Replace .env* with .kamal/env*

By default look for the env file in .kamal/env to avoid clashes with other tools using .env. For now we'll still load .env and issue a deprecation warning, but in future we'll stop reading those.
2024-07-31 10:18:59 +01:00
33 changed files with 429 additions and 254 deletions
--- a/lib/kamal/cli/base.rb
+++ b/lib/kamal/cli/base.rb
@@ -37,9 +37,22 @@ module Kamal::Cli
      def load_env
        if destination = options[:destination]
-          Dotenv.load(".env.#{destination}", ".env")
+          if File.exist?(".kamal/env.#{destination}") || File.exist?(".kamal/env")
            Dotenv.load(".kamal/env.#{destination}", ".kamal/env")
          else
            loading_files = [ (".env" if File.exist?(".env")), (".env.#{destination}" if File.exist?(".env.#{destination}")) ].compact
            if loading_files.any?
              warn "Loading #{loading_files.join(" and ")} from the project root, use .kamal/env* instead"
              Dotenv.load(".env.#{destination}", ".env")
            end
          end
        else
-          Dotenv.load(".env")
+          if File.exist?(".kamal/env")
            Dotenv.load(".kamal/env")
          elsif File.exist?(".env")
            warn "Loading .env from the project root is deprecated, use .kamal/env instead"
            Dotenv.load(".env")
          end
        end
      end
--- a/lib/kamal/cli/build.rb
+++ b/lib/kamal/cli/build.rb
@@ -30,9 +30,18 @@ class Kamal::Cli::Build < Kamal::Cli::Base
      say "Building with uncommitted changes:\n #{uncommitted_changes}", :yellow
    end
    # Get the command here to ensure the Dir.chdir doesn't interfere with it
    push = KAMAL.builder.push
    run_locally do
      begin
-        execute *KAMAL.builder.buildx_inspect
+        context_hosts = capture_with_info(*KAMAL.builder.context_hosts).split("\n")
        if context_hosts != KAMAL.builder.config_context_hosts
          warn "Context hosts have changed, so re-creating builder, was: #{context_hosts.join(", ")}], now: #{KAMAL.builder.config_context_hosts.join(", ")}"
          cli.remove
          cli.create
        end
      rescue SSHKit::Command::Failed => e
        if e.message =~ /(context not found|no builder|does not exist)/
          warn "Missing compatible builder, so creating a new one first"
@@ -42,9 +51,6 @@ class Kamal::Cli::Build < Kamal::Cli::Base
        end
      end
      # Get the command here to ensure the Dir.chdir doesn't interfere with it
      push = KAMAL.builder.push
      KAMAL.with_verbosity(:debug) do
        Dir.chdir(KAMAL.config.builder.build_directory) { execute *push }
      end
--- a/lib/kamal/cli/main.rb
+++ b/lib/kamal/cli/main.rb
@@ -183,11 +183,25 @@ class Kamal::Cli::Main < Kamal::Cli::Base
  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip .env file push"
  def envify
    if destination = options[:destination]
-      env_template_path = ".env.#{destination}.erb"
+      env_template_path = ".kamal/env.#{destination}.erb"
-      env_path          = ".env.#{destination}"
+      env_path          = ".kamal/env.#{destination}"
    else
-      env_template_path = ".env.erb"
+      env_template_path = ".kamal/env.erb"
-      env_path          = ".env"
+      env_path          = ".kamal/env"
    end
    unless Pathname.new(File.expand_path(env_template_path)).exist?
      if destination = options[:destination]
        env_template_path = ".env.#{destination}.erb"
        env_path          = ".env.#{destination}"
      else
        env_template_path = ".env.erb"
        env_path          = ".env"
      end
      if Pathname.new(File.expand_path(env_template_path)).exist?
        warn "Loading #{env_template_path} from the project root is deprecated, use .kamal/env[.<DESTINATION>].erb instead"
      end
    end
    if Pathname.new(File.expand_path(env_template_path)).exist?
--- a/lib/kamal/commands/builder.rb
+++ b/lib/kamal/commands/builder.rb
@@ -1,8 +1,8 @@
 require "active_support/core_ext/string/filters"
 class Kamal::Commands::Builder < Kamal::Commands::Base
-  delegate :create, :remove, :push, :clean, :pull, :info, :buildx_inspect, :validate_image, :first_mirror, to: :target
+  delegate :create, :remove, :push, :clean, :pull, :info, :context_hosts, :config_context_hosts, :validate_image,
-  delegate :multiarch?, :local?, :remote?, to: "config.builder"
+           :first_mirror, to: :target
  include Clone
@@ -11,27 +11,43 @@ class Kamal::Commands::Builder < Kamal::Commands::Base
  end
  def target
-    if remote?
+    if config.builder.multiarch?
-      if local?
+      if config.builder.remote?
-        hybrid
+        if config.builder.local?
          multiarch_remote
        else
          native_remote
        end
      else
-        remote
+        multiarch
      end
    else
-      local
+      if config.builder.cached?
