chore: publish 0.3.0+5.82.0-wordpress-php8.1 release

configure openid connect plugin to link existing users by default
chore: publish 0.2.1+5.82.0-wordpress-php8.1 release
2025-06-18 17:07:46 -04:00 · 2025-06-18 16:55:44 -04:00 · 2025-06-11 16:01:10 -04:00 · 2025-06-04 19:15:05 -04:00 · 2025-05-23 15:51:03 -04:00 · 2025-05-09 20:31:54 +00:00
7 changed files with 40 additions and 27 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # civicrm

-> One line description of the recipe
+> CiviCRM Wordpress

 <!-- metadata -->

@ -16,9 +16,24 @@
 <!-- endmetadata -->

 ## Quick start
-
-* `abra app new civicrm --secrets`
+* `abra app new civicrm-wordpress`
 * `abra app config <app-name>`
+
+Authentik integration:
+* When configuring, uncomment `COMPOSE_FILE`, `OPEN_ID_CLIENT_ID`, `SECRET_OPEN_ID_CLIENT_SECRET_VERSION`, and `AUTHENTIK_DOMAIN`
+* To configure your Authentik deployment, follow the guide at [`docs.goauthentik.io/integrations/services/wordpress`](https://docs.goauthentik.io/integrations/services/wordpress/).
+* NOTE: at the time of writing the Authentik integration guide incorrectly says to set the redirect URI to `https://wp.company/admin-ajax.php?action=openid-connect-authorize` when it should be `https://wp.company/wp-admin/admin-ajax.php?action=openid-connect-authorize`
+* If using a different OpenID provider, leave `AUTHENTIK_DOMAIN` commented and uncomment the other OpenID configuration options
+
+Insert secrets:
+* `abra app secret i <app-name> wordpress_admin_password v1 '<temp account password>'`
+* `abra app secret i <app-name> smtp_password v1 '<smtp password>'`
+* (Authentik) `abra app secret i <app-name> openid_client_secret v1 <openid client secret>`
+
+Generate secrets (be sure to save them):
+* `abra app secret g -a <app-name>`
+
+Deploy app:
 * `abra app deploy <app-name>`

 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).
--- a/compose.yml
+++ b/compose.yml
@ -61,7 +61,7 @@ services:
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.1.3+5.82.0-wordpress-php8.1"
+        - "coop-cloud.${STACK_NAME}.version=0.3.0+5.82.0-wordpress-php8.1"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/var/www/html/wp-content/uploads"
    healthcheck:
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -89,37 +89,45 @@ pushd /var/www/html/wp-content/uploads/civicrm/
  fi
 popd

-if  [[ -n "${OPEN_ID_CLIENT_ID}" ]]; then
+OPEN_ID_CLIENT_ID="${OPEN_ID_CLIENT_ID:-unused}"
+if  [ "$OPEN_ID_CLIENT_ID" != "unused" ]; then
  # install OpenID Connect Generic plugin
  if ! su civicrm -c "wp plugin is-installed daggerhart-openid-connect-generic"; then
-    # su civicrm -c "wp option list"
    echo "============ Running OpenId Connect Install ============"
    su civicrm -c "wp plugin install daggerhart-openid-connect-generic --activate"
-    # su civicrm -c "wp option list"
+  else
+    echo "OpenID Connect Generic Plugin already installed"
  fi

+  # if openid connect hasn't been configured, insert default settings
  if ! su civicrm -c "wp option get openid_connect_generic_settings"; then
-    echo "Couldn't find openid connect settings option!"
-    # cat /usr/local/etc/civicrm/openid_settings.json
+    echo "Configuring OpenId Connect Plugin default settings"
    su civicrm -c "wp option add openid_connect_generic_settings --format=json < /usr/local/etc/civicrm/openid_settings.json"
+  else
+    echo "OpenId Connect Plugin default settings already present"
  fi

-  su civicrm -c "wp option list"
+  echo "============ Configuring OpenId Connect ============"
  su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
  su civicrm -c "wp option patch update openid_connect_generic_settings client_secret $OPEN_ID_CLIENT_SECRET"
+  su civicrm -c "wp option patch update openid_connect_generic_settings link_existing_users 1"

-  if  [[ -n "${AUTHENTIK_DOMAIN}" ]]; then
+  AUTHENTIK_DOMAIN="${AUTHENTIK_DOMAIN:-unused}"
+  if  [ "$AUTHENTIK_DOMAIN" != "unused" ]; then
+    echo "============ Configuring Authentik ============"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login https://$AUTHENTIK_DOMAIN/application/o/authorize/"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo https://$AUTHENTIK_DOMAIN/application/o/userinfo/"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token https://$AUTHENTIK_DOMAIN/application/o/token/"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/"
  else
+    echo "============ Configuring Generic OpenId Provider ============"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login $OPEN_ID_PROVIDER_LOGIN_URL"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo $OPEN_ID_USERINFO_URL"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token $OPEN_ID_TOKEN_ENDPOINT_URL"
    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session $OPEN_ID_END_SESSION_URL"
  fi
-  su civicrm -c "wp option list"
+else
+    echo "not using OpenIdConnect"
 fi

 echo "============ Setting up cron ============"
@ -128,19 +136,5 @@ apt update && apt install -y cron
 crontab -l | { cat; echo "*/5 * * * * /usr/local/bin/entrypoint.sh cron > /tmp/cronlog 2>&1"; } | crontab -
 cron

