spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: spacebar:local-docker-registry
Branches Tags
spacebar:main spacebar:1-9-stable spacebar:eval-proxy-options spacebar:more-robust-command-matching spacebar:output-role-with-logs spacebar:proxy-with-bare-hostname spacebar:kamal-proxy-deploy-equals-in-args spacebar:command-line-secret-escaping spacebar:cleanup-default-templates spacebar:local-docker-registry spacebar:proxy-0.5.0 spacebar:proxy-experimental spacebar:1-8-stable spacebar:proxy-experimental-and-revert-905-simplify-builders-config spacebar:revert-905-simplify-builders-config spacebar:xiaohui-zhangxh/git-clone-update-submodules spacebar:simplify-builders spacebar:dot-kamal-slash-env spacebar:no-envify spacebar:kamal-proxy spacebar:parachute spacebar:rename-roles spacebar:mproxy spacebar:per-destination-latest-image-tag spacebar:auto-push-env spacebar:concurrent-docker-login spacebar:error-on-filter-miss spacebar:rollback-short-sha spacebar:fix-per-role-healthcheck-custom spacebar:return-502-if-no-container spacebar:accumulating-asset-path spacebar:zero-downtime-deploys spacebar:more-resilient-zero-downtime-deploy spacebar:audit-broadcasts
spacebar:v1.9.3 spacebar:v2.7.0 spacebar:v2.6.1 spacebar:v2.6.0 spacebar:v2.5.3 spacebar:v2.5.2 spacebar:v2.5.1 spacebar:v2.5.0 spacebar:v2.4.0 spacebar:v2.3.0 spacebar:v2.2.2 spacebar:v2.2.1 spacebar:v2.2.0 spacebar:v1.9.2 spacebar:v2.1.2 spacebar:v2.1.1 spacebar:v2.1.0 spacebar:v1.9.1 spacebar:v2.0.0 spacebar:v1.9.0 spacebar:v2.0.0.rc4 spacebar:v2.0.0.rc3 spacebar:v2.0.0.rc2 spacebar:v2.0.0.rc1 spacebar:v2.0.0.beta2 spacebar:v2.0.0.beta1 spacebar:v1.8.3 spacebar:v1.8.2 spacebar:v1.8.1 spacebar:v1.8.0 spacebar:v1.7.3 spacebar:v1.7.2 spacebar:v1.7.1 spacebar:v1.7.0 spacebar:v1.6.0 spacebar:v1.5.2 spacebar:v1.5.1 spacebar:v1.5.0 spacebar:v1.4.0 spacebar:v1.3.1 spacebar:v1.3.0 spacebar:v1.2.0 spacebar:v1.1.0 spacebar:v1.0.0 spacebar:v0.16.1 spacebar:v0.16.0 spacebar:v0.15.1 spacebar:v0.15.0 spacebar:v0.14.0 spacebar:v0.13.2 spacebar:v0.13.1 spacebar:v0.13.0 spacebar:v0.12.1 spacebar:v0.12.0 spacebar:v0.11.0 spacebar:v0.10.1 spacebar:v0.10.0 spacebar:v0.9.1 spacebar:v0.9.0 spacebar:v.0.0.1 spacebar:v0.8.4 spacebar:v0.8.3 spacebar:v0.8.2 spacebar:v0.8.1 spacebar:v0.8.0 spacebar:v0.7.2 spacebar:v0.7.1 spacebar:v0.7.0 spacebar:v0.6.4 spacebar:v0.6.3 spacebar:v0.6.2 spacebar:v0.6.1 spacebar:v0.6.0 spacebar:v0.5.1 spacebar:v0.5.0 spacebar:v0.4.0 spacebar:v0.3.1 spacebar:v0.3.0 spacebar:v0.2.0 spacebar:v0.1.0 spacebar:v0.0.3 spacebar:v0.0.2 spacebar:v0.0.1
..
compare: spacebar:command-line-secret-escaping
Branches Tags
spacebar:main spacebar:1-9-stable spacebar:eval-proxy-options spacebar:more-robust-command-matching spacebar:output-role-with-logs spacebar:proxy-with-bare-hostname spacebar:kamal-proxy-deploy-equals-in-args spacebar:command-line-secret-escaping spacebar:cleanup-default-templates spacebar:local-docker-registry spacebar:proxy-0.5.0 spacebar:proxy-experimental spacebar:1-8-stable spacebar:proxy-experimental-and-revert-905-simplify-builders-config spacebar:revert-905-simplify-builders-config spacebar:xiaohui-zhangxh/git-clone-update-submodules spacebar:simplify-builders spacebar:dot-kamal-slash-env spacebar:no-envify spacebar:kamal-proxy spacebar:parachute spacebar:rename-roles spacebar:mproxy spacebar:per-destination-latest-image-tag spacebar:auto-push-env spacebar:concurrent-docker-login spacebar:error-on-filter-miss spacebar:rollback-short-sha spacebar:fix-per-role-healthcheck-custom spacebar:return-502-if-no-container spacebar:accumulating-asset-path spacebar:zero-downtime-deploys spacebar:more-resilient-zero-downtime-deploy spacebar:audit-broadcasts
spacebar:v1.9.3 spacebar:v2.7.0 spacebar:v2.6.1 spacebar:v2.6.0 spacebar:v2.5.3 spacebar:v2.5.2 spacebar:v2.5.1 spacebar:v2.5.0 spacebar:v2.4.0 spacebar:v2.3.0 spacebar:v2.2.2 spacebar:v2.2.1 spacebar:v2.2.0 spacebar:v1.9.2 spacebar:v2.1.2 spacebar:v2.1.1 spacebar:v2.1.0 spacebar:v1.9.1 spacebar:v2.0.0 spacebar:v1.9.0 spacebar:v2.0.0.rc4 spacebar:v2.0.0.rc3 spacebar:v2.0.0.rc2 spacebar:v2.0.0.rc1 spacebar:v2.0.0.beta2 spacebar:v2.0.0.beta1 spacebar:v1.8.3 spacebar:v1.8.2 spacebar:v1.8.1 spacebar:v1.8.0 spacebar:v1.7.3 spacebar:v1.7.2 spacebar:v1.7.1 spacebar:v1.7.0 spacebar:v1.6.0 spacebar:v1.5.2 spacebar:v1.5.1 spacebar:v1.5.0 spacebar:v1.4.0 spacebar:v1.3.1 spacebar:v1.3.0 spacebar:v1.2.0 spacebar:v1.1.0 spacebar:v1.0.0 spacebar:v0.16.1 spacebar:v0.16.0 spacebar:v0.15.1 spacebar:v0.15.0 spacebar:v0.14.0 spacebar:v0.13.2 spacebar:v0.13.1 spacebar:v0.13.0 spacebar:v0.12.1 spacebar:v0.12.0 spacebar:v0.11.0 spacebar:v0.10.1 spacebar:v0.10.0 spacebar:v0.9.1 spacebar:v0.9.0 spacebar:v.0.0.1 spacebar:v0.8.4 spacebar:v0.8.3 spacebar:v0.8.2 spacebar:v0.8.1 spacebar:v0.8.0 spacebar:v0.7.2 spacebar:v0.7.1 spacebar:v0.7.0 spacebar:v0.6.4 spacebar:v0.6.3 spacebar:v0.6.2 spacebar:v0.6.1 spacebar:v0.6.0 spacebar:v0.5.1 spacebar:v0.5.0 spacebar:v0.4.0 spacebar:v0.3.1 spacebar:v0.3.0 spacebar:v0.2.0 spacebar:v0.1.0 spacebar:v0.0.3 spacebar:v0.0.2 spacebar:v0.0.1

26 Commits
local-dock ... command-li

Author SHA1 Message Date
Donal McBreen
ff24fd9874 Escape secrets in inline command substitution 
Kamal "inlines" calls to `kamal secrets` in the dotenv file, but the
results of the calls were not being escaped properly. To "fix" this
`kamal secrets fetch` escaped the JSON string before returning it.

The two errors cancelled out, but it meant that the commands didn't
work from a shell.

To fix, we'll escape the inline command results and remove the escaping
from `kamal secrets fetch`.
 2024-09-30 10:45:11 +01:00
David Heinemeier Hansson
f331605efa Merge pull request #1004 from kpumuk/grammar 
Backporting changes to the documentation committed directly to kamal-site
 2024-09-30 02:22:39 +02:00
Dmytro Shteflyuk
7ea995db91 Added a comment to the front matter of the configuration docs about the generator 2024-09-29 15:33:06 -04:00
Dmytro Shteflyuk
994a8faf6b Re-applied corrections to configuration YAML files that were merged directly into kamal-site 2024-09-29 15:33:06 -04:00
Dmytro Shteflyuk
6c75fe40df Removed second newline characters after the section title 2024-09-29 15:33:06 -04:00
Dmytro Shteflyuk
7567cae964 Added empty lines around YAML code fences 2024-09-29 15:33:06 -04:00
Dmytro Shteflyuk
ecd842ab9b 'Configuration overview' section was moved to overview.md file 2024-09-29 15:33:06 -04:00
Dmytro Shteflyuk
91ae1dd7b9 Removed unused variable from bin/doc 2024-09-29 15:33:06 -04:00
Donal McBreen
5036f8843f Merge pull request #986 from basecamp/rails-8-requires-ruby-3.2 
Rails 8 doesn't support Ruby 3.1
 2024-09-27 08:23:32 -04:00
Donal McBreen
14d0396581 Rails 8 doesn't support Ruby 3.1 
Remove it from the build matrix as its no longer a supported combination.
 2024-09-27 08:13:24 -04:00
Donal McBreen
8c32e6af07 Bump version for 2.0.0 2024-09-26 15:34:24 -04:00
Donal McBreen
a765c501a3 Bump version for 2.0.0.rc4 2024-09-26 07:06:51 -04:00
Donal McBreen
ae990efd02 Merge pull request #978 from basecamp/ignore-ssl-false 
Handle ssl: false in proxy config
 2024-09-26 11:56:00 +01:00
Donal McBreen
b3a6921118 Handle ssl: false in proxy config 
Fixes: https://github.com/basecamp/kamal/issues/956
 2024-09-26 06:17:45 -04:00
Donal McBreen
325bf9a797 Merge pull request #975 from basecamp/kamal-proxy-0.6.0 
Bump to latest version of kamal-proxy
 2024-09-25 23:03:25 +01:00
Donal McBreen
7bdf6cd2e8 Bump to latest version of kamal-proxy 2024-09-25 17:54:38 -04:00
Donal McBreen
7633fe0293 Merge pull request #974 from basecamp/proxy-boot-config 
Proxy boot config
 2024-09-25 20:28:24 +01:00
Donal McBreen
f6851048a6 Proxy boot config 
Add commands for managing proxy boot config. Since the proxy can be
shared by multiple applications, the configuration doesn't belong in
`config/deploy.yml`.

Instead you can set the config with:

```
Usage:
  kamal proxy boot_config <set|get|clear>

Options:
      [--publish], [--no-publish], [--skip-publish]   # Publish the proxy ports on the host
                                                      # Default: true
      [--http-port=N]                                 # HTTP port to publish on the host
                                                      # Default: 80
      [--https-port=N]                                # HTTPS port to publish on the host
                                                      # Default: 443
      [--docker-options=option=value option2=value2]  # Docker options to pass to the proxy container
```

By default we boot the proxy with `--publish 80:80 --publish 443:443`.

You can stop it from publishing ports, specify different ports and pass
other docker options.

The config is stored in `.kamal/proxy/options` as arguments to be passed
verbatim to docker run.

Where someone wants to set the options in their application they can do
that by calling `kamal proxy boot_config set` in a pre-deploy hook.

