First

.gitignore

@@ -0,0 +1,2 @@
+.byebug_history
+*.gem

Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
+
+# Specify your gem's dependencies in importmap-rails.gemspec.
+gemspec
+
+group :test do
+  gem "byebug"
+end

Gemfile.lock

@@ -0,0 +1,190 @@
+PATH
+  remote: .
+  specs:
+    cssbundling-rails (1.1.2)
+      railties (>= 6.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailbox (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activejob (= 6.1.3.1)
+      activerecord (= 6.1.3.1)
+      activestorage (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      mail (>= 2.7.1)
+    actionmailer (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      actionview (= 6.1.3.1)
+      activejob (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (6.1.3.1)
+      actionview (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      rack (~> 2.0, >= 2.0.9)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activerecord (= 6.1.3.1)
+      activestorage (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      nokogiri (>= 1.8.5)
+    actionview (6.1.3.1)
+      activesupport (= 6.1.3.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.1.3.1)
+      activesupport (= 6.1.3.1)
+      globalid (>= 0.3.6)
+    activemodel (6.1.3.1)
+      activesupport (= 6.1.3.1)
+    activerecord (6.1.3.1)
+      activemodel (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+    activestorage (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activejob (= 6.1.3.1)
+      activerecord (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      marcel (~> 1.0.0)
+      mini_mime (~> 1.0.2)
+    activesupport (6.1.3.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    builder (3.2.4)
+    byebug (11.1.3)
+    capybara (3.35.3)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (>= 1.5, < 3.0)
+      xpath (~> 3.2)
+    childprocess (3.0.0)
+    concurrent-ruby (1.1.9)
+    crass (1.0.6)
+    erubi (1.10.0)
+    globalid (0.5.1)
+      activesupport (>= 5.0)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
+    loofah (2.10.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (1.0.1)
+    method_source (1.0.0)
+    mini_mime (1.0.3)
+    minitest (5.14.4)
+    nio4r (2.5.7)
+    nokogiri (1.13.6-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.13.6-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.13.6-x86_64-linux)
+      racc (~> 1.4)
+    public_suffix (4.0.6)
+    racc (1.5.2)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (6.1.3.1)
+      actioncable (= 6.1.3.1)
+      actionmailbox (= 6.1.3.1)
+      actionmailer (= 6.1.3.1)
+      actionpack (= 6.1.3.1)
+      actiontext (= 6.1.3.1)
+      actionview (= 6.1.3.1)
+      activejob (= 6.1.3.1)
+      activemodel (= 6.1.3.1)
+      activerecord (= 6.1.3.1)
+      activestorage (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      bundler (>= 1.15.0)
+      railties (= 6.1.3.1)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.1.3.1)
+      actionpack (= 6.1.3.1)
+      activesupport (= 6.1.3.1)
+      method_source
+      rake (>= 0.8.7)
+      thor (~> 1.0)
+    rake (13.0.6)
+    regexp_parser (2.1.1)
+    rexml (3.2.5)
+    rubyzip (2.3.2)
+    selenium-webdriver (3.142.7)
+      childprocess (>= 0.5, < 4.0)
+      rubyzip (>= 1.2.2)
+    sprockets (4.0.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    sqlite3 (1.4.2)
+    stimulus-rails (0.3.8)
+      rails (>= 6.0.0)
+    thor (1.1.0)
+    turbo-rails (0.7.4)
+      rails (>= 6.0.0)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    webdrivers (4.6.0)
+      nokogiri (~> 1.6)
+      rubyzip (>= 1.3.0)
+      selenium-webdriver (>= 3.0, < 4.0)
+    websocket-driver (0.7.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+    zeitwerk (2.4.2)
+
+PLATFORMS
+  arm64-darwin-20
+  arm64-darwin-21
+  arm64-darwin-22
+  x86_64-darwin-20
+  x86_64-darwin-21
+  x86_64-linux
+
+DEPENDENCIES
+  byebug
+  capybara
+  cssbundling-rails!
+  rails (~> 6.1.0)
+  rexml
+  selenium-webdriver
+  sqlite3
+  stimulus-rails
+  turbo-rails
+  webdrivers
+
+BUNDLED WITH
+   2.2.33

MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2023 David Heinemeier Hansson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,45 @@
+# MRSK
+
+MRSK lets you do zero-downtime deploys of Rails apps packed as containers to any host running Docker. It uses the dynamic reverse-proxy Traefik to hold requests while the new application container is started and the old one is wound down. It works across multiple hosts at the same time, using SSHKit to execute commands.
+
+## Installation
+
+Create a configuration file for MRSK in `config/deploy.yml` that looks like this:
+
+```yaml
+service: my-app
+image: name/my-app
+servers:
+  - xxx.xxx.xxx.xxx
+  - xxx.xxx.xxx.xxx
+env:
+  DATABASE_URL: mysql2://username@localhost/database_name/
+  REDIS_URL: redis://host:6379/1
+```
+
+Then first login to the Docker Hub registry on the servers:
+
+```
+rake mrsk:registry:login DOCKER_USER=name DOCKER_PASSWORD=pw
+```
+
+Now you're ready to deploy a multi-arch image (FIXME: currently you need to manually run `docker buildx create --use` once first):
+
+```
+rake mrsk:deploy
+```
+
+This will:
+
+1. Build the image using the standard Dockerfile in the root of the application.
+2. Push the image to the registry.
+3. Pull the image on all the servers.
+4. Ensure Traefik is running and accepting traffic on port 80.
+5. Stop any containers running a previous versions of the app.
+6. Start a new container with the version of the app that matches the current git version hash.
+
+Voila! All the servers are now serving the app on port 80, and you're ready to put them behind a load balancer to serve live traffic.
+
+## License
+
+Mrsk is released under the [MIT License](https://opensource.org/licenses/MIT).

