Set port

WIP
Use kamal network for containers
2024-03-28 15:43:08 +00:00 · 2024-03-28 14:53:58 +00:00 · 2024-03-28 14:07:24 +00:00 · 2024-03-28 14:05:21 +00:00 · 2024-03-28 08:26:57 +00:00 · 2024-03-27 20:56:47 +04:00
184 changed files with 5848 additions and 4011 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,10 +1,25 @@
 name: CI
-on: 
+on:
  push:
    branches:
      - main
  pull_request:
 jobs:
  rubocop:
    name: RuboCop
    runs-on: ubuntu-latest
    env:
      BUNDLE_ONLY: rubocop
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup Ruby and install gems
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 3.3.0
          bundler-cache: true
      - name: Run Rubocop
        run: bundle exec rubocop --parallel
  tests:
    strategy:
      matrix:
@@ -12,17 +27,29 @@ jobs:
          - "2.7"
          - "3.1"
          - "3.2"
          - "3.3"
        gemfile:
          - Gemfile
          - gemfiles/ruby_2.7.gemfile
          - gemfiles/rails_edge.gemfile
-        continue-on-error: [false]
+        exclude:
          - ruby-version: "2.7"
            gemfile: Gemfile
          - ruby-version: "2.7"
            gemfile: gemfiles/rails_edge.gemfile
          - ruby-version: "3.1"
            gemfile: gemfiles/ruby_2.7.gemfile
          - ruby-version: "3.2"
            gemfile: gemfiles/ruby_2.7.gemfile
          - ruby-version: "3.3"
            gemfile: gemfiles/ruby_2.7.gemfile
    name: ${{ format('Tests (Ruby {0})', matrix.ruby-version) }}
    runs-on: ubuntu-latest
-    continue-on-error: ${{ matrix.continue-on-error }}
+    continue-on-error: true
    env:
      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
      - name: Install Ruby
        uses: ruby/setup-ruby@v1
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -1,6 +1,12 @@
 name: Docker
 on:
  workflow_dispatch:
    inputs:
      tagInput:
        description: 'Tag'
        required: true
  release:
    types: [created]
    tags:
@@ -29,6 +35,14 @@ jobs:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Determine version tag
        id: version-tag
        run: |
          INPUT_VALUE="${{ github.event.inputs.tagInput }}"
          if [ -z "$INPUT_VALUE" ]; then
            INPUT_VALUE="${{ github.ref_name }}"
          fi
          echo "::set-output name=value::$INPUT_VALUE"
      -
        name: Build and push
        uses: docker/build-push-action@v3
@@ -37,5 +51,5 @@ jobs:
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
-            ghcr.io/mrsked/mrsk:latest
+            ghcr.io/basecamp/kamal:latest
-            ghcr.io/mrsked/mrsk:${{ github.ref_name }}
+            ghcr.io/basecamp/kamal:${{ steps.version-tag.outputs.value }}
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -0,0 +1,2 @@
 inherit_gem:
  rubocop-rails-omakase: rubocop.yml
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -1,10 +1,10 @@
 # Contributor Code of Conduct
-As contributors and maintainers of the MRSK project, we pledge to create a welcoming and inclusive environment for everyone. We value the participation of each member of our community and want all contributors to feel respected and valued.
+As contributors and maintainers of the Kamal project, we pledge to create a welcoming and inclusive environment for everyone. We value the participation of each member of our community and want all contributors to feel respected and valued.
 We are committed to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, or religion (or lack thereof). We do not tolerate harassment of participants in any form.
-This code of conduct applies to all MRSK project spaces, including but not limited to project code, issue trackers, chat rooms, and mailing lists. Violations of this code of conduct may result in removal from the project community.
+This code of conduct applies to all Kamal project spaces, including but not limited to project code, issue trackers, chat rooms, and mailing lists. Violations of this code of conduct may result in removal from the project community.
 ## Our standards
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,18 +1,18 @@
-# Contributing to MRSK development
+# Contributing to Kamal development
-Thank you for considering contributing to MRSK! This document outlines some guidelines for contributing to this open source project.
+Thank you for considering contributing to Kamal! This document outlines some guidelines for contributing to this open source project.
-Please make sure to review our [Code of Conduct](CODE_OF_CONDUCT.md) before contributing to MRSK.
+Please make sure to review our [Code of Conduct](CODE_OF_CONDUCT.md) before contributing to Kamal.
 There are several ways you can contribute to the betterment of the project:
- **Report an issue?** - If the issue isn’t reported, we can’t fix it. Please report any bugs, feature, and/or improvement requests on the [MRSK GitHub Issues tracker](https://github.com/mrsked/mrsk/issues).
+- **Report an issue?** - If the issue isn’t reported, we can’t fix it. Please report any bugs, feature, and/or improvement requests on the [Kamal GitHub Issues tracker](https://github.com/basecamp/kamal/issues).
- **Submit patches** - Do you have a new feature or a fix you'd like to share? [Submit a pull request](https://github.com/mrsked/mrsk/pulls)!
+- **Submit patches** - Do you have a new feature or a fix you'd like to share? [Submit a pull request](https://github.com/basecamp/kamal/pulls)!
- **Write blog articles** - Are you using MRSK? We'd love to hear how you're using it with your projects. Write a tutorial and post it on your blog!
+- **Write blog articles** - Are you using Kamal? We'd love to hear how you're using it with your projects. Write a tutorial and post it on your blog!
 ## Issues
-If you encounter any issues with the project, please check the [existing issues](https://github.com/mrsked/mrsk/issues) first to see if the issue has already been reported. If the issue hasn't been reported, please open a new issue with a clear description of the problem and steps to reproduce it.
+If you encounter any issues with the project, please check the [existing issues](https://github.com/basecamp/kamal/issues) first to see if the issue has already been reported. If the issue hasn't been reported, please open a new issue with a clear description of the problem and steps to reproduce it.
 ## Pull Requests
@@ -27,23 +27,23 @@ Please keep the following guidelines in mind when opening a pull request:
 - Add tests for your changes, if possible.
 - Ensure that your changes don't break existing functionality.
-#### Commit message guidline
+#### Commit message guidelines
 A good commit message should describe what changed and why.
 ## Development
-The `main` branch is regularly built and tested, but it is not guaranteed to be completely stable. Tags are created regularly from release branches to indicate new official, stable release versions of MRSK.
+The `main` branch is regularly built and tested, but it is not guaranteed to be completely stable. Tags are created regularly from release branches to indicate new official, stable release versions of Kamal.
-MRSK is written in Ruby. You should have Ruby 3.2+ installed on your machine in order to work on MRSK. If that's already setup, run `bundle` in the root directory to install all dependencies. Then you can run `bin/test` to run all tests.
+Kamal is written in Ruby. You should have Ruby 3.2+ installed on your machine in order to work on Kamal. If that's already setup, run `bundle` in the root directory to install all dependencies. Then you can run `bin/test` to run all tests.
