restricts ownership changes to files still owned by root (e.g., from the image build). On subsequent restarts, files already owned by www-data are skipped entirely, avoiding a full recursive write cycle.

Added ignores for .env, *.log, .DS_Store, Thumbs.db, and common editor/IDE files
chown entire wp-content to ensure correct permissions
2026-06-02 16:24:48 +01:00 · 2026-06-02 16:23:11 +01:00 · 2026-06-02 16:11:39 +01:00
6 changed files with 27 additions and 12 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,22 @@
+# direnv
 /.envrc
+
+# Environment files (may contain secrets)
+.env
+
+# Logs
+*.log
+
+# OS metadata
+.DS_Store
+Thumbs.db
+
+# Editor/IDE
+*.swp
+*.swo
+*~
+*.bak
+.idea/
+.vscode/
+.project
+.classpath
--- a/abra.sh
+++ b/abra.sh
@ -1,5 +1,5 @@
 export PHP_UPLOADS_CONF_VERSION=v4
-export ENTRYPOINT_CONF_VERSION=v9
+export ENTRYPOINT_CONF_VERSION=v8
 export ENTRYPOINT_MAILRELAY_CONF_VERSION=v2
 export MSMTP_CONF_VERSION=v4
 export HTACCESS_CONF_VERSION=v3
--- a/compose.selfmanaged.yml
+++ b/compose.selfmanaged.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: "wordpress:7.0.0"
+    image: "wordpress:latest"
    volumes:
      - "wordpress:/var/www/html/"
    environment:
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: "wordpress:7.0.0"
+    image: "wordpress:6.9.4"
    volumes:
      - "wordpress_content:/var/www/html/wp-content/"
    networks:
@ -62,10 +62,10 @@ services:
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}/$${2}"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.permanent=true"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
-        - "coop-cloud.${STACK_NAME}.version=3.0.0+7.0.0"
+        - "coop-cloud.${STACK_NAME}.version=2.19.2+6.9.4"

  db:
-    image: "mariadb:12.3"
+    image: "mariadb:12.2"
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -54,7 +54,7 @@ if [ ! -f "$UPLOADS_HTACCESS" ]; then
 EOF
 fi

-chown -R www-data:www-data /var/www/html/wp-content/uploads/
+chown -R --from=root:root www-data:www-data /var/www/html/wp-content/

 if [ -n "$@" ]; then
 	"$@"
--- a/release/3.0.0+7.0.0
+++ b/release/3.0.0+7.0.0
@ -1,6 +0,0 @@
- WordPress upgraded from 6.9.4 to 7.0 (major! test before deploying)
- MariaDB upgraded from 10.x to 11.4 (major! SSL now enabled by default)
- ENTRYPOINT_CONF_VERSION bumped to v9
- Breaking: MariaDB 11.4 enables SSL by default — if clients don't support SSL, add --disable-ssl to db command
- Breaking: WordPress 7.0 introduces new AI features and admin theme changes
- Backup database and files before upgrading
Author	SHA1	Message	Date
kawaiipunk	cf54575187	restricts ownership changes to files still owned by root (e.g., from the image build). On subsequent restarts, files already owned by www-data are skipped entirely, avoiding a full recursive write cycle. Some checks failed continuous-integration/drone/pr Build is failing Details	2026-06-02 16:24:48 +01:00
kawaiipunk	b4db12f09c	Added ignores for .env, *.log, .DS_Store, Thumbs.db, and common editor/IDE files Some checks failed continuous-integration/drone/pr Build is failing Details	2026-06-02 16:23:11 +01:00
kawaiipunk	e4b87c8ab9	chown entire wp-content to ensure correct permissions Some checks failed continuous-integration/drone/pr Build is failing Details	2026-06-02 16:11:39 +01:00