spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: spacebar:command-line-secret-escaping
Branches Tags
spacebar:main spacebar:1-9-stable spacebar:eval-proxy-options spacebar:more-robust-command-matching spacebar:output-role-with-logs spacebar:proxy-with-bare-hostname spacebar:kamal-proxy-deploy-equals-in-args spacebar:command-line-secret-escaping spacebar:cleanup-default-templates spacebar:local-docker-registry spacebar:proxy-0.5.0 spacebar:proxy-experimental spacebar:1-8-stable spacebar:proxy-experimental-and-revert-905-simplify-builders-config spacebar:revert-905-simplify-builders-config spacebar:xiaohui-zhangxh/git-clone-update-submodules spacebar:simplify-builders spacebar:dot-kamal-slash-env spacebar:no-envify spacebar:kamal-proxy spacebar:parachute spacebar:rename-roles spacebar:mproxy spacebar:per-destination-latest-image-tag spacebar:auto-push-env spacebar:concurrent-docker-login spacebar:error-on-filter-miss spacebar:rollback-short-sha spacebar:fix-per-role-healthcheck-custom spacebar:return-502-if-no-container spacebar:accumulating-asset-path spacebar:zero-downtime-deploys spacebar:more-resilient-zero-downtime-deploy spacebar:audit-broadcasts
spacebar:v1.9.3 spacebar:v2.7.0 spacebar:v2.6.1 spacebar:v2.6.0 spacebar:v2.5.3 spacebar:v2.5.2 spacebar:v2.5.1 spacebar:v2.5.0 spacebar:v2.4.0 spacebar:v2.3.0 spacebar:v2.2.2 spacebar:v2.2.1 spacebar:v2.2.0 spacebar:v1.9.2 spacebar:v2.1.2 spacebar:v2.1.1 spacebar:v2.1.0 spacebar:v1.9.1 spacebar:v2.0.0 spacebar:v1.9.0 spacebar:v2.0.0.rc4 spacebar:v2.0.0.rc3 spacebar:v2.0.0.rc2 spacebar:v2.0.0.rc1 spacebar:v2.0.0.beta2 spacebar:v2.0.0.beta1 spacebar:v1.8.3 spacebar:v1.8.2 spacebar:v1.8.1 spacebar:v1.8.0 spacebar:v1.7.3 spacebar:v1.7.2 spacebar:v1.7.1 spacebar:v1.7.0 spacebar:v1.6.0 spacebar:v1.5.2 spacebar:v1.5.1 spacebar:v1.5.0 spacebar:v1.4.0 spacebar:v1.3.1 spacebar:v1.3.0 spacebar:v1.2.0 spacebar:v1.1.0 spacebar:v1.0.0 spacebar:v0.16.1 spacebar:v0.16.0 spacebar:v0.15.1 spacebar:v0.15.0 spacebar:v0.14.0 spacebar:v0.13.2 spacebar:v0.13.1 spacebar:v0.13.0 spacebar:v0.12.1 spacebar:v0.12.0 spacebar:v0.11.0 spacebar:v0.10.1 spacebar:v0.10.0 spacebar:v0.9.1 spacebar:v0.9.0 spacebar:v.0.0.1 spacebar:v0.8.4 spacebar:v0.8.3 spacebar:v0.8.2 spacebar:v0.8.1 spacebar:v0.8.0 spacebar:v0.7.2 spacebar:v0.7.1 spacebar:v0.7.0 spacebar:v0.6.4 spacebar:v0.6.3 spacebar:v0.6.2 spacebar:v0.6.1 spacebar:v0.6.0 spacebar:v0.5.1 spacebar:v0.5.0 spacebar:v0.4.0 spacebar:v0.3.1 spacebar:v0.3.0 spacebar:v0.2.0 spacebar:v0.1.0 spacebar:v0.0.3 spacebar:v0.0.2 spacebar:v0.0.1
...
pull from: spacebar:kamal-proxy-deploy-equals-in-args
Branches Tags
spacebar:main spacebar:1-9-stable spacebar:eval-proxy-options spacebar:more-robust-command-matching spacebar:output-role-with-logs spacebar:proxy-with-bare-hostname spacebar:kamal-proxy-deploy-equals-in-args spacebar:command-line-secret-escaping spacebar:cleanup-default-templates spacebar:local-docker-registry spacebar:proxy-0.5.0 spacebar:proxy-experimental spacebar:1-8-stable spacebar:proxy-experimental-and-revert-905-simplify-builders-config spacebar:revert-905-simplify-builders-config spacebar:xiaohui-zhangxh/git-clone-update-submodules spacebar:simplify-builders spacebar:dot-kamal-slash-env spacebar:no-envify spacebar:kamal-proxy spacebar:parachute spacebar:rename-roles spacebar:mproxy spacebar:per-destination-latest-image-tag spacebar:auto-push-env spacebar:concurrent-docker-login spacebar:error-on-filter-miss spacebar:rollback-short-sha spacebar:fix-per-role-healthcheck-custom spacebar:return-502-if-no-container spacebar:accumulating-asset-path spacebar:zero-downtime-deploys spacebar:more-resilient-zero-downtime-deploy spacebar:audit-broadcasts
spacebar:v1.9.3 spacebar:v2.7.0 spacebar:v2.6.1 spacebar:v2.6.0 spacebar:v2.5.3 spacebar:v2.5.2 spacebar:v2.5.1 spacebar:v2.5.0 spacebar:v2.4.0 spacebar:v2.3.0 spacebar:v2.2.2 spacebar:v2.2.1 spacebar:v2.2.0 spacebar:v1.9.2 spacebar:v2.1.2 spacebar:v2.1.1 spacebar:v2.1.0 spacebar:v1.9.1 spacebar:v2.0.0 spacebar:v1.9.0 spacebar:v2.0.0.rc4 spacebar:v2.0.0.rc3 spacebar:v2.0.0.rc2 spacebar:v2.0.0.rc1 spacebar:v2.0.0.beta2 spacebar:v2.0.0.beta1 spacebar:v1.8.3 spacebar:v1.8.2 spacebar:v1.8.1 spacebar:v1.8.0 spacebar:v1.7.3 spacebar:v1.7.2 spacebar:v1.7.1 spacebar:v1.7.0 spacebar:v1.6.0 spacebar:v1.5.2 spacebar:v1.5.1 spacebar:v1.5.0 spacebar:v1.4.0 spacebar:v1.3.1 spacebar:v1.3.0 spacebar:v1.2.0 spacebar:v1.1.0 spacebar:v1.0.0 spacebar:v0.16.1 spacebar:v0.16.0 spacebar:v0.15.1 spacebar:v0.15.0 spacebar:v0.14.0 spacebar:v0.13.2 spacebar:v0.13.1 spacebar:v0.13.0 spacebar:v0.12.1 spacebar:v0.12.0 spacebar:v0.11.0 spacebar:v0.10.1 spacebar:v0.10.0 spacebar:v0.9.1 spacebar:v0.9.0 spacebar:v.0.0.1 spacebar:v0.8.4 spacebar:v0.8.3 spacebar:v0.8.2 spacebar:v0.8.1 spacebar:v0.8.0 spacebar:v0.7.2 spacebar:v0.7.1 spacebar:v0.7.0 spacebar:v0.6.4 spacebar:v0.6.3 spacebar:v0.6.2 spacebar:v0.6.1 spacebar:v0.6.0 spacebar:v0.5.1 spacebar:v0.5.0 spacebar:v0.4.0 spacebar:v0.3.1 spacebar:v0.3.0 spacebar:v0.2.0 spacebar:v0.1.0 spacebar:v0.0.3 spacebar:v0.0.2 spacebar:v0.0.1

