try with new deployment method

.s2i/bin/assemble

 #!/bin/bash
 
 set -x
-
 set -eo pipefail
 
 # During this initial build phase we are going to construct a new custom
@@ -11,29 +10,8 @@ set -eo pipefail
 # language files can be pulled down from a repository and incorporated into
 # the WordPress installation.
 
-# Use latest stable version of WordPress if no version is specified.
-
-if [ -z "$WORDPRESS_INSTALL_VERSION" ]; then
-  WORDPRESS_INSTALL_VERSION=$(curl -s "https://api.wordpress.org/core/version-check/1.7/?version=4.1" | python -c 'import sys, json; latest = json.load(sys.stdin)["offers"][0]; print(latest["version"] if latest["response"] == "upgrade" else "4.1")')
-fi
-
-# Download WordPress.
-
 mkdir -p /opt/app-root/downloads
 
-curl -Ls http://wordpress.org/wordpress-${WORDPRESS_INSTALL_VERSION}.tar.gz > /opt/app-root/downloads/wordpress.tar.gz
-echo ${WORDPRESS_INSTALL_VERSION} > /opt/app-root/downloads/wordpress-version.txt
-
-# Verify the WordPress sources.
-
-TARBALL_MD5=$(md5sum /opt/app-root/downloads/wordpress.tar.gz | cut -d ' ' -f 1)
-EXPECTS_MD5=$(curl -Ls http://wordpress.org/wordpress-${WORDPRESS_INSTALL_VERSION}.tar.gz.md5)
-
-if [ "${TARBALL_MD5}" != "${EXPECTS_MD5}" ]; then
-    echo "ERROR: WordPress ${WORDPRESS_INSTALL_VERSION} MD5 checksum mismatch. The WordPress tar file that was downloaded does not match the signature that it was expected to have."
-    exit 1
-fi
-
 #----------------- EO 03.04.2019 --------------
 # Install WP-CLI command line tool
 # Will allow to create users: 

.s2i/bin/assemble.orig

+#!/bin/bash
+
+set -x
+
+set -eo pipefail
+
+# During this initial build phase we are going to construct a new custom
+# image based off the default PHP S2I builder. The resulting image can be
+# run directly to create a standalone instance of WordPress not linked to
+# anything, or it can be run as a S2I builder so that plugins, themes and
+# language files can be pulled down from a repository and incorporated into
+# the WordPress installation.
+
+# Use latest stable version of WordPress if no version is specified.
+
+if [ -z "$WORDPRESS_INSTALL_VERSION" ]; then
+  WORDPRESS_INSTALL_VERSION=$(curl -s "https://api.wordpress.org/core/version-check/1.7/?version=4.1" | python -c 'import sys, json; latest = json.load(sys.stdin)["offers"][0]; print(latest["version"] if latest["response"] == "upgrade" else "4.1")')
+fi
+
+# Download WordPress.
+
+mkdir -p /opt/app-root/downloads
+
+curl -Ls http://wordpress.org/wordpress-${WORDPRESS_INSTALL_VERSION}.tar.gz > /opt/app-root/downloads/wordpress.tar.gz
+echo ${WORDPRESS_INSTALL_VERSION} > /opt/app-root/downloads/wordpress-version.txt
+
+# Verify the WordPress sources.
+
+TARBALL_MD5=$(md5sum /opt/app-root/downloads/wordpress.tar.gz | cut -d ' ' -f 1)
+EXPECTS_MD5=$(curl -Ls http://wordpress.org/wordpress-${WORDPRESS_INSTALL_VERSION}.tar.gz.md5)
+
+if [ "${TARBALL_MD5}" != "${EXPECTS_MD5}" ]; then
+    echo "ERROR: WordPress ${WORDPRESS_INSTALL_VERSION} MD5 checksum mismatch. The WordPress tar file that was downloaded does not match the signature that it was expected to have."
+    exit 1
+fi
+
+#----------------- EO 03.04.2019 --------------
+# Install WP-CLI command line tool
+# Will allow to create users: 
+#   wp user create admin email@cern.ch --role=administrator
+#     will create admin user with random password
+# Must run from the WP installation directory (/opt/app-root/src)
+# https://make.wordpress.org/cli/handbook/installing/ 
+curl -Ls https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar > /opt/app-root/downloads/wp-cli.phar
+# Verify it's ok
+php /opt/app-root/downloads/wp-cli.phar --info
+# Install
+chmod +x /opt/app-root/downloads/wp-cli.phar
+mkdir -p /opt/app-root/bin
+mv /opt/app-root/downloads/wp-cli.phar /opt/app-root/bin/wp
+
+# Move CERN Plugin to the plugin repository in downloads location
+# Will need to be enabled using wp cli
+#   wp plugin activate cern-sso-authentication
+mv /tmp/src/plugins /opt/app-root/downloads
+#----------------- /EO 03.04.2019 --------------
+
+
+# This S2I assemble script is only used when creating the custom image.
+# For when running the image, or using it as a S2I builder, we use a second
+# set of custom S2I scripts. We now need to move these into the correct
+# location and have the custom image use those by dropping in an image
+# metadata file which overrides the labels of the base image.
+
+mkdir -p /opt/app-root/s2i
+
+mv /tmp/src/builder/assemble /opt/app-root/s2i/assemble
+mv /tmp/src/builder/run /opt/app-root/s2i/run
+mv /tmp/src/builder/save-artifacts /opt/app-root/s2i/save-artifacts
+
+mkdir -p /tmp/.s2i
+
+mv /tmp/src/builder/image_metadata.json /tmp/.s2i/image_metadata.json
+
+rm -rf /tmp/src
+
+# Fixup permissions on directories and files.
+
+fix-permissions /opt/app-root