bin/release

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+VERSION=$1
+
+printf "module Mrsk\n  VERSION = \"$VERSION\"\nend\n" > ./lib/mrsk/version.rb
+bundle
+git add Gemfile.lock lib/mrsk/version.rb
+git commit -m "Bump version for $VERSION"
+git push
+git tag v$VERSION
+git push --tags
+gem build mrsk.gemspec
+gem push "mrsk-$VERSION.gem" --host https://rubygems.org
+rm "mrsk-$VERSION.gem"

lib/mrsk.rb

@@ -0,0 +1,8 @@
+module Mrsk
+end
+
+require "mrsk/version"
+require "mrsk/engine"
+
+require "mrsk/configuration"
+require "mrsk/commands"

lib/mrsk/commands.rb

@@ -0,0 +1,6 @@
+module Mrsk::Commands
+end
+
+require "mrsk/commands/app"
+require "mrsk/commands/traefik"
+require "mrsk/commands/registry"

lib/mrsk/commands/app.rb

@@ -0,0 +1,28 @@
+class Mrsk::Commands::App
+  attr_accessor :config
+
+  def initialize(config)
+    @config = config
+  end
+
+  def push
+    # TODO: Run 'docker buildx create --use' when needed
+    "docker buildx build --push --platform=linux/amd64,linux/arm64 -t #{config.image_with_version} ."
+  end
+
+  def pull
+    "docker pull #{config.image_with_version}"
+  end
+
+  def start
+    "docker run -d --rm --name #{config.service_with_version} #{config.envs} #{config.labels} #{config.image_with_version}"
+  end
+
+  def stop
+    "docker ps -q --filter label=service=#{config.service} | xargs docker stop"
+  end
+
+  def info
+    "docker ps --filter label=service=#{config.service}"
+  end
+end

lib/mrsk/commands/registry.rb

@@ -0,0 +1,10 @@
+class Mrsk::Commands::Registry
+  def login
+    if (user = ENV["DOCKER_USER"]).present? && (password = ENV["DOCKER_PASSWORD"]).present?
+      # FIXME: Find a way to hide PW so it's not shown on terminal
+      "docker login -u #{user} -p #{password}"
+    else
+      raise ArgumentError, "Missing DOCKER_USER or DOCKER_PASSWORD in ENV"
+    end
+  end
+end

lib/mrsk/commands/traefik.rb

@@ -0,0 +1,17 @@
+class Mrsk::Commands::Traefik
+  def start
+    "docker run --name traefik " + 
+      "--rm -d " +
+      "-p 80:80 " +
+      "-v /var/run/docker.sock:/var/run/docker.sock " +
+      "traefik --providers.docker"
+  end
+
+  def stop
+    "docker container stop traefik"
+  end
+
+  def info
+    "docker ps --filter name=traefik"
+  end
+end

lib/mrsk/configuration.rb

@@ -0,0 +1,55 @@
+class Mrsk::Configuration
+  attr_accessor :service, :image, :servers, :env, :ssh_user
+
+  def self.load_file(file)
+    if file.exist?
+      new **YAML.load_file(file).symbolize_keys!
+    else
+      raise "Configuration file not found in #{file}"
+    end
+  end
+
+  def initialize(service:, image:, servers:, env: {}, ssh_user: "root")
+    @service, @image, @servers, @env, @ssh_user = service, image, servers, env, ssh_user
+  end
+
+  def servers
+    ENV["SERVERS"] || @servers
+  end
+
+  def version
+    @version ||= ENV["VERSION"] || `git rev-parse HEAD`.strip
+  end
+
+  def image_with_version
+    "#{image}:#{version}"
+  end
+
+  def service_with_version
+    "#{service}-#{version}"
+  end
+
+  def envs
+    parameterize "-e", \
+      { "RAILS_MASTER_KEY" => master_key }.merge(env)
+  end
+
+  def labels
+    parameterize "--label", \
+      "service" => service,
+      "traefik.http.routers.#{service}.rule" => "'PathPrefix(`/`)'",
+      "traefik.http.services.#{service}.loadbalancer.healthcheck.path" => "/up",
+      "traefik.http.services.#{service}.loadbalancer.healthcheck.interval" => "1s",
+      "traefik.http.middlewares.#{service}.retry.attempts" => "3",
+      "traefik.http.middlewares.#{service}.retry.initialinterval" => "500ms"
+  end
+
+  private
+    def parameterize(param, hash)
+      hash.collect { |k, v| "#{param} #{k}=#{v}" }.join(" ")
+    end
+
+    def master_key
+      ENV["RAILS_MASTER_KEY"] || File.read(Rails.root.join("config/master.key"))
+    end
+end