24 Commits
command-li ... kamal-prox

Author SHA1 Message Date
Donal McBreen
641e9056b3 Use = in kamal-proxy deploy command args 
`=` is required for boolean values and works for all values.
 2024-10-01 15:42:12 +01:00
Donal McBreen
b4bcf35f78 Merge pull request #1000 from kpumuk/hosts 
Allow specifying multiple hosts for kamal-proxy via an array
 2024-09-30 10:26:15 -04:00
Donal McBreen
7f6095c9eb Merge pull request #1009 from basecamp/secrets-print 
Add `kamal secrets print` for secret debugging
 2024-09-30 09:55:53 -04:00
Donal McBreen
ef1271df47 Merge pull request #1010 from basecamp/kamal-proxy-0-7-0 
Added support for ACME `http-01` challenges
 2024-09-30 09:55:34 -04:00
Donal McBreen
df1232d90f Added support for ACME http-01 challenges 
Update to kamal-proxy 0.7.0 for ACME `http-01` challenge support.
 2024-09-30 14:44:28 +01:00
Dmytro Shteflyuk
e75365c8c6 Simplified deploy options for kamal-proxy as it supports multiple --host arguments 2024-09-30 08:09:05 -04:00
Donal McBreen
e441399255 Add kamal secrets print for secret debugging 
Dotenv's variable substitution doesn't work the same way as commands run
in the shell. It needs values to be escaped.

```sh
$ cat /tmp/env
SECRETS=$(cat /tmp/json)
SECRETS2=$(echo $SECRETS | jq)
$ cat /tmp/json
\{\ \"foo\"\ :\ \"bar\" \}
$ SECRETS=$(cat /tmp/json)
$ SECRETS2=$(echo $SECRETS | jq)
jq: parse error: Invalid numeric literal at line 1, column 2
$ ruby -e 'require "dotenv"; puts Dotenv.parse("/tmp/env")["SECRETS2"]'
{
  "foo": "bar"
}
```