-
-# if  [[  "${OPEN_ID_CONNECT_ENABLED}" == "1" ]]; then
-#   sleep 30s
-#   echo "============ Configuring OpenID Connect ============"
-#   if su civicrm -c "wp option get openid_connect_generic_settings"; then
-#     echo "found openid connect settings option!"
-#     su civicrm -c "wp option get openid_connect_generic_settings"
-#     # su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
-#   else
-#     echo "Couldn't find openid connect settings option!"
-#   fi
-# fi
-
-
 echo "============ Running Webserver ============"
-exec apache2-foreground
+exec apache2-foreground
--- a/release/0.1.3+5.82.0-wordpress-php8.1
+++ b/release/0.1.3+5.82.0-wordpress-php8.1
@ -0,0 +1 @@
+Updated CiviCRM and set language to english
--- a/release/0.2.0+5.82.0-wordpress-php8.1
+++ b/release/0.2.0+5.82.0-wordpress-php8.1
@ -0,0 +1 @@
+Authentik Support
--- a/release/0.2.1+5.82.0-wordpress-php8.1
+++ b/release/0.2.1+5.82.0-wordpress-php8.1
@ -0,0 +1 @@
+Fix bug when not using openid
--- a/release/0.3.0+5.82.0-wordpress-php8.1
+++ b/release/0.3.0+5.82.0-wordpress-php8.1
@ -0,0 +1 @@
+openid connect link existing users by default
Author	SHA1	Message	Date
many	f85e0d6b8e	chore: publish 0.3.0+5.82.0-wordpress-php8.1 release	2025-06-18 17:07:46 -04:00
many	95b028d083	configure openid connect plugin to link existing users by default	2025-06-18 16:55:44 -04:00
many	a2d725f437	chore: publish 0.2.1+5.82.0-wordpress-php8.1 release	2025-06-11 16:01:10 -04:00
many	d31244bdd6	Fix regression where not using OpenID would cause the recipe to fail to deploy	2025-06-04 19:15:05 -04:00
many	bc05150011	chore: publish 0.2.0+5.82.0-wordpress-php8.1 release	2025-05-23 15:51:03 -04:00
marlon	58115d9628	Merge pull request 'authentik-support' (#3 ) from authentik-support into main Reviewed-on: coop-cloud/civicrm-wordpress#3 Reviewed-by: yksflip <flip@yksflip.de>	2025-05-09 20:31:54 +00:00
many	603b233823	add authentik secret insert to readme	2025-04-09 16:52:17 -04:00
many	4ef2ddd223	update readme with authentik integration guide	2025-04-09 16:48:43 -04:00
many	ddd833b908	work on adding authentik support	2025-04-02 01:52:13 -04:00
many	35767ce472	chore: publish 0.1.3+5.82.0-wordpress-php8.1 release	2025-02-12 18:01:50 -05:00
many	e7fbeb6e85	Updated civicrm version	2025-02-12 17:02:34 -05:00
many	8c137e2c24	Use locale for civicrm as well as wordpress	2025-02-12 16:11:06 -05:00
many	e5e8f73dd8	Locale release	2025-02-12 15:55:37 -05:00
many	f0b30e7619	parameterize locale	2025-02-12 14:37:11 -05:00
many	e1d8880223	fix readme	2025-01-15 17:08:47 -05:00
many	62866bc869	chore: publish 0.1.2+5.80.0-wordpress-php8.1 release	2025-01-15 16:47:57 -05:00
many	3af0808350	update readme and recipe version number	2025-01-15 16:40:42 -05:00
virtualboys	89561a5543	Merge pull request 'Added wordpress admin email to env file so SMTP_USER doesn't have to be an email. Also added wordpress admin password secret so this can be defined at deploy time.' (#2 ) from virtualboys/civicrm-wordpress:image_version_update into main Reviewed-on: coop-cloud/civicrm-wordpress#2 Reviewed-by: marlon <marlon@riseup.net>	2025-01-15 21:32:52 +00:00
many	f4186699b2	Added wordpress admin email to env file so SMTP_USER doesn't have to be an email. Also added wordpress admin password secret so this can be defined at deploy time.	2025-01-08 20:53:50 -05:00
KawaiiPunk	8fc484a5b2	Merge pull request 'Updated civicrm image version and replaced default network with internal' (#1 ) from virtualboys/civicrm-wordpress:image_version_update into main Reviewed-on: coop-cloud/civicrm-wordpress#1	2025-01-08 22:23:52 +00:00
many	43e8243a8e	Updated civicrm image version and replaced default network with internal	2024-12-18 14:20:45 -05:00
				`@ -0,0 +1 @@`
				`openid connect link existing users by default`