        native_cached
      else
        native
      end
    end
  end
-  def remote
+  def native
-    @remote ||= Kamal::Commands::Builder::Remote.new(config)
+    @native ||= Kamal::Commands::Builder::Native.new(config)
  end
-  def local
+  def native_cached
-    @local ||= Kamal::Commands::Builder::Local.new(config)
+    @native ||= Kamal::Commands::Builder::Native::Cached.new(config)
  end
-  def hybrid
+  def native_remote
-    @hybrid ||= Kamal::Commands::Builder::Hybrid.new(config)
+    @native ||= Kamal::Commands::Builder::Native::Remote.new(config)
  end
  def multiarch
    @multiarch ||= Kamal::Commands::Builder::Multiarch.new(config)
  end
  def multiarch_remote
    @multiarch_remote ||= Kamal::Commands::Builder::Multiarch::Remote.new(config)
  end
--- a/lib/kamal/commands/builder/base.rb
+++ b/lib/kamal/commands/builder/base.rb
@@ -1,41 +1,20 @@
 class Kamal::Commands::Builder::Base < Kamal::Commands::Base
  class BuilderError < StandardError; end
  ENDPOINT_DOCKER_HOST_INSPECT = "'{{.Endpoints.docker.Host}}'"
  delegate :argumentize, to: Kamal::Utils
-  delegate \
+  delegate :args, :secrets, :dockerfile, :target, :local_arch, :local_host, :remote_arch, :remote_host, :cache_from, :cache_to, :ssh, to: :builder_config
    :args, :secrets, :dockerfile, :target, :local_arch, :remote_arch, :remote_host,
    :cache_from, :cache_to, :multiarch?, :ssh, :driver, :docker_driver?,
    to: :builder_config
  def clean
    docker :image, :rm, "--force", config.absolute_image
  end
  def push
    docker :build,
      "--push",
      *platform_options,
      *([ "--builder", builder_name ] unless docker_driver?),
      *build_options,
      build_context
  end
  def pull
    docker :pull, config.absolute_image
  end
  def info
    combine \
      docker(:context, :ls),
      docker(:buildx, :ls)
  end
  def buildx_inspect
    docker :buildx, :inspect, builder_name
  end
  def build_options
    [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh ]
  end
@@ -53,6 +32,14 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
      )
  end
  def context_hosts
    :true
  end
  def config_context_hosts
    []
  end
  def first_mirror
    docker(:info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
  end
--- a/lib/kamal/commands/builder/hybrid.rb
+++ b/lib/kamal/commands/builder/hybrid.rb
@@ -1,25 +0,0 @@
 class Kamal::Commands::Builder::Hybrid < Kamal::Commands::Builder::Remote
  def create
    combine \
      create_local_buildx,
      create_remote_context,
      append_remote_buildx
  end
  private
    def builder_name
      "kamal-hybrid-#{driver}-#{local_arch}-#{remote_arch}-#{remote_host.gsub(/[^a-z0-9_-]/, "-")}"
    end
    def create_local_buildx
      docker :buildx, :create, "--name", builder_name, "--platform", "linux/#{local_arch}", "--driver=#{driver}"
    end
    def append_remote_buildx
      docker :buildx, :create, "--append", "--name", builder_name, builder_name, "--platform", "linux/#{remote_arch}"
    end
    def platform
      "linux/#{local_arch},linux/#{remote_arch}"
    end
 end
--- a/lib/kamal/commands/builder/local.rb
+++ b/lib/kamal/commands/builder/local.rb
@@ -1,24 +0,0 @@
 class Kamal::Commands::Builder::Local < Kamal::Commands::Builder::Base
  def create
    docker :buildx, :create, "--name", builder_name, "--driver=#{driver}" unless docker_driver?
  end
  def remove
    docker :buildx, :rm, builder_name unless docker_driver?
  end
  private
    def builder_name
      "kamal-local-#{driver}"
    end
    def platform_options
      if multiarch?
        if local_arch
          [ "--platform", "linux/#{local_arch}" ]
        else
          [ "--platform", "linux/amd64,linux/arm64" ]
        end
      end
    end
 end
--- a/lib/kamal/commands/builder/multiarch.rb
+++ b/lib/kamal/commands/builder/multiarch.rb
@@ -0,0 +1,41 @@
 class Kamal::Commands::Builder::Multiarch < Kamal::Commands::Builder::Base
  def create
    docker :buildx, :create, "--use", "--name", builder_name
  end
  def remove
    docker :buildx, :rm, builder_name
  end
  def info
    combine \
      docker(:context, :ls),
      docker(:buildx, :ls)
  end
  def push
    docker :buildx, :build,
      "--push",
      "--platform", platform_names,
      "--builder", builder_name,
      *build_options,
      build_context
  end
  def context_hosts
    docker :buildx, :inspect, builder_name, "> /dev/null"
  end
  private
    def builder_name
      "kamal-#{config.service}-multiarch"
    end
    def platform_names
      if local_arch
        "linux/#{local_arch}"
      else
        "linux/amd64,linux/arm64"
      end
    end
 end
--- a/lib/kamal/commands/builder/multiarch/remote.rb
+++ b/lib/kamal/commands/builder/multiarch/remote.rb
@@ -0,0 +1,61 @@
 class Kamal::Commands::Builder::Multiarch::Remote < Kamal::Commands::Builder::Multiarch
  def create
    combine \
      create_contexts,
      create_local_buildx,
      append_remote_buildx
  end
  def remove
    combine \
      remove_contexts,
      super
  end
  def context_hosts
    chain \
      context_host(builder_name_with_arch(local_arch)),
      context_host(builder_name_with_arch(remote_arch))
  end
  def config_context_hosts
    [ local_host, remote_host ].compact
  end
  private
    def builder_name
      super + "-remote"
    end
    def builder_name_with_arch(arch)
      "#{builder_name}-#{arch}"
    end
    def create_local_buildx
      docker :buildx, :create, "--name", builder_name, builder_name_with_arch(local_arch), "--platform", "linux/#{local_arch}"
    end
    def append_remote_buildx
      docker :buildx, :create, "--append", "--name", builder_name, builder_name_with_arch(remote_arch), "--platform", "linux/#{remote_arch}"
    end
    def create_contexts
      combine \
        create_context(local_arch, local_host),
        create_context(remote_arch, remote_host)
    end
    def create_context(arch, host)
