Hi All,
Sorry, I’m wondering if its possible to automatically update the config file when there’s a new plugin by user who install plugins from wp-admin panel / add manually some plugin through ftp for example ?
- Do you think its possible if the wordpress directory part of git and perhaps i can tweak something to scan / detect then update the config file ? im currently try to read / test something with like hooks for git though (for this i need to setup git to the remote repo from live server)
- Or maybe there are some ways to achieve this ?
Many thanks in advance,
You could potentially build a system to do this, but I would strongly recommend against it for the following reasons:
- If you want to maintain the Bedrock approach, someone adding a plugin via the admin would essentially be running a
composer install on your live production server. This is not great:
- It’s a security risk (you’re effectively allowing someone to execute more-or-less arbitrary code on your server)
- The site could easily go down while the install is in progress (i.e. a package fails to install; the server runs out of PHP workers and stalls; composer runs out of memory, etc)
- If the install fails, and especially if it fails in a partial state, your site is entirely broken
- Composer is a CLI tool–you would have no capacity to troubleshoot or debug it from the admin, unless you built a system to do so (which would be a non-trivial undertaking)
- Your server many not even have Composer installed, or allow this kind of behavior
- In addition to running composer, you would also need to run git to make commits and push to your repo
- To do this, your server would need to be able to authenticate with your git provider
- You would also need some kind of system to recover from git errors, resolve merge conflicts, etc
- As with Composer, your server may not even have git, or allow this kind of usage
- Bedrock’s Composer approach to plugin management assumes that all plugins installed will be on Packagist (or hosted in a custom location elsewhere) but WordPress allows many other ways to install plugins–i.e. simply uploading a zip file. An automated system like you describe would have no way of handling this.
Are these problems insurmountable? No, probably not, but so far as I am aware there are no existing solutions for them, and you are signing yourself up for a great deal of work if you decide you want to try and surmount them.
Bedrock is designed as a management tool, and is intended for an approach to WordPress where you tread your site as an application that you control and manage. See: Twelve-Factor WordPress App | Roots
1 Like
I wonder if there’s another way about this situation… @brm-ryd is looking to add the functionality of automatically adding the package to composer. @alwaysblank rightly says is a bad idea. It’s also a lot of work, even if a person ignored the security concerns.
Why not take this direction: generate a report that lists the differences between the plugins installed via composer and the plugins installed via WordPress.
2 Likes
@roygbyte that’s a good idea! You can get a pretty good report on what’s installed w/ WP-CLI’s wp plugin list command, which can be instructed to output only certain fields (i.e. plugin name, version) and in certain formats (i.e. JSON, YAML). You could probably write a pretty straightforward bash script that would do something like:
- Call
wp plugin list on your remote site and parse installed plugins
- Parse your local
composer.json for plugins
- Compare those lists
- Generate a diff report
And that’s a very clever way to implement it! Here I was thinking a person would have to use a plugin to implement this functionality… But as you say: the whole thing could be a cute bash script!
This is something I could definitely see myself using in the future. But first I got to see if Azure supports WP CLI…
Many thanks @alwaysblank & @roygbyte for gave the great feedback!,
Yes @roygbyte , i currently still find out the right way to parse (perhaps based on checking plugins directory content / using wp cli to parse and add into composer config