Since you then can't use the shell to debug, `kamal secrets print` will
allow you to see what the secrets will be set to.
 2024-09-30 12:28:29 +01:00
Donal McBreen
af992ce755 Merge pull request #996 from iximiuz/patch-1 
Fix git --add safe.directory command in Dockerfile
 2024-09-30 04:36:00 -04:00
Donal McBreen
32caf4b148 Merge pull request #995 from honzasterba/bw_nicer_error_message_on_non_field_fetch 
[bitwarden] default fetch raises NoMethodError
 2024-09-30 04:35:48 -04:00
Donal McBreen
28a02262df Merge pull request #988 from igor-alexandrov/kamal-proxy-remove-no-target 
Fixed kamal-proxy remove command
 2024-09-30 04:18:12 -04:00
Donal McBreen
b11fb93a6c Merge pull request #971 from igor-alexandrov/add-app-port-example 
Added app_port example to the proxy section
 2024-09-30 04:16:34 -04:00
Dmytro Shteflyuk
67ad7662ab Simplified proxy hosts validation and documentation, similar to accessory config 2024-09-29 20:56:23 -04:00
Dmytro Shteflyuk
c63ec39f07 Added a test for colliding hosts passed via hosts array 2024-09-29 20:56:23 -04:00
Dmytro Shteflyuk
8df7d7d92d Do not allow both host and hosts for proxy configuration 2024-09-29 20:43:44 -04:00
Dmytro Shteflyuk
1d48a0fb0a Allow specifying multiple hosts for kamal proxy via an array 2024-09-29 20:43:44 -04:00
Ivan Velichko
0f815e17e4 Relax the safe.directory requirement 
Co-authored-by: Jeremy Daer <jeremydaer@gmail.com>
 2024-09-28 18:00:10 +02:00
Ivan Velichko
a310aa8fef Fix git --add safe.directory command in Dockerfile 
Upgrading kamal from `v1.8.3` to `v1.9.0` broke my [kamal playground](https://labs.iximiuz.com/playgrounds/kamal):

```
laborant@dev-machine:~/svc-a$ kamal setup
  INFO [34d0def6] Running /usr/bin/env mkdir -p .kamal on 172.16.0.3
  INFO [c34cf833] Running /usr/bin/env mkdir -p .kamal on 172.16.0.4
  INFO [34d0def6] Finished in 0.147 seconds with exit status 0 (successful).
  INFO [c34cf833] Finished in 0.204 seconds with exit status 0 (successful).
Acquiring the deploy lock...
Ensure Docker is installed...
  INFO [413ee426] Running docker -v on 172.16.0.4
  INFO [f1acacba] Running docker -v on 172.16.0.3
  INFO [413ee426] Finished in 0.036 seconds with exit status 0 (successful).
  INFO [f1acacba] Finished in 0.076 seconds with exit status 0 (successful).
Log into image registry...
  INFO [94cff492] Running docker login registry.iximiuz.com -u [REDACTED] -p [REDACTED] on localhost
  INFO [94cff492] Finished in 0.077 seconds with exit status 0 (successful).
  INFO [605c535f] Running docker login registry.iximiuz.com -u [REDACTED] -p [REDACTED] on 172.16.0.4
  INFO [6002b598] Running docker login registry.iximiuz.com -u [REDACTED] -p [REDACTED] on 172.16.0.3
  INFO [605c535f] Finished in 0.083 seconds with exit status 0 (successful).
  INFO [6002b598] Finished in 0.083 seconds with exit status 0 (successful).
Build and push app image...
  INFO [9d172b1e] Running docker --version && docker buildx version on localhost
  INFO [9d172b1e] Finished in 0.059 seconds with exit status 0 (successful).
  INFO Cloning repo into build directory `/tmp/kamal-clones/svc-a-2f65914456263/workdir/`...
  INFO [26fb1bd3] Running /usr/bin/env git -C /tmp/kamal-clones/svc-a-2f65914456263 clone /workdir --recurse-submodules on localhost
 ERROR Error preparing clone: Failed to clone repo: git exit status: 32768
git stdout: Nothing written
git stderr: Cloning into 'workdir'...
fatal: detected dubious ownership in repository at '/workdir/.git'
To add an exception for this directory, call:

        git config --global --add safe.directory /workdir/.git
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
, deleting and retrying...
  INFO Cloning repo into build directory `/tmp/kamal-clones/svc-a-2f65914456263/workdir/`...
  INFO [fd4aac0c] Running /usr/bin/env git -C /tmp/kamal-clones/svc-a-2f65914456263 clone /workdir --recurse-submodules on localhost
  Finished all in 0.3 seconds
Releasing the deploy lock...
  Finished all in 0.6 seconds
  ERROR (SSHKit::Command::Failed): git exit status: 32768
git stdout: Nothing written
git stderr: Cloning into 'workdir'...
fatal: detected dubious ownership in repository at '/workdir/.git'
To add an exception for this directory, call:

        git config --global --add safe.directory /workdir/.git
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

laborant@dev-machine:~/svc-a$ kamal version
2.0.0
```

I checked the [v1.8.3...v1.9.0](https://github.com/basecamp/kamal/compare/v1.8.3...v1.9.0) diff, and couldn't find anything even remotely related to the above error.

Then I checked the `git` versions in kamal `v1.8.3` and `v1.9.0` images:

```
docker run -it --rm --entrypoint sh ghcr.io/basecamp/kamal:v1.8.3 
/workdir # git --version
git version 2.38.5
```

vs.

```
docker run -it --rm --entrypoint sh ghcr.io/basecamp/kamal:v2.0.0 
/workdir # git --version
git version 2.39.5
```

Apparently, something changed in between `2.38.5` and `2.39.5` git releases (likely yet another CVE fix), and the `git config --global --add safe.directory /workdir` stopped working.