      docker :context, :create, builder_name_with_arch(arch), "--description", "'#{builder_name} #{arch} native host'", "--docker", "'host=#{host}'"
    end
    def remove_contexts
      combine \
        remove_context(local_arch),
        remove_context(remote_arch)
    end
    def remove_context(arch)
      docker :context, :rm, builder_name_with_arch(arch)
    end
 end
--- a/lib/kamal/commands/builder/native.rb
+++ b/lib/kamal/commands/builder/native.rb
@@ -0,0 +1,20 @@
 class Kamal::Commands::Builder::Native < Kamal::Commands::Builder::Base
  def create
    # No-op on native without cache
  end
  def remove
    # No-op on native without cache
  end
  def info
    # No-op on native
  end
  def push
    combine \
      docker(:build, *build_options, build_context),
      docker(:push, config.absolute_image),
      docker(:push, config.latest_image)
  end
 end
--- a/lib/kamal/commands/builder/native/cached.rb
+++ b/lib/kamal/commands/builder/native/cached.rb
@@ -0,0 +1,25 @@
 class Kamal::Commands::Builder::Native::Cached < Kamal::Commands::Builder::Native
  def create
    docker :buildx, :create, "--name", builder_name, "--use", "--driver=docker-container"
  end
  def remove
    docker :buildx, :rm, builder_name
  end
  def push
    docker :buildx, :build,
      "--push",
      *build_options,
      build_context
  end
  def context_hosts
    docker :buildx, :inspect, builder_name, "> /dev/null"
  end
  private
    def builder_name
      "kamal-#{config.service}-native-cached"
    end
 end
--- a/lib/kamal/commands/builder/native/remote.rb
+++ b/lib/kamal/commands/builder/native/remote.rb
@@ -0,0 +1,67 @@
 class Kamal::Commands::Builder::Native::Remote < Kamal::Commands::Builder::Native
  def create
    chain \
      create_context,
      create_buildx
  end
  def remove
    chain \
      remove_context,
      remove_buildx
  end
  def info
    chain \
      docker(:context, :ls),
      docker(:buildx, :ls)
  end
  def push
    docker :buildx, :build,
    "--push",
    "--platform", platform,
    "--builder", builder_name,
    *build_options,
    build_context
  end
  def context_hosts
    context_host(builder_name_with_arch)
  end
  def config_context_hosts
    [ remote_host ]
  end
  private
    def builder_name
      "kamal-#{config.service}-native-remote"
    end
    def builder_name_with_arch
      "#{builder_name}-#{remote_arch}"
    end
    def platform
      "linux/#{remote_arch}"
    end
    def create_context
      docker :context, :create,
        builder_name_with_arch, "--description", "'#{builder_name} #{remote_arch} native host'", "--docker", "'host=#{remote_host}'"
    end
    def remove_context
      docker :context, :rm, builder_name_with_arch
    end
    def create_buildx
      docker :buildx, :create, "--name", builder_name, builder_name_with_arch, "--platform", platform
    end
    def remove_buildx
      docker :buildx, :rm, builder_name
    end
 end
--- a/lib/kamal/commands/builder/remote.rb
+++ b/lib/kamal/commands/builder/remote.rb
@@ -1,57 +0,0 @@
 class Kamal::Commands::Builder::Remote < Kamal::Commands::Builder::Base
  def create
    chain \
      create_remote_context,
      create_buildx
  end
  def remove
    chain \
      remove_remote_context,
      remove_buildx
  end
  def info
    chain \
      docker(:context, :ls),
      docker(:buildx, :ls)
  end
  def push
    docker :build,
      "--push",
      *platform_options,
      "--builder", builder_name,
      *build_options,
      build_context
  end
  private
    def builder_name
      "kamal-remote-#{driver}-#{remote_arch}-#{remote_host.gsub(/[^a-z0-9_-]/, "-")}"
    end
    def create_remote_context
      docker :context, :create, builder_name, "--description", "'#{builder_name} host'", "--docker", "'host=#{remote_host}'"
    end
    def remove_remote_context
      docker :context, :rm, builder_name
    end
    def create_buildx
      docker :buildx, :create, "--name", builder_name, builder_name, "--platform", platform
    end
    def remove_buildx
      docker :buildx, :rm, builder_name
    end
    def platform_options
      [ "--platform", platform ]
    end
    def platform
      "linux/#{remote_arch}"
    end
 end
--- a/lib/kamal/configuration/builder.rb
+++ b/lib/kamal/configuration/builder.rb
@@ -55,14 +55,14 @@ class Kamal::Configuration::Builder
    builder_config["context"] || "."
  end
  def driver
    builder_config.fetch("driver", "docker-container")
  end
  def local_arch
    builder_config["local"]["arch"] if local?
  end
  def local_host
    builder_config["local"]["host"] if local?
  end
  def remote_arch
    builder_config["remote"]["arch"] if remote?
  end
@@ -114,36 +114,7 @@ class Kamal::Configuration::Builder
      end
  end
  def docker_driver?
    driver == "docker"
  end
  private
    def valid?
      if multiarch?
        if local?
          raise ArgumentError, "Invalid builder configuration: local configuration, arch required" unless local_arch
        end
        if remote?
          raise ArgumentError, "Invalid builder configuration: remote configuration, arch required" unless remote_arch
          raise ArgumentError, "Invalid builder configuration: remote configuration, arch required" unless remote_host
        end
        if docker_driver?
          raise ArgumentError, "Invalid builder configuration: the docker driver does not support multiarch builds"
        end
      else
        raise ArgumentError, "Invalid builder configuration: multiarch must be enabled for local configuration" if local?
        raise ArgumentError, "Invalid builder configuration: multiarch must be enabled for remote configuration" if remote?
      end
      if @options["cache"] && @options["cache"]["type"]
        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
        raise ArgumentError, "The docker driver does not support caching" if docker_driver?