 1. Fork the project repository.
 2. Create a new branch for your contribution.
 3. Write your code or make the desired changes.
 4. **Ensure that your code passes the project's minitests by running ./bin/test.**
 5. Commit your changes and push them to your forked repository.
-6. [Open a pull request](https://github.com/mrsked/mrsk/pulls) to the main project repository with a detailed description of your changes.
+6. [Open a pull request](https://github.com/basecamp/kamal/pulls) to the main project repository with a detailed description of your changes.
 ## License
-MRSK is released under the MIT License. By contributing to this project, you agree to license your contributions under the same license.
+Kamal is released under the MIT License. By contributing to this project, you agree to license your contributions under the same license.
--- a/20
+++ b/20
@@ -4,14 +4,14 @@ FROM ruby:3.2.0-alpine
 # Install  docker/buildx-bin
 COPY --from=docker/buildx-bin /buildx /usr/libexec/docker/cli-plugins/docker-buildx
-# Set the working directory to /mrsk
+# Set the working directory to /kamal
-WORKDIR /mrsk
+WORKDIR /kamal
 # Copy the Gemfile, Gemfile.lock into the container
-COPY Gemfile Gemfile.lock mrsk.gemspec ./
+COPY Gemfile Gemfile.lock kamal.gemspec ./
-# Required in mrsk.gemspec
+# Required in kamal.gemspec
-COPY lib/mrsk/version.rb /mrsk/lib/mrsk/version.rb
+COPY lib/kamal/version.rb /kamal/lib/kamal/version.rb
 # Install system dependencies
 RUN apk add --no-cache --update build-base git docker openrc openssh-client-default \
@@ -21,12 +21,12 @@ RUN apk add --no-cache --update build-base git docker openrc openssh-client-defa
 # Copy the rest of our application code into the container.
 # We do this after bundle install, to avoid having to run bundle
-# everytime we do small fixes in the source code.
+# every time we do small fixes in the source code.
 COPY . .
 # Install the gem locally from the project folder
-RUN gem build mrsk.gemspec && \
+RUN gem build kamal.gemspec && \
-    gem install ./mrsk-*.gem --no-document
+    gem install ./kamal-*.gem --no-document
 # Set the working directory to /workdir
 WORKDIR /workdir
@@ -36,5 +36,5 @@ WORKDIR /workdir
 RUN git config --global --add safe.directory /workdir
 # Set the entrypoint to run the installed binary in /workdir
-# Example:  docker run -it -v "$PWD:/workdir" mrsk init
+# Example:  docker run -it -v "$PWD:/workdir" kamal init
-ENTRYPOINT ["mrsk"]
+ENTRYPOINT ["kamal"]
--- a/6
+++ b/6
@@ -1,4 +1,8 @@
-source 'https://rubygems.org'
+source "https://rubygems.org"
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 gemspec
 group :rubocop do
  gem "rubocop-rails-omakase", require: false
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,9 +1,11 @@
 PATH
  remote: .
  specs:
-    mrsk (0.13.0)
+    kamal (1.4.0)
      activesupport (>= 7.0)
      base64 (~> 0.2)
      bcrypt_pbkdf (~> 1.0)
      concurrent-ruby (~> 1.2)
      dotenv (~> 2.8)
      ed25519 (~> 1.2)
      net-ssh (~> 7.0)
@@ -14,82 +16,152 @@ PATH
 GEM
  remote: https://rubygems.org/
  specs:
-    actionpack (7.0.4.3)
+    actionpack (7.1.2)
-      actionview (= 7.0.4.3)
+      actionview (= 7.1.2)
-      activesupport (= 7.0.4.3)
+      activesupport (= 7.1.2)
-      rack (~> 2.0, >= 2.2.0)
+      nokogiri (>= 1.8.5)
      racc
      rack (>= 2.2.4)
      rack-session (>= 1.0.1)
      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
+      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+      rails-html-sanitizer (~> 1.6)
-    actionview (7.0.4.3)
+    actionview (7.1.2)
-      activesupport (= 7.0.4.3)
+      activesupport (= 7.1.2)
      builder (~> 3.1)
-      erubi (~> 1.4)
+      erubi (~> 1.11)
-      rails-dom-testing (~> 2.0)
+      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+      rails-html-sanitizer (~> 1.6)
-    activesupport (7.0.4.3)
+    activesupport (7.1.2)
      base64
      bigdecimal
      concurrent-ruby (~> 1.0, >= 1.0.2)
      connection_pool (>= 2.2.5)
      drb
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      mutex_m
      tzinfo (~> 2.0)
    ast (2.4.2)
    base64 (0.2.0)
    bcrypt_pbkdf (1.1.0)
    bigdecimal (3.1.5)
    builder (3.2.4)
    concurrent-ruby (1.2.2)
    connection_pool (2.4.1)
    crass (1.0.6)
-    debug (1.7.2)
+    debug (1.9.1)
-      irb (>= 1.5.0)
+      irb (~> 1.10)
-      reline (>= 0.3.1)
+      reline (>= 0.3.8)
    dotenv (2.8.1)
    drb (2.2.0)
      ruby2_keywords
    ed25519 (1.3.0)
    erubi (1.12.0)
-    i18n (1.12.0)
+    i18n (1.14.1)
      concurrent-ruby (~> 1.0)
-    io-console (0.6.0)
+    io-console (0.7.1)
-    irb (1.6.3)
+    irb (1.11.0)
-      reline (>= 0.3.0)
+      rdoc
-    loofah (2.20.0)
+      reline (>= 0.3.8)
    json (2.7.1)
    language_server-protocol (3.17.0.3)
    loofah (2.22.0)
      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
-    method_source (1.0.0)
+    minitest (5.20.0)
-    minitest (5.18.0)
+    mocha (2.1.0)
    mocha (2.0.2)
      ruby2_keywords (>= 0.0.5)
    mutex_m (0.2.0)
    net-scp (4.0.0)
      net-ssh (>= 2.6.5, < 8.0.0)
-    net-ssh (7.1.0)
+    net-ssh (7.2.1)
-    nokogiri (1.14.2-arm64-darwin)
+    nokogiri (1.16.0-arm64-darwin)
      racc (~> 1.4)
-    nokogiri (1.14.2-x86_64-darwin)
+    nokogiri (1.16.0-x86_64-darwin)
      racc (~> 1.4)
-    nokogiri (1.14.2-x86_64-linux)
+    nokogiri (1.16.0-x86_64-linux)
      racc (~> 1.4)
-    racc (1.6.2)
+    parallel (1.24.0)
-    rack (2.2.6.4)
+    parser (3.3.0.5)
      ast (~> 2.4.1)
      racc
    psych (5.1.2)
      stringio
    racc (1.7.3)
    rack (3.0.8)
    rack-session (2.0.0)
      rack (>= 3.0.0)
    rack-test (2.1.0)
      rack (>= 1.3)
-    rails-dom-testing (2.0.3)
+    rackup (2.1.0)
-      activesupport (>= 4.2.0)
+      rack (>= 3)
      webrick (~> 1.8)
    rails-dom-testing (2.2.0)
      activesupport (>= 5.0.0)
      minitest
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.5.0)
+    rails-html-sanitizer (1.6.0)
-      loofah (~> 2.19, >= 2.19.1)
+      loofah (~> 2.21)
-    railties (7.0.4.3)
+      nokogiri (~> 1.14)
-      actionpack (= 7.0.4.3)
+    railties (7.1.2)
-      activesupport (= 7.0.4.3)