Here is the mitigation I currently use, but it's a bit awkward to do it:

```
docker build -t ghcr.io/basecamp/kamal:v2.0.0 - <<EOF
FROM ghcr.io/basecamp/kamal:v2.0.0

RUN git config --global --add safe.directory /workdir/.git
EOF
```

Hence, this PR.

To repro, you can start a [kamal playground](https://labs.iximiuz.com/playgrounds/kamal), then `docker pull ghcr.io/basecamp/kamal:v2.0.0` to override my patched image, and `cd svc-a && kamal setup`.
 2024-09-28 14:23:30 +02:00
Jan Sterba
29b02f5c30 [bitwarden] default fetch raises NoMethodError 
When fetched item is not a login, Bitwarden adapter raises NoMethodError
because the returned JSON does not have the login.password value.

Add a nicer error message for that case.
 2024-09-28 13:24:14 +02:00
Igor Alexandrov
6d63c4e9c6 Fixed example with the proxy status after the application has been removed 2024-09-27 21:11:51 +04:00
Igor Alexandrov
472d163cc7 Assert 404 after app is stopped 2024-09-27 19:15:42 +04:00
Igor Alexandrov
dadac999d7 Fixed kamal-proxy remove call 2024-09-27 17:45:35 +04:00
Igor Aleksandrov
2b0810d063 Update lib/kamal/cli/templates/deploy.yml 
Co-authored-by: Nick Hammond <nick@nickhammond.com>
 2024-09-25 17:19:20 +04:00
Igor Alexandrov
098f1855e2 Added back accidentially removed new line 2024-09-25 12:11:45 +04:00
Igor Alexandrov
88351312bf Added app_port example to the proxy section 2024-09-25 11:25:42 +04:00
20 changed files with 139 additions and 36 deletions
Expand all files Collapse all files

2
Dockerfile
View File

@@ -33,7 +33,7 @@ WORKDIR /workdir
# Tell git it's safe to access /workdir/.git even if # Tell git it's safe to access /workdir/.git even if
# the directory is owned by a different user # the directory is owned by a different user
RUN git config --global --add safe.directory /workdir RUN git config --global --add safe.directory '*'
# Set the entrypoint to run the installed binary in /workdir # Set the entrypoint to run the installed binary in /workdir
# Example: docker run -it -v "$PWD:/workdir" kamal init # Example: docker run -it -v "$PWD:/workdir" kamal init

2
lib/kamal/cli/app.rb
View File

@@ -68,7 +68,7 @@ class Kamal::Cli::App < Kamal::Cli::Base
version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
endpoint = capture_with_info(*app.container_id_for_version(version)).strip endpoint = capture_with_info(*app.container_id_for_version(version)).strip
if endpoint.present? if endpoint.present?
execute *app.remove(target: endpoint), raise_on_non_zero_exit: false execute *app.remove, raise_on_non_zero_exit: false
end end
end end

7
lib/kamal/cli/secrets.rb
View File

@@ -21,6 +21,13 @@ class Kamal::Cli::Secrets < Kamal::Cli::Base
return_or_puts value, inline: options[:inline] return_or_puts value, inline: options[:inline]
end end
desc "print", "Print the secrets (for debugging)"
def print
KAMAL.config.secrets.to_h.each do |key, value|
puts "#{key}=#{value}"
end
end
private private
def adapter(adapter) def adapter(adapter)
Kamal::Secrets::Adapters.lookup(adapter) Kamal::Secrets::Adapters.lookup(adapter)

2
lib/kamal/cli/templates/deploy.yml
View File

@@ -18,6 +18,8 @@ servers:
proxy: proxy:
ssl: true ssl: true
host: app.example.com host: app.example.com
# kamal-proxy connects to your container over port 80, use `app_port` to specify a different port.
# app_port: 3000
# Credentials for your image host. # Credentials for your image host.
registry: registry:

4
lib/kamal/commands/app/proxy.rb
View File

@@ -5,8 +5,8 @@ module Kamal::Commands::App::Proxy
proxy_exec :deploy, role.container_prefix, *role.proxy.deploy_command_args(target: target) proxy_exec :deploy, role.container_prefix, *role.proxy.deploy_command_args(target: target)
end end
def remove(target:) def remove
proxy_exec :remove, role.container_prefix, *role.proxy.remove_command_args(target: target) proxy_exec :remove, role.container_prefix
end end
private private

4
lib/kamal/configuration.rb
View File

@@ -14,7 +14,7 @@ class Kamal::Configuration
include Validation include Validation
PROXY_MINIMUM_VERSION = "v0.6.0" PROXY_MINIMUM_VERSION = "v0.7.0"
PROXY_HTTP_PORT = 80 PROXY_HTTP_PORT = 80
PROXY_HTTPS_PORT = 443 PROXY_HTTPS_PORT = 443
@@ -360,7 +360,7 @@ class Kamal::Configuration
end end
def ensure_unique_hosts_for_ssl_roles def ensure_unique_hosts_for_ssl_roles
hosts = roles.select(&:ssl?).map { |role| role.proxy.host } hosts = roles.select(&:ssl?).flat_map { |role| role.proxy.hosts }
duplicates = hosts.tally.filter_map { |host, count| host if count > 1 } duplicates = hosts.tally.filter_map { |host, count| host if count > 1 }
raise Kamal::ConfigurationError, "Different roles can't share the same host for SSL: #{duplicates.join(", ")}" if duplicates.any? raise Kamal::ConfigurationError, "Different roles can't share the same host for SSL: #{duplicates.join(", ")}" if duplicates.any?