There's an example in the integration tests showing how to use this to
front kamal-proxy with Traefik, using an accessory.
 2024-09-25 15:15:26 -04:00
Donal McBreen
f0d7f786fa Traefik should be kamal-proxy in reboot hooks 2024-09-25 14:51:22 -04:00
Donal McBreen
4d8387b1c9 Merge pull request #973 from eroluysal/main 
Fix adapter names
 2024-09-25 19:48:40 +01:00
eroluysal
0258ac4297 Fix adapter names. 2024-09-25 21:22:59 +03:00
David Heinemeier Hansson
4a13803119 Bump version for 2.0.0.rc3 2024-09-23 16:48:07 -07:00
David Heinemeier Hansson
bda252835b Merge pull request #966 from basecamp/cleanup-default-templates 
Bring default templates up to par with what Rails generates
 2024-09-24 01:46:09 +02:00
David Heinemeier Hansson
0f5dfa204f Rearrange one last time 2024-09-23 16:44:54 -07:00
David Heinemeier Hansson
9dde204480 Rearange 2024-09-23 16:30:16 -07:00
David Heinemeier Hansson
b6cd4f8070 Bring default templates up to par with what Rails generates 2024-09-23 14:41:31 -07:00
61 changed files with 544 additions and 488 deletions
Expand all files Collapse all files

3
.github/workflows/ci.yml vendored
View File

@@ -30,6 +30,9 @@ jobs:
gemfile:
- Gemfile
- gemfiles/rails_edge.gemfile
exclude:
- ruby-version: "3.1"
gemfile: gemfiles/rails_edge.gemfile
name: ${{ format('Tests (Ruby {0})', matrix.ruby-version) }}
runs-on: ubuntu-latest
continue-on-error: true

5
Gemfile.lock
View File

@@ -1,7 +1,7 @@
PATH
remote: .
specs:
kamal (2.0.0.rc2)
kamal (2.0.0)
activesupport (>= 7.0)
base64 (~> 0.2)
bcrypt_pbkdf (~> 1.0)
@@ -9,7 +9,6 @@ PATH
dotenv (~> 3.1)
ed25519 (~> 1.2)
net-ssh (~> 7.0)
net-ssh-gateway
sshkit (>= 1.23.0, < 2.0)
thor (~> 1.3)
zeitwerk (~> 2.5)
@@ -80,8 +79,6 @@ GEM
net-sftp (4.0.0)
net-ssh (>= 5.0.0, < 8.0.0)
net-ssh (7.2.3)
net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0)
nokogiri (1.16.7-arm64-darwin)
racc (~> 1.4)
nokogiri (1.16.7-x86_64-darwin)

16
bin/docs
View File

@@ -30,6 +30,7 @@ DOCS = {
"ssh" => "SSH",
"sshkit" => "SSHKit"
}
DOCS_PATH = "lib/kamal/configuration/docs"
class DocWriter
attr_reader :from_file, :to_file, :key, :heading, :body, :output, :in_yaml
@@ -70,6 +71,7 @@ class DocWriter
generate_line(line, heading: place == :new_section)
place = :in_section
else
output.puts
output.puts "```yaml"
output.puts line
place = :in_yaml
@@ -77,6 +79,7 @@ class DocWriter
when :in_yaml, :in_empty_line_yaml
if line =~ /^ *#/
output.puts "```"
output.puts
generate_line(line, heading: place == :in_empty_line_yaml)
place = :in_section
elsif line.empty?
@@ -92,11 +95,12 @@ class DocWriter
def generate_header
output.puts "---"
output.puts "# This file has been generated from the Kamal source, do not edit directly."
output.puts "# Find the source of this file at #{DOCS_PATH}/#{key}.yml in the Kamal repository."
output.puts "title: #{heading[2..-1]}"
output.puts "---"
output.puts
output.puts heading
output.puts
end
def generate_line(line, heading: false)
@@ -118,7 +122,11 @@ class DocWriter
end
def linkify(text)
text.downcase.gsub(" ", "-")
if text == "Configuration overview"
"overview"
else
text.downcase.gsub(" ", "-")
end
end
def titlify(text)
@@ -126,10 +134,8 @@ class DocWriter
end
end
from_dir = File.join(File.dirname(__FILE__), "../lib/kamal/configuration/docs")
from_dir = File.join(File.dirname(__FILE__), "../#{DOCS_PATH}")
to_dir = File.join(kamal_site_repo, "docs/configuration")
Dir.glob("#{from_dir}/*") do |from_file|
key = File.basename(from_file, ".yml")
DocWriter.new(from_file, to_dir).write
end

1
kamal.gemspec
View File

@@ -14,7 +14,6 @@ Gem::Specification.new do |spec|
spec.add_dependency "activesupport", ">= 7.0"
spec.add_dependency "sshkit", ">= 1.23.0", "< 2.0"
spec.add_dependency "net-ssh", "~> 7.0"
spec.add_dependency "net-ssh-gateway"
spec.add_dependency "thor", "~> 1.3"
spec.add_dependency "dotenv", "~> 3.1"
spec.add_dependency "zeitwerk", "~> 2.5"

2
lib/kamal/cli/accessory.rb
View File

@@ -275,7 +275,7 @@ class Kamal::Cli::Accessory < Kamal::Cli::Base
def prepare(name)
with_accessory(name) do |accessory, hosts|
on(hosts) do
execute *KAMAL.registry.login unless KAMAL.config.registry.local?
execute *KAMAL.registry.login
execute *KAMAL.docker.create_network
rescue SSHKit::Command::Failed => e
raise unless e.message.include?("already exists")

7
lib/kamal/cli/build.rb
View File

@@ -1,5 +1,4 @@
require "uri"
require "net/ssh"
class Kamal::Cli::Build < Kamal::Cli::Base
class BuildError < StandardError; end
@@ -61,8 +60,6 @@ class Kamal::Cli::Build < Kamal::Cli::Base
desc "pull", "Pull app image from registry onto servers"
def pull
tunnels = Kamal::Cli::Tunnel::RemotePorts.new(KAMAL.hosts, KAMAL.config.registry.local_port).tap(&:open) if KAMAL.config.registry.local?
if (first_hosts = mirror_hosts).any?
#  Pull on a single host per mirror first to seed them
say "Pulling image on #{first_hosts.join(", ")} to seed the #{"mirror".pluralize(first_hosts.count)}...", :magenta
@@ -72,8 +69,6 @@ class Kamal::Cli::Build < Kamal::Cli::Base
else
pull_on_hosts(KAMAL.hosts)
end
ensure
tunnels&.close
end
desc "create", "Create a build setup"
@@ -157,7 +152,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
end
def pull_on_hosts(hosts)
on(hosts) do |host|
on(hosts) do
execute *KAMAL.auditor.record("Pulled image with version #{KAMAL.config.version}"), verbosity: :debug
execute *KAMAL.builder.clean, raise_on_non_zero_exit: false
execute *KAMAL.builder.pull

4
lib/kamal/cli/main.rb
View File

@@ -22,7 +22,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
invoke_options = deploy_options
say "Log into image registry...", :magenta
invoke "kamal:cli:registry:setup", [], invoke_options.merge(skip_local: options[:skip_push])
invoke "kamal:cli:registry:login", [], invoke_options.merge(skip_local: options[:skip_push])
if options[:skip_push]
say "Pull app image...", :magenta
@@ -184,7 +184,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
invoke "kamal:cli:app:remove", [], options.without(:confirmed)
invoke "kamal:cli:proxy:remove", [], options.without(:confirmed)
invoke "kamal:cli:accessory:remove", [ "all" ], options
invoke "kamal:cli:registry:remove", [], options.without(:confirmed).merge(skip_local: true)
invoke "kamal:cli:registry:logout", [], options.without(:confirmed).merge(skip_local: true)
end
end
end

46
lib/kamal/cli/proxy.rb
View File

@@ -9,7 +9,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
end
on(KAMAL.proxy_hosts) do |host|
execute *KAMAL.registry.login unless KAMAL.config.registry.local?
execute *KAMAL.registry.login
version = capture_with_info(*KAMAL.proxy.version).strip.presence
@@ -21,6 +21,36 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
end
end
desc "boot_config <set|get|clear>", "Mange kamal-proxy boot configuration"
option :publish, type: :boolean, default: true, desc: "Publish the proxy ports on the host"
option :http_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTP_PORT, desc: "HTTP port to publish on the host"
option :https_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTPS_PORT, desc: "HTTPS port to publish on the host"
option :docker_options, type: :array, default: [], desc: "Docker options to pass to the proxy container", banner: "option=value option2=value2"
def boot_config(subcommand)
case subcommand
when "set"
boot_options = [
*(KAMAL.config.proxy_publish_args(options[:http_port], options[:https_port]) if options[:publish]),
*options[:docker_options].map { |option| "--#{option}" }
]
on(KAMAL.proxy_hosts) do |host|
execute(*KAMAL.proxy.ensure_proxy_directory)
upload! StringIO.new(boot_options.join(" ")), KAMAL.config.proxy_options_file
end
when "get"
on(KAMAL.proxy_hosts) do |host|
puts "Host #{host}: #{capture_with_info(*KAMAL.proxy.get_boot_options)}"
end
when "reset"
on(KAMAL.proxy_hosts) do |host|
execute *KAMAL.proxy.reset_boot_options
end
else
raise ArgumentError, "Unknown boot_config subcommand #{subcommand}"
end
end
desc "reboot", "Reboot proxy on servers (stop container, remove container, start new container)"
option :rolling, type: :boolean, default: false, desc: "Reboot proxy on hosts in sequence, rather than in parallel"
option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
@@ -33,7 +63,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
run_hook "pre-proxy-reboot", hosts: host_list
on(hosts) do |host|
execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
execute *KAMAL.registry.login unless KAMAL.config.registry.local?
execute *KAMAL.registry.login
"Stopping and removing Traefik on #{host}, if running..."
execute *KAMAL.proxy.cleanup_traefik
@@ -76,7 +106,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
run_hook "pre-proxy-reboot", hosts: host_list
on(hosts) do |host|
execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
execute *KAMAL.registry.login unless KAMAL.config.registry.local?
execute *KAMAL.registry.login
"Stopping and removing Traefik on #{host}, if running..."
execute *KAMAL.proxy.cleanup_traefik
@@ -169,6 +199,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
stop
remove_container
remove_image
remove_proxy_directory
end
end
end
@@ -193,6 +224,15 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
end
end
desc "remove_proxy_directory", "Remove the proxy directory from servers", hide: true
def remove_proxy_directory
with_lock do
on(KAMAL.proxy_hosts) do
execute *KAMAL.proxy.remove_proxy_directory, raise_on_non_zero_exit: false
end
end
end
private
def removal_allowed?(force)
on(KAMAL.proxy_hosts) do |host|

24
lib/kamal/cli/registry.rb
View File

@@ -1,25 +1,17 @@
class Kamal::Cli::Registry < Kamal::Cli::Base
desc "login", "Setup local registry or log in to remote registry locally and remotely"
desc "login", "Log in to registry locally and remotely"
option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
def setup
if KAMAL.registry.local?
run_locally { execute *KAMAL.registry.setup } unless options[:skip_local]
else
run_locally { execute *KAMAL.registry.login } unless options[:skip_local]
on(KAMAL.hosts) { execute *KAMAL.registry.login } unless options[:skip_remote]
end
def login
run_locally { execute *KAMAL.registry.login } unless options[:skip_local]
on(KAMAL.hosts) { execute *KAMAL.registry.login } unless options[:skip_remote]
end
desc "remove", "Remove local registry or log out of remote registry locally and remotely"
desc "logout", "Log out of registry locally and remotely"
option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
def remove
if KAMAL.registry.local?
run_locally { execute *KAMAL.registry.remove, raise_on_non_zero_exit: false } unless options[:skip_local]
else
run_locally { execute *KAMAL.registry.logout } unless options[:skip_local]
on(KAMAL.hosts) { execute *KAMAL.registry.logout } unless options[:skip_remote]
end
def logout
run_locally { execute *KAMAL.registry.logout } unless options[:skip_local]
on(KAMAL.hosts) { execute *KAMAL.registry.logout } unless options[:skip_remote]
end
end