+      actionpack (= 7.1.2)
-      method_source
+      activesupport (= 7.1.2)
      irb
      rackup (>= 1.0.0)
      rake (>= 12.2)
-      thor (~> 1.0)
+      thor (~> 1.0, >= 1.2.2)
-      zeitwerk (~> 2.5)
+      zeitwerk (~> 2.6)
-    rake (13.0.6)
+    rainbow (3.1.1)
-    reline (0.3.3)
+    rake (13.1.0)
    rdoc (6.6.2)
      psych (>= 4.0.0)
    regexp_parser (2.9.0)
    reline (0.4.2)
      io-console (~> 0.5)
    rexml (3.2.6)
    rubocop (1.62.1)
      json (~> 2.3)
      language_server-protocol (>= 3.17.0)
      parallel (~> 1.10)
      parser (>= 3.3.0.2)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
      rubocop-ast (>= 1.31.1, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
    rubocop-ast (1.31.2)
      parser (>= 3.3.0.4)
    rubocop-minitest (0.35.0)
      rubocop (>= 1.61, < 2.0)
      rubocop-ast (>= 1.31.1, < 2.0)
    rubocop-performance (1.20.2)
      rubocop (>= 1.48.1, < 2.0)
      rubocop-ast (>= 1.30.0, < 2.0)
    rubocop-rails (2.24.0)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
      rubocop (>= 1.33.0, < 2.0)
      rubocop-ast (>= 1.31.1, < 2.0)
    rubocop-rails-omakase (1.0.0)
      rubocop
      rubocop-minitest
      rubocop-performance
      rubocop-rails
    ruby-progressbar (1.13.0)
    ruby2_keywords (0.0.5)
-    sshkit (1.21.4)
+    sshkit (1.21.7)
      mutex_m
      net-scp (>= 1.1.2)
      net-ssh (>= 2.8.0)
-    thor (1.2.1)
+    stringio (3.1.0)
    thor (1.3.0)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    zeitwerk (2.6.7)
+    unicode-display_width (2.5.0)
    webrick (1.8.1)
    zeitwerk (2.6.12)
 PLATFORMS
  arm64-darwin
@@ -98,9 +170,10 @@ PLATFORMS
 DEPENDENCIES
  debug
  kamal!
  mocha
  mrsk!
  railties
  rubocop-rails-omakase
 BUNDLED WITH
   2.4.3
--- a/README.md
+++ b/README.md
@@ -1,924 +1,13 @@
-# MRSK
+# Kamal: Deploy web apps anywhere
-MRSK deploys web apps anywhere from bare metal to cloud VMs using Docker with zero downtime. It uses the dynamic reverse-proxy Traefik to hold requests while the new application container is started and the old one is stopped. It works seamlessly across multiple hosts, using SSHKit to execute commands. It was built for Rails applications, but works with any type of web app that can be containerized with Docker.
+From bare metal to cloud VMs, deploy web apps anywhere with zero downtime. Kamal uses mproxy for zero-downtime deployments. Works seamlessly across multiple hosts, using SSHKit to execute commands. Originally built for Rails apps, Kamal will work with any type of web app that can be containerized with Docker.
-Watch the screencast: https://www.youtube.com/watch?v=LL1cV2FXZ5I
+➡️ See [kamal-deploy.org](https://kamal-deploy.org) for documentation on [installation](https://kamal-deploy.org/docs/installation), [configuration](https://kamal-deploy.org/docs/configuration), and [commands](https://kamal-deploy.org/docs/commands).
-Join us on Discord: https://discord.gg/YgHVT7GCXS
+## Contributing to the documentation
-Ask questions: https://github.com/mrsked/mrsk/discussions
+Please help us improve Kamal's documentation on the [the basecamp/kamal-site repository](https://github.com/basecamp/kamal-site).
 ## Installation
 If you have a Ruby environment available, you can install MRSK globally with:
 ```sh
 gem install mrsk
 ```
 ...otherwise, you can run a dockerized version via an alias (add this to your .bashrc or similar to simplify re-use):
 ```sh
 alias mrsk='docker run --rm -it -v $HOME/.ssh:/root/.ssh -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}/:/workdir  ghcr.io/mrsked/mrsk'
 ```
 Then, inside your app directory, run `mrsk init` (or `mrsk init --bundle` within Rails 7+ apps where you want a bin/mrsk binstub). Now edit the new file `config/deploy.yml`. It could look as simple as this:
 ```yaml
 service: hey
 image: 37s/hey
 servers:
  - 192.168.0.1
  - 192.168.0.2
 registry:
  username: registry-user-name
  password:
    - MRSK_REGISTRY_PASSWORD
 env:
  secret:
    - RAILS_MASTER_KEY
 ```
 Then edit your `.env` file to add your registry password as `MRSK_REGISTRY_PASSWORD` (and your `RAILS_MASTER_KEY` for production with a Rails app).
 Now you're ready to deploy to the servers:
 ```
 mrsk setup
 ```
 This will:
 1. Connect to the servers over SSH (using root by default, authenticated by your ssh key)
 2. Install Docker and curl on any server that might be missing it (using apt-get): root access is needed via ssh for this.
 3. Log into the registry both locally and remotely
 4. Build the image using the standard Dockerfile in the root of the application.
 5. Push the image to the registry.
 6. Pull the image from the registry onto the servers.
 7. Ensure Traefik is running and accepting traffic on port 80.
 8. Ensure your app responds with `200 OK` to `GET /up` (you must have curl installed inside your app image!).
 9. Start a new container with the version of the app that matches the current git version hash.
 10. Stop the old container running the previous version of the app.
 11. Prune unused images and stopped containers to ensure servers don't fill up.
 Voila! All the servers are now serving the app on port 80. If you're just running a single server, you're ready to go. If you're running multiple servers, you need to put a load balancer in front of them. For subsequent deploys, or if your servers already have Docker and curl installed, you can just run `mrsk deploy`.
 ## Vision
 In the past decade+, there's been an explosion in commercial offerings that make deploying web apps easier. Heroku kicked it off with an incredible offering that stayed ahead of the competition seemingly forever. These days we have excellent alternatives like Fly.io and Render. And hosted Kubernetes is making things easier too on AWS, GCP, Digital Ocean, and elsewhere. But these are all offerings that have you renting computers in the cloud at a premium. If you want to run on your own hardware, or even just have a clear migration path to do so in the future, you need to carefully consider how locked in you get to these commercial platforms. Preferably before the bills swallow your business whole!