      end
    end
    def cache_image
      builder_config["cache"]&.fetch("image", nil) || "#{image}-build-cache"
    end
--- a/lib/kamal/configuration/docs/builder.yml
+++ b/lib/kamal/configuration/docs/builder.yml
@@ -1,10 +1,10 @@
 # Builder
 #
-# The builder configuration controls how the application is built with `docker build`
+# The builder configuration controls how the application is built with `docker build` or `docker buildx build`
 #
 # If no configuration is specified, Kamal will:
 # 1. Create a buildx context called `kamal-<service>-multiarch`
-# 2. Use `docker build` to build a multiarch image for linux/amd64,linux/arm64 with that context
+# 2. Use `docker buildx build` to build a multiarch image for linux/amd64,linux/arm64 with that context
 #
 # See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information
@@ -18,11 +18,6 @@ builder:
  # Enables multiarch builds, defaults to `true`
  multiarch: false
  # Driver
  #
  # The build driver to use, defaults to `docker-container`
  driver: docker
  # Local configuration
  #
  # The build configuration for local builds, only used if multiarch is enabled (the default)
--- a/lib/kamal/configuration/docs/env.yml
+++ b/lib/kamal/configuration/docs/env.yml
@@ -29,7 +29,7 @@ env:
 # To pass the secrets you should list them under the `secret` key. When you do this the
 # other variables need to be moved under the `clear` key.
 #
-# Unlike clear values, secrets are not passed directly to the container,
+# Unlike clear valies, secrets are not passed directly to the container,
 # but are stored in an env file on the host
 # The file is not updated when deploying, only when running `kamal envify` or `kamal env push`.
 env:
--- a/test/cli/build_test.rb
+++ b/test/cli/build_test.rb
@@ -21,12 +21,16 @@ class CliBuildTest < CliTestCase
        .with(:git, "-C", anything, :status, "--porcelain")
        .returns("")
      SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
        .with(:docker, :buildx, :inspect, "kamal-app-multiarch", "> /dev/null")
        .returns("")
      run_command("push", "--verbose").tap do |output|
        assert_hook_ran "pre-build", output, **hook_variables
        assert_match /Cloning repo into build directory/, output
        assert_match /git -C #{Dir.tmpdir}\/kamal-clones\/app-#{pwd_sha} clone #{Dir.pwd}/, output
        assert_match /docker --version && docker buildx version/, output
-        assert_match /docker build --push --platform linux\/amd64,linux\/arm64 --builder kamal-local -t dhh\/app:999 -t dhh\/app:latest --label service="app" --file Dockerfile \. as .*@localhost/, output
+        assert_match /docker buildx build --push --platform linux\/amd64,linux\/arm64 --builder kamal-app-multiarch -t dhh\/app:999 -t dhh\/app:latest --label service="app" --file Dockerfile \. as .*@localhost/, output
      end
    end
  end
@@ -48,7 +52,7 @@ class CliBuildTest < CliTestCase
      SSHKit::Backend::Abstract.any_instance.expects(:execute).with(:git, "-C", build_directory, :clean, "-fdx")
      SSHKit::Backend::Abstract.any_instance.expects(:execute)
-        .with(:docker, :build, "--push", "--platform", "linux/amd64,linux/arm64", "--builder", "kamal-local", "-t", "dhh/app:999", "-t", "dhh/app:latest", "--label", "service=\"app\"", "--file", "Dockerfile", ".")
+        .with(:docker, :buildx, :build, "--push", "--platform", "linux/amd64,linux/arm64", "--builder", "kamal-app-multiarch", "-t", "dhh/app:999", "-t", "dhh/app:latest", "--label", "service=\"app\"", "--file", "Dockerfile", ".")
      SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
        .with(:git, "-C", anything, :"rev-parse", :HEAD)
@@ -73,7 +77,7 @@ class CliBuildTest < CliTestCase
      assert_no_match /Cloning repo into build directory/, output
      assert_hook_ran "pre-build", output, **hook_variables
      assert_match /docker --version && docker buildx version/, output
-      assert_match /docker build --push --platform linux\/amd64,linux\/arm64 --builder kamal-local -t dhh\/app:999 -t dhh\/app:latest --label service="app" --file Dockerfile . as .*@localhost/, output
+      assert_match /docker buildx build --push --platform linux\/amd64,linux\/arm64 --builder kamal-app-multiarch -t dhh\/app:999 -t dhh\/app:latest --label service="app" --file Dockerfile . as .*@localhost/, output
    end
  end
@@ -119,10 +123,10 @@ class CliBuildTest < CliTestCase
        .with(:docker, "--version", "&&", :docker, :buildx, "version")
      SSHKit::Backend::Abstract.any_instance.expects(:execute)
-        .with(:docker, :buildx, :create, "--name", "kamal-local", "--driver=docker-container")
+        .with(:docker, :buildx, :create, "--use", "--name", "kamal-app-multiarch")
-      SSHKit::Backend::Abstract.any_instance.expects(:execute)
+      SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
-        .with(:docker, :buildx, :inspect, "kamal-local")
+        .with(:docker, :buildx, :inspect, "kamal-app-multiarch", "> /dev/null")
        .raises(SSHKit::Command::Failed.new("no builder"))
      SSHKit::Backend::Abstract.any_instance.expects(:execute).with { |*args| args.first.start_with?("git") }
@@ -136,7 +140,7 @@ class CliBuildTest < CliTestCase
        .returns("")
      SSHKit::Backend::Abstract.any_instance.expects(:execute)
-        .with(:docker, :build, "--push", "--platform", "linux/amd64,linux/arm64", "--builder", "kamal-local", "-t", "dhh/app:999", "-t", "dhh/app:latest", "--label", "service=\"app\"", "--file", "Dockerfile", ".")