2
lib/kamal/cli/secrets.rb
View File

@@ -7,7 +7,7 @@ class Kamal::Cli::Secrets < Kamal::Cli::Base
def fetch(*secrets)
results = adapter(options[:adapter]).fetch(secrets, **options.slice(:account, :from).symbolize_keys)
return_or_puts JSON.dump(results).shellescape, inline: options[:inline]
return_or_puts JSON.dump(results), inline: options[:inline]
end
desc "extract", "Extract a single secret from the results of a fetch call"

74
lib/kamal/cli/templates/deploy.yml
View File

@@ -2,11 +2,22 @@
service: my-app
# Name of the container image.
image: user/my-app
image: my-user/my-app
# Deploy to these servers.
servers:
- 192.168.0.1
web:
- 192.168.0.1
# job:
# hosts:
# - 192.168.0.1
# cmd: bin/jobs
# Enable SSL auto certification via Let's Encrypt (and allow for multiple apps on one server).
# Set ssl: false if using something like Cloudflare to terminate SSL (but keep host!).
proxy:
ssl: true
host: app.example.com
# Credentials for your image host.
registry:
@@ -14,7 +25,7 @@ registry:
# server: registry.digitalocean.com / ghcr.io / ...
username: my-user
# Always use an access token rather than real password when possible.
# Always use an access token rather than real password (pulled from .kamal/secrets).
password:
- KAMAL_REGISTRY_PASSWORD
@@ -22,19 +33,44 @@ registry:
builder:
arch: amd64
# Inject ENV variables into containers (secrets come from .env).
# Remember to run `kamal env push` after making changes!
# Inject ENV variables into containers (secrets come from .kamal/secrets).
#
# env:
# clear:
# DB_HOST: 192.168.0.2
# secret:
# - RAILS_MASTER_KEY
# Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
# "bin/kamal logs -r job" will tail logs from the first server in the job section.
#
# aliases:
# shell: app exec --interactive --reuse "bash"
# Use a different ssh user than root
#
# ssh:
# user: app
# Use accessory services (secrets come from .env).
# Use a persistent storage volume.
#
# volumes:
# - "app_storage:/app/storage"
# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
# hitting 404 on in-flight requests. Combines all files from new and old
# version inside the asset_path.
#
# asset_path: /app/public/assets
# Configure rolling deploys by setting a wait time between batches of restarts.
#
# boot:
# limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
# wait: 2
# Use accessory services (secrets come from .kamal/secrets).
#
# accessories:
# db:
# image: mysql:8.0
@@ -56,29 +92,3 @@ builder:
# port: 6379
# directories:
# - data:/data
# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
# hitting 404 on in-flight requests. Combines all files from new and old
# version inside the asset_path.
#
# If your app is using the Sprockets gem, ensure it sets `config.assets.manifest`.
# See https://github.com/basecamp/kamal/issues/626 for details
#
# asset_path: /rails/public/assets
# Configure rolling deploys by setting a wait time between batches of restarts.
# boot:
# limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
# wait: 2
# Configure the role used to determine the primary_host. This host takes
# deploy locks, runs health checks during the deploy, and follow logs, etc.
#
# Caution: there's no support for role renaming yet, so be careful to cleanup
# the previous role on the deployed hosts.
# primary_role: web
# Controls if we abort when see a role with no hosts. Disabling this may be
# useful for more complex deploy configurations.
#
# allow_empty_roles: false

2
lib/kamal/cli/templates/sample_hooks/pre-proxy-reboot.sample
View File

@@ -1,3 +1,3 @@
#!/bin/sh
echo "Rebooting Traefik on $KAMAL_HOSTS..."
echo "Rebooting kamal-proxy on $KAMAL_HOSTS..."

5
lib/kamal/cli/templates/secrets
View File

@@ -1,5 +1,6 @@
# WARNING: Avoid adding secrets directly to this file
# If you must, then add `.kamal/secrets*` to your .gitignore file
# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets,
# and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either
# password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git.
# Option 1: Read secrets from the environment
KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD

66
lib/kamal/cli/tunnel/remote_ports.rb
View File

@@ -1,66 +0,0 @@
Signal.trap "SIGPROF" do
Thread.list.each do |thread|
puts thread.name
puts thread.backtrace.map { |bt| " #{bt}" }
puts
end
end
require "concurrent/map"
class Kamal::Cli::Tunnel::RemotePorts
attr_reader :hosts, :port
def initialize(hosts, port)
@hosts = hosts
@port = port
@open = false
end
def open
@open = true
@opened = Concurrent::Map.new
@threads = hosts.map do |host|
Thread.new do
Net::SSH.start(host, KAMAL.config.ssh.user) do |ssh|
forwarding = nil
ssh.forward.remote(port, "localhost", port, "localhost") do |actual_remote_port|
forwarding = !!actual_remote_port
:no_exception # will yield the exception on my own thread
end
ssh.loop { forwarding.nil? }
if forwarding
@opened[host] = true
ssh.loop(0.1) { @open }
ssh.forward.cancel_remote(port, "localhost")
ssh.loop(0.1) { ssh.forward.active_remotes.include?([ port, "localhost" ]) }
else
@opened[host] = false
end
end
rescue => e
@opened[host] = false
puts e.message
puts e.backtrace
end
end
loop do
break if @opened.size == hosts.size
sleep 0.1
end
raise "Could not open tunnels on #{opened.reject { |k, v| v }.join(", ")}" unless @opened.values.all?
end
def close
p "Closing"
@open = false
p "Joining"
@threads.each(&:join)
p "Joined"
end
end

19
lib/kamal/commands/proxy.rb
View File

@@ -7,9 +7,8 @@ class Kamal::Commands::Proxy < Kamal::Commands::Base
"--network", "kamal",
"--detach",
"--restart", "unless-stopped",
*config.proxy_publish_args,
"--volume", "kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy",
*config.logging_args,
"\$\(#{get_boot_options.join(" ")}\)",
config.proxy_image
end
@@ -65,6 +64,22 @@ class Kamal::Commands::Proxy < Kamal::Commands::Base
)
end
def ensure_proxy_directory
make_directory config.proxy_directory
end
def remove_proxy_directory
remove_directory config.proxy_directory
end
def get_boot_options
combine [ :cat, config.proxy_options_file ], [ :echo, "\"#{config.proxy_options_default.join(" ")}\"" ], by: "||"
end
def reset_boot_options
remove_file config.proxy_options_file
end
private
def container_name
config.proxy_container_name

23
lib/kamal/commands/registry.rb
View File

@@ -1,6 +1,5 @@
class Kamal::Commands::Registry < Kamal::Commands::Base
delegate :registry, to: :config
delegate :local?, :local_port, to: :registry
def login
docker :login,
@@ -12,26 +11,4 @@ class Kamal::Commands::Registry < Kamal::Commands::Base
def logout
docker :logout, registry.server
end
def setup
combine \
docker(:start, "kamal-docker-registry"),
docker(:run, "--detach", "-p", "127.0.0.1:#{local_port}:5000", "--name", "kamal-docker-registry", "registry:2"),
by: "||"
end
def remove
combine \
docker(:stop, "kamal-docker-registry"),
docker(:rm, "kamal-docker-registry"),
by: "&&"
end
def logout
docker :logout, registry.server
end
def tunnel(host)
run_over_ssh "-R", "#{local_port}:localhost:#{local_port}", host: host
end
end

18
lib/kamal/configuration.rb
View File

@@ -14,7 +14,7 @@ class Kamal::Configuration
include Validation
PROXY_MINIMUM_VERSION = "v0.4.0"
PROXY_MINIMUM_VERSION = "v0.6.0"
PROXY_HTTP_PORT = 80
PROXY_HTTPS_PORT = 443
@@ -246,8 +246,12 @@ class Kamal::Configuration
env_tags.detect { |t| t.name == name.to_s }
end
def proxy_publish_args
argumentize "--publish", [ "#{PROXY_HTTP_PORT}:#{PROXY_HTTP_PORT}", "#{PROXY_HTTPS_PORT}:#{PROXY_HTTPS_PORT}" ]
def proxy_publish_args(http_port, https_port)
argumentize "--publish", [ "#{http_port}:#{PROXY_HTTP_PORT}", "#{https_port}:#{PROXY_HTTPS_PORT}" ]
end
def proxy_options_default
proxy_publish_args PROXY_HTTP_PORT, PROXY_HTTPS_PORT
end
def proxy_image
@@ -258,6 +262,14 @@ class Kamal::Configuration
"kamal-proxy"
end
def proxy_directory
File.join run_directory, "proxy"
end
def proxy_options_file
File.join proxy_directory, "options"
end
def to_h
{

30
lib/kamal/configuration/docs/accessory.yml
View File

@@ -3,32 +3,32 @@
# Accessories can be booted on a single host, a list of hosts, or on specific roles.
# The hosts do not need to be defined in the Kamal servers configuration.
#
# Accessories are managed separately from the main service - they are not updated
# when you deploy and they do not have zero-downtime deployments.
# Accessories are managed separately from the main service they are not updated
# when you deploy, and they do not have zero-downtime deployments.
#
# Run `kamal accessory boot <accessory>` to boot an accessory.
# See `kamal accessory --help` for more information.
# Configuring accessories
#
# First define the accessory in the `accessories`
# First, define the accessory in the `accessories`:
accessories:
mysql:
# Service name
#
# This is used in the service label and defaults to `<service>-<accessory>`
# where `<service>` is the main service name from the root configuration
# This is used in the service label and defaults to `<service>-<accessory>`,
# where `<service>` is the main service name from the root configuration:
service: mysql
# Image
#
# The Docker image to use, prefix with a registry if not using Docker hub
# The Docker image to use, prefix it with a registry if not using Docker Hub:
image: mysql:8.0
# Accessory hosts
#
# Specify one of `host`, `hosts` or `roles`
# Specify one of `host`, `hosts`, or `roles`:
host: mysql-db1
hosts:
- mysql-db1
@@ -38,12 +38,12 @@ accessories:
# Custom command
#
# You can set a custom command to run in the container, if you do not want to use the default
# You can set a custom command to run in the container if you do not want to use the default:
cmd: "bin/mysqld"
# Port mappings
#
# See https://docs.docker.com/network/, especially note the warning about the security
# See https://docs.docker.com/network/, and especially note the warning about the security
# implications of exposing ports publicly.
port: "127.0.0.1:3306:3306"
@@ -52,20 +52,22 @@ accessories:
app: myapp
# Options
# These are passed to the Docker run command in the form `--<name> <value>`
#
# These are passed to the Docker run command in the form `--<name> <value>`:
options:
restart: always
cpus: 2
# Environment variables
# See kamal docs env for more information
#
# See kamal docs env for more information:
env:
...
# Copying files
#
# You can specify files to mount into the container.
# The format is `local:remote` where `local` is the path to the file on the local machine
# The format is `local:remote`, where `local` is the path to the file on the local machine
# and `remote` is the path to the file in the container.
#
# They will be uploaded from the local repo to the host and then mounted.
@@ -78,13 +80,13 @@ accessories:
# Directories
#
# You can specify directories to mount into the container. They will be created on the host
# before being mounted
# before being mounted:
directories:
- mysql-logs:/var/log/mysql
# Volumes
#
# Any other volumes to mount, in addition to the files and directories.
# They are not created or copied before mounting
# They are not created or copied before mounting:
volumes:
- /path/to/mysql-logs:/var/log/mysql