 MRSK seeks to bring the advance in ergonomics pioneered by these commercial offerings to deploying web apps anywhere. Whether that's low-cost cloud options without the managed-service markup from the likes of Digital Ocean, Hetzner, OVH, etc, or it's your own colocated bare metal. To MRSK, it's all the same. Feed the config file a list of IP addresses with vanilla Ubuntu servers that have seen no prep beyond an added SSH key, and you'll be running in literally minutes.
 This approach gives you enormous portability. You can have your web app deployed on several clouds at ease like this. Or you can buy the baseline with your own hardware, then deploy to a cloud before a big seasonal spike to get more capacity. When you're not locked into a single provider from a tooling perspective, there are a lot of compelling options available.
 Ultimately, MRSK is meant to compress the complexity of going to production using open source tooling that isn't tied to any commercial offering. Not to zero, mind you. You're probably still better off with a fully managed service if basic Linux or Docker is still difficult, but as soon as those concepts are familiar, you'll be ready to go with MRSK.
 ## Why not just run Capistrano, Kubernetes or Docker Swarm?
 MRSK basically is Capistrano for Containers, without the need to carefully prepare servers in advance. No need to ensure that the servers have just the right version of Ruby or other dependencies you need. That all lives in the Docker image now. You can boot a brand new Ubuntu (or whatever) server, add it to the list of servers in MRSK, and it'll be auto-provisioned with Docker, and run right away. Docker's layer caching also speeds up deployments with less mucking about on the server. And the images built for MRSK can be used for CI or later introspection.
 Kubernetes is a beast. Running it yourself on your own hardware is not for the faint of heart. It's a fine option if you want to run on someone else's platform, either transparently [like Render](https://thenewstack.io/render-cloud-deployment-with-less-engineering/) or explicitly on AWS/GCP, but if you'd like the freedom to move between cloud and your own hardware, or even mix the two, MRSK is much simpler. You can see everything that's going on, it's just basic Docker commands being called.
 Docker Swarm is much simpler than Kubernetes, but it's still built on the same declarative model that uses state reconciliation. MRSK is intentionally designed around imperative commands, like Capistrano.
 Ultimately, there are a myriad of ways to deploy web apps, but this is the toolkit we're using at [37signals](https://37signals.com) to bring [HEY](https://www.hey.com) [home from the cloud](https://world.hey.com/dhh/why-we-re-leaving-the-cloud-654b47e0) without losing the advantages of modern containerization tooling.
 ## Running MRSK from Docker
 MRSK is packaged up in a Docker container similarly to [rails/docked](https://github.com/rails/docked). This will allow you to run MRSK (from your application directory) without having to install any dependencies other than Docker. Add the following alias to your profile configuration to make working with the container more convenient:
 ```bash
 alias mrsk="docker run -it --rm -v '${PWD}:/workdir' -v '${SSH_AUTH_SOCK}:/ssh-agent' -v /var/run/docker.sock:/var/run/docker.sock -e 'SSH_AUTH_SOCK=/ssh-agent' ghcr.io/mrsked/mrsk:latest"
 ```
 Since MRSK uses SSH to establish a remote connection, it will need access to your SSH agent. The above command uses a volume mount to make it available inside the container and configures the SSH agent inside the container to make use of it.
 ## Configuration
 ### Using .env file to load required environment variables
 MRSK uses [dotenv](https://github.com/bkeepers/dotenv) to automatically load environment variables set in the `.env` file present in the application root. This file can be used to set variables like `MRSK_REGISTRY_PASSWORD` or database passwords. But for this reason you must ensure that .env files are not checked into Git or included in your Dockerfile! The format is just key-value like:
 ```bash
 MRSK_REGISTRY_PASSWORD=pw
 DB_PASSWORD=secret123
 ```
 ### Using a generated .env file
 #### 1Password as a secret store
 If you're using a centralized secret store, like 1Password, you can create `.env.erb` as a template which looks up the secrets. Example of a .env.erb file:
 ```erb
 <% if (session_token = `op signin --account my-one-password-account --raw`.strip) != "" %># Generated by mrsk envify
 GITHUB_TOKEN=<%= `gh config get -h github.com oauth_token`.strip %>
 MRSK_REGISTRY_PASSWORD=<%= `op read "op://Vault/Docker Hub/password" -n --session  #{session_token}` %>
 RAILS_MASTER_KEY=<%= `op read "op://Vault/My App/RAILS_MASTER_SECRET" -n --session #{session_token}` %>
 MYSQL_ROOT_PASSWORD=<%= `op read "op://Vault/My App/MYSQL_ROOT_PASSWORD" -n --session #{session_token}` %>
 <% else raise ArgumentError, "Session token missing" end %>
 ```
 This template can safely be checked into git. Then everyone deploying the app can run `mrsk envify` when they setup the app for the first time or passwords change to get the correct `.env` file.
 If you need separate env variables for different destinations, you can set them with `.env.destination.erb` for the template, which will generate `.env.staging` when run with `mrsk envify -d staging`.
 #### Bitwarden as a secret store
 If you are using open source secret store like bitwarden, you can create `.env.erb` as a template which looks up the secrets.
 You can store `SOME_SECRET` in a secure note in bitwarden vault.
 ```
 $ bw list items --search SOME_SECRET | jq
 ? Master password: [hidden]
 [
  {
    "object": "item",
    "id": "123123123-1232-4224-222f-234234234234",
    "organizationId": null,
    "folderId": null,
    "type": 2,
    "reprompt": 0,
    "name": "SOME_SECRET",
    "notes": "yyy",
    "favorite": false,
    "secureNote": {
      "type": 0
    },
    "collectionIds": [],
    "revisionDate": "2023-02-28T23:54:47.868Z",
    "creationDate": "2022-11-07T03:16:05.828Z",
    "deletedDate": null
  }
 ]
 ```
 and extract the `id` of `SOME_SECRET` from the `json` above and use in the `erb` below.
 Example `.env.erb` file:
 ```erb
 <% if (session_token=`bw unlock --raw`.strip) != "" %># Generated by mrsk envify
 SOME_SECRET=<%= `bw get notes 123123123-1232-4224-222f-234234234234 --session #{session_token}` %>
 <% else raise ArgumentError, "session_token token missing" end %>
 ```
 Then everyone deploying the app can run `mrsk envify` and mrsk will generate `.env`
 ### Using another registry than Docker Hub
 The default registry is Docker Hub, but you can change it using `registry/server`:
 ```yaml
 registry:
  server: registry.digitalocean.com
  username:
    - DOCKER_REGISTRY_TOKEN
  password:
    - DOCKER_REGISTRY_TOKEN
 ```
 A reference to secret `DOCKER_REGISTRY_TOKEN` will look for `ENV["DOCKER_REGISTRY_TOKEN"]` on the machine running MRSK.
 #### Using AWS ECR as the container registry
 AWS ECR's access token is only valid for 12hrs. In order to not have to manually regenerate the token every time, you can use ERB in the `deploy.yml` file to shell out to the `aws` cli command, and obtain the token:
 ```yaml
 registry:
  server: <your aws account id>.dkr.ecr.<your aws region id>.amazonaws.com
  username: AWS
  password: <%= %x(aws ecr get-login-password) %>
 ```
 You will need to have the `aws` CLI installed locally for this to work.
