add WordPress CMS v6.9.4

[BookJJun-IJ]

Summary

Add WordPress (v6.9.4-apache) with MariaDB 11.8.6 backend.

Architecture

Service	Image	cpu_shares
wordpress	wordpress:6.9.4-apache	70
db	mariadb:11.8.6	50

• Internal network: wordpress-network (bridge)
• External network: pcs (Caddy reverse proxy)

Submission Checklist

Tech Checklist

• Proper file permissions — user: 0:0, volumes mapped to /DATA/AppData/$AppID/
• Migration path — WordPress handles DB migrations on update
• Pre-install/post-install commands — N/A

Security Checklist

• Default authentication — WordPress setup wizard creates admin account on first launch
• No hardcoded credentials — uses $PCS_DEFAULT_PASSWORD for DB
• Specific version tags — wordpress:6.9.4-apache, mariadb:11.8.6

Functionality Checklist

• Works immediately after installation
• Data mapped to /DATA/AppData/$AppID/ — html/, dbdata/
• No manual configuration required
• Data persistence — DB and WordPress files persist
• cpu_shares set on all services — wordpress: 70, db: 50
• Fresh installation tested
• Uninstall/reinstall tested

Documentation Checklist

• Clear description — en_us, ko_kr, zh_cn, fr_fr, es_es
• Tagline in 5 languages
• Icon and screenshots provided, CDN URLs point to Yundera/AppStore@main

[Maelisse2002]

🤖 AI Pre-Check

Decision: ⚠️ ai-reviewed:needs-review (forced — new app submission; AI pre-check is advisory, humans own the decision)
Tech review (incl. security): needed — new app submission (root containers + new volume mounts)
Commit: e3d1c2c | Checklist source: CONTRIBUTING.md@main

Apps in this PR

• Wordpress — new app (WordPress 6.9.4-apache + MariaDB 11.8.6)

AI static checks

• ✅ Specific version tags, no :latest (wordpress:6.9.4-apache, mariadb:11.8.6)
• ✅ No hardcoded credentials (DB passwords use $APP_DEFAULT_PASSWORD)
• ✅ Volumes under /DATA/AppData/$AppID/ (html/, db/)
• ✅ cpu_shares set on all services (70 / 50)
• ✅ user: field set on both services (0:0 — root, exception documented in rationale.md)
• ✅ x-casaos metadata present (description, icon, screenshots, tagline)
• ✅ Asset URLs point to Yundera/AppStore@main
• ❌ Required asset files present in PR — thumbnail.png is referenced in x-casaos.thumbnail and is Required by CONTRIBUTING.md, but is missing from the PR (only icon.png + screenshot-1..3.png are present)
• ➖ pre/post-install command security (no pre-install-cmd / post-install-cmd in compose)

→ Tier 2 must verify (human)

• Works immediately after installation (no manual config, sensible defaults)
• Fresh installation tested
• Uninstall / reinstall preserves data (html/ + db/ persist)
• Migration path from previous versions (n/a — new app; still confirm upgrade-on-top behavior)

Notes for reviewers

New app submission, so this stays on the human flow and the AI verdict is advisory only. One real static issue: the thumbnail.png tile image is referenced but not committed — it must be added before merge (CONTRIBUTING.md marks it Required). rationale.md requests a documented exception for running as root: "Both services run as user: 0:0 (root). Authentication is handled via WordPress's first-launch onboarding wizard (no pre-configured credentials)." The justification (official WordPress/MariaDB images need root for file/DB initialization) is plausible and volumes are confined to /DATA/AppData/$AppID/ with the DB kept off the pcs network — a reviewer should confirm this is acceptable.

Next step

→ Add the missing thumbnail.png, then Tier 2 functional review + tech + security review (new app submission; root containers and new volume mounts).

---

_{Generated by AI pre-check. Checklist read live from CONTRIBUTING.md on main. Labels are the machine-readable verdict; this comment is the human-readable explanation. Humans own the merge.}