6
lib/kamal/configuration/docs/alias.yml
View File

@@ -12,15 +12,15 @@
aliases:
console: app exec -r console -i "rails console"
# You can now open the console with:
#
# ```shell
# kamal console
# ```
# Configuring aliases
#
# Aliases are defined in the root config under the alias key
# Aliases are defined in the root config under the alias key.
#
# Each alias is named and can only contain lowercase letters, numbers, dashes and underscores.
# Each alias is named and can only contain lowercase letters, numbers, dashes, and underscores:
aliases:
uname: app exec -p -q -r web "uname -a"

6
lib/kamal/configuration/docs/boot.yml
View File

@@ -2,18 +2,18 @@
#
# When deploying to large numbers of hosts, you might prefer not to restart your services on every host at the same time.
#
# Kamals default is to boot new containers on all hosts in parallel. But you can control this with the boot configuration.
# Kamals default is to boot new containers on all hosts in parallel. However, you can control this with the boot configuration.
# Fixed group sizes
#
# Here we boot 2 hosts at a time with a 10 second gap between each group.
# Here, we boot 2 hosts at a time with a 10-second gap between each group:
boot:
limit: 2
wait: 10
# Percentage of hosts
#
# Here we boot 25% of the hosts at a time with a 2 second gap between each group.
# Here, we boot 25% of the hosts at a time with a 2-second gap between each group:
boot:
limit: 25%
wait: 2

40
lib/kamal/configuration/docs/builder.yml
View File

@@ -1,8 +1,8 @@
# Builder
#
# The builder configuration controls how the application is built with `docker build`
# The builder configuration controls how the application is built with `docker build`.
#
# See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information
# See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information.
# Builder options
#
@@ -11,15 +11,15 @@ builder:
# Arch
#
# The architectures to build for - you can set an array or just a single value.
# The architectures to build for you can set an array or just a single value.
#
# Allowed values are `amd64` and `arm64`
# Allowed values are `amd64` and `arm64`:
arch:
- amd64
# Remote
#
# The connection string for a remote builder. If supplied Kamal will use this
# The connection string for a remote builder. If supplied, Kamal will use this
# for builds that do not match the local architecture of the deployment host.
remote: ssh://docker@docker-builder
@@ -28,14 +28,14 @@ builder:
# If set to false, Kamal will always use the remote builder even when building
# the local architecture.
#
# Defaults to true
# Defaults to true:
local: true
# Builder cache
#
# The type must be either 'gha' or 'registry'
# The type must be either 'gha' or 'registry'.
#
# The image is only used for registry cache. Not compatible with the docker driver
# The image is only used for registry cache and is not compatible with the Docker driver:
cache:
type: registry
options: mode=max
@@ -43,25 +43,25 @@ builder:
# Build context
#
# If this is not set, then a local git clone of the repo is used.
# If this is not set, then a local Git clone of the repo is used.
# This ensures a clean build with no uncommitted changes.
#
# To use the local checkout instead you can set the context to `.`, or a path to another directory.
# To use the local checkout instead, you can set the context to `.`, or a path to another directory.
context: .
# Dockerfile
#
# The Dockerfile to use for building, defaults to `Dockerfile`
# The Dockerfile to use for building, defaults to `Dockerfile`:
dockerfile: Dockerfile.production
# Build target
#
# If not set, then the default target is used
# If not set, then the default target is used:
target: production
# Build Arguments
# Build arguments
#
# Any additional build arguments, passed to `docker build` with `--build-arg <key>=<value>`
# Any additional build arguments, passed to `docker build` with `--build-arg <key>=<value>`:
args:
ENVIRONMENT: production
@@ -74,33 +74,31 @@ builder:
# Build secrets
#
# Values are read from .kamal/secrets.
#
# Values are read from `.kamal/secrets`:
secrets:
- SECRET1
- SECRET2
# Referencing Build Secrets
# Referencing build secrets
#
# ```shell
# # Copy Gemfiles
# COPY Gemfile Gemfile.lock ./
#
# # Install dependencies, including private repositories via access token
# # Then remove bundle cache with exposed GITHUB_TOKEN)
# # Then remove bundle cache with exposed GITHUB_TOKEN
# RUN --mount=type=secret,id=GITHUB_TOKEN \
# BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
# bundle install && \
# rm -rf /usr/local/bundle/cache
# ```
# SSH
#
# SSH agent socket or keys to expose to the build
# SSH agent socket or keys to expose to the build:
ssh: default=$SSH_AUTH_SOCK
# Driver
#
# The build driver to use, defaults to `docker-container`
# The build driver to use, defaults to `docker-container`:
driver: docker

70
lib/kamal/configuration/docs/configuration.yml
View File

@@ -1,14 +1,13 @@
# Kamal Configuration
#
# Configuration is read from the `config/deploy.yml`
#
# Configuration is read from the `config/deploy.yml`.
# Destinations
#
# When running commands, you can specify a destination with the `-d` flag,
# e.g. `kamal deploy -d staging`
# e.g., `kamal deploy -d staging`.
#
# In this case the configuration will also be read from `config/deploy.staging.yml`
# In this case, the configuration will also be read from `config/deploy.staging.yml`
# and merged with the base configuration.
# Extensions
@@ -18,10 +17,11 @@
# However, you might want to declare a configuration block using YAML anchors
# and aliases to avoid repetition.
#
# You can use prefix a configuration section with `x-` to indicate that it is an
# You can prefix a configuration section with `x-` to indicate that it is an
# extension. Kamal will ignore the extension and not raise an error.
# The service name
#
# This is a required value. It is used as the container name prefix.
service: myapp
@@ -32,147 +32,147 @@ image: my-image
# Labels
#
# Additional labels to add to the container
# Additional labels to add to the container:
labels:
my-label: my-value
# Volumes
#
# Additional volumes to mount into the container
# Additional volumes to mount into the container:
volumes:
- /path/on/host:/path/in/container:ro
# Registry
#
# The Docker registry configuration, see kamal docs registry
# The Docker registry configuration, see kamal docs registry:
registry:
...
# Servers
#
# The servers to deploy to, optionally with custom roles, see kamal docs servers
# The servers to deploy to, optionally with custom roles, see kamal docs servers:
servers:
...
# Environment variables
#
# See kamal docs env
# See kamal docs env:
env:
...
# Asset Path
# Asset path
#
# Used for asset bridging across deployments, default to `nil`
# Used for asset bridging across deployments, default to `nil`.
#
# If there are changes to CSS or JS files, we may get requests
# for the old versions on the new container and vice-versa.
# for the old versions on the new container, and vice versa.
#
# To avoid 404s we can specify an asset path.
# To avoid 404s, we can specify an asset path.
# Kamal will replace that path in the container with a mapped
# volume containing both sets of files.
# This requires that file names change when the contents change
# (e.g. by including a hash of the contents in the name).
# (e.g., by including a hash of the contents in the name).
#
# To configure this, set the path to the assets:
asset_path: /path/to/assets
# Hooks path
#
# Path to hooks, defaults to `.kamal/hooks`
# See https://kamal-deploy.org/docs/hooks for more information
# Path to hooks, defaults to `.kamal/hooks`.
# See https://kamal-deploy.org/docs/hooks for more information:
hooks_path: /user_home/kamal/hooks
# Require destinations
#
# Whether deployments require a destination to be specified, defaults to `false`
# Whether deployments require a destination to be specified, defaults to `false`:
require_destination: true
# Primary role
#
# This defaults to `web`, but if you have no web role, you can change this
# This defaults to `web`, but if you have no web role, you can change this:
primary_role: workers
# Allowing empty roles
#
# Whether roles with no servers are allowed. Defaults to `false`.
# Whether roles with no servers are allowed. Defaults to `false`:
allow_empty_roles: false
# Retain containers
#
# How many old containers and images we retain, defaults to 5
# How many old containers and images we retain, defaults to 5:
retain_containers: 3
# Minimum version
#
# The minimum version of Kamal required to deploy this configuration, defaults to nil
# The minimum version of Kamal required to deploy this configuration, defaults to `nil`:
minimum_version: 1.3.0
# Readiness delay
#
# Seconds to wait for a container to boot after is running, default 7
# Seconds to wait for a container to boot after it is running, default 7.
#
# This only applies to containers that do not run a proxy or specify a healthcheck
# This only applies to containers that do not run a proxy or specify a healthcheck:
readiness_delay: 4
# Deploy timeout
#
# How long to wait for a container to become ready, default 30
# How long to wait for a container to become ready, default 30:
deploy_timeout: 10
# Drain timeout
#
# How long to wait for a containers to drain, default 30
# How long to wait for a container to drain, default 30:
drain_timeout: 10
# Run directory
#
# Directory to store kamal runtime files in on the host, default `.kamal`
# Directory to store kamal runtime files in on the host, default `.kamal`:
run_directory: /etc/kamal
# SSH options
#
# See kamal docs ssh
# See kamal docs ssh:
ssh:
...
# Builder options
#
# See kamal docs builder
# See kamal docs builder:
builder:
...
# Accessories
#
# Additionals services to run in Docker, see kamal docs accessory
# Additional services to run in Docker, see kamal docs accessory:
accessories:
...
# Proxy
#
# Configuration for kamal-proxy, see kamal docs proxy
# Configuration for kamal-proxy, see kamal docs proxy:
proxy:
...
# SSHKit
#
# See kamal docs sshkit
# See kamal docs sshkit:
sshkit:
...
# Boot options
#
# See kamal docs boot
# See kamal docs boot:
boot:
...
# Logging
#
# Docker logging configuration, see kamal docs logging
# Docker logging configuration, see kamal docs logging:
logging:
...
# Aliases
#
# Alias configuration, see kamal docs alias
# Alias configuration, see kamal docs alias:
aliases:
...