9
lib/kamal/configuration/docs/proxy.yml
View File

@@ -17,16 +17,19 @@
# `proxy: true` or providing a proxy configuration. # `proxy: true` or providing a proxy configuration.
proxy: proxy:
# Host # Hosts
# #
# The hosts that will be used to serve the app. The proxy will only route requests # The hosts that will be used to serve the app. The proxy will only route requests
# to this host to your app. # to this host to your app.
# #
# If no hosts are set, then all requests will be forwarded, except for matching # If no hosts are set, then all requests will be forwarded, except for matching
# requests for other apps deployed on that server that do have a host set. # requests for other apps deployed on that server that do have a host set.
#
# Specify one of `host` or `hosts`.
host: foo.example.com host: foo.example.com
# If multiple hosts are needed, these can be specified by comma-separating the hosts. hosts:
host: foo.example.com,bar.example.com - foo.example.com
- bar.example.com
# App port # App port
# #

14
lib/kamal/configuration/proxy.rb
View File

@@ -22,14 +22,14 @@ class Kamal::Configuration::Proxy
proxy_config.fetch("ssl", false) proxy_config.fetch("ssl", false)
end end
def host def hosts
proxy_config["host"] proxy_config["hosts"] || proxy_config["host"]&.split(",") || []
end end
def deploy_options def deploy_options
{ {
host: proxy_config["host"], host: hosts,
tls: proxy_config["ssl"] ? true : nil, tls: proxy_config["ssl"],
"deploy-timeout": seconds_duration(config.deploy_timeout), "deploy-timeout": seconds_duration(config.deploy_timeout),
"drain-timeout": seconds_duration(config.drain_timeout), "drain-timeout": seconds_duration(config.drain_timeout),
"health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")), "health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")),
@@ -48,11 +48,7 @@ class Kamal::Configuration::Proxy
end end
def deploy_command_args(target:) def deploy_command_args(target:)
optionize ({ target: "#{target}:#{app_port}" }).merge(deploy_options) optionize ({ target: "#{target}:#{app_port}" }).merge(deploy_options), with: "="
end
def remove_command_args(target:)
optionize({ target: "#{target}:#{app_port}" })
end end
def merge(other) def merge(other)

6
lib/kamal/configuration/validator/proxy.rb
View File

@@ -3,9 +3,13 @@ class Kamal::Configuration::Validator::Proxy < Kamal::Configuration::Validator
unless config.nil? unless config.nil?
super super
if config["host"].blank? && config["ssl"] if config["host"].blank? && config["hosts"].blank? && config["ssl"]
error "Must set a host to enable automatic SSL" error "Must set a host to enable automatic SSL"
end end
if (config.keys & [ "host", "hosts" ]).size > 1
error "Specify one of 'host' or 'hosts', not both"
end
end end
end end
end end

4
lib/kamal/secrets/adapters/bitwarden.rb
View File

@@ -35,8 +35,10 @@ class Kamal::Secrets::Adapters::Bitwarden < Kamal::Secrets::Adapters::Base
value = item_field["value"] value = item_field["value"]
results["#{item}/#{field}"] = value results["#{item}/#{field}"] = value
end end
elsif item_json.dig("login", "password")
results[item] = item_json.dig("login", "password")
else else
results[item] = item_json["login"]["password"] raise RuntimeError, "Item #{item} is not a login type item and no fields were specified"
end end
end end
end end