 ### Using a different SSH user than root
 The default SSH user is root, but you can change it using `ssh/user`:
 ```yaml
 ssh:
  user: app
 ```
 If you are using non-root user, you need to bootstrap your servers manually, before using them with MRSK. On Ubuntu, you'd do:
 ```bash
 sudo apt update
 sudo apt upgrade -y
 sudo apt install -y docker.io curl git
 sudo usermod -a -G docker ubuntu
 ```
 ### Using a proxy SSH host
 If you need to connect to server through a proxy host, you can use `ssh/proxy`:
 ```yaml
 ssh:
  proxy: "192.168.0.1" # defaults to root as the user
 ```
 Or with specific user:
 ```yaml
 ssh:
  proxy: "app@192.168.0.1"
 ```
 Also if you need specific proxy command to connect to the server:
 ```yaml
 ssh:
  proxy_command: aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p' --region=us-east-1 ## ssh via aws ssm
 ```
 ### Using env variables
 You can inject env variables into the app containers using `env`:
 ```yaml
 env:
  DATABASE_URL: mysql2://db1/hey_production/
  REDIS_URL: redis://redis1:6379/1
 ```
 ### Using secret env variables
 If you have env variables that are secret, you can divide the `env` block into `clear` and `secret`:
 ```yaml
 env:
  clear:
    DATABASE_URL: mysql2://db1/hey_production/
    REDIS_URL: redis://redis1:6379/1
  secret:
    - DATABASE_PASSWORD
    - REDIS_PASSWORD
 ```
 The list of secret env variables will be expanded at run time from your local machine. So a reference to a secret `DATABASE_PASSWORD` will look for `ENV["DATABASE_PASSWORD"]` on the machine running MRSK. Just like with build secrets.
 If the referenced secret ENVs are missing, the configuration will be halted with a `KeyError` exception.
 Note: Marking an ENV as secret currently only redacts its value in the output for MRSK. The ENV is still injected in the clear into the container at runtime.
 ### Using volumes
 You can add custom volumes into the app containers using `volumes`:
 ```yaml
 volumes:
  - "/local/path:/container/path"
 ```
 ### MRSK env variables
 The following env variables are set when your container runs:
 `MRSK_CONTAINER_NAME` : this contains the current container name and version
 ### Using different roles for servers
 If your application uses separate hosts for running jobs or other roles beyond the default web running, you can specify these hosts in a dedicated role with a new entrypoint command like so:
 ```yaml
 servers:
  web:
    - 192.168.0.1
    - 192.168.0.2
  job:
    hosts:
      - 192.168.0.3
      - 192.168.0.4
    cmd: bin/jobs
 ```
 Note: Traefik will only by default be installed and run on the servers in the `web` role (and on all servers if no roles are defined). If you need Traefik on hosts in other roles than `web`, add `traefik: true`:
 ```yaml
 servers:
  web:
    - 192.168.0.1
    - 192.168.0.2
  web2:
    traefik: true
    hosts:
      - 192.168.0.3
      - 192.168.0.4
 ```
 ### Using container labels
 You can specialize the default Traefik rules by setting labels on the containers that are being started:
 ```yaml
 labels:
  traefik.http.routers.hey-web.rule: Host(`app.hey.com`)
 ```
 Traefik rules are in the "service-role-destination" format. The default role will be `web` if no rule is specified. If the destination is not specified, it is not included. To give an example, the above rule would become "traefik.http.routers.hey-web-staging.rule" if it was for the "staging" destination.
 Note: The backticks are needed to ensure the rule is passed in correctly and not treated as command substitution by Bash!
 This allows you to run multiple applications on the same server sharing the same Traefik instance and port.
 See https://doc.traefik.io/traefik/routing/routers/#rule for a full list of available routing rules.
 The labels can also be applied on a per-role basis:
 ```yaml
 servers:
  web:
    - 192.168.0.1
    - 192.168.0.2
  job:
    hosts:
      - 192.168.0.3
      - 192.168.0.4
    cmd: bin/jobs
    labels:
      my-label: "50"
 ```
 ### Using shell expansion
 You can use shell expansion to interpolate values from the host machine into labels and env variables with the `${}` syntax.
 Anything within the curly braces will be executed on the host machine and the result will be interpolated into the label or env variable.
 ```yaml
 labels:
  host-machine: "${cat /etc/hostname}"
 env:
  HOST_DEPLOYMENT_DIR: "${PWD}"
 ```
 Note: Any other occurrence of `$` will be escaped to prevent unwanted shell expansion!
 ### Using container options
 You can specialize the options used to start containers using the `options` definitions:
 ```yaml
 servers:
  web:
    - 192.168.0.1
    - 192.168.0.2
  job:
    hosts:
      - 192.168.0.3
      - 192.168.0.4
    cmd: bin/jobs
    options:
      cap-add: true
      cpu-count: 4
 ```
 That'll start the job containers with `docker run ... --cap-add --cpu-count 4 ...`.
 ### Configuring logging
 You can configure the logging driver and options passed to Docker using `logging`:
 ```yaml
 logging:
  driver: awslogs
  options:
    awslogs-region: "eu-central-2"
    awslogs-group: "my-app"
 ```
 If nothing is configured, the default option `max-size=10m` is used for all containers. The default logging driver of Docker is `json-file`.
 ### Using a different stop wait time
 On a new deploy, each old running container is gracefully shut down with a `SIGTERM`, and after a grace period of `10` seconds a `SIGKILL` is sent.
 You can configure this value via the `stop_wait_time` option:
 ```yaml
 stop_wait_time: 30
 ```
 ### Using remote builder for native multi-arch
 If you're developing on ARM64 (like Apple Silicon), but you want to deploy on AMD64 (x86 64-bit), you can use multi-architecture images. By default, MRSK will setup a local buildx configuration that does this through QEMU emulation. But this can be quite slow, especially on the first build.
 If you want to speed up this process by using a remote AMD64 host to natively build the AMD64 part of the image, while natively building the ARM64 part locally, you can do so using builder options:
 ```yaml
 builder:
  local:
    arch: arm64
    host: unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock
  remote:
    arch: amd64
    host: ssh://root@192.168.0.1
 ```
 Note: You must have Docker running on the remote host being used as a builder. This instance should only be shared for builds using the same registry and credentials.
 ### Using remote builder for single-arch
 If you're developing on ARM64 (like Apple Silicon), want to deploy on AMD64 (x86 64-bit), but don't need to run the image locally (or on other ARM64 hosts), you can configure a remote builder that just targets AMD64. This is a bit faster than building with multi-arch, as there's nothing to build locally.
 ```yaml
 builder:
  remote:
    arch: amd64
    host: ssh://root@192.168.0.1
 ```
 ### Using native builder when multi-arch isn't needed
 If you're developing on the same architecture as the one you're deploying on, you can speed up the build by forgoing both multi-arch and remote building:
 ```yaml
 builder:
  multiarch: false
 ```
 This is also a good option if you're running MRSK from a CI server that shares architecture with the deployment servers.