+        .with(:docker, :buildx, :build, "--push", "--platform", "linux/amd64,linux/arm64", "--builder", "kamal-app-multiarch", "-t", "dhh/app:999", "-t", "dhh/app:latest", "--label", "service=\"app\"", "--file", "Dockerfile", ".")
      run_command("push").tap do |output|
        assert_match /WARN Missing compatible builder, so creating a new one first/, output
@@ -160,7 +164,7 @@ class CliBuildTest < CliTestCase
    error = assert_raises(Kamal::Cli::HookError) { run_command("push") }
    assert_equal "Hook `pre-build` failed:\nfailed", error.message
-    assert @executions.none? { |args| args[0..2] == [ :docker, :build ] }
+    assert @executions.none? { |args| args[0..2] == [ :docker, :buildx, :build ] }
  end
  test "pull" do
@@ -202,23 +206,23 @@ class CliBuildTest < CliTestCase
  test "create" do
    run_command("create").tap do |output|
-      assert_match /docker buildx create --name kamal-local --driver=docker-container/, output
+      assert_match /docker buildx create --use --name kamal-app-multiarch/, output
    end
  end
  test "create remote" do
    run_command("create", fixture: :with_remote_builder).tap do |output|
      assert_match "Running /usr/bin/env true on 1.1.1.5", output
-      assert_match "docker context create kamal-remote-amd64-ssh---app-1-1-1-5 --description 'kamal-remote-amd64-ssh---app-1-1-1-5 host' --docker 'host=ssh://app@1.1.1.5'", output
+      assert_match "docker context create kamal-app-native-remote-amd64 --description 'kamal-app-native-remote amd64 native host' --docker 'host=ssh://app@1.1.1.5'", output
-      assert_match "docker buildx create --name kamal-remote-amd64-ssh---app-1-1-1-5 kamal-remote-amd64-ssh---app-1-1-1-5 --platform linux/amd64", output
+      assert_match "docker buildx create --name kamal-app-native-remote kamal-app-native-remote-amd64 --platform linux/amd64", output
    end
  end
  test "create remote with custom ports" do
    run_command("create", fixture: :with_remote_builder_and_custom_ports).tap do |output|
      assert_match "Running /usr/bin/env true on 1.1.1.5", output
-      assert_match "docker context create kamal-remote-amd64-ssh---app-1-1-1-5-2122 --description 'kamal-remote-amd64-ssh---app-1-1-1-5-2122 host' --docker 'host=ssh://app@1.1.1.5:2122'", output
+      assert_match "docker context create kamal-app-native-remote-amd64 --description 'kamal-app-native-remote amd64 native host' --docker 'host=ssh://app@1.1.1.5:2122'", output
-      assert_match "docker buildx create --name kamal-remote-amd64-ssh---app-1-1-1-5-2122 kamal-remote-amd64-ssh---app-1-1-1-5-2122 --platform linux/amd64", output
+      assert_match "docker buildx create --name kamal-app-native-remote kamal-app-native-remote-amd64 --platform linux/amd64", output
    end
  end
@@ -235,7 +239,7 @@ class CliBuildTest < CliTestCase
  test "remove" do
    run_command("remove").tap do |output|
-      assert_match /docker buildx rm kamal-local/, output
+      assert_match /docker buildx rm kamal-app-multiarch/, output
    end
  end
@@ -245,7 +249,7 @@ class CliBuildTest < CliTestCase
      .returns("docker builder info")
    run_command("details").tap do |output|
-      assert_match /Builder: local/, output
+      assert_match /Builder: multiarch/, output
      assert_match /docker builder info/, output
    end
  end
--- a/test/cli/cli_test_case.rb
+++ b/test/cli/cli_test_case.rb
@@ -36,8 +36,9 @@ class CliTestCase < ActiveSupport::TestCase
        .with { |arg1, arg2| arg1 == :mkdir && arg2 == ".kamal/locks/app" }
      SSHKit::Backend::Abstract.any_instance.stubs(:execute)
        .with { |arg1, arg2| arg1 == :rm && arg2 == ".kamal/locks/app/details" }
-      SSHKit::Backend::Abstract.any_instance.stubs(:execute)
+      SSHKit::Backend::Abstract.any_instance.stubs(:capture_with_info)
-        .with(:docker, :buildx, :inspect, "kamal-local")
+        .with { |*args| args[0..2] == [ :docker, :buildx, :inspect ] }
        .returns("")
    end
    def assert_hook_ran(hook, output, version:, service_version:, hosts:, command:, subcommand: nil, runtime: false)
--- a/test/cli/main_test.rb
+++ b/test/cli/main_test.rb
@@ -121,6 +121,10 @@ class CliMainTest < CliTestCase
      .with(:git, "-C", anything, :status, "--porcelain")
      .returns("")
    SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
      .with(:docker, :buildx, :inspect, "kamal-app-multiarch", "> /dev/null")
      .returns("")
    SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
      .with(:docker, :info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
      .returns("")
@@ -155,6 +159,10 @@ class CliMainTest < CliTestCase
      .with(:git, "-C", anything, :status, "--porcelain")
      .returns("")
    SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
      .with(:docker, :buildx, :inspect, "kamal-app-multiarch", "> /dev/null")
      .returns("")
    SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
      .with(:docker, :info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
      .returns("")
@@ -439,9 +447,9 @@ class CliMainTest < CliTestCase
  end
  test "envify" do
-    with_test_dotenv(".env.erb": "HELLO=<%= 'world' %>") do
+    with_test_env_files("env.erb": "HELLO=<%= 'world' %>") do
      run_command("envify")
-      assert_equal("HELLO=world", File.read(".env"))
+      assert_equal("HELLO=world", File.read(".kamal/env"))
    end
  end
@@ -453,32 +461,32 @@ class CliMainTest < CliTestCase
      <% end  -%>
    EOF
-    with_test_dotenv(".env.erb": file) do
+    with_test_env_files("env.erb": file) do
      run_command("envify")
-      assert_equal("HELLO=world\nKEY=value\n", File.read(".env"))
+      assert_equal("HELLO=world\nKEY=value\n", File.read(".kamal/env"))