23
lib/kamal/configuration/docs/env.yml
View File

@@ -1,13 +1,13 @@
# Environment variables
#
# Environment variables can be set directly in the Kamal configuration or
# read from .kamal/secrets.
# read from `.kamal/secrets`.
# Reading environment variables from the configuration
#
# Environment variables can be set directly in the configuration file.
#
# These are passed to the docker run command when deploying.
# These are passed to the `docker run` command when deploying.
env:
DATABASE_HOST: mysql-db1
DATABASE_PORT: 3306
@@ -16,7 +16,7 @@ env:
#
# Kamal uses dotenv to automatically load environment variables set in the `.kamal/secrets` file.
#
# If you are using destinations, secrets will instead be read from `.kamal/secrets-<DESTINATION>` if
# If you are using destinations, secrets will instead be read from `.kamal/secrets.<DESTINATION>` if
# it exists.
#
# Common secrets across all destinations can be set in `.kamal/secrets-common`.
@@ -24,26 +24,27 @@ env:
# This file can be used to set variables like `KAMAL_REGISTRY_PASSWORD` or database passwords.
# You can use variable or command substitution in the secrets file.
#
# ```
# ```shell
# KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
# RAILS_MASTER_KEY=$(cat config/master.key)
# ```
#
# You can also use [secret helpers](../commands/secrets) for some common password managers.
# ```
# You can also use [secret helpers](../../commands/secrets) for some common password managers.
#
# ```shell
# SECRETS=$(kamal secrets fetch ...)
#
# REGISTRY_PASSWORD=$(kamal secrets extract REGISTRY_PASSWORD $SECRETS)
# DB_PASSWORD=$(kamal secrets extract DB_PASSWORD $SECRETS)
# ```
#
# If you store secrets directly in .kamal/secrets, ensure that it is not checked into version control.
# If you store secrets directly in `.kamal/secrets`, ensure that it is not checked into version control.
#
# To pass the secrets you should list them under the `secret` key. When you do this the
# To pass the secrets, you should list them under the `secret` key. When you do this, the
# other variables need to be moved under the `clear` key.
#
# Unlike clear values, secrets are not passed directly to the container,
# but are stored in an env file on the host
# Unlike clear values, secrets are not passed directly to the container
# but are stored in an env file on the host:
env:
clear:
DB_USER: app
@@ -55,7 +56,7 @@ env:
# Tags are used to add extra env variables to specific hosts.
# See kamal docs servers for how to tag hosts.
#
# Tags are only allowed in the top level env configuration (i.e not under a role specific env).
# Tags are only allowed in the top-level env configuration (i.e., not under a role-specific env).
#
# The env variables can be specified with secret and clear values as explained above.
env:

6
lib/kamal/configuration/docs/logging.yml
View File

@@ -6,16 +6,16 @@
#
# These go under the logging key in the configuration file.
#
# This can be specified in the root level or for a specific role.
# This can be specified at the root level or for a specific role.
logging:
# Driver
#
# The logging driver to use, passed to Docker via `--log-driver`
# The logging driver to use, passed to Docker via `--log-driver`:
driver: json-file
# Options
#
# Any logging options to pass to the driver, passed to Docker via `--log-opt`
# Any logging options to pass to the driver, passed to Docker via `--log-opt`:
options:
max-size: 100m

46
lib/kamal/configuration/docs/proxy.yml
View File

@@ -5,16 +5,16 @@
# application container.
#
# The proxy is configured in the root configuration under `proxy`. These are
# options that are set when deploying the application, not when booting the proxy
# options that are set when deploying the application, not when booting the proxy.
#
# They are application specific, so are not shared when multiple applications
# They are application-specific, so they are not shared when multiple applications
# run on the same proxy.
#
# The proxy is enabled by default on the primary role, but can be disabled by
# The proxy is enabled by default on the primary role but can be disabled by
# setting `proxy: false`.
#
# It is disabled by default on all other roles, but can be enabled by setting
# `proxy: true`, or providing a proxy configuration.
# It is disabled by default on all other roles but can be enabled by setting
# `proxy: true` or providing a proxy configuration.
proxy:
# Host
@@ -25,34 +25,36 @@ proxy:
# If no hosts are set, then all requests will be forwarded, except for matching
# requests for other apps deployed on that server that do have a host set.
host: foo.example.com
# If multiple hosts are needed, these can be specified by comma-separating the hosts.
host: foo.example.com,bar.example.com
# App port
#
# The port the application container is exposed on
# The port the application container is exposed on.
#
# Defaults to 80
# Defaults to 80:
app_port: 3000
# SSL
#
# kamal-proxy can provide automatic HTTPS for your application via Let's Encrypt.
#
# This requires that we are deploying to a one server and the host option is set.
# The host value must point to the server we are deploying to and port 443 must be
# This requires that we are deploying to one server and the host option is set.
# The host value must point to the server we are deploying to, and port 443 must be
# open for the Let's Encrypt challenge to succeed.
#
# Defaults to false
# Defaults to `false`:
ssl: true
# Response timeout
#
# How long to wait for requests to complete before timing out, defaults to 30 seconds
# How long to wait for requests to complete before timing out, defaults to 30 seconds:
response_timeout: 10
# Healthcheck
#
# When deploying, the proxy will by default hit /up once every second until we hit
# the deploy timeout, with a 5 second timeout for each request.
# When deploying, the proxy will by default hit `/up` once every second until we hit
# the deploy timeout, with a 5-second timeout for each request.
#
# Once the app is up, the proxy will stop hitting the healthcheck endpoint.
healthcheck:
@@ -62,12 +64,12 @@ proxy:
# Buffering
#
# Whether to buffer request and response bodies in the proxy
# Whether to buffer request and response bodies in the proxy.
#
# By default buffering is enabled with a max request body size of 1GB and no limit
# By default, buffering is enabled with a max request body size of 1GB and no limit
# for response size.
#
# You can also set the memory limit for buffering, which defaults to 1MB, anything
# You can also set the memory limit for buffering, which defaults to 1MB; anything
# larger than that is written to disk.
buffering:
requests: true
@@ -78,9 +80,9 @@ proxy:
# Logging
#
# Configure request logging for the proxy
# Configure request logging for the proxy.
# You can specify request and response headers to log.
# By default, Cache-Control, Last-Modified and User-Agent request headers are logged
# By default, `Cache-Control`, `Last-Modified`, and `User-Agent` request headers are logged:
logging:
request_headers:
- Cache-Control
@@ -91,10 +93,10 @@ proxy:
# Forward headers
#
# Whether to forward the X-Forwarded-For and X-Forwarded-Proto headers.
# Whether to forward the `X-Forwarded-For` and `X-Forwarded-Proto` headers.
#
# If you are behind a trusted proxy, you can set this to true to forward the headers.
# If you are behind a trusted proxy, you can set this to `true` to forward the headers.
#
# By default kamal-proxy will not forward the headers the ssl option is set to true, and
# will forward them if it is set to false.
# By default, kamal-proxy will not forward the headers if the `ssl` option is set to `true`, and
# will forward them if it is set to `false`.
forward_headers: true

27
lib/kamal/configuration/docs/registry.yml
View File

@@ -1,10 +1,9 @@
# Registry
#
# The default registry is Docker Hub, but you can change it using registry/server:
# The default registry is Docker Hub, but you can change it using `registry/server`.
#
# A reference to secret (in this case DOCKER_REGISTRY_TOKEN) will look up the secret
# in the local environment.
# A reference to a secret (in this case, `DOCKER_REGISTRY_TOKEN`) will look up the secret
# in the local environment:
registry:
server: registry.digitalocean.com
username:
@@ -13,30 +12,31 @@ registry:
- DOCKER_REGISTRY_TOKEN
# Using AWS ECR as the container registry
# You will need to have the aws CLI installed locally for this to work.
# AWS ECRs access token is only valid for 12hrs. In order to not have to manually regenerate the token every time, you can use ERB in the deploy.yml file to shell out to the aws cli command, and obtain the token:
#
# You will need to have the AWS CLI installed locally for this to work.
# AWS ECRs access token is only valid for 12 hours. In order to avoid having to manually regenerate the token every time, you can use ERB in the `deploy.yml` file to shell out to the AWS CLI command and obtain the token:
registry:
server: <your aws account id>.dkr.ecr.<your aws region id>.amazonaws.com
username: AWS
password: <%= %x(aws ecr get-login-password) %>
# Using GCP Artifact Registry as the container registry
# To sign into Artifact Registry, you would need to
#
# To sign into Artifact Registry, you need to
# [create a service account](https://cloud.google.com/iam/docs/service-accounts-create#creating)
# and [set up roles and permissions](https://cloud.google.com/artifact-registry/docs/access-control#permissions).
# Normally, assigning a roles/artifactregistry.writer role should be sufficient.
# Normally, assigning the `roles/artifactregistry.writer` role should be sufficient.
#
# Once the service account is ready, you need to generate and download a JSON key and base64 encode it:
#
# ```shell
# base64 -i /path/to/key.json | tr -d "\\n")
# base64 -i /path/to/key.json | tr -d "\\n"
# ```
# You'll then need to set the KAMAL_REGISTRY_PASSWORD secret to that value.
#
# Use the env variable as password along with _json_key_base64 as username.
# You'll then need to set the `KAMAL_REGISTRY_PASSWORD` secret to that value.
#
# Use the environment variable as the password along with `_json_key_base64` as the username.
# Heres the final configuration:
registry:
server: <your registry region>-docker.pkg.dev
username: _json_key_base64
@@ -46,6 +46,7 @@ registry:
# Validating the configuration
#
# You can validate the configuration by running:
#
# ```shell
# kamal registry login
# ```

17
lib/kamal/configuration/docs/role.yml
View File

@@ -1,22 +1,21 @@
# Roles
#
# Roles are used to configure different types of servers in the deployment.
# The most common use for this is to run a web servers and job servers.
# The most common use for this is to run web servers and job servers.
#
# Kamal expects there to be a `web` role, unless you set a different `primary_role`
# in the root configuration.
# Role configuration
#
# Roles are specified under the servers key
# Roles are specified under the servers key:
servers:
# Simple role configuration
#
# This can be a list of hosts if you don't need custom configuration for the role.
#
# This can be a list of hosts, if you don't need custom configuration for the role.
#
# You can set tags on the hosts for custom env variables (see kamal docs env)
# You can set tags on the hosts for custom env variables (see kamal docs env):
web:
- 172.1.0.1
- 172.1.0.2: experiment1
@@ -24,16 +23,16 @@ servers:
# Custom role configuration
#
# When there are other options to set, the list of hosts goes under the `hosts` key
# When there are other options to set, the list of hosts goes under the `hosts` key.
#
# By default only the primary role uses a proxy.
# By default, only the primary role uses a proxy.
#
# For other roles, you can set it to `proxy: true` enable it and inherit the root proxy
# For other roles, you can set it to `proxy: true` to enable it and inherit the root proxy
# configuration or provide a map of options to override the root configuration.
#
# For the primary role, you can set `proxy: false` to disable the proxy.
#
# You can also set a custom cmd to run in the container, and overwrite other settings
# You can also set a custom `cmd` to run in the container and overwrite other settings
# from the root configuration.
workers:
hosts:

4
lib/kamal/configuration/docs/servers.yml
View File

@@ -2,7 +2,7 @@
#
# Servers are split into different roles, with each role having its own configuration.
#
# For simpler deployments though where all servers are identical, you can just specify a list of servers
# For simpler deployments, though, where all servers are identical, you can just specify a list of servers.
# They will be implicitly assigned to the `web` role.
servers:
- 172.0.0.1
@@ -19,7 +19,7 @@ servers:
# Roles
#
# For more complex deployments (e.g. if you are running job hosts), you can specify roles, and configure each separately (see kamal docs role)
# For more complex deployments (e.g., if you are running job hosts), you can specify roles and configure each separately (see kamal docs role):
servers:
web:
...

35
lib/kamal/configuration/docs/ssh.yml
View File

@@ -1,9 +1,9 @@
# SSH configuration
#
# Kamal uses SSH to connect run commands on your hosts.
# By default it will attempt to connect to the root user on port 22
# Kamal uses SSH to connect and run commands on your hosts.
# By default, it will attempt to connect to the root user on port 22.
#
# If you are using non-root user, you may need to bootstrap your servers manually, before using them with Kamal. On Ubuntu, youd do:
# If you are using a non-root user, you may need to bootstrap your servers manually before using them with Kamal. On Ubuntu, youd do:
#
# ```shell
# sudo apt update
@@ -12,7 +12,6 @@
# sudo usermod -a -G docker app
# ```
# SSH options
#
# The options are specified under the ssh key in the configuration file.
@@ -20,46 +19,44 @@ ssh:
# The SSH user
#
# Defaults to `root`
#
# Defaults to `root`:
user: app
# The SSH port
#
# Defaults to 22
# Defaults to 22:
port: "2222"
# Proxy host
#
# Specified in the form <host> or <user>@<host>
# Specified in the form <host> or <user>@<host>:
proxy: root@proxy-host
# Proxy command
#
# A custom proxy command, required for older versions of SSH
# A custom proxy command, required for older versions of SSH:
proxy_command: "ssh -W %h:%p user@proxy"
# Log level
#
# Defaults to `fatal`. Set this to debug if you are having
# SSH connection issues.
# Defaults to `fatal`. Set this to `debug` if you are having SSH connection issues.
log_level: debug
# Keys Only
# Keys only
#
# Set to true to use only private keys from keys and key_data parameters,
# even if ssh-agent offers more identities. This option is intended for
# situations where ssh-agent offers many different identites or you have
# a need to overwrite all identites and force a single one.
# Set to `true` to use only private keys from the `keys` and `key_data` parameters,
# even if ssh-agent offers more identities. This option is intended for
# situations where ssh-agent offers many different identities or you
# need to overwrite all identities and force a single one.
keys_only: false
# Keys
#
# An array of file names of private keys to use for publickey
# and hostbased authentication
# An array of file names of private keys to use for public key
# and host-based authentication:
keys: [ "~/.ssh/id.pem" ]
# Key Data
# Key data
#
# An array of strings, with each element of the array being
# a raw private key in PEM format.

