DevOps Guide — New Project Setup

Overview

Step 1: CloudPanel  → Create WordPress site + SSL
Step 2: Git Bash    → Run script (auto: repo + secrets + files)
Step 3:             → Send handover to developer
Step 4: (Later)     → Lightsail production setup

Step 1: CloudPanel — Create WordPress Site

https://dev.enfection.com:8443
→ Sites → + Add Site → New WordPress Site

Fill in exactly:

Field	Value
Domain Name	`rocell.dev.enfection.com`
Site Title	`Rocell Website`
Site User	`enfection-rocell-dev` ⚠️ must follow pattern
Site User Password	auto-generated (save it)
Admin User Name	`admin`
Admin Password	auto-generated (save for handover!)
Admin E-Mail	`devops@enfection.com`
Multisite	`No`

→ Click Create

Site User Pattern — Always follow this

enfection-[client-slug]-dev

Examples:
  enfection-rocell-dev
  enfection-inclusivity-dev
  enfection-abec-dev

The script uses this pattern. Wrong site user = deploy fails.

CloudPanel automatically creates the site, database, and installs WordPress.

Verify:

https://rocell.dev.enfection.com/wp-admin  ✅

Step 2: SSL — Let's Encrypt

CloudPanel → Sites → rocell.dev.enfection.com
→ SSL/TLS → Actions → New Let's Encrypt Certificate → Create

Wait 30 seconds. Verify padlock:

https://rocell.dev.enfection.com  ✅

Step 3: Run Script (Git Bash — Local Machine)

cd C:/Enfection/DevOps-Process/wordpress-devops-infrastructure
scripts/new-project.sh rocell "Rocell Website"

Script automatically does:

Task	Result
GitHub private repo create	`rocell-wordpress-theme`
`deploy.yml` push	staging CI/CD pipeline
`deploy-production.yml` push	production CI/CD pipeline
`sonar-project.properties` push	SonarQube config
`.gitignore` push	ignore file
`docker/docker-compose.yml` push	production Docker setup
`docker/nginx.conf` push	Nginx config
`main` + `staging` + `production` branches create	all branches ready
8 GitHub secrets added	staging filled, prod = PENDING

8 Secrets status after script:

Secret	Status
`STAGING_SERVER_IP`	✅ auto-filled
`STAGING_SSH_USER`	✅ auto-filled
`STAGING_SSH_KEY`	✅ auto-filled
`SONAR_TOKEN`	✅ auto-filled
`SONAR_HOST_URL`	✅ auto-filled
`PROD_SSH_USER`	✅ auto-filled (`ubuntu`)
`PROD_SERVER_IP`	⚠ PENDING — add after Lightsail setup
`PROD_SSH_KEY`	⚠ PENDING — add after Lightsail setup

Adding Developer as Collaborator

Option A: Via script (automatic) — add GitHub username as 3rd argument:

scripts/new-project.sh inclusivity "Inclusivity Website" gayanChamara

Option B: Manual — if you forgot to add username in script:

github.com/ChamodTharuka/inclusivity-wordpress-theme
→ Settings → Collaborators and teams
→ Add people
→ Search developer's GitHub username → Add
→ Select role: Write

Developer will receive an email invite to accept.

Step 4: Developer Handover

Send to developer:

GitHub Repo:   https://github.com/ChamodTharuka/rocell-wordpress-theme
Branch:        staging

Staging Site:  https://rocell.dev.enfection.com
WP Admin:      https://rocell.dev.enfection.com/wp-admin
WP User:       admin
WP Password:   [password from Step 1]

Developer Guide: https://docs.dev.enfection.com/developer/new-project/

Step 5: Production Setup (Lightsail) — When Client Approves

1. Create Lightsail instance:

AWS Lightsail → Create instance
→ OS only → Ubuntu 24.04 LTS → $10/month (2GB RAM)
→ Launch script (paste this):

#!/bin/bash
apt-get update -y
apt-get install -y docker.io docker-compose
systemctl enable docker
systemctl start docker
usermod -aG docker ubuntu

→ Create instance
→ Networking → Create Static IP → attach to instance
→ Enable automatic snapshots (Snapshots tab)

2. Download + convert Lightsail SSH key:

Lightsail → Account → SSH keys
→ Download: LightsailDefaultKey-ap-south-1.pem

PuTTYgen → Load .pem file
→ Conversions → Export OpenSSH key
→ Save as: C:\Users\chamo\.ssh\lightsail-production

3. Update PROD secrets in GitHub repo:

github.com/ChamodTharuka/rocell-wordpress-theme
→ Settings → Secrets and variables → Actions
→ Update PROD_SERVER_IP = [lightsail static IP]
→ Update PROD_SSH_KEY   = [contents of lightsail-production file]

Or run in Git Bash:

gh secret set PROD_SERVER_IP --body "43.x.x.x" --repo ChamodTharuka/rocell-wordpress-theme
gh secret set PROD_SSH_KEY --body "$(cat ~/.ssh/lightsail-production)" --repo ChamodTharuka/rocell-wordpress-theme

4. WordPress first-time setup on production:

http://[lightsail-ip]/wp-admin/install.php

Site Title:  Rocell Website
Username:    admin
Password:    (strong — save it!)
Email:       devops@enfection.com
→ Install WordPress
→ Appearance → Themes → Rocell Theme → Activate

5. Deploy to production:

git checkout production
git merge staging
git push origin production
# → GitHub Actions auto deploys to Lightsail ✅

Branch Summary

Branch	Push triggers	Result
`staging`	Developer daily work	SonarQube + staging deploy
`production`	DevOps after client approval	Lightsail Docker deploy
`main`	Safety backup only	No deploy

One-Time Setup (First Time Only)

Do this once. Never repeat.

Install GitHub CLI

winget install --id GitHub.cli

Reopen Git Bash, then login:

gh auth login
# → GitHub.com → HTTPS → Login with a web browser

Save Staging Deploy Key

Convert enfection-staging-key.ppk → OpenSSH using PuTTYgen:

PuTTYgen → Load → enfection-staging-key.ppk
→ Conversions → Export OpenSSH key
→ Save as: C:\Users\chamo\.ssh\deploy_key

Create Config File

cat > ~/.enfection-config << 'EOF'
STAGING_SERVER_IP=13.234.20.114
STAGING_SSH_USER=ubuntu
STAGING_SSH_KEY_PATH=~/.ssh/deploy_key
SONAR_HOST_URL=https://sonarqube.enfection.com
SONAR_TOKEN=your-sonarqube-user-token
GITHUB_USER=ChamodTharuka
EOF

Get SonarQube Token (one token — works for all projects)

https://sonarqube.enfection.com
→ My Account → Security → Generate Tokens
→ Name: enfection-global
→ Type: User Token
→ Generate → Copy → paste into ~/.enfection-config