    end
  end
  test "envify with destination" do
-    with_test_dotenv(".env.world.erb": "HELLO=<%= 'world' %>") do
+    with_test_env_files("env.world.erb": "HELLO=<%= 'world' %>") do
      run_command("envify", "-d", "world", config_file: "deploy_for_dest")
-      assert_equal "HELLO=world", File.read(".env.world")
+      assert_equal "HELLO=world", File.read(".kamal/env.world")
    end
  end
  test "envify with skip_push" do
-    Pathname.any_instance.expects(:exist?).returns(true).times(1)
+    Pathname.any_instance.expects(:exist?).returns(true).times(2)
-    File.expects(:read).with(".env.erb").returns("HELLO=<%= 'world' %>")
+    File.expects(:read).with(".kamal/env.erb").returns("HELLO=<%= 'world' %>")
-    File.expects(:write).with(".env", "HELLO=world", perm: 0600)
+    File.expects(:write).with(".kamal/env", "HELLO=world", perm: 0600)
    Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:env:push").never
    run_command("envify", "--skip-push")
  end
  test "envify with clean env" do
-    with_test_dotenv(".env": "HELLO=already", ".env.erb": "HELLO=<%= ENV.fetch 'HELLO', 'never' %>") do
+    with_test_env_files("env": "HELLO=already", "env.erb": "HELLO=<%= ENV.fetch 'HELLO', 'never' %>") do
      run_command("envify", "--skip-push")
-      assert_equal "HELLO=never", File.read(".env")
+      assert_equal "HELLO=never", File.read(".kamal/env")
    end
  end
@@ -534,15 +542,18 @@ class CliMainTest < CliTestCase
      stdouted { Kamal::Cli::Main.start([ *command, "-c", "test/fixtures/#{config_file}.yml" ]) }
    end
-    def with_test_dotenv(**files)
+    def with_test_env_files(**files)
      Dir.mktmpdir do |dir|
        fixtures_dup = File.join(dir, "test")
        FileUtils.mkdir_p(fixtures_dup)
        FileUtils.cp_r("test/fixtures/", fixtures_dup)
        Dir.chdir(dir) do
-          files.each do |filename, contents|
+          FileUtils.mkdir_p(".kamal")
-            File.binwrite(filename.to_s, contents)
+          Dir.chdir(".kamal") do
            files.each do |filename, contents|
              File.binwrite(filename.to_s, contents)
            end
          end
          yield
        end
--- a/test/commands/builder_test.rb
+++ b/test/commands/builder_test.rb
@@ -7,49 +7,49 @@ class CommandsBuilderTest < ActiveSupport::TestCase
  test "target multiarch by default" do
    builder = new_builder_command(builder: { "cache" => { "type" => "gha" } })
-    assert_equal "local", builder.name
+    assert_equal "multiarch", builder.name
    assert_equal \
-      "docker build --push --platform linux/amd64,linux/arm64 --builder kamal-local -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
+      "docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
      builder.push.join(" ")
  end
  test "target native when multiarch is off" do
    builder = new_builder_command(builder: { "multiarch" => false })
-    assert_equal "local", builder.name
+    assert_equal "native", builder.name
    assert_equal \
-      "docker build --push --builder kamal-local -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile .",
+      "docker build -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile . && docker push dhh/app:123 && docker push dhh/app:latest",
      builder.push.join(" ")
  end
  test "target native cached when multiarch is off and cache is set" do
    builder = new_builder_command(builder: { "multiarch" => false, "cache" => { "type" => "gha" } })
-    assert_equal "local", builder.name
+    assert_equal "native/cached", builder.name
    assert_equal \
-      "docker build --push --builder kamal-local -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
+      "docker buildx build --push -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
      builder.push.join(" ")
  end
  test "target multiarch remote when local and remote is set" do
-    builder = new_builder_command(builder: { "local" => { "arch" => "arm64" }, "remote" => { "arch" => "amd64", "host" => "ssh://app@127.0.0.1" }, "cache" => { "type" => "gha" } })
+    builder = new_builder_command(builder: { "local" => {}, "remote" => {}, "cache" => { "type" => "gha" } })
-    assert_equal "hybrid", builder.name
+    assert_equal "multiarch/remote", builder.name
    assert_equal \
-      "docker build --push --platform linux/arm64,linux/amd64 --builder kamal-hybrid-arm64-amd64-ssh---app-127-0-0-1 -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
+      "docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch-remote -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
      builder.push.join(" ")
  end
  test "target multiarch local when arch is set" do
    builder = new_builder_command(builder: { "local" => { "arch" => "amd64" } })
-    assert_equal "local", builder.name
+    assert_equal "multiarch", builder.name
    assert_equal \
-      "docker build --push --platform linux/amd64 --builder kamal-local -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile .",
+      "docker buildx build --push --platform linux/amd64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile .",
      builder.push.join(" ")
  end
  test "target native remote when only remote is set" do
-    builder = new_builder_command(builder: { "remote" => { "arch" => "amd64", "host" => "ssh://app@host" }, "cache" => { "type" => "gha" } })
+    builder = new_builder_command(builder: { "remote" => { "arch" => "amd64" }, "cache" => { "type" => "gha" } })
-    assert_equal "remote", builder.name
+    assert_equal "native/remote", builder.name
    assert_equal \
-      "docker build --push --platform linux/amd64 --builder kamal-remote-amd64-ssh---app-host -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