builder/run

 #!/bin/bash
 
 set -x
-
 set -eo pipefail
 
-# If WordPress has not been installed yet, unpack it.
-
-if [ ! -f wp-config-sample.php ]; then
-    echo "Wordpress not installed, unpack it"
-    tar --strip-components=1 -xzf /opt/app-root/downloads/wordpress.tar.gz
-
-    # Edit the wp-config-sample.php to allow plugins and themes to be
-    # installed directly into file system.
-
-    echo "Wordpress config-sample.php update for SSL"
-
-    sed -i "/'DB_COLLATE', *'' *);/a\
-    define('FS_METHOD', 'direct');" wp-config-sample.php
-
-    # Edit the wp-config-sample.php to force use of a secure connection
-    # for login and adminstration.
-
-    sed -i "/'DB_COLLATE', *'' *);/a\
-    define( 'FORCE_SSL_ADMIN', true );" wp-config-sample.php
-
-    # Edit the wp-config-sample.php to ensure that static files are served
-    # up over same protocol as request to avoid mixed content errors.
-
-    sed -i "/'DB_COLLATE', *'' *);/a\
-    if (strpos(\$_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) \$_SERVER['HTTPS']='on';" wp-config-sample.php
-else
-    echo "Wordpress seems already installed, found existing wp-config-sample.php"
-fi
-
-# Check whether the wp-config.php file has been generated previously. If
-# not then we need to generate it. This is placed in the persistent volume.
-
-secret() {
-    python -c 'import random; import string; print("".join([random.SystemRandom().choice(string.ascii_letters+string.digits) for i in range(50)]))'
-}
-
-if [ ! -f wp-config.php ]; then
-
-    echo "Wordpress config.php preparation for DB and all"
-
-    TMPCONFIG=/tmp/wp-config-temp.php
-    cp wp-config-sample.php $TMPCONFIG
-
-    sed -i "s/'DB_NAME', *'database_name_here'/'DB_NAME', '$MYSQL_DATABASE'/" $TMPCONFIG
-    sed -i "s/'DB_USER', *'username_here'/'DB_USER', '$MYSQL_USER'/" $TMPCONFIG
-    sed -i "s/'DB_PASSWORD', *'password_here'/'DB_PASSWORD', '$MYSQL_PASSWORD'/" $TMPCONFIG
-    sed -i "s/'DB_HOST', *'localhost'/'DB_HOST', '$MYSQL_HOST'/" $TMPCONFIG
-    sed -i "s/\$table_prefix *= *'wp_';/\$table_prefix = '$MYSQL_TABLE_PREFIX';/" $TMPCONFIG
-
-    sed -i "s/'AUTH_KEY', *'put your unique phrase here'/'AUTH_KEY', '`secret`'/" $TMPCONFIG
-    sed -i "s/'SECURE_AUTH_KEY', *'put your unique phrase here'/'SECURE_AUTH_KEY', '`secret`'/" $TMPCONFIG
-    sed -i "s/'LOGGED_IN_KEY', *'put your unique phrase here'/'LOGGED_IN_KEY', '`secret`'/" $TMPCONFIG
-    sed -i "s/'NONCE_KEY', *'put your unique phrase here'/'NONCE_KEY', '`secret`'/" $TMPCONFIG
-    sed -i "s/'AUTH_SALT', *'put your unique phrase here'/'AUTH_SALT', '`secret`'/" $TMPCONFIG
-    sed -i "s/'SECURE_AUTH_SALT', *'put your unique phrase here'/'SECURE_AUTH_SALT', '`secret`'/" $TMPCONFIG
-    sed -i "s/'LOGGED_IN_SALT', *'put your unique phrase here'/'LOGGED_IN_SALT', '`secret`'/" $TMPCONFIG
-    sed -i "s/'NONCE_SALT', *'put your unique phrase here'/'NONCE_SALT', '`secret`'/" $TMPCONFIG
-
-    mv $TMPCONFIG wp-config.php
-else
-    echo "Wordpress seems already configured, found existing wp-config.php"
-fi
-
-# Copy user provided plugins, themes, language files and configuration
-# files into the persistent volume. This happens every time the image is
-# started, which is not ideal. If application is scaled, then could also
-# occur from multple replicas at the same time. No obvious way to avoid
-# that, so outstanding question as to whether that will cause any issues.
+# ------- EO 03.04.2019 -------
+if ! $(wp core is-installed); then
+    echo "Wordpress download and install"
+    /opt/app-root/bin/wp core download
+    # Verify Checksums
+    /opt/app-root/bin/wp core verify-checksums
 
