-
Notifications
You must be signed in to change notification settings - Fork 8
Introduction
VVV-Init is a series of scripts to help you create a project development environment based on the Varying Vagrant Vagrants (VVV) WordPress focussed Vagrant configuration. VVV-Init assumes you will have some private repos at GitHub, GitLab, or Bitbucket, and provides a script to build a set of changes as a commit for deployment using WP Engine's Git Deployment.
VVV provides auto-site setup functionality, which allows you to create a series of setup files for your project: Nginx (webserver) config vvv-nginx.conf, a vvv-init.sh script to download WordPress and project specific plugins and themes, and vvv-hosts containing the domain name(s) your project will use. At CFTP we use Composer to assemble the requirements for our projects, and the vvv-init.sh script includes elements to help with this.
Composer is a way to specify your project dependencies, and it is how we assemble the various plugins and related code libraries for our projects. When we want to add a plugin, it's a matter of adding a line in the require section of composer.json.
Private repos are an issue when running a script automatically, as we are doing during auto-site setup we cannot stop for the user to enter passwords, etc. We solve this by having a "cftpdeploy" machine user, and distributing their keys with all our project repos (they aren't included here, for security reasons). The cftpdeploy user should only ever be given read permissions, never write permissions (because we distribute their key widely, even if amongst a relatively trusted circle).
The wrapper-composer.sh script provides most of the composer functionality, but loads the cftpdeploy user's SSH keys before the composer commands are run.
The other issue you hit when running SSH and related commands in a script is the prompt to accept the fingerprints of servers when you first access them. To get around this, we pre-generate the fingerprints for GitHub, GitLab, Bitbucket and git.wpengine.com, then load them into the known_hosts file for the vagrant user when the script is run. The pre-generation of the fingerprints is done using ssh-keyscan, and of course we recommend you run the keyscan yourself to ensure we're not making you vulnerable to a man-in-the-middle exploit.