+      "docker buildx build --push --platform linux/amd64 --builder kamal-app-native-remote -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
      builder.push.join(" ")
  end
@@ -93,28 +93,28 @@ class CommandsBuilderTest < ActiveSupport::TestCase
  test "build context" do
    builder = new_builder_command(builder: { "context" => ".." })
    assert_equal \
-      "docker build --push --platform linux/amd64,linux/arm64 --builder kamal-local -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ..",
+      "docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ..",
      builder.push.join(" ")
  end
  test "native push with build args" do
    builder = new_builder_command(builder: { "multiarch" => false, "args" => { "a" => 1, "b" => 2 } })
    assert_equal \
-      "docker build --push --builder kamal-local -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --build-arg a=\"1\" --build-arg b=\"2\" --file Dockerfile .",
+      "docker build -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --build-arg a=\"1\" --build-arg b=\"2\" --file Dockerfile . && docker push dhh/app:123 && docker push dhh/app:latest",
      builder.push.join(" ")
  end
  test "multiarch push with build args" do
    builder = new_builder_command(builder: { "args" => { "a" => 1, "b" => 2 } })
    assert_equal \
-      "docker build --push --platform linux/amd64,linux/arm64 --builder kamal-local -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --build-arg a=\"1\" --build-arg b=\"2\" --file Dockerfile .",
+      "docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --build-arg a=\"1\" --build-arg b=\"2\" --file Dockerfile .",
      builder.push.join(" ")
  end
  test "native push with build secrets" do
    builder = new_builder_command(builder: { "multiarch" => false, "secrets" => [ "a", "b" ] })
    assert_equal \
-      "docker build --push --builder kamal-local -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --secret id=\"a\" --secret id=\"b\" --file Dockerfile .",
+      "docker build -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --secret id=\"a\" --secret id=\"b\" --file Dockerfile . && docker push dhh/app:123 && docker push dhh/app:latest",
      builder.push.join(" ")
  end
@@ -133,31 +133,73 @@ class CommandsBuilderTest < ActiveSupport::TestCase
  test "multiarch context build" do
    builder = new_builder_command(builder: { "context" => "./foo" })
    assert_equal \
-      "docker build --push --platform linux/amd64,linux/arm64 --builder kamal-local -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo",
+      "docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo",
      builder.push.join(" ")
  end
  test "native context build" do
    builder = new_builder_command(builder: { "multiarch" => false, "context" => "./foo" })
    assert_equal \
-      "docker build --push --builder kamal-local -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo",
+      "docker build -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo && docker push dhh/app:123 && docker push dhh/app:latest",
      builder.push.join(" ")
  end
  test "cached context build" do
    builder = new_builder_command(builder: { "multiarch" => false, "context" => "./foo", "cache" => { "type" => "gha" } })
    assert_equal \
-      "docker build --push --builder kamal-local -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile ./foo",
+      "docker buildx build --push -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile ./foo",
      builder.push.join(" ")
  end
  test "remote context build" do
-    builder = new_builder_command(builder: { "remote" => { "arch" => "amd64", "host" => "ssh://app@host" }, "context" => "./foo" })
+    builder = new_builder_command(builder: { "remote" => { "arch" => "amd64" }, "context" => "./foo" })
    assert_equal \
-      "docker build --push --platform linux/amd64 --builder kamal-remote-amd64-ssh---app-host -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo",
+      "docker buildx build --push --platform linux/amd64 --builder kamal-app-native-remote -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo",
      builder.push.join(" ")
  end
  test "multiarch context hosts" do
    command = new_builder_command
    assert_equal "docker buildx inspect kamal-app-multiarch > /dev/null", command.context_hosts.join(" ")
    assert_equal "", command.config_context_hosts.join(" ")
  end
  test "native context hosts" do
    command = new_builder_command(builder: { "multiarch" => false })
    assert_equal :true, command.context_hosts
    assert_equal "", command.config_context_hosts.join(" ")
  end
  test "native cached context hosts" do
    command = new_builder_command(builder: { "multiarch" => false, "cache" => { "type" => "registry" } })
    assert_equal "docker buildx inspect kamal-app-native-cached > /dev/null", command.context_hosts.join(" ")
    assert_equal "", command.config_context_hosts.join(" ")
  end
  test "native remote context hosts" do
    command = new_builder_command(builder: { "remote" => { "arch" => "amd64", "host" => "ssh://host" } })
    assert_equal "docker context inspect kamal-app-native-remote-amd64 --format '{{.Endpoints.docker.Host}}'", command.context_hosts.join(" ")
    assert_equal [ "ssh://host" ], command.config_context_hosts
  end
  test "multiarch remote context hosts" do
    command = new_builder_command(builder: {
      "remote" => { "arch" => "amd64", "host" => "ssh://host" },
      "local" => { "arch" => "arm64" }
    })
    assert_equal "docker context inspect kamal-app-multiarch-remote-arm64 --format '{{.Endpoints.docker.Host}}' ; docker context inspect kamal-app-multiarch-remote-amd64 --format '{{.Endpoints.docker.Host}}'", command.context_hosts.join(" ")