+    # Copy gitlab provided plugins, themes files into the persistent volume. 
+    echo "Copying custom Themes and Plugins"
     if [ -d /opt/app-root/downloads/plugins ]; then
         cp -rf /opt/app-root/downloads/plugins/* wp-content/plugins/ 2>/dev/null || true
     fi
-
     if [ -d /opt/app-root/downloads/themes ]; then
         cp -rf /opt/app-root/downloads/themes/* wp-content/themes/ 2>/dev/null || true
     fi
 
-if [ -d /opt/app-root/downloads/languages ]; then
-    cp -rf /opt/app-root/downloads/languages/* wp-content/languages/ 2>/dev/null || true
-fi
-
-if [ -f /opt/app-root/downloads/configs/wp-config.php ]; then
-    cp -f /opt/app-root/downloads/configs/wp-config.php wp-config.php
-fi
-
-if [ -f /opt/app-root/downloads/configs/.htaccess ]; then
-    cp -f /opt/app-root/downloads/configs/.htaccess .htaccess
-fi
-
-# Enable WebDav access if authentication realm set and user database exists.
-
-if [ x"$WEBDAV_AUTHENTICATION_REALM" != x"" ]; then
-    if [ -f /opt/app-root/secrets/webdav/.htdigest ]; then
-        cat > /opt/app-root/etc/conf.d/90-webdav.conf << !
-<IfModule !dav_module>
-LoadModule dav_module modules/mod_dav.so'
-</IfModule>
-
-<IfModule !dav_fs_module>
-LoadModule dav_fs_module modules/mod_dav_fs.so'
-</IfModule>
-
-<IfModule !auth_digest_module>
-LoadModule auth_digest_module modules/mod_auth_digest.so'
-</IfModule>
-
-<IfModule !authn_file_module>
-LoadModule authn_file_module modules/mod_authn_file.so'
-</IfModule>
-
-<IfModule !authz_user_module>
-LoadModule authz_user_module modules/mod_authz_user.so'
-</IfModule>
+    echo "Wordpress configuration"
+    # --skip-check avoids the need for mysql binary and mysql lcoal install
+    /opt/app-root/bin/wp config create --dbname='$MYSQL_DATABASE' --dbhost='$MYSQL_HOST' --dbprefix='$MYSQL_TABLE_PREFIX' --dbuser='$MYSQL_USER' --dbpass='$MYSQL_PASSWORD' --skip-check
+    # Enforse SSL
+    /opt/app-root/bin/wp config set FORCE_SSL_ADMIN true --raw
 
-DavLockDB /opt/app-root/DavLock
-
-Alias /webdav/ /opt/app-root/src/
-
-<Location /webdav/>
-    DAV on
-
-    ForceType text/plain
-    DirectoryIndex disabled
-
-    AuthType Digest
-    AuthName "$WEBDAV_AUTHENTICATION_REALM"
-    AuthDigestDomain /webdav/
-    AuthDigestProvider file
-    AuthUserFile /opt/app-root/secrets/webdav/.htdigest
-
-    Require valid-user
-</Location>
-!
-    fi
-fi
-
-# ------- EO 03.04.2019 -------
-if ! $(wp core is-installed); then
     echo "Wordpress site setup"
-
     # Create Wordpress instance and admin account
     /opt/app-root/bin/wp core install --url=https://$APPLICATION_NAME.web.cern.ch --title=$APPLICATION_NAME --admin_user=admin --admin_email=$ADMIN_EMAIL
     # Create Admin Users and enable Plugin
@@ -157,8 +39,19 @@ if ! $(wp core is-installed); then
     # Enable TwentySeventeen theme which is better than default theme
     #/opt/app-root/bin/wp theme activate twentyseventeen
     