10
test/cli/app_test.rb
View File

@@ -130,7 +130,7 @@ class CliAppTest < CliTestCase
SSHKit::Backend::Abstract.any_instance.stubs(:execute) SSHKit::Backend::Abstract.any_instance.stubs(:execute)
.with(:docker, :container, :ls, "--all", "--filter", "name=^app-web-latest$", "--quiet", "|", :xargs, :docker, :stop, raise_on_non_zero_exit: false) .with(:docker, :container, :ls, "--all", "--filter", "name=^app-web-latest$", "--quiet", "|", :xargs, :docker, :stop, raise_on_non_zero_exit: false)
SSHKit::Backend::Abstract.any_instance.expects(:execute) SSHKit::Backend::Abstract.any_instance.expects(:execute)
.with(:docker, :exec, "kamal-proxy", "kamal-proxy", :deploy, "app-web", "--target", "\"123:80\"", "--deploy-timeout", "\"1s\"", "--drain-timeout", "\"30s\"", "--buffer-requests", "--buffer-responses", "--log-request-header", "\"Cache-Control\"", "--log-request-header", "\"Last-Modified\"", "--log-request-header", "\"User-Agent\"").raises(SSHKit::Command::Failed.new("Failed to deploy")) .with(:docker, :exec, "kamal-proxy", "kamal-proxy", :deploy, "app-web", "--target=\"123:80\"", "--deploy-timeout=\"1s\"", "--drain-timeout=\"30s\"", "--buffer-requests", "--buffer-responses", "--log-request-header=\"Cache-Control\"", "--log-request-header=\"Last-Modified\"", "--log-request-header=\"User-Agent\"").raises(SSHKit::Command::Failed.new("Failed to deploy"))
stderred do stderred do
run_command("boot", config: :with_roles, host: nil, allow_execute_error: true).tap do |output| run_command("boot", config: :with_roles, host: nil, allow_execute_error: true).tap do |output|
@@ -190,7 +190,7 @@ class CliAppTest < CliTestCase
run_command("start").tap do |output| run_command("start").tap do |output|
assert_match "docker start app-web-999", output assert_match "docker start app-web-999", output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"999:80\" --deploy-timeout \"30s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\"", output assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"999:80\" --deploy-timeout=\"30s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\"", output
end end
end end
@@ -383,7 +383,7 @@ class CliAppTest < CliTestCase
assert_match /Renaming container .* to .* as already deployed on 1.1.1.1/, output # Rename assert_match /Renaming container .* to .* as already deployed on 1.1.1.1/, output # Rename
assert_match /docker rename app-web-latest app-web-latest_replaced_[0-9a-f]{16}/, output assert_match /docker rename app-web-latest app-web-latest_replaced_[0-9a-f]{16}/, output
assert_match /docker run --detach --restart unless-stopped --name app-web-latest --network kamal --hostname 1.1.1.1-[0-9a-f]{12} -e KAMAL_CONTAINER_NAME="app-web-latest" -e KAMAL_VERSION="latest" --env-file .kamal\/apps\/app\/env\/roles\/web.env --log-opt max-size="10m" --label service="app" --label role="web" --label destination dhh\/app:latest/, output assert_match /docker run --detach --restart unless-stopped --name app-web-latest --network kamal --hostname 1.1.1.1-[0-9a-f]{12} -e KAMAL_CONTAINER_NAME="app-web-latest" -e KAMAL_VERSION="latest" --env-file .kamal\/apps\/app\/env\/roles\/web.env --log-opt max-size="10m" --label service="app" --label role="web" --label destination dhh\/app:latest/, output
assert_match /docker exec kamal-proxy kamal-proxy deploy app-web --target "123:80"/, output assert_match /docker exec kamal-proxy kamal-proxy deploy app-web --target="123:80"/, output
assert_match "docker container ls --all --filter name=^app-web-123$ --quiet | xargs docker stop", output assert_match "docker container ls --all --filter name=^app-web-123$ --quiet | xargs docker stop", output
end end
end end
@@ -392,8 +392,8 @@ class CliAppTest < CliTestCase
SSHKit::Backend::Abstract.any_instance.stubs(:capture_with_info).returns("123") # old version SSHKit::Backend::Abstract.any_instance.stubs(:capture_with_info).returns("123") # old version
run_command("boot", config: :with_proxy_roles, host: nil).tap do |output| run_command("boot", config: :with_proxy_roles, host: nil).tap do |output|
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"123:80\" --deploy-timeout \"6s\" --drain-timeout \"30s\" --target-timeout \"10s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\"", output assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"123:80\" --deploy-timeout=\"6s\" --drain-timeout=\"30s\" --target-timeout=\"10s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\"", output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web2 --target \"123:80\" --deploy-timeout \"6s\" --drain-timeout \"30s\" --target-timeout \"15s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\"", output assert_match "docker exec kamal-proxy kamal-proxy deploy app-web2 --target=\"123:80\" --deploy-timeout=\"6s\" --drain-timeout=\"30s\" --target-timeout=\"15s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\"", output
end end
end end