    assert_equal [ "ssh://host" ], command.config_context_hosts
  end
  test "multiarch remote context hosts with local host" do
    command = new_builder_command(builder: {
      "remote" => { "arch" => "amd64", "host" => "ssh://host" },
      "local" => { "arch" => "arm64", "host" => "unix:///var/run/docker.sock" }
    })
    assert_equal "docker context inspect kamal-app-multiarch-remote-arm64 --format '{{.Endpoints.docker.Host}}' ; docker context inspect kamal-app-multiarch-remote-amd64 --format '{{.Endpoints.docker.Host}}'", command.context_hosts.join(" ")
    assert_equal [ "unix:///var/run/docker.sock", "ssh://host" ], command.config_context_hosts
  end
  test "mirror count" do
    command = new_builder_command
    assert_equal "docker info --format '{{index .RegistryConfig.Mirrors 0}}'", command.first_mirror.join(" ")
--- a/test/configuration/builder_test.rb
+++ b/test/configuration/builder_test.rb
@@ -42,7 +42,7 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
  test "setting both local and remote configs" do
    @deploy_with_builder_option[:builder] = {
-      "local" => { "arch" => "arm64" },
+      "local" => { "arch" => "arm64", "host" => "unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock" },
      "remote" => { "arch" => "amd64", "host" => "ssh://root@192.168.0.1" }
    }
@@ -53,6 +53,7 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
    assert_equal "ssh://root@192.168.0.1", config_with_builder_option.builder.remote_host
    assert_equal "arm64", config_with_builder_option.builder.local_arch
    assert_equal "unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock", config_with_builder_option.builder.local_host
  end
  test "cached?" do
--- a/test/integration/docker-compose.yml
+++ b/test/integration/docker-compose.yml
@@ -29,6 +29,8 @@ services:
      context: docker/registry
    environment:
      - REGISTRY_HTTP_ADDR=0.0.0.0:4443
      - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
      - REGISTRY_HTTP_TLS_KEY=/certs/domain.key
    volumes:
      - shared:/shared
      - registry:/var/lib/registry/
--- a/test/integration/docker/deployer/Dockerfile
+++ b/test/integration/docker/deployer/Dockerfile
@@ -22,6 +22,7 @@ COPY app_with_roles/ app_with_roles/
 RUN rm -rf /root/.ssh
 RUN ln -s /shared/ssh /root/.ssh
 RUN mkdir -p /etc/docker/certs.d/registry:4443 && ln -s /shared/certs/domain.crt /etc/docker/certs.d/registry:4443/ca.crt
 RUN git config --global user.email "deployer@example.com"
 RUN git config --global user.name "Deployer"
--- a/test/integration/docker/deployer/app/.kamal/env.erb
+++ b/test/integration/docker/deployer/app/.kamal/env.erb
--- a/test/integration/docker/deployer/app/config/deploy.yml
+++ b/test/integration/docker/deployer/app/config/deploy.yml
@@ -24,7 +24,6 @@ registry:
  password: root
 builder:
  multiarch: false
  driver: docker
  args:
    COMMIT_SHA: <%= `git rev-parse HEAD` %>
 healthcheck:
--- a/test/integration/docker/deployer/app_with_roles/.kamal/env.erb
+++ b/test/integration/docker/deployer/app_with_roles/.kamal/env.erb
--- a/test/integration/docker/deployer/app_with_roles/config/deploy.yml
+++ b/test/integration/docker/deployer/app_with_roles/config/deploy.yml
@@ -18,7 +18,6 @@ registry:
  password: root
 builder:
  multiarch: false
  driver: docker
  args:
    COMMIT_SHA: <%= `git rev-parse HEAD` %>
 healthcheck:
--- a/test/integration/docker/deployer/boot.sh
+++ b/test/integration/docker/deployer/boot.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-dockerd --max-concurrent-downloads 1 --insecure-registry registry:4443 &
+dockerd --max-concurrent-downloads 1 &
 exec sleep infinity
--- a/test/integration/docker/registry/boot.sh
+++ b/test/integration/docker/registry/boot.sh
@@ -1,3 +1,5 @@
 #!/bin/sh
 while [ ! -f /certs/domain.crt ]; do sleep 1; done
 exec /entrypoint.sh /etc/docker/registry/config.yml
--- a/test/integration/docker/shared/Dockerfile
+++ b/test/integration/docker/shared/Dockerfile
@@ -10,6 +10,8 @@ RUN mkdir ssh && \
 COPY registry-dns.conf .
 COPY boot.sh .
 RUN mkdir certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key   -x509 -days 365 -out certs/domain.crt   -subj '/CN=registry' -extensions EXT -config registry-dns.conf
 HEALTHCHECK --interval=1s CMD pgrep sleep
 CMD ["./boot.sh"]
--- a/test/integration/docker/vm/Dockerfile
+++ b/test/integration/docker/vm/Dockerfile
@@ -5,6 +5,7 @@ WORKDIR /work
 RUN apt-get update --fix-missing && apt-get -y install openssh-client openssh-server docker.io
 RUN mkdir /root/.ssh && ln -s /shared/ssh/id_rsa.pub /root/.ssh/authorized_keys
 RUN mkdir -p /etc/docker/certs.d/registry:4443 && ln -s /shared/certs/domain.crt /etc/docker/certs.d/registry:4443/ca.crt
 RUN echo "HOST_TOKEN=abcd" >> /etc/environment
--- a/test/integration/docker/vm/boot.sh
+++ b/test/integration/docker/vm/boot.sh
@@ -4,6 +4,6 @@ while [ ! -f /root/.ssh/authorized_keys ]; do echo "Waiting for ssh keys"; sleep
 service ssh restart
-dockerd --max-concurrent-downloads 1 --insecure-registry registry:4443 &
+dockerd --max-concurrent-downloads 1 &
 exec sleep infinity
--- a/test/integration/main_test.rb
+++ b/test/integration/main_test.rb
@@ -97,7 +97,7 @@ class MainTest < IntegrationTest
  private
    def assert_local_env_file(contents)
-      assert_equal contents, deployer_exec("cat .env", capture: true)
+      assert_equal contents, deployer_exec("cat .kamal/env", capture: true)
    end
    def assert_envs(version:)
@@ -127,7 +127,7 @@ class MainTest < IntegrationTest
    end
    def remove_local_env_file
-      deployer_exec("rm .env")
+      deployer_exec("rm .kamal/env")
    end
    def assert_remote_env_file(contents, vm:)