 ### Using a different Dockerfile or context when building
 If you need to pass a different Dockerfile or context to the build command (e.g. if you're using a monorepo or you have
 different Dockerfiles), you can do so in the builder options:
 ```yaml
 # Use a different Dockerfile
 builder:
  dockerfile: Dockerfile.xyz
 # Set context
 builder:
  context: ".."
 # Set Dockerfile and context
 builder:
  dockerfile: "../Dockerfile.xyz"
  context: ".."
 ```
 ### Using build secrets for new images
 Some images need a secret passed in during build time, like a GITHUB_TOKEN, to give access to private gem repositories. This can be done by having the secret in ENV, then referencing it in the builder configuration:
 ```yaml
 builder:
  secrets:
    - GITHUB_TOKEN
 ```
 This build secret can then be referenced in the Dockerfile:
 ```dockerfile
 # Copy Gemfiles
 COPY Gemfile Gemfile.lock ./
 # Install dependencies, including private repositories via access token (then remove bundle cache with exposed GITHUB_TOKEN)
 RUN --mount=type=secret,id=GITHUB_TOKEN \
  BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
  bundle install && \
  rm -rf /usr/local/bundle/cache
 ```
 ### Traefik command arguments
 Customize the Traefik command line using `args`:
 ```yaml
 traefik:
  args:
    accesslog: true
    accesslog.format: json
 ```
 This starts the Traefik container with `--accesslog=true --accesslog.format=json` arguments.
 ### Traefik host port binding
 Traefik binds to port 80 by default. Specify an alternative port using `host_port`:
 ```yaml
 traefik:
  host_port: 8080
 ```
 ### Traefik version, upgrades, and custom images
 MRSK runs the traefik:v2.9 image to track Traefik 2.9.x releases.
 To pin Traefik to a specific version or an image published to your registry,
 specify `image`:
 ```yaml
 traefik:
  image: traefik:v2.10.0-rc1
 ```
 This is useful for downgrading Traefik if there's an unexpected breaking
 change in a minor version release, upgrading Traefik to test forthcoming
 releases, or running your own Traefik-derived image.
 MRSK has not been tested for compatibility with Traefik 3 betas. Please do!
 ### Traefik container configuration
 Pass additional Docker configuration for the Traefik container using `options`:
 ```yaml
 traefik:
  options:
    publish:
      - 8080:8080
    volume:
      - /tmp/example.json:/tmp/example.json
    memory: 512m
 ```
 This starts the Traefik container with `--volume /tmp/example.json:/tmp/example.json --publish 8080:8080 --memory 512m` arguments to `docker run`.
 ### Traefik container labels
 Add labels to Traefik Docker container.
 ```yaml
 traefik:
  labels:
    traefik.enable: true
    traefik.http.routers.dashboard.rule: Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
    traefik.http.routers.dashboard.service: api@internal
    traefik.http.routers.dashboard.middlewares: auth
    traefik.http.middlewares.auth.basicauth.users: test:$2y$05$H2o72tMaO.TwY1wNQUV1K.fhjRgLHRDWohFvUZOJHBEtUXNKrqUKi # test:password
 ```
 This labels Traefik container with `--label traefik.http.routers.dashboard.middlewares=\"auth\"` and so on.
 ### Traefik alternate entrypoints
 You can configure multiple entrypoints for Traefik like so:
 ```yaml
 service: myservice
 labels:
  traefik.tcp.routers.other.rule: 'HostSNI(`*`)'
  traefik.tcp.routers.other.entrypoints: otherentrypoint
  traefik.tcp.services.other.loadbalancer.server.port: 9000
  traefik.http.routers.myservice.entrypoints: web
  traefik.http.services.myservice.loadbalancer.server.port: 8080
 traefik:
  options:
    publish:
      - 9000:9000
  args:
    entrypoints.web.address: ':80'
    entrypoints.otherentrypoint.address: ':9000'
 ```
 ### Configuring build args for new images
 Build arguments that aren't secret can also be configured:
 ```yaml
 builder:
  args:
    RUBY_VERSION: 3.2.0
 ```
 This build argument can then be used in the Dockerfile:
 ```
 ARG RUBY_VERSION
 FROM ruby:$RUBY_VERSION-slim as base
 ```
 ### Using accessories for database, cache, search services
 You can manage your accessory services via MRSK as well. Accessories are long-lived services that your app depends on. They are not updated when you deploy.
 ```yaml
 accessories:
  mysql:
    image: mysql:5.7
    host: 1.1.1.3
    port: 3306
    env:
      clear:
        MYSQL_ROOT_HOST: '%'
      secret:
        - MYSQL_ROOT_PASSWORD
    volumes:
      - /var/lib/mysql:/var/lib/mysql
    options:
      cpus: 4
      memory: "2GB"
  redis:
    image: redis:latest
    roles:
      - web
    port: "36379:6379"
    volumes:
      - /var/lib/redis:/data
  internal-example:
    image: registry.digitalocean.com/user/otherservice:latest
    host: 1.1.1.5
    port: 44444
 ```
 The hosts that the accessories will run on can be specified by hosts or roles:
 ```yaml
  # Single host
  mysql:
    host: 1.1.1.1
  # Multiple hosts
  redis:
    hosts:
      - 1.1.1.1
      - 1.1.1.2
  # By role
  monitoring:
    roles:
      - web
      - jobs
 ```
 Now run `mrsk accessory start mysql` to start the MySQL server on 1.1.1.3. See `mrsk accessory` for all the commands possible.
 Accessory images must be public or tagged in your private registry.
 ### Using Cron
 You can use a specific container to run your Cron jobs:
 ```yaml
 servers:
  cron:
    hosts:
      - 192.168.0.1
    cmd:
      bash -c "cat config/crontab | crontab - && cron -f"
 ```
 This assumes the Cron settings are stored in `config/crontab`.
 ### Healthcheck
 MRSK uses Docker healtchecks to check the health of your application during deployment. Traefik uses this same healthcheck status to determine when a container is ready to receive traffic.
 The healthcheck defaults to testing the HTTP response to the path `/up` on port 3000, up to 7 times. You can tailor this behaviour with the `healthcheck` setting:
 ```yaml
 healthcheck:
  path: /healthz
  port: 4000
  max_attempts: 7
  interval: 20s
 ```
 This will ensure your application is configured with a traefik label for the healthcheck against `/healthz` and that the pre-deploy healthcheck that MRSK performs is done against the same path on port 4000.
 You can also specify a custom healthcheck command, which is useful for non-HTTP services:
 ```yaml
 healthcheck:
  cmd: /bin/check_health
 ```
 The top-level healthcheck configuration applies to all services that use
 Traefik, by default. You can also specialize the configuration at the role
 level:
 ```yaml
 servers:
  job:
    hosts: ...
    cmd: bin/jobs
    healthcheck:
      cmd: bin/check
 ```
 The healthcheck allows for an optional `max_attempts` setting, which will attempt the healthcheck up to the specified number of times before failing the deploy. This is useful for applications that take a while to start up. The default is 7.
