ci(deploy): only POST plugin activation when not already active

[JohnRDOrazio]

Refs #41.

Update after VPS investigation: this PR's original framing claimed plugin activation triggers flush_rewrite_rules() and rewrites .htaccess, causing a brief Plesk-nginx mirror lag and the 404 race. That hypothesis turned out to be wrong — .htaccess on the VPS hasn't been modified since 2026-02-18, and the queue worker has had zero HTTP 404s in 4+ days of journal data. See the latest comment on #41 for the full revised analysis.

This PR is still useful as code hygiene — eliminating redundant flush_rewrite_rules() invocations is correct regardless — but it's no longer expected to materially move the deploy-time error rate. The dominant deploy-time symptom is HTTP 504 from PHP-FPM pool exhaustion, not 404 from a routing race. That needs a different fix (worker throttling, FPM pool sizing, opcache settings).

Why the change is still worth merging

1. The activation API call really does do extra work when invoked on an already-active plugin: WordPress walks each plugin file's activation hook, fires do_action( 'activate_<file>' ), and may invoke any register_activation_hook callbacks the plugins define. Skipping the call when status is already "active" removes that work cleanly.
2. It removes one variable from the deploy → so when we later isolate the FPM-saturation cause, we know plugin activation isn't contributing.
3. It makes the deploy log more informative — Skip <plugin>: already active vs. Activate <plugin> (was inactive): HTTP 200 shows what state actually changed.

Change

Read each plugin's current status first via GET /wp/v2/plugins/<slug> and only POST when status isn't already "active". Tarballs still get extracted and plugin code updates land; only the no-op activation request is skipped.

The fallback parser uses "unknown" if JSON parsing fails, which forces the POST path — safe default, preserves current behavior on transient response oddities.

Test plan

• Trigger a manual workflow_dispatch deploy. Logs should show Skip <plugin>: already active for both plugins (since they were both active prior to this PR).
• Toggle one plugin to inactive in WP admin, run a deploy, confirm it activates correctly with Activate <plugin> (was inactive): HTTP 200.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Added a per-plugin status check before activation; skips activation when status is already "active"
  • Treats non-2xx status fetches as deployment failures and emits explicit errors
  • Updated deployment logging to report prior plugin status alongside activation request results

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b89ac2cf-ebd4-4e54-b9ba-6bab543a80c8

📥 Commits

Reviewing files that changed from the base of the PR and between deb673d and 0a2387f.

📒 Files selected for processing (1)

• .github/workflows/deploy.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/deploy.yml

---

📝 Walkthrough

Walkthrough

The deploy workflow's plugin activation step now GETs each plugin to read its current status (failing on non-2xx), JSON-parses status with "unknown" fallback, skips the POST when already "active", and updates logs to include the prior status alongside POST HTTP results.

Changes

Plugin Activation Idempotency

Layer / File(s)	Summary
Control Flow / Activation .github/workflows/deploy.yml	Activation changed from unconditional POST to: GET plugin resource, parse status, skip POST if status == "active", else POST {"status":"active"}.
Error Handling .github/workflows/deploy.yml	Fail the deploy when the GET returns a non-2xx HTTP code; treat JSON parse failures with a default "unknown".
Logging / Telemetry .github/workflows/deploy.yml	Activation log now reports the previously observed status (was $CURRENT_STATUS) along with the POST HTTP status instead of only POST result.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• refactor: unify deploy.yml and deploy-staging.yml into one workflow (#46) #50: Modifies plugin activation logic in .github/workflows/deploy.yml with similar GET-based status checks and enhanced error handling.

Poem

🐰 A hop, a check, a gentle peek,
I read the status, mild not meek.
If "active" greets me, I skip the race,
Else I nudge it forward—soft and paced.
Deploys stay calm, the rabbit's grace.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci(deploy): only POST plugin activation when not already active' is a clear, specific summary that directly captures the main change: adding conditional logic to skip redundant plugin activation requests.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/idempotent-plugin-activation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/deploy.yml:
- Around line 343-345: The curl calls that set CURRENT (curl -s -w
'%{http_code}' -X GET "$WP_URL/$SLUG" -H "Authorization: Basic $AUTH") and the
activation POST calls should include explicit timeouts to avoid hanging; update
those curl invocations (the one assigning CURRENT and the activation POST block
around lines 370-374) to add --connect-timeout and --max-time (or -m) options
with sensible values so the workflow will fail fast on network issues while
preserving error handling.
- Around line 334-336: The explanatory comment referencing
flush_rewrite_rules(), WordPress, Plesk's nginx mirror and the /wp-json/* 404s
(issue `#41`) is written as a definitive root cause; make it hypothesis-neutral by
rephrasing to indicate a possible or likely cause—for example replace "the root
cause" with "a possible cause" or "may contribute to" and remove absolute
language so the comment (the explanatory block mentioning flush_rewrite_rules(),
Plesk nginx mirror and the 404 wave) reads as a hypothesis rather than a
confirmed fact.
- Around line 357-363: The multiline inline Python inside the command
substitution breaks YAML parsing; replace it with a single-line, YAML-safe
invocation so CURRENT_STATUS is assigned reliably from BODY. Change the block to
a one-liner such as: CURRENT_STATUS=$(echo "$BODY" | python3 -c 'import
json,sys; print(json.load(sys.stdin).get("status","unknown"))' 2>/dev/null ||
echo unknown) so the Python code is on a single line and the quoting is safe for
the workflow parser; keep references to CURRENT_STATUS and BODY to locate the
change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ee30fcc2-bfc1-4b71-9b01-37ecd783dfad

📥 Commits

Reviewing files that changed from the base of the PR and between 83b0c42 and deb673d.

📒 Files selected for processing (1)

• .github/workflows/deploy.yml

[JohnRDOrazio]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.