catalog / docker.io/library/wordpress / criteria

wordpress — validation criteria

Per-image acceptance criteria for the docker.io/library/wordpress profile (apache variant). Validated against …@sha256:5d2c2125… (tag 6.9), derived by drop-test against the default in-stack invocationWORDPRESS_DB_* env against a mysql database, the first public-catalog profile using the in-stack dependent-tier model (deps:). Capabilities trim 14 → 6.

Representative workload / correctness check

profiles/workloads/wordpress.sh — real function in both site states: on a fresh database it drives the actual HTTP install flow (install.php?step=2, creating the schema through php → mysql), then asserts the homepage serves the configured blog title from the database; on an installed database it asserts the titled homepage directly (fresh container, wp-config generated from env, site read from mysql). Both states exercise the full entrypoint source-copy → apache worker drop → php → mysql pipeline. The drop-test correctness check additionally asserts a worker runs as www-data (uid 33).

Two hard-won harness rules encoded here:

  1. Capture-then-match, never curl | grep -q under set -o pipefailgrep -q exits at the first match, curl takes SIGPIPE (exit 141), and the pipeline reports failure on a page that matched. This false negative burned three derivation runs before diagnosis; the check now captures the body and string-matches. (Small responses mask the bug — it bites once the body outgrows the pipe buffer.)
  2. The install POST retries and the title check polls — first requests after boot can land while php/mysql are settling.

capabilities — derived by drop-test

Every grant carries distinct evidence:

filesystem — derived by drop-test

Scope (run_config + out-of-band conditions)