 Note: The HTTP health checks assume that the `curl` command is available inside the container. If that's not the case, use the healthcheck's `cmd` option to specify an alternative check that the container supports.
 ## Commands
 ### Running commands on servers
 You can execute one-off commands on the servers:
 ```bash
 # Runs command on all servers
 mrsk app exec 'ruby -v'
 App Host: 192.168.0.1
 ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
 App Host: 192.168.0.2
 ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
 # Runs command on primary server
 mrsk app exec --primary 'cat .ruby-version'
 App Host: 192.168.0.1
 3.1.3
 # Runs Rails command on all servers
 mrsk app exec 'bin/rails about'
 App Host: 192.168.0.1
 About your application's environment
 Rails version             7.1.0.alpha
 Ruby version              ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
 RubyGems version          3.3.26
 Rack version              2.2.5
 Middleware                ActionDispatch::HostAuthorization, Rack::Sendfile, ActionDispatch::Static, ActionDispatch::Executor, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, ActionDispatch::RemoteIp, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::Callbacks, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ContentSecurityPolicy::Middleware, ActionDispatch::PermissionsPolicy::Middleware, Rack::Head, Rack::ConditionalGet, Rack::ETag, Rack::TempfileReaper
 Application root          /rails
 Environment               production
 Database adapter          sqlite3
 Database schema version   20221231233303
 App Host: 192.168.0.2
 About your application's environment
 Rails version             7.1.0.alpha
 Ruby version              ruby 3.1.3p185 (2022-11-24 revision 1a6b16756e) [x86_64-linux]
 RubyGems version          3.3.26
 Rack version              2.2.5
 Middleware                ActionDispatch::HostAuthorization, Rack::Sendfile, ActionDispatch::Static, ActionDispatch::Executor, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, ActionDispatch::RemoteIp, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::Callbacks, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ContentSecurityPolicy::Middleware, ActionDispatch::PermissionsPolicy::Middleware, Rack::Head, Rack::ConditionalGet, Rack::ETag, Rack::TempfileReaper
 Application root          /rails
 Environment               production
 Database adapter          sqlite3
 Database schema version   20221231233303
 # Run Rails runner on primary server
 mrsk app exec -p 'bin/rails runner "puts Rails.application.config.time_zone"'
 UTC
 ```
 ### Running interactive commands over SSH
 You can run interactive commands, like a Rails console or a bash session, on a server (default is primary, use `--hosts` to connect to another):
 ```bash
 # Starts a bash session in a new container made from the most recent app image
 mrsk app exec -i bash
 # Starts a bash session in the currently running container for the app
 mrsk app exec -i --reuse bash
 # Starts a Rails console in a new container made from the most recent app image
 mrsk app exec -i 'bin/rails console'
 ```
 ### Running details to show state of containers
 You can see the state of your servers by running `mrsk details`:
 ```
 Traefik Host: 192.168.0.1
 CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
 6195b2a28c81   traefik   "/entrypoint.sh --pr…"   30 minutes ago   Up 19 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   traefik
 Traefik Host: 192.168.0.2
 CONTAINER ID   IMAGE     COMMAND                  CREATED          STATUS          PORTS                               NAMES
 de14a335d152   traefik   "/entrypoint.sh --pr…"   30 minutes ago   Up 19 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   traefik
 App Host: 192.168.0.1
 CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS          PORTS      NAMES
 badb1aa51db3   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   13 minutes ago   Up 13 minutes   3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
 App Host: 192.168.0.2
 CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS          PORTS      NAMES
 1d3c91ed1f55   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   13 minutes ago   Up 13 minutes   3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
 ```
 You can also see just info for app containers with `mrsk app details` or just for Traefik with `mrsk traefik details`.
 ### Running rollback to fix a bad deploy
 If you've discovered a bad deploy, you can quickly rollback by reactivating the old, paused container image. You can see what old containers are available for rollback by running `mrsk app containers`. It'll give you a presentation similar to `mrsk app details`, but include all the old containers as well. Showing something like this:
 ```
 App Host: 192.168.0.1
 CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS                      PORTS      NAMES
 1d3c91ed1f51   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   19 minutes ago   Up 19 minutes               3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
 539f26b28369   registry.digitalocean.com/user/app:e5d9d7c2b898289dfbc5f7f1334140d984eedae4   "/rails/bin/docker-e…"   31 minutes ago   Exited (1) 27 minutes ago              chat-e5d9d7c2b898289dfbc5f7f1334140d984eedae4
 App Host: 192.168.0.2
 CONTAINER ID   IMAGE                                                                         COMMAND                  CREATED          STATUS                      PORTS      NAMES
 badb1aa51db4   registry.digitalocean.com/user/app:6ef8a6a84c525b123c5245345a8483f86d05a123   "/rails/bin/docker-e…"   19 minutes ago   Up 19 minutes               3000/tcp   chat-6ef8a6a84c525b123c5245345a8483f86d05a123
 6f170d1172ae   registry.digitalocean.com/user/app:e5d9d7c2b898289dfbc5f7f1334140d984eedae4   "/rails/bin/docker-e…"   31 minutes ago   Exited (1) 27 minutes ago              chat-e5d9d7c2b898289dfbc5f7f1334140d984eedae4
 ```
 From the example above, we can see that `e5d9d7c2b898289dfbc5f7f1334140d984eedae4` was the last version, so it's available as a rollback target. We can perform this rollback by running `mrsk rollback e5d9d7c2b898289dfbc5f7f1334140d984eedae4`. That'll stop `6ef8a6a84c525b123c5245345a8483f86d05a123` and then start `e5d9d7c2b898289dfbc5f7f1334140d984eedae4`. Because the old container is still available, this is very quick. Nothing to download from the registry.
 Note that by default old containers are pruned after 3 days when you run `mrsk deploy`.
 ### Running removal to clean up servers
 If you wish to remove the entire application, including Traefik, containers, images, and registry session, you can run `mrsk remove`. This will leave the servers clean.
 ## Locking
 Commands that are unsafe to run concurrently will take a deploy lock while they run. The lock is the `mrsk_lock` directory on the primary server.
 You can check the lock status with:
 ```
 mrsk lock status
 Locked by: AN Other at 2023-03-24 09:49:03 UTC
 Version: 77f45c0686811c68989d6576748475a60bf53fc2
 Message: Automatic deploy lock
 ```
 You can also manually acquire and release the lock
 ```
 mrsk lock acquire -m "Doing maintanence"
 ```
 ```
 mrsk lock release
 ```
 ## Rolling deployments
 When deploying to large numbers of hosts, you might prefer not to restart your services on every host at the same time.
 MRSK's default is to boot new containers on all hosts in parallel. But you can control this by configuring `boot/limit` and `boot/wait` as options:
 ```yaml
 service: myservice
 boot:
  limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
  wait: 2
 ```
 When `limit` is specified, containers will be booted on, at most, `limit` hosts at once. MRSK will pause for `wait` seconds between batches.