+    # Prevent SSL loop errors due to bad includes on http
+    #wp search-replace 'http://$APPLICATION_NAME.web.cern.ch' '$APPLICATION_NAME.web.cern.ch' --skip-columns=guid --dry-run
 else
-    echo "Wordpress site seems already setup according to wp core is-installed command"
+    echo "Wordpress site is already setup according to wp core is-installed command"
+    if ! $(wp core check-update); then
+        echo "Update is needed, proceeding"
+        # Update WP core files
+        /opt/app-root/bin/wp core update
+        # Update DB eventually
+        /opt/app-root/bin/wp core update-db
+        # Verify Checksums
+        /opt/app-root/bin/wp core verify-checksums
+    fi
 fi
 
 # Execute the original run script, replacing this script as current process.

builder/run.orig

+#!/bin/bash
+
+set -x
+
+set -eo pipefail
+
+# If WordPress has not been installed yet, unpack it.
+
+if [ ! -f wp-config-sample.php ]; then
+    echo "Wordpress not installed, unpack it"
+    tar --strip-components=1 -xzf /opt/app-root/downloads/wordpress.tar.gz
+
+    # Edit the wp-config-sample.php to allow plugins and themes to be
+    # installed directly into file system.
+
+    echo "Wordpress config-sample.php update for SSL"
+
+    sed -i "/'DB_COLLATE', *'' *);/a\
+    define('FS_METHOD', 'direct');" wp-config-sample.php
+
+    # Edit the wp-config-sample.php to force use of a secure connection
+    # for login and adminstration.
+
+    sed -i "/'DB_COLLATE', *'' *);/a\
+    define( 'FORCE_SSL_ADMIN', true );" wp-config-sample.php
+
+    # Edit the wp-config-sample.php to ensure that static files are served
+    # up over same protocol as request to avoid mixed content errors.
+
+    sed -i "/'DB_COLLATE', *'' *);/a\
+    if (strpos(\$_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) \$_SERVER['HTTPS']='on';" wp-config-sample.php
+else
+    echo "Wordpress seems already installed, found existing wp-config-sample.php"
+fi
+
+# Check whether the wp-config.php file has been generated previously. If
+# not then we need to generate it. This is placed in the persistent volume.
+
+secret() {
+    python -c 'import random; import string; print("".join([random.SystemRandom().choice(string.ascii_letters+string.digits) for i in range(50)]))'
+}
+
+if [ ! -f wp-config.php ]; then
+
+    echo "Wordpress config.php preparation for DB and all"
+
+    TMPCONFIG=/tmp/wp-config-temp.php
+    cp wp-config-sample.php $TMPCONFIG
+
+    sed -i "s/'DB_NAME', *'database_name_here'/'DB_NAME', '$MYSQL_DATABASE'/" $TMPCONFIG
+    sed -i "s/'DB_USER', *'username_here'/'DB_USER', '$MYSQL_USER'/" $TMPCONFIG
+    sed -i "s/'DB_PASSWORD', *'password_here'/'DB_PASSWORD', '$MYSQL_PASSWORD'/" $TMPCONFIG
+    sed -i "s/'DB_HOST', *'localhost'/'DB_HOST', '$MYSQL_HOST'/" $TMPCONFIG
+    sed -i "s/\$table_prefix *= *'wp_';/\$table_prefix = '$MYSQL_TABLE_PREFIX';/" $TMPCONFIG
+
+    sed -i "s/'AUTH_KEY', *'put your unique phrase here'/'AUTH_KEY', '`secret`'/" $TMPCONFIG
+    sed -i "s/'SECURE_AUTH_KEY', *'put your unique phrase here'/'SECURE_AUTH_KEY', '`secret`'/" $TMPCONFIG
+    sed -i "s/'LOGGED_IN_KEY', *'put your unique phrase here'/'LOGGED_IN_KEY', '`secret`'/" $TMPCONFIG
+    sed -i "s/'NONCE_KEY', *'put your unique phrase here'/'NONCE_KEY', '`secret`'/" $TMPCONFIG
+    sed -i "s/'AUTH_SALT', *'put your unique phrase here'/'AUTH_SALT', '`secret`'/" $TMPCONFIG
+    sed -i "s/'SECURE_AUTH_SALT', *'put your unique phrase here'/'SECURE_AUTH_SALT', '`secret`'/" $TMPCONFIG
+    sed -i "s/'LOGGED_IN_SALT', *'put your unique phrase here'/'LOGGED_IN_SALT', '`secret`'/" $TMPCONFIG