6
test/cli/proxy_test.rb
View File

@@ -58,13 +58,13 @@ class CliProxyTest < CliTestCase
assert_match "Running docker container stop traefik ; docker container prune --force --filter label=org.opencontainers.image.title=Traefik && docker image prune --all --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.1", output assert_match "Running docker container stop traefik ; docker container prune --force --filter label=org.opencontainers.image.title=Traefik && docker image prune --all --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.1", output
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.1", output assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.1", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image} on 1.1.1.1", output assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image} on 1.1.1.1", output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"abcdefabcdef:80\" --deploy-timeout \"6s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\" on 1.1.1.1", output assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"abcdefabcdef:80\" --deploy-timeout=\"6s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\" on 1.1.1.1", output
assert_match "docker container stop kamal-proxy on 1.1.1.2", output assert_match "docker container stop kamal-proxy on 1.1.1.2", output
assert_match "Running docker container stop traefik ; docker container prune --force --filter label=org.opencontainers.image.title=Traefik && docker image prune --all --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.2", output assert_match "Running docker container stop traefik ; docker container prune --force --filter label=org.opencontainers.image.title=Traefik && docker image prune --all --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.2", output
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.2", output assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.2", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image} on 1.1.1.2", output assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image} on 1.1.1.2", output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"abcdefabcdef:80\" --deploy-timeout \"6s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\" on 1.1.1.2", output assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"abcdefabcdef:80\" --deploy-timeout=\"6s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\" on 1.1.1.2", output
end end
end end
@@ -204,7 +204,7 @@ class CliProxyTest < CliTestCase
assert_match "/usr/bin/env mkdir -p .kamal/apps/app/env/roles", output assert_match "/usr/bin/env mkdir -p .kamal/apps/app/env/roles", output
assert_match "Uploading \"\\n\" to .kamal/apps/app/env/roles/web.env", output assert_match "Uploading \"\\n\" to .kamal/apps/app/env/roles/web.env", output
assert_match %r{docker run --detach --restart unless-stopped --name app-web-latest --network kamal --hostname 1.1.1.1-.* -e KAMAL_CONTAINER_NAME="app-web-latest" -e KAMAL_VERSION="latest" --env-file .kamal/apps/app/env/roles/web.env --log-opt max-size="10m" --label service="app" --label role="web" --label destination dhh/app:latest}, output assert_match %r{docker run --detach --restart unless-stopped --name app-web-latest --network kamal --hostname 1.1.1.1-.* -e KAMAL_CONTAINER_NAME="app-web-latest" -e KAMAL_VERSION="latest" --env-file .kamal/apps/app/env/roles/web.env --log-opt max-size="10m" --label service="app" --label role="web" --label destination dhh/app:latest}, output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"12345678:80\" --deploy-timeout \"6s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\"", output assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"12345678:80\" --deploy-timeout=\"6s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\"", output
assert_match "docker container ls --all --filter name=^app-web-12345678$ --quiet | xargs docker stop", output assert_match "docker container ls --all --filter name=^app-web-12345678$ --quiet | xargs docker stop", output
assert_match "docker tag dhh/app:latest dhh/app:latest", output assert_match "docker tag dhh/app:latest dhh/app:latest", output
assert_match "/usr/bin/env mkdir -p .kamal", output assert_match "/usr/bin/env mkdir -p .kamal", output

6
test/cli/secrets_test.rb
View File

@@ -15,6 +15,12 @@ class CliSecretsTest < CliTestCase
assert_equal "oof", run_command("extract", "foo", "{\"abc/foo\":\"oof\", \"bar\":\"rab\", \"baz\":\"zab\"}") assert_equal "oof", run_command("extract", "foo", "{\"abc/foo\":\"oof\", \"bar\":\"rab\", \"baz\":\"zab\"}")
end end
test "print" do
with_test_secrets("secrets" => "SECRET1=ABC\nSECRET2=${SECRET1}DEF\n") do
assert_equal "SECRET1=ABC\nSECRET2=ABCDEF", run_command("print")
end
end
private private
def run_command(*command) def run_command(*command)
stdouted { Kamal::Cli::Secrets.start([ *command, "-c", "test/fixtures/deploy_with_accessories.yml" ]) } stdouted { Kamal::Cli::Secrets.start([ *command, "-c", "test/fixtures/deploy_with_accessories.yml" ]) }

22
test/commands/app_test.rb
View File

@@ -115,14 +115,30 @@ class CommandsAppTest < ActiveSupport::TestCase
test "deploy" do test "deploy" do
assert_equal \ assert_equal \
"docker exec kamal-proxy kamal-proxy deploy app-web --target \"172.1.0.2:80\" --deploy-timeout \"30s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\"", "docker exec kamal-proxy kamal-proxy deploy app-web --target=\"172.1.0.2:80\" --deploy-timeout=\"30s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\"",
new_command.deploy(target: "172.1.0.2").join(" ")
end
test "deploy with SSL" do
@config[:proxy] = { "ssl" => true, "host" => "example.com" }
assert_equal \
"docker exec kamal-proxy kamal-proxy deploy app-web --target=\"172.1.0.2:80\" --host=\"example.com\" --tls --deploy-timeout=\"30s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\"",
new_command.deploy(target: "172.1.0.2").join(" ")
end
test "deploy with SSL targeting multiple hosts" do
@config[:proxy] = { "ssl" => true, "hosts" => [ "example.com", "anotherexample.com" ] }
assert_equal \
"docker exec kamal-proxy kamal-proxy deploy app-web --target=\"172.1.0.2:80\" --host=\"example.com\" --host=\"anotherexample.com\" --tls --deploy-timeout=\"30s\" --drain-timeout=\"30s\" --buffer-requests --buffer-responses --log-request-header=\"Cache-Control\" --log-request-header=\"Last-Modified\" --log-request-header=\"User-Agent\"",
new_command.deploy(target: "172.1.0.2").join(" ") new_command.deploy(target: "172.1.0.2").join(" ")
end end
test "remove" do test "remove" do
assert_equal \ assert_equal \
"docker exec kamal-proxy kamal-proxy remove app-web --target \"172.1.0.2:80\"", "docker exec kamal-proxy kamal-proxy remove app-web",
new_command.remove(target: "172.1.0.2").join(" ") new_command.remove.join(" ")
end end