lib/mrsk/engine.rb

@@ -0,0 +1,4 @@
+module Mrsk
+  class Engine < ::Rails::Engine
+  end
+end

lib/mrsk/version.rb

@@ -0,0 +1,3 @@
+module Mrsk
+  VERSION = "0.0.1"
+end

lib/tasks/mrsk/app.rake

@@ -0,0 +1,31 @@
+require_relative "setup"
+
+app = Mrsk::Commands::App.new(MRSK_CONFIG)
+
+namespace :mrsk do
+  namespace :app do
+    desc "Build and push app image to servers"
+    task :push do
+      run_locally             { execute app.push }
+      on(MRSK_CONFIG.servers) { execute app.pull }
+    end
+
+    desc "Start app on servers"
+    task :start do
+      on(MRSK_CONFIG.servers) { execute app.start }
+    end
+
+    desc "Stop app on servers"
+    task :stop do
+      on(MRSK_CONFIG.servers) { execute app.stop, raise_on_non_zero_exit: false }
+    end
+
+    desc "Restart app on servers"
+    task restart: %i[ stop start ]
+
+    desc "Display information about app containers"
+    task :info do
+      on(MRSK_CONFIG.servers) { |host| puts "Host: #{host}\n" + capture(app.info) + "\n\n" }
+    end
+  end
+end

lib/tasks/mrsk/mrsk.rake

@@ -0,0 +1,12 @@
+namespace :mrsk do
+  desc "Push the latest version of the app, ensure Traefik is running, then restart app"
+  task deploy: [ "app:push", "traefik:start", "app:restart" ]
+
+  desc "Display information about Traefik and app containers"
+  task info: [ "traefik:info", "app:info" ]
+
+  desc "Create config stub"
+  task :init do
+    Rails.root.join("config/deploy.yml")
+  end
+end

lib/tasks/mrsk/registry.rake

@@ -0,0 +1,17 @@
+require_relative "setup"
+
+registry = Mrsk::Commands::Registry.new
+
+namespace :mrsk do
+  namespace :registry do
+    desc "Login to the registry using ENV['DOCKER_USER'] and ENV['DOCKER_PASSWORD']"
+    task :login do
+      if ENV["DOCKER_USER"].present? && ENV["DOCKER_PASSWORD"].present?
+        run_locally             { execute registry.login }
+        on(MRSK_CONFIG.servers) { execute registry.login }
+      else
+        puts "Skipping login due to missing ENV['DOCKER_USER'] and ENV['DOCKER_PASSWORD']"
+      end
+    end
+  end
+end

lib/tasks/mrsk/setup.rb

@@ -0,0 +1,10 @@
+require "sshkit"
+require "sshkit/dsl"
+
+include SSHKit::DSL
+
+MRSK_CONFIG = Mrsk::Configuration.load_file(Rails.root.join("config/deploy.yml"))
+
+SSHKit::Backend::Netssh.configure do |ssh|
+  ssh.ssh_options = { user: MRSK_CONFIG.ssh_user, auth_methods: [ "publickey" ] }
+end

lib/tasks/mrsk/traefik.rake

@@ -0,0 +1,25 @@
+require_relative "setup"
+
+traefik = Mrsk::Commands::Traefik.new
+
+namespace :mrsk do
+  namespace :traefik do
+    desc "Start Traefik"
+    task :start do
+      on(MRSK_CONFIG.servers) { execute traefik.start, raise_on_non_zero_exit: false }
+    end
+
+    desc "Stop Traefik"
+    task :stop do
+      on(MRSK_CONFIG.servers) { execute traefik.stop, raise_on_non_zero_exit: false }
+    end
+
+    desc "Restart Traefik"
+    task restart: %i[ stop start ]
+
+    desc "Display information about Traefik containers"
+    task :info do
+      on(MRSK_CONFIG.servers) { |host| puts "Host: #{host}\n" + capture(traefik.info) + "\n\n" }
+    end
+  end
+end

mrsk.gemspec

@@ -0,0 +1,16 @@
+require_relative "lib/mrsk/version"
+
+Gem::Specification.new do |spec|
+  spec.name        = "mrsk"
+  spec.version     = Mrsk::VERSION
+  spec.authors     = [ "David Heinemeier Hansson" ]
+  spec.email       = "dhh@hey.com"
+  spec.homepage    = "https://github.com/rails/mrsk"
+  spec.summary     = "Deploy Docker containers with zero downtime to any host."
+  spec.license     = "MIT"
+
+  spec.files = Dir["lib/**/*", "MIT-LICENSE", "README.md"]
+
+  spec.add_dependency "railties", ">= 7.0.0"
+  spec.add_dependency "sshkit", "~> 1.21"
+end