This project provides an automated solution for syncing WordPress plugins and themes across multiple sites using GitHub Actions. It consists of two main components:
TECHOPS-GIT-AUTOMATION/
├── Internal---TechOps-Automation/ # GitHub Actions automation repository
│ ├── .github/
│ │ └── workflows/ # GitHub Actions workflow definitions
│ ├── scripts/ # Node.js processing scripts
│ └── wp-content/ # Synchronized content storage
└── techops-content-sync/ # WordPress plugin for content sync
├── includes/ # Plugin core functionality
└── techops-content-sync.php # Main plugin file
The techops-content-sync plugin provides secure REST API endpoints for downloading plugins and themes from WordPress sites.
- Secure REST API endpoints with Application Password authentication
- Rate limiting for API requests
- Safe file handling and ZIP creation
- Proper error handling and logging
GET /wp-json/techops/v1/plugins/list- List all installed pluginsGET /wp-json/techops/v1/themes/list- List all installed themesGET /wp-json/techops/v1/plugins/download/{slug}- Download specific pluginGET /wp-json/techops/v1/themes/download/{slug}- Download specific theme
This repository contains the automation scripts and workflows for syncing content between WordPress sites.
-
GitHub Actions Workflows (
.github/workflows/)wordpress-content-sync.yml: Triggered manually or on schedule. Handles authentication and API requests, manages the content synchronization process by downloading plugin and theme files from a specified WordPress site, and creates Pull Requests for review with the updated content.check-updates.yml: Triggered manually or on a monthly schedule. Checks a staging WordPress site for available plugin and theme updates, generates a report (updates.json), and creates a Pull Request to themainbranch with the update report if updates are found.wordpress-activation-sync.yml: Triggered when a Pull Request targeting thereleasebranch is merged. Waits for content deployment to the staging site, then synchronizes plugin and theme activation states between the live and staging sites using dedicated scripts. It uploads sync reports as artifacts and adds a comment to the closed Pull Request detailing the sync status.wordpress-updates.yml: Triggered manually. Processes WordPress updates (plugins/themes) based on theupdate_results.jsonfile (likely generated bycheck-updates.yml), applies the updates, and creates a Pull Request to themainbranch with the resulting changes if updates were successfully processed.
-
Processing Scripts (
scripts/)download-content.sh: Main script for downloading contentprocess-plugins.js: Handles plugin ZIP processingprocess-themes.js: Handles theme ZIP processing
- Secure credential handling using GitHub Secrets
- Proper error handling and validation
- Clean directory structure maintenance
- Automated cleanup of temporary files
- Install and activate the
techops-content-syncplugin - Generate an Application Password:
- Go to Users → Your Profile
- Scroll to "Application Passwords"
- Enter "GitHub Actions" as the name
- Copy the generated password
- Fork/Clone the
Internal---TechOps-Automationrepository - Configure GitHub Secrets:
WP_APP_USERNAME: WordPress usernameWP_APP_PASSWORD: Generated Application PasswordWP_AUTH_TOKEN: Base64 encoded "username:password"
- Go to Actions tab in GitHub
- Select "WordPress Content Sync"
- Click "Run workflow"
- Enter the WordPress site URL
- Monitor the execution
- WordPress Application Password generates credentials
- Credentials stored as GitHub Secrets
- Base64 encoded auth token used in API requests
- Fetch lists of plugins/themes from WordPress
- Download ZIP files for each item
- Extract to temporary directory
- Process and organize files
- Clean up temporary files
- Create Pull Request with changes
- API request validation
- JSON response verification
- ZIP extraction error handling
- Directory structure validation
- Proper cleanup on failures
-
Authentication
- Application Passwords for secure access
- No permanent API keys stored
- Credentials managed via GitHub Secrets
-
File Handling
- Path traversal prevention
- Safe ZIP handling
- Temporary file cleanup
-
API Security
- Rate limiting
- Request validation
- Error logging
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a Pull Request
Both components are licensed under GPL v2 or later.