16
test/configuration/proxy_test.rb
View File

@@ -13,15 +13,29 @@ class ConfigurationProxyTest < ActiveSupport::TestCase
assert_equal true, config.proxy.ssl? assert_equal true, config.proxy.ssl?
end end
test "ssl with multiple hosts passed via host" do
@deploy[:proxy] = { "ssl" => true, "host" => "example.com,anotherexample.com" }
assert_equal true, config.proxy.ssl?
end
test "ssl with multiple hosts passed via hosts" do
@deploy[:proxy] = { "ssl" => true, "hosts" => [ "example.com", "anotherexample.com" ] }
assert_equal true, config.proxy.ssl?
end
test "ssl with no host" do test "ssl with no host" do
@deploy[:proxy] = { "ssl" => true } @deploy[:proxy] = { "ssl" => true }
assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? } assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? }
end end
test "ssl with both host and hosts" do
@deploy[:proxy] = { "ssl" => true, host: "example.com", hosts: [ "anotherexample.com" ] }
assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? }
end
test "ssl false" do test "ssl false" do
@deploy[:proxy] = { "ssl" => false } @deploy[:proxy] = { "ssl" => false }
assert_not config.proxy.ssl? assert_not config.proxy.ssl?
assert_not config.proxy.deploy_options.has_key?(:tls)
end end
private private

11
test/configuration_test.rb
View File

@@ -377,4 +377,15 @@ class ConfigurationTest < ActiveSupport::TestCase
assert_equal "Different roles can't share the same host for SSL: foo.example.com", exception.message assert_equal "Different roles can't share the same host for SSL: foo.example.com", exception.message
end end
test "two proxy ssl roles with same host in a hosts array" do
@deploy_with_roles[:servers]["web"] = { "hosts" => [ "1.1.1.1" ], "proxy" => { "ssl" => true, "hosts" => [ "foo.example.com", "bar.example.com" ] } }
@deploy_with_roles[:servers]["workers"] = { "hosts" => [ "1.1.1.1" ], "proxy" => { "ssl" => true, "hosts" => [ "www.example.com", "foo.example.com" ] } }
exception = assert_raises(Kamal::ConfigurationError) do
Kamal::Configuration.new(@deploy_with_roles)
end
assert_equal "Different roles can't share the same host for SSL: foo.example.com", exception.message
end
end end

4
test/integration/app_test.rb
View File

@@ -8,7 +8,7 @@ class AppTest < IntegrationTest
kamal :app, :stop kamal :app, :stop
assert_app_is_down assert_app_not_found
kamal :app, :start kamal :app, :start
@@ -48,7 +48,7 @@ class AppTest < IntegrationTest
kamal :app, :remove kamal :app, :remove
assert_app_is_down assert_app_not_found
assert_app_directory_removed assert_app_directory_removed
end end
end end

5
test/integration/docker/deployer/app_with_roles/config/deploy.yml
View File

@@ -15,14 +15,15 @@ readiness_delay: 0
proxy: proxy:
host: localhost host: localhost
ssl: false
healthcheck: healthcheck:
interval: 1 interval: 1
timeout: 1 timeout: 1
path: "/up" path: "/up"
response_timeout: 2 response_timeout: 2
buffering: buffering:
requests: true requests: false
responses: true responses: false
memory: 400_000 memory: 400_000
max_request_body: 40_000_000 max_request_body: 40_000_000
max_response_body: 40_000_000 max_response_body: 40_000_000

6
test/integration/integration_test.rb
View File

@@ -50,6 +50,12 @@ class IntegrationTest < ActiveSupport::TestCase
assert_equal "502", response.code assert_equal "502", response.code
end end
def assert_app_not_found
response = app_response
debug_response_code(response, "404")
assert_equal "404", response.code
end
def assert_app_is_up(version: nil, app: @app) def assert_app_is_up(version: nil, app: @app)
response = app_response(app: app) response = app_response(app: app)
debug_response_code(response, "200") debug_response_code(response, "200")

35
test/secrets/bitwarden_adapter_test.rb
View File

@@ -13,6 +13,17 @@ class BitwardenAdapterTest < SecretAdapterTestCase
assert_equal expected_json, json assert_equal expected_json, json
end end
test "fetch with no login" do
stub_unlocked
stub_ticks.with("bw sync").returns("")
stub_noteitem
error = assert_raises RuntimeError do
JSON.parse(shellunescape(run_command("fetch", "mynote")))
end
assert_match(/not a login type item/, error.message)
end
test "fetch with from" do test "fetch with from" do
stub_unlocked stub_unlocked
stub_ticks.with("bw sync").returns("") stub_ticks.with("bw sync").returns("")
@@ -181,6 +192,30 @@ class BitwardenAdapterTest < SecretAdapterTestCase
JSON JSON
end end
def stub_noteitem(session: nil)
stub_ticks
.with("#{"BW_SESSION=#{session} " if session}bw get item mynote")
.returns(<<~JSON)
{
"passwordHistory":null,
"revisionDate":"2024-09-28T09:07:27.461Z",
"creationDate":"2024-09-28T09:07:00.740Z",
"deletedDate":null,
"object":"item",
"id":"aaaaaaaa-cccc-eeee-0000-222222222222",
"organizationId":null,
"folderId":null,
"type":2,
"reprompt":0,
"name":"noteitem",
"notes":"NOTES",
"favorite":false,
"secureNote":{"type":0},
"collectionIds":[]
}
JSON
end
def stub_myitem def stub_myitem
stub_ticks stub_ticks
.with("bw get item myitem") .with("bw get item myitem")