+    sed -i "s/'NONCE_SALT', *'put your unique phrase here'/'NONCE_SALT', '`secret`'/" $TMPCONFIG
+
+    mv $TMPCONFIG wp-config.php
+else
+    echo "Wordpress seems already configured, found existing wp-config.php"
+fi
+
+# Copy user provided plugins, themes, language files and configuration
+# files into the persistent volume. This happens every time the image is
+# started, which is not ideal. If application is scaled, then could also
+# occur from multple replicas at the same time. No obvious way to avoid
+# that, so outstanding question as to whether that will cause any issues.
+
+if [ -d /opt/app-root/downloads/plugins ]; then
+    cp -rf /opt/app-root/downloads/plugins/* wp-content/plugins/ 2>/dev/null || true
+fi
+
+if [ -d /opt/app-root/downloads/themes ]; then
+    cp -rf /opt/app-root/downloads/themes/* wp-content/themes/ 2>/dev/null || true
+fi
+
+if [ -d /opt/app-root/downloads/languages ]; then
+    cp -rf /opt/app-root/downloads/languages/* wp-content/languages/ 2>/dev/null || true
+fi
+
+if [ -f /opt/app-root/downloads/configs/wp-config.php ]; then
+    cp -f /opt/app-root/downloads/configs/wp-config.php wp-config.php
+fi
+
+if [ -f /opt/app-root/downloads/configs/.htaccess ]; then
+    cp -f /opt/app-root/downloads/configs/.htaccess .htaccess
+fi
+
+# Enable WebDav access if authentication realm set and user database exists.
+
+if [ x"$WEBDAV_AUTHENTICATION_REALM" != x"" ]; then
+    if [ -f /opt/app-root/secrets/webdav/.htdigest ]; then
+        cat > /opt/app-root/etc/conf.d/90-webdav.conf << !
+<IfModule !dav_module>
+LoadModule dav_module modules/mod_dav.so'
+</IfModule>
+
+<IfModule !dav_fs_module>
+LoadModule dav_fs_module modules/mod_dav_fs.so'
+</IfModule>
+
+<IfModule !auth_digest_module>
+LoadModule auth_digest_module modules/mod_auth_digest.so'
+</IfModule>
+
+<IfModule !authn_file_module>
+LoadModule authn_file_module modules/mod_authn_file.so'
+</IfModule>
+
+<IfModule !authz_user_module>
+LoadModule authz_user_module modules/mod_authz_user.so'
+</IfModule>
+
+DavLockDB /opt/app-root/DavLock
+
+Alias /webdav/ /opt/app-root/src/
+
+<Location /webdav/>
+    DAV on
+
+    ForceType text/plain
+    DirectoryIndex disabled
+
+    AuthType Digest
+    AuthName "$WEBDAV_AUTHENTICATION_REALM"
+    AuthDigestDomain /webdav/
+    AuthDigestProvider file
+    AuthUserFile /opt/app-root/secrets/webdav/.htdigest
+
+    Require valid-user
+</Location>
+!
+    fi
+fi
+
+# ------- EO 03.04.2019 -------
+if ! $(wp core is-installed); then
+    echo "Wordpress site setup"
+
+    # Create Wordpress instance and admin account
+    /opt/app-root/bin/wp core install --url=https://$APPLICATION_NAME.web.cern.ch --title=$APPLICATION_NAME --admin_user=admin --admin_email=$ADMIN_EMAIL
+    # Create Admin Users and enable Plugin
+    #/opt/app-root/bin/wp user create admin $ADMIN_EMAIL --role=administrator
+    # Enable english language
+    # /opt/app-root/bin/wp language core install en_US
+    # DEPRECATED /opt/app-root/bin/wp language core activate en_US
+    /opt/app-root/bin/wp site switch-language en_US
+    # Enable CERN SSO plugin which maps email attribute to WP internal DB
+    /opt/app-root/bin/wp plugin activate cern-sso-authentication
+    # Enable TwentySeventeen theme which is better than default theme
+    #/opt/app-root/bin/wp theme activate twentyseventeen
+    
+else
+    echo "Wordpress site seems already setup according to wp core is-installed command"
+fi
+
+# Execute the original run script, replacing this script as current process.
+exec /usr/libexec/s2i/run