8
lib/kamal/configuration/docs/sshkit.yml
View File

@@ -2,8 +2,8 @@
#
# [SSHKit](https://github.com/capistrano/sshkit) is the SSH toolkit used by Kamal.
#
# The default settings should be sufficient for most use cases, but
# when connecting to a large number of hosts you may need to adjust
# The default, settings should be sufficient for most use cases, but
# when connecting to a large number of hosts, you may need to adjust.
# SSHKit options
#
@@ -13,11 +13,11 @@ sshkit:
# Max concurrent starts
#
# Creating SSH connections concurrently can be an issue when deploying to many servers.
# By default Kamal will limit concurrent connection starts to 30 at a time.
# By default, Kamal will limit concurrent connection starts to 30 at a time.
max_concurrent_starts: 10
# Pool idle timeout
#
# Kamal sets a long idle timeout of 900 seconds on connections to try to avoid
# re-connection storms after an idle period, like building an image or waiting for CI.
# re-connection storms after an idle period, such as building an image or waiting for CI.
pool_idle_timeout: 300

2
lib/kamal/configuration/proxy.rb
View File

@@ -29,7 +29,7 @@ class Kamal::Configuration::Proxy
def deploy_options
{
host: proxy_config["host"],
tls: proxy_config["ssl"],
tls: proxy_config["ssl"] ? true : nil,
"deploy-timeout": seconds_duration(config.deploy_timeout),
"drain-timeout": seconds_duration(config.drain_timeout),
"health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")),

8
lib/kamal/configuration/registry.rb
View File

@@ -21,14 +21,6 @@ class Kamal::Configuration::Registry
lookup("password")
end
def local?
server&.match?("^localhost[:$]")
end
def local_port
local? ? (server.split(":").last.to_i || 80) : nil
end
private
def lookup(key)
if registry_config[key].is_a?(Array)

8
lib/kamal/configuration/validator/registry.rb
View File

@@ -15,12 +15,10 @@ class Kamal::Configuration::Validator::Registry < Kamal::Configuration::Validato
with_context(key) do
value = config[key]
unless config["server"]&.match?("^localhost[:$]")
error "is required" unless value.present?
error "is required" unless value.present?
unless value.is_a?(String) || (value.is_a?(Array) && value.size == 1 && value.first.is_a?(String))
error "should be a string or an array with one string (for secret lookup)"
end
unless value.is_a?(String) || (value.is_a?(Array) && value.size == 1 && value.first.is_a?(String))
error "should be a string or an array with one string (for secret lookup)"
end
end
end

4
lib/kamal/secrets/adapters/last_pass.rb
View File

@@ -3,7 +3,7 @@ class Kamal::Secrets::Adapters::LastPass < Kamal::Secrets::Adapters::Base
def login(account)
unless loggedin?(account)
`lpass login #{account.shellescape}`
raise RuntimeError, "Failed to login to 1Password" unless $?.success?
raise RuntimeError, "Failed to login to LastPass" unless $?.success?
end
end
@@ -13,7 +13,7 @@ class Kamal::Secrets::Adapters::LastPass < Kamal::Secrets::Adapters::Base
def fetch_secrets(secrets, account:, session:)
items = `lpass show #{secrets.map(&:shellescape).join(" ")} --json`
raise RuntimeError, "Could not read #{secrets} from 1Password" unless $?.success?
raise RuntimeError, "Could not read #{secrets} from LastPass" unless $?.success?
items = JSON.parse(items)

2
lib/kamal/secrets/dotenv/inline_command_substitution.rb
View File

@@ -16,7 +16,7 @@ class Kamal::Secrets::Dotenv::InlineCommandSubstitution
else
if command =~ /\A\s*kamal\s*secrets\s+/
# Inline the command
inline_secrets_command(command)
inline_secrets_command(command).shellescape
else
# Execute the command and return the value
`#{command}`.chomp

2
lib/kamal/version.rb
View File

@@ -1,3 +1,3 @@
module Kamal
VERSION = "2.0.0.rc2"
VERSION = "2.0.0"
end

2
test/cli/accessory_test.rb
View File

@@ -41,7 +41,7 @@ class CliAccessoryTest < CliTestCase
test "upload" do
run_command("upload", "mysql").tap do |output|
assert_match "mkdir -p app-mysql/etc/mysql", output
assert_match "test/fixtures/files/my.cnf app-mysql/etc/mysql/my.cnf", output
assert_match "test/fixtures/files/my.cnf to app-mysql/etc/mysql/my.cnf", output
assert_match "chmod 755 app-mysql/etc/mysql/my.cnf", output
end
end

22
test/cli/main_test.rb
View File

@@ -22,7 +22,7 @@ class CliMainTest < CliTestCase
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:server:bootstrap", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:accessory:boot", [ "all" ], invoke_options)
# deploy
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:setup", [], invoke_options.merge(skip_local: true))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: true))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:build:pull", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:proxy:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true))
@@ -46,7 +46,7 @@ class CliMainTest < CliTestCase
with_test_secrets("secrets" => "DB_PASSWORD=secret") do
invoke_options = { "config_file" => "test/fixtures/deploy_simple.yml", "version" => "999", "skip_hooks" => false, "verbose" => true }
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:setup", [], invoke_options.merge(skip_local: false))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: false))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:build:deliver", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:proxy:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true))
@@ -72,7 +72,7 @@ class CliMainTest < CliTestCase
test "deploy with skip_push" do
invoke_options = { "config_file" => "test/fixtures/deploy_simple.yml", "version" => "999", "skip_hooks" => false }
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:setup", [], invoke_options.merge(skip_local: true))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: true))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:build:pull", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:proxy:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true))
@@ -159,7 +159,7 @@ class CliMainTest < CliTestCase
invoke_options = { "config_file" => "test/fixtures/deploy_simple.yml", "version" => "999", "skip_hooks" => false, :skip_local => false }
Kamal::Cli::Main.any_instance.expects(:invoke)
.with("kamal:cli:registry:setup", [], invoke_options.merge(skip_local: false))
.with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: false))
.raises(RuntimeError)
assert_not KAMAL.holding_lock?
@@ -172,7 +172,7 @@ class CliMainTest < CliTestCase
test "deploy with skipped hooks" do
invoke_options = { "config_file" => "test/fixtures/deploy_simple.yml", "version" => "999", "skip_hooks" => true }
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:setup", [], invoke_options.merge(skip_local: false))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: false))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:build:deliver", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:proxy:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true))
@@ -187,7 +187,7 @@ class CliMainTest < CliTestCase
test "deploy with missing secrets" do
invoke_options = { "config_file" => "test/fixtures/deploy_with_secrets.yml", "version" => "999", "skip_hooks" => false }
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:setup", [], invoke_options.merge(skip_local: false))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: false))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:build:deliver", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:proxy:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true))
@@ -289,16 +289,6 @@ class CliMainTest < CliTestCase
end
end
test "remove" do
options = { "config_file" => "test/fixtures/deploy_simple.yml", "skip_hooks" => false, "confirmed" => true }
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:proxy:remove", [], options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:remove", [], options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:accessory:remove", [ "all" ], options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:remove", [], options.merge(skip_local: true))
run_command("remove", "-y")
end
test "details" do
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:proxy:details")
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:details")

70
test/cli/proxy_test.rb
View File

@@ -4,7 +4,7 @@ class CliProxyTest < CliTestCase
test "boot" do
run_command("boot").tap do |output|
assert_match "docker login", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" #{KAMAL.config.proxy_image}", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image}", output
end
end
@@ -18,7 +18,7 @@ class CliProxyTest < CliTestCase
exception = assert_raises do
run_command("boot").tap do |output|
assert_match "docker login", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" #{KAMAL.config.proxy_image}", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image}", output
end
end
@@ -36,7 +36,7 @@ class CliProxyTest < CliTestCase
run_command("boot").tap do |output|
assert_match "docker login", output
assert_match "docker container start kamal-proxy || docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" #{KAMAL.config.proxy_image}", output
assert_match "docker container start kamal-proxy || docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image}", output
end
ensure
Thread.report_on_exception = false
@@ -57,13 +57,13 @@ class CliProxyTest < CliTestCase
assert_match "docker container stop kamal-proxy on 1.1.1.1", output
assert_match "Running docker container stop traefik ; docker container prune --force --filter label=org.opencontainers.image.title=Traefik && docker image prune --all --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.1", output
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.1", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" #{KAMAL.config.proxy_image} on 1.1.1.1", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image} on 1.1.1.1", output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"abcdefabcdef:80\" --deploy-timeout \"6s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\" on 1.1.1.1", output
assert_match "docker container stop kamal-proxy on 1.1.1.2", output
assert_match "Running docker container stop traefik ; docker container prune --force --filter label=org.opencontainers.image.title=Traefik && docker image prune --all --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.2", output
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.2", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" #{KAMAL.config.proxy_image} on 1.1.1.2", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") #{KAMAL.config.proxy_image} on 1.1.1.2", output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"abcdefabcdef:80\" --deploy-timeout \"6s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\" on 1.1.1.2", output
end
end
@@ -198,11 +198,11 @@ class CliProxyTest < CliTestCase
assert_match "/usr/bin/env mkdir -p .kamal", output
assert_match "docker network create kamal", output
assert_match "docker login -u [REDACTED] -p [REDACTED]", output
assert_match "docker container start kamal-proxy || docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}", output
assert_match "docker container start kamal-proxy || docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}", output
assert_match "/usr/bin/env mkdir -p .kamal", output
assert_match %r{docker rename app-web-latest app-web-latest_replaced_.*}, output
assert_match "/usr/bin/env mkdir -p .kamal/apps/app/env/roles", output
assert_match %r{/usr/bin/env .* .kamal/apps/app/env/roles/web.env}, output
assert_match "Uploading \"\\n\" to .kamal/apps/app/env/roles/web.env", output
assert_match %r{docker run --detach --restart unless-stopped --name app-web-latest --network kamal --hostname 1.1.1.1-.* -e KAMAL_CONTAINER_NAME="app-web-latest" -e KAMAL_VERSION="latest" --env-file .kamal/apps/app/env/roles/web.env --log-opt max-size="10m" --label service="app" --label role="web" --label destination dhh/app:latest}, output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"12345678:80\" --deploy-timeout \"6s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\"", output
assert_match "docker container ls --all --filter name=^app-web-12345678$ --quiet | xargs docker stop", output
@@ -236,6 +236,62 @@ class CliProxyTest < CliTestCase
end
end
test "boot_config set" do
run_command("boot_config", "set").tap do |output|
%w[ 1.1.1.1 1.1.1.2 ].each do |host|
assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output
assert_match "Uploading \"--publish 80:80 --publish 443:443\" to .kamal/proxy/options on #{host}", output
end
end
end
test "boot_config set no publish" do
run_command("boot_config", "set", "--publish", "false").tap do |output|
%w[ 1.1.1.1 1.1.1.2 ].each do |host|
assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output
assert_match "Uploading \"\" to .kamal/proxy/options on #{host}", output
end
end
end
test "boot_config set custom ports" do
run_command("boot_config", "set", "--http-port", "8080", "--https-port", "8443").tap do |output|
%w[ 1.1.1.1 1.1.1.2 ].each do |host|
assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output
assert_match "Uploading \"--publish 8080:80 --publish 8443:443\" to .kamal/proxy/options on #{host}", output
end
end
end
test "boot_config set docker options" do
run_command("boot_config", "set", "--docker_options", "label=foo=bar", "add_host=thishost:thathost").tap do |output|
%w[ 1.1.1.1 1.1.1.2 ].each do |host|
assert_match "Running /usr/bin/env mkdir -p .kamal/proxy on #{host}", output
assert_match "Uploading \"--publish 80:80 --publish 443:443 --label=foo=bar --add_host=thishost:thathost\" to .kamal/proxy/options on #{host}", output
end
end
end
test "boot_config get" do
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:cat, ".kamal/proxy/options", "||", :echo, "\"--publish 80:80 --publish 443:443\"")
.returns("--publish 80:80 --publish 8443:443 --label=foo=bar")
.twice
run_command("boot_config", "get").tap do |output|
assert_match "Host 1.1.1.1: --publish 80:80 --publish 8443:443 --label=foo=bar", output
assert_match "Host 1.1.1.2: --publish 80:80 --publish 8443:443 --label=foo=bar", output
end
end
test "boot_config reset" do
run_command("boot_config", "reset").tap do |output|
%w[ 1.1.1.1 1.1.1.2 ].each do |host|
assert_match "rm .kamal/proxy/options on #{host}", output
end
end
end
private
def run_command(*command, fixture: :with_proxy)
stdouted { Kamal::Cli::Proxy.start([ *command, "-c", "test/fixtures/deploy_#{fixture}.yml" ]) }

