Add push_env config

This setting allows you to automatically push env files when deploying.
The default is not to push any files, but you can set it to `all`,
`clear` or `secret` to push the relevant files.

The most useful setting is `clear` which will push the clear env files
every time you deploy.

In addition you can choose the env_type to push when calling
`kamal env push` directly:

```
kamal env push --env-type clear
kamal env push --env-type secret
kamal env push --env-type all # same as kamal env push
```

lib/kamal/cli/env.rb

@@ -2,7 +2,11 @@ require "tempfile"
 
 class Kamal::Cli::Env < Kamal::Cli::Base
   desc "push", "Push the env files to the remote hosts"
+  option :env_type, type: :string, desc: "Type of env files", enum: %w[secret clear all], default: "all"
   def push
+    secret = %w[secret all].include?(options[:env_type])
+    clear = %w[clear all].include?(options[:env_type])
+
     mutating do
       on(KAMAL.hosts) do
         execute *KAMAL.auditor.record("Pushed env files"), verbosity: :debug
@@ -10,23 +14,23 @@ class Kamal::Cli::Env < Kamal::Cli::Base
         KAMAL.roles_on(host).each do |role|
           role_config = KAMAL.config.role(role)
           execute *KAMAL.app(role: role).make_env_directory
-          upload! StringIO.new(role_config.env_file.secret), role_config.host_secret_env_file_path, mode: 400
-          upload! StringIO.new(role_config.env_file.clear), role_config.host_clear_env_file_path, mode: 400
+          upload! StringIO.new(role_config.env_file.secret), role_config.host_secret_env_file_path, mode: 400 if secret
+          upload! StringIO.new(role_config.env_file.clear), role_config.host_clear_env_file_path, mode: 400 if clear
         end
       end
 
       on(KAMAL.traefik_hosts) do
         execute *KAMAL.traefik.make_env_directory
-        upload! StringIO.new(KAMAL.traefik.env_file.secret), KAMAL.traefik.host_secret_env_file_path, mode: 400
-        upload! StringIO.new(KAMAL.traefik.env_file.clear), KAMAL.traefik.host_clear_env_file_path, mode: 400
+        upload! StringIO.new(KAMAL.traefik.env_file.secret), KAMAL.traefik.host_secret_env_file_path, mode: 400 if secret
+        upload! StringIO.new(KAMAL.traefik.env_file.clear), KAMAL.traefik.host_clear_env_file_path, mode: 400 if clear
       end
 
       on(KAMAL.accessory_hosts) do
         KAMAL.accessories_on(host).each do |accessory|
           accessory_config = KAMAL.config.accessory(accessory)
           execute *KAMAL.accessory(accessory).make_env_directory
-          upload! StringIO.new(accessory_config.env_file.secret), accessory_config.host_secret_env_file_path, mode: 400
-          upload! StringIO.new(accessory_config.env_file.clear), accessory_config.host_clear_env_file_path, mode: 400
+          upload! StringIO.new(accessory_config.env_file.secret), accessory_config.host_secret_env_file_path, mode: 400 if secret
+          upload! StringIO.new(accessory_config.env_file.clear), accessory_config.host_clear_env_file_path, mode: 400 if clear
         end
       end
     end

lib/kamal/cli/main.rb

@@ -35,6 +35,8 @@ class Kamal::Cli::Main < Kamal::Cli::Base
 
         run_hook "pre-deploy"
 
+        push_env(invoke_options)
+
         say "Ensure Traefik is running...", :magenta
         invoke "kamal:cli:traefik:boot", [], invoke_options
 
@@ -73,6 +75,8 @@ class Kamal::Cli::Main < Kamal::Cli::Base
 
         run_hook "pre-deploy"
 
+        push_env(invoke_options)
+
         say "Ensure app can pass healthcheck...", :magenta
         invoke "kamal:cli:healthcheck:perform", [], invoke_options
 
@@ -99,6 +103,8 @@ class Kamal::Cli::Main < Kamal::Cli::Base
         if container_available?(version)
           run_hook "pre-deploy"
 
+          push_env(invoke_options)
+
           invoke "kamal:cli:app:boot", [], invoke_options.merge(version: version)
           rolled_back = true
         else
@@ -262,4 +268,11 @@ class Kamal::Cli::Main < Kamal::Cli::Base
     def deploy_options
       { "version" => KAMAL.config.version }.merge(options.without("skip_push"))
     end
+
+    def push_env(invoke_options)
+      if KAMAL.config.push_env
+        say "Pushing #{KAMAL.config.push_env} env files..."
+        invoke "kamal:cli:env:push", [], invoke_options.merge(env_type: KAMAL.config.push_env)
+      end
+    end
 end

lib/kamal/configuration.rb

@@ -6,7 +6,7 @@ require "erb"
 require "net/ssh/proxy/jump"
 
 class Kamal::Configuration
-  delegate :service, :image, :servers, :env, :labels, :registry, :stop_wait_time, :hooks_path, to: :raw_config, allow_nil: true
+  delegate :service, :image, :servers, :env, :labels, :registry, :stop_wait_time, :hooks_path, :push_env, to: :raw_config, allow_nil: true
   delegate :argumentize, :optionize, to: Kamal::Utils
 
   attr_reader :destination, :raw_config
@@ -222,7 +222,11 @@ class Kamal::Configuration
 
 
   def valid?
-    ensure_destination_if_required && ensure_required_keys_present && ensure_valid_kamal_version && ensure_retain_containers_valid
+    ensure_destination_if_required \
+      && ensure_required_keys_present \
+      && ensure_valid_kamal_version \
+      && ensure_retain_containers_valid \
+      && ensure_push_env_valid
   end
 
   def to_h
@@ -301,6 +305,14 @@ class Kamal::Configuration
       true
     end
 
+    def ensure_push_env_valid
+      if raw_config.push_env && !%w[ all clear secret ].include?(raw_config.push_env)
+        raise ArgumentError, "push_env must be one of `all`, `clear` `secret`"
+      end
+
+      true
+    end
+
 
     def role_names
       raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort