
  stage: deploy
  needs:
    - build_composer
    - build_node
  before_script:
    - apk add --no-cache openssh rsync
    - eval $(ssh-agent -s)
    - echo "$SSH_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
  script:
    - echo "Deploying theme and plugins to $HOME_PATH..."
    # deploy theme
    - echo "Deploying theme to $HOME_PATH/$THEME_PATH..."
    - rsync -avz --delete ./$THEME_PATH/ $SSH_USER@$SSH_HOST:$HOME_PATH/$THEME_PATH/
    # deploy plugins
    - echo "Deploying plugins to $HOME_PATH/$PLUGINS_PATH..."
    - rsync -avz --delete ./$PLUGINS_PATH/ $SSH_USER@$SSH_HOST:$HOME_PATH/$PLUGINS_PATH/
    - ssh $SSH_USER@$SSH_HOST -- "wp cache flush --path=$HOME_PATH --skip-plugins"
  variables:
    HOME_PATH: /public_html
  only:
    - master

stages:
  - build
  - deploy

variables:
  THEME_PATH: 'wp-content/themes/chisel-theme'
  PLUGINS_PATH: 'wp-content/plugins'
  
build_composer:
  image: php:8.3-alpine
  stage: build
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - $THEME_PATH/vendor/
  artifacts:
    paths:
      - $THEME_PATH/vendor/
  script:
    - echo "Building composer packages..."
    - cd $THEME_PATH
    - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
    - php composer-setup.php
    - php -r "unlink('composer-setup.php');"
    - php composer.phar install --no-dev --prefer-dist --no-interaction

build_node:
  image: node:24.11.1
  stage: build
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - $THEME_PATH/node_modules/
  artifacts:
    paths:
      - $THEME_PATH/build/
  script:
    - echo "Building node packages..."
    - cd $THEME_PATH
    - npm install
    - npm run build-scripts

deploy:
  image: alpine:latest
  stage: deploy
  needs:
    - build_composer
    - build_node
  before_script:
    - apk add --no-cache openssh rsync
    - eval $(ssh-agent -s)
    - echo "$SSH_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
  script:
    - echo "Deploying theme and plugins to $HOME_PATH..."
    # deploy theme
    - echo "Deploying theme to $HOME_PATH/$THEME_PATH..."
    - rsync -avz --delete ./$THEME_PATH/ $SSH_USER@$SSH_HOST:$HOME_PATH/$THEME_PATH/
    # deploy plugins
    - echo "Deploying plugins to $HOME_PATH/$PLUGINS_PATH..."
    - rsync -avz --delete ./$PLUGINS_PATH/ $SSH_USER@$SSH_HOST:$HOME_PATH/$PLUGINS_PATH/
    - ssh $SSH_USER@$SSH_HOST -- "wp cache flush --path=$HOME_PATH --skip-plugins"
  variables:
    HOME_PATH: /public_html
  only:
    - master

Stages Overview

• build: Triggers build_composer and build_node jobs simultaneously.
• deploy: Securely transfers built theme and plugin files to the production server and clears the WordPress cache.

Jobs Overview

• build_composer: Focuses on installing PHP dependencies via Composer for the WordPress theme.
• build_node: Handles Node.js dependency installation and executes front-end build scripts for the theme.

Variables

• THEME_PATH: The relative path to the active WordPress theme (here set to wp-content/themes/chisel-theme/).
• PLUGINS_PATH: The relative path to WordPress plugins (wp-content/plugins/).
• HOME_PATH: Defines the root directory on the remote server where WordPress is installed (/public_html).

Stage / Jobs Details

build (stage)

• Runs build_composer and build_node jobs simultaneously

build_composer (job)

• Uses a lightweight php:8.3-alpine Docker image for PHP execution.
• Downloads and installs Composer dynamically.
• Runs composer install within the theme directory with optimized flags (--no-dev, --prefer-dist, and --no-interaction) for production-ready dependencies.
• Persists the theme vendor directory as artifacts, allowing subsequent stages to reuse built files.

build_node (job)

• Runs on a node:20.12.2 Docker image.
• Installs Node.js dependencies inside the theme directory using npm install.
• Executes the build script npm run build-scripts to compile frontend assets such as JavaScript and CSS.
• The built theme build directory is saved as artifacts for deployment.

deploy (stage)

• Runs on a minimal alpine:latest image.
• Installs necessary tools like openssh and rsync for secure deployment.
• Sets up SSH agent with the provided private key ($SSH_KEY) for authentication.
• Verifies the target SSH_HOST by adding it to known_hosts to prevent MITM attacks.
• Synchronizes theme and plugins directories from the repository to the production server using rsync with archive and compression options, deleting files on the server that no longer exist in the source to keep the deployment clean.
• Finally, triggers a WordPress cache flush on the server via the wp-cli command to ensure the latest changes take effect immediately.
• $SSH_KEY, $SSH_USER and $SSH_HOST should be set in gitlab project variables section

This pipeline efficiently coordinates the build and deployment processes while adhering to best practices for WordPress theme and plugin management, leveraging containerized environments and secure SSH deployment.