40
test/cli/registry_test.rb
View File

@@ -1,62 +1,50 @@
require_relative "cli_test_case"
class CliRegistryTest < CliTestCase
test "setup" do
run_command("setup").tap do |output|
test "login" do
run_command("login").tap do |output|
assert_match /docker login -u \[REDACTED\] -p \[REDACTED\] as .*@localhost/, output
assert_match /docker login -u \[REDACTED\] -p \[REDACTED\] on 1.1.1.\d/, output
end
end
test "setup skip local" do
run_command("setup", "-L").tap do |output|
test "login skip local" do
run_command("login", "-L").tap do |output|
assert_no_match /docker login -u \[REDACTED\] -p \[REDACTED\] as .*@localhost/, output
assert_match /docker login -u \[REDACTED\] -p \[REDACTED\] on 1.1.1.\d/, output
end
end
test "setup skip remote" do
run_command("setup", "-R").tap do |output|
test "login skip remote" do
run_command("login", "-R").tap do |output|
assert_match /docker login -u \[REDACTED\] -p \[REDACTED\] as .*@localhost/, output
assert_no_match /docker login -u \[REDACTED\] -p \[REDACTED\] on 1.1.1.\d/, output
end
end
test "remove" do
run_command("remove").tap do |output|
test "logout" do
run_command("logout").tap do |output|
assert_match /docker logout as .*@localhost/, output
assert_match /docker logout on 1.1.1.\d/, output
end
end
test "remove skip local" do
run_command("remove", "-L").tap do |output|
test "logout skip local" do
run_command("logout", "-L").tap do |output|
assert_no_match /docker logout as .*@localhost/, output
assert_match /docker logout on 1.1.1.\d/, output
end
end
test "remove skip remote" do
run_command("remove", "-R").tap do |output|
test "logout skip remote" do
run_command("logout", "-R").tap do |output|
assert_match /docker logout as .*@localhost/, output
assert_no_match /docker logout on 1.1.1.\d/, output
end
end
test "setup local registry" do
run_command("setup", fixture: :with_local_registry).tap do |output|
assert_match /docker start kamal-docker-registry || docker run --detach -p 127.0.0.1:5000:5000 --name kamal-docker-registry registry:2 as .*@localhost/, output
end
end
test "remove local registry" do
run_command("remove", fixture: :with_local_registry).tap do |output|
assert_match /docker stop kamal-docker-registry && docker rm kamal-docker-registry as .*@localhost/, output
end
end
private
def run_command(*command, fixture: :with_accessories)
stdouted { Kamal::Cli::Registry.start([ *command, "-c", "test/fixtures/deploy_#{fixture}.yml" ]) }
def run_command(*command)
stdouted { Kamal::Cli::Registry.start([ *command, "-c", "test/fixtures/deploy_with_accessories.yml" ]) }
end
end

2
test/cli/secrets_test.rb
View File

@@ -3,7 +3,7 @@ require_relative "cli_test_case"
class CliSecretsTest < CliTestCase
test "fetch" do
assert_equal \
"\\{\\\"foo\\\":\\\"oof\\\",\\\"bar\\\":\\\"rab\\\",\\\"baz\\\":\\\"zab\\\"\\}",
"{\"foo\":\"oof\",\"bar\":\"rab\",\"baz\":\"zab\"}",
run_command("fetch", "foo", "bar", "baz", "--account", "myaccount", "--adapter", "test")
end

36
test/commands/proxy_test.rb
View File

@@ -15,13 +15,7 @@ class CommandsProxyTest < ActiveSupport::TestCase
test "run" do
assert_equal \
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}",
new_command.run.join(" ")
end
test "run with ports configured" do
assert_equal \
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}",
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}",
new_command.run.join(" ")
end
@@ -29,15 +23,7 @@ class CommandsProxyTest < ActiveSupport::TestCase
@config.delete(:proxy)
assert_equal \
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-opt max-size=\"10m\" basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}",
new_command.run.join(" ")
end
test "run with logging config" do
@config[:logging] = { "driver" => "local", "options" => { "max-size" => "100m", "max-file" => "3" } }
assert_equal \
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy --log-driver \"local\" --log-opt max-size=\"100m\" --log-opt max-file=\"3\" basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}",
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --volume kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy $(cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\") basecamp/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}",
new_command.run.join(" ")
end
@@ -119,6 +105,24 @@ class CommandsProxyTest < ActiveSupport::TestCase
new_command.version.join(" ")
end
test "ensure_proxy_directory" do
assert_equal \
"mkdir -p .kamal/proxy",
new_command.ensure_proxy_directory.join(" ")
end
test "get_boot_options" do
assert_equal \
"cat .kamal/proxy/options || echo \"--publish 80:80 --publish 443:443\"",
new_command.get_boot_options.join(" ")
end
test "reset_boot_options" do
assert_equal \
"rm .kamal/proxy/options",
new_command.reset_boot_options.join(" ")
end
private
def new_command
Kamal::Commands::Proxy.new(Kamal::Configuration.new(@config, version: "123"))

9
test/commands/registry_test.rb
View File

@@ -55,15 +55,6 @@ class CommandsRegistryTest < ActiveSupport::TestCase
registry.logout.join(" ")
end
test "registry setup" do
@config[:registry] = { "server" => "localhost:5000" }
assert_equal "docker start kamal-docker-registry || docker run --detach -p 5000:5000 --name kamal-docker-registry registry:2", registry.setup.join(" ")
end
test "registry remove" do
assert_equal "docker stop kamal-docker-registry && docker rm kamal-docker-registry", registry.remove.join(" ")
end
private
def registry
Kamal::Commands::Registry.new Kamal::Configuration.new(@config)

8
test/configuration/proxy_test.rb
View File

@@ -1,6 +1,6 @@
require "test_helper"
class ConfigurationEnvTest < ActiveSupport::TestCase
class ConfigurationProxyTest < ActiveSupport::TestCase
setup do
@deploy = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
@@ -18,6 +18,12 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? }
end
test "ssl false" do
@deploy[:proxy] = { "ssl" => false }
assert_not config.proxy.ssl?
assert_not config.proxy.deploy_options.has_key?(:tls)
end
private
def config
Kamal::Configuration.new(@deploy)

37
test/fixtures/deploy_with_local_registry.yml vendored
View File

@@ -1,37 +0,0 @@
service: app
image: dhh/app
servers:
web:
- "1.1.1.1"
- "1.1.1.2"
workers:
- "1.1.1.3"
- "1.1.1.4"
registry:
server: localhost:5000
builder:
arch: amd64
accessories:
mysql:
image: mysql:5.7
host: 1.1.1.3
port: 3306
env:
clear:
MYSQL_ROOT_HOST: '%'
secret:
- MYSQL_ROOT_PASSWORD
files:
- test/fixtures/files/my.cnf:/etc/mysql/my.cnf
directories:
- data:/var/lib/mysql
redis:
image: redis:latest
roles:
- web
port: 6379
directories:
- data:/data
readiness_delay: 0

8
test/integration/app_test.rb
View File

@@ -27,14 +27,14 @@ class AppTest < IntegrationTest
images = kamal :app, :images, capture: true
assert_match "App Host: vm1", images
assert_match "App Host: vm2", images
assert_match /localhost:5000\/app\s+#{latest_app_version}/, images
assert_match /localhost:5000\/app\s+latest/, images
assert_match /registry:4443\/app\s+#{latest_app_version}/, images
assert_match /registry:4443\/app\s+latest/, images
containers = kamal :app, :containers, capture: true
assert_match "App Host: vm1", containers
assert_match "App Host: vm2", containers
assert_match "localhost:5000/app:#{latest_app_version}", containers
assert_match "localhost:5000/app:latest", containers
assert_match "registry:4443/app:#{latest_app_version}", containers
assert_match "registry:4443/app:latest", containers
exec_output = kamal :app, :exec, :ps, capture: true
assert_match "App Host: vm1", exec_output

2
test/integration/docker/deployer/Dockerfile
View File

@@ -19,6 +19,7 @@ RUN apt-get update --fix-missing && apt-get install -y docker-ce docker-ce-cli c
COPY *.sh .
COPY app/ app/
COPY app_with_roles/ app_with_roles/
COPY app_with_traefik/ app_with_traefik/
RUN rm -rf /root/.ssh
RUN ln -s /shared/ssh /root/.ssh
@@ -28,6 +29,7 @@ RUN git config --global user.email "deployer@example.com"
RUN git config --global user.name "Deployer"
RUN cd app && git init && git add . && git commit -am "Initial version"
RUN cd app_with_roles && git init && git add . && git commit -am "Initial version"
RUN cd app_with_traefik && git init && git add . && git commit -am "Initial version"
HEALTHCHECK --interval=1s CMD pgrep sleep

2
test/integration/docker/deployer/app/.kamal/hooks/pre-proxy-reboot
View File

@@ -1,3 +1,3 @@
#!/bin/sh
echo "Rebooting Traefik on ${KAMAL_HOSTS}..."
echo "Rebooting kamal-proxy on ${KAMAL_HOSTS}..."
mkdir -p /tmp/${TEST_ID} && touch /tmp/${TEST_ID}/pre-proxy-reboot

4
test/integration/docker/deployer/app/config/deploy.yml
View File

@@ -26,7 +26,9 @@ readiness_delay: 0
proxy:
host: 127.0.0.1
registry:
server: localhost:5000
server: registry:4443
username: root
password: root
builder:
driver: docker
arch: <%= Kamal::Utils.docker_arch %>