 These settings only apply when booting containers (using `mrsk deploy`, or `mrsk app boot`). For other commands, MRSK continues to run commands in parallel across all hosts.
 ## Hooks
 You can run custom scripts at specific points with hooks.
 Hooks should be stored in the .mrsk/hooks folder. Running mrsk init will build that folder and add some sample scripts.
 You can change their location by setting `hooks_path` in the configuration file.
 If the script returns a non-zero exit code the command will be aborted.
 `MRSK_*` environment variables are available to the hooks command for
 fine-grained audit reporting, e.g. for triggering deployment reports or
 firing a JSON webhook. These variables include:
 - `MRSK_RECORDED_AT` - UTC timestamp in ISO 8601 format, e.g. `2023-04-14T17:07:31Z`
 - `MRSK_PERFORMER` - the local user performing the command (from `whoami`)
 - `MRSK_SERVICE_VERSION` - an abbreviated service and version for use in messages, e.g. app@150b24f
 - `MRSK_VERSION` - an full version being deployed
 - `MRSK_DESTINATION` - optional: destination, e.g. "staging"
 - `MRSK_HOSTS` - a comma separated list of the hosts targeted by the command
 - `MRSK_ROLE` - optional: role targeted, e.g. "web"
 There are three hooks:
 1. pre-connect
 Called before taking the deploy lock. For checks that need to run before connecting to remote hosts - e.g. DNS warming.
 2. pre-build
 Used for pre-build checks - e.g. there are no uncommitted changes or that CI has passed.
 3. post-deploy - run after a deploy, redeploy or rollback
 This hook is also passed a `MRSK_RUNTIME` env variable.
 This could be used to broadcast a deployment message, or register the new version with an APM.
 The command could look something like:
 ```bash
 #!/usr/bin/env bash
 curl -q -d content="[My App] ${MRSK_PERFORMER} Rolled back to version ${MRSK_VERSION}" https://3.basecamp.com/XXXXX/integrations/XXXXX/buckets/XXXXX/chats/XXXXX/lines
 ```
 That'll post a line like follows to a preconfigured chatbot in Basecamp:
 ```
 [My App] [dhh] Rolled back to version d264c4e92470ad1bd18590f04466787262f605de
 ```
 Set `--skip_hooks` to avoid running the hooks.
 ## Stage of development
 This is beta software. Commands may still move around. But we're live in production at [37signals](https://37signals.com).
 ## License
-MRSK is released under the [MIT License](https://opensource.org/licenses/MIT).
+Kamal is released under the [MIT License](https://opensource.org/licenses/MIT).
--- a/bin/kamal
+++ b/bin/kamal
@@ -3,10 +3,10 @@
 # Prevent failures from being reported twice.
 Thread.report_on_exception = false
-require "mrsk"
+require "kamal"
 begin
-  Mrsk::Cli::Main.start(ARGV)
+  Kamal::Cli::Main.start(ARGV)
 rescue SSHKit::Runner::ExecuteError => e
  puts "  \e[31mERROR (#{e.cause.class}): #{e.message}\e[0m"
  puts e.cause.backtrace if ENV["VERBOSE"]
--- a/bin/release
+++ b/bin/release
@@ -2,13 +2,13 @@
 VERSION=$1
-printf "module Mrsk\n  VERSION = \"$VERSION\"\nend\n" > ./lib/mrsk/version.rb
+printf "module Kamal\n  VERSION = \"$VERSION\"\nend\n" > ./lib/kamal/version.rb
 bundle
-git add Gemfile.lock lib/mrsk/version.rb
+git add Gemfile.lock lib/kamal/version.rb
 git commit -m "Bump version for $VERSION"
 git push
 git tag v$VERSION
 git push --tags
-gem build mrsk.gemspec
+gem build kamal.gemspec
-gem push "mrsk-$VERSION.gem" --host https://rubygems.org
+gem push "kamal-$VERSION.gem" --host https://rubygems.org
-rm "mrsk-$VERSION.gem"
+rm "kamal-$VERSION.gem"
--- a/gemfiles/ruby_2.7.gemfile
+++ b/gemfiles/ruby_2.7.gemfile
@@ -0,0 +1,6 @@
 source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 gemspec path: "../"
 gem "nokogiri", "~> 1.15.0"
--- a/kamal.gemspec
+++ b/kamal.gemspec
@@ -1,16 +1,15 @@
-require_relative "lib/mrsk/version"
+require_relative "lib/kamal/version"
 Gem::Specification.new do |spec|
-  spec.name        = "mrsk"
+  spec.name        = "kamal"
-  spec.version     = Mrsk::VERSION
+  spec.version     = Kamal::VERSION
  spec.authors     = [ "David Heinemeier Hansson" ]
  spec.email       = "dhh@hey.com"
-  spec.homepage    = "https://github.com/rails/mrsk"
+  spec.homepage    = "https://github.com/basecamp/kamal"
  spec.summary     = "Deploy web apps in containers to servers running Docker with zero downtime."
  spec.license     = "MIT"
  spec.files = Dir["lib/**/*", "MIT-LICENSE", "README.md"]
-  spec.executables = %w[ mrsk ]
+  spec.executables = %w[ kamal ]
  spec.add_dependency "activesupport", ">= 7.0"
  spec.add_dependency "sshkit", "~> 1.21"
@@ -20,6 +19,8 @@ Gem::Specification.new do |spec|
  spec.add_dependency "zeitwerk", "~> 2.5"
  spec.add_dependency "ed25519", "~> 1.2"
  spec.add_dependency "bcrypt_pbkdf", "~> 1.0"
  spec.add_dependency "concurrent-ruby", "~> 1.2"
  spec.add_dependency "base64", "~> 0.2"
  spec.add_development_dependency "debug"
  spec.add_development_dependency "mocha"
--- a/lib/kamal.rb
+++ b/lib/kamal.rb
@@ -1,10 +1,10 @@
-module Mrsk
+module Kamal
 end
 require "active_support"
 require "zeitwerk"
 loader = Zeitwerk::Loader.for_gem
-loader.ignore("#{__dir__}/mrsk/sshkit_with_ext.rb")
+loader.ignore("#{__dir__}/kamal/sshkit_with_ext.rb")
 loader.setup
 loader.eager_load # We need all commands loaded.
--- a/lib/kamal/cli.rb
+++ b/lib/kamal/cli.rb
@@ -1,7 +1,7 @@
-module Mrsk::Cli
+module Kamal::Cli
  class LockError < StandardError; end
  class HookError < StandardError; end
 end
 # SSHKit uses instance eval, so we need a global const for ergonomics
-MRSK = Mrsk::Commander.new
+KAMAL = Kamal::Commander.new
--- a/lib/kamal/cli/accessory.rb
+++ b/lib/kamal/cli/accessory.rb
@@ -1,17 +1,17 @@
-class Mrsk::Cli::Accessory < Mrsk::Cli::Base
+class