3
test/integration/docker/deployer/app_with_traefik/.kamal/hooks/pre-deploy Executable file
View File

@@ -0,0 +1,3 @@
kamal proxy boot_config set --publish false \
--docker_options label=traefik.http.services.kamal_proxy.loadbalancer.server.scheme=http \
label=traefik.http.routers.kamal_proxy.rule=PathPrefix\(\`/\`\)

1
test/integration/docker/deployer/app_with_traefik/.kamal/secrets Normal file
View File

@@ -0,0 +1 @@
SECRET_TOKEN='1234 with "中文"'

9
test/integration/docker/deployer/app_with_traefik/Dockerfile Normal file
View File

@@ -0,0 +1,9 @@
FROM registry:4443/nginx:1-alpine-slim
COPY default.conf /etc/nginx/conf.d/default.conf
ARG COMMIT_SHA
RUN echo $COMMIT_SHA > /usr/share/nginx/html/version
RUN mkdir -p /usr/share/nginx/html/versions && echo "version" > /usr/share/nginx/html/versions/$COMMIT_SHA
RUN mkdir -p /usr/share/nginx/html/versions && echo "hidden" > /usr/share/nginx/html/versions/.hidden
RUN echo "Up!" > /usr/share/nginx/html/up

29
test/integration/docker/deployer/app_with_traefik/config/deploy.yml Normal file
View File

@@ -0,0 +1,29 @@
service: app_with_traefik
image: app_with_traefik
servers:
- vm1
- vm2
deploy_timeout: 2
drain_timeout: 2
readiness_delay: 0
registry:
server: registry:4443
username: root
password: root
builder:
driver: docker
arch: <%= Kamal::Utils.docker_arch %>
args:
COMMIT_SHA: <%= `git rev-parse HEAD` %>
accessories:
traefik:
service: traefik
image: traefik:v2.10
port: 80
cmd: "--providers.docker"
options:
volume:
- "/var/run/docker.sock:/var/run/docker.sock"
roles:
- web

17
test/integration/docker/deployer/app_with_traefik/default.conf Normal file
View File

@@ -0,0 +1,17 @@
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

4
test/integration/integration_test.rb
View File

@@ -169,10 +169,8 @@ class IntegrationTest < ActiveSupport::TestCase
case app
when "app"
"127.0.0.1"
when "app_with_roles"
"localhost"
else
raise "Unknown app: #{app}"
"localhost"
end
end
end

23
test/integration/main_test.rb
View File

@@ -29,7 +29,7 @@ class MainTest < IntegrationTest
assert_match /App Host: vm1/, details
assert_match /App Host: vm2/, details
assert_match /basecamp\/kamal-proxy:#{Kamal::Configuration::PROXY_MINIMUM_VERSION}/, details
assert_match /localhost:5000\/app:#{first_version}/, details
assert_match /registry:4443\/app:#{first_version}/, details
audit = kamal :audit, capture: true
assert_match /Booted app version #{first_version}.*Booted app version #{second_version}.*Booted app version #{first_version}.*/m, audit
@@ -63,8 +63,8 @@ class MainTest < IntegrationTest
assert_equal [ "vm1", "vm2" ], config[:hosts]
assert_equal "vm1", config[:primary_host]
assert_equal version, config[:version]
assert_equal "localhost:5000/app", config[:repository]
assert_equal "localhost:5000/app:#{version}", config[:absolute_image]
assert_equal "registry:4443/app", config[:repository]
assert_equal "registry:4443/app:#{version}", config[:absolute_image]
assert_equal "app-#{version}", config[:service_with_version]
assert_equal [], config[:volume_args]
assert_equal({ user: "root", port: 22, keepalive: true, keepalive_interval: 30, log_level: :fatal }, config[:ssh_options])
@@ -88,6 +88,14 @@ class MainTest < IntegrationTest
end
test "setup and remove" do
@app = "app_with_roles"
kamal :proxy, :set_config,
"--publish=false",
"--options=label=traefik.http.services.kamal_proxy.loadbalancer.server.scheme=http",
"label=traefik.http.routers.kamal_proxy.rule=PathPrefix\\\(\\\`/\\\`\\\)",
"label=traefik.http.routers.kamal_proxy.priority=2"
# Check remove completes when nothing has been setup yet
kamal :remove, "-y"
assert_no_images_or_containers
@@ -123,6 +131,15 @@ class MainTest < IntegrationTest
assert_proxy_not_running
end
test "deploy with traefik" do
@app = "app_with_traefik"
first_version = latest_app_version
kamal :setup
assert_app_is_up version: first_version
end
private
def assert_envs(version:)
assert_env :CLEAR_TOKEN, "4321", version: version, vm: :vm1

12
test/secrets/bitwarden_adapter_test.rb
View File

@@ -6,7 +6,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("bw sync").returns("")
stub_mypassword
json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
json = JSON.parse(run_command("fetch", "mypassword"))
expected_json = { "mypassword"=>"secret123" }
@@ -18,7 +18,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("bw sync").returns("")
stub_myitem
json = JSON.parse(shellunescape(run_command("fetch", "--from", "myitem", "field1", "field2", "field3")))
json = JSON.parse(run_command("fetch", "--from", "myitem", "field1", "field2", "field3"))
expected_json = {
"myitem/field1"=>"secret1", "myitem/field2"=>"blam", "myitem/field3"=>"fewgrwjgk"
@@ -59,7 +59,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
JSON
json = JSON.parse(shellunescape(run_command("fetch", "mypassword", "myitem/field1", "myitem/field2", "myitem2/field3")))
json = JSON.parse(run_command("fetch", "mypassword", "myitem/field1", "myitem/field2", "myitem2/field3"))
expected_json = {
"mypassword"=>"secret123", "myitem/field1"=>"secret1", "myitem/field2"=>"blam", "myitem2/field3"=>"fewgrwjgk"
@@ -82,7 +82,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("bw sync").returns("")
stub_mypassword
json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
json = JSON.parse(run_command("fetch", "mypassword"))
expected_json = { "mypassword"=>"secret123" }
@@ -107,7 +107,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("bw sync").returns("")
stub_mypassword
json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
json = JSON.parse(run_command("fetch", "mypassword"))
expected_json = { "mypassword"=>"secret123" }
@@ -132,7 +132,7 @@ class BitwardenAdapterTest < SecretAdapterTestCase
stub_ticks.with("BW_SESSION=0987654321 bw sync").returns("")
stub_mypassword(session: "0987654321")
json = JSON.parse(shellunescape(run_command("fetch", "mypassword")))
json = JSON.parse(run_command("fetch", "mypassword"))
expected_json = { "mypassword"=>"secret123" }

6
test/secrets/dotenv_inline_command_substitution_test.rb
View File

@@ -12,4 +12,10 @@ class SecretsInlineCommandSubstitution < SecretAdapterTestCase
substituted = Kamal::Secrets::Dotenv::InlineCommandSubstitution.call("FOO=$(blah)", nil, overwrite: false)
assert_equal "FOO=results", substituted
end
test "escapes correctly" do
Kamal::Cli::Main.expects(:start).with { |command| command == [ "secrets", "fetch", "...", "--inline" ] }.returns("{ \"foo\" : \"bar\" }")
substituted = Kamal::Secrets::Dotenv::InlineCommandSubstitution.call("SECRETS=$(kamal secrets fetch ...)", nil, overwrite: false)
assert_equal "SECRETS=\\{\\ \\\"foo\\\"\\ :\\ \\\"bar\\\"\\ \\}", substituted
end
end

6
test/secrets/last_pass_adapter_test.rb
View File

@@ -51,7 +51,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
]
JSON
json = JSON.parse(shellunescape(run_command("fetch", "SECRET1", "FOLDER1/FSECRET1", "FOLDER1/FSECRET2")))
json = JSON.parse(run_command("fetch", "SECRET1", "FOLDER1/FSECRET1", "FOLDER1/FSECRET2"))
expected_json = {
"SECRET1"=>"secret1",
@@ -96,7 +96,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
]
JSON
json = JSON.parse(shellunescape(run_command("fetch", "--from", "FOLDER1", "FSECRET1", "FSECRET2")))
json = JSON.parse(run_command("fetch", "--from", "FOLDER1", "FSECRET1", "FSECRET2"))
expected_json = {
"FOLDER1/FSECRET1"=>"fsecret1",
@@ -111,7 +111,7 @@ class LastPassAdapterTest < SecretAdapterTestCase
stub_ticks_with("lpass login email@example.com", succeed: true).returns("")
stub_ticks.with("lpass show SECRET1 --json").returns(single_item_json)
json = JSON.parse(shellunescape(run_command("fetch", "SECRET1")))
json = JSON.parse(run_command("fetch", "SECRET1"))
expected_json = {
"SECRET1"=>"secret1"

8
test/secrets/one_password_adapter_test.rb
View File

@@ -44,7 +44,7 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
]
JSON
json = JSON.parse(shellunescape(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1", "section/SECRET2", "section2/SECRET3")))
json = JSON.parse(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1", "section/SECRET2", "section2/SECRET3"))
expected_json = {
"myvault/myitem/section/SECRET1"=>"VALUE1",
@@ -103,7 +103,7 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
}
JSON
json = JSON.parse(shellunescape(run_command("fetch", "--from", "op://myvault", "myitem/section/SECRET1", "myitem/section/SECRET2", "myitem2/section2/SECRET3")))
json = JSON.parse(run_command("fetch", "--from", "op://myvault", "myitem/section/SECRET1", "myitem/section/SECRET2", "myitem2/section2/SECRET3"))
expected_json = {
"myvault/myitem/section/SECRET1"=>"VALUE1",
@@ -122,7 +122,7 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
.with("op item get myitem --vault \"myvault\" --fields \"label=section.SECRET1\" --format \"json\" --account \"myaccount\"")
.returns(single_item_json)
json = JSON.parse(shellunescape(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1")))
json = JSON.parse(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1"))
expected_json = {
"myvault/myitem/section/SECRET1"=>"VALUE1"
@@ -139,7 +139,7 @@ class SecretsOnePasswordAdapterTest < SecretAdapterTestCase
.with("op item get myitem --vault \"myvault\" --fields \"label=section.SECRET1\" --format \"json\" --account \"myaccount\" --session \"1234567890\"")
.returns(single_item_json)
json = JSON.parse(shellunescape(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1")))
json = JSON.parse(run_command("fetch", "--from", "op://myvault/myitem", "section/SECRET1"))
expected_json = {
"myvault/myitem/section/SECRET1"=>"VALUE1"

11
test/test_helper.rb
View File

@@ -13,6 +13,13 @@ ActiveSupport::LogSubscriber.logger = ActiveSupport::Logger.new(STDOUT) if ENV["
# Applies to remote commands only.
SSHKit.config.backend = SSHKit::Backend::Printer
class SSHKit::Backend::Printer
def upload!(local, location, **kwargs)
local = local.string.inspect if local.respond_to?(:string)
puts "Uploading #{local} to #{location} on #{host}"
end
end
# Ensure local commands use the printer backend too.
# See https://github.com/capistrano/sshkit/blob/master/lib/sshkit/dsl.rb#L9
module SSHKit
@@ -79,8 +86,4 @@ class SecretAdapterTestCase < ActiveSupport::TestCase
stub_ticks.with { |c| c == command && (succeed ? `true` : `false`) }
Kamal::Secrets::Adapters::Base.any_instance.stubs(:`)
end
def shellunescape(string)
"\"#{string}\"".undump.gsub(/\\([{}])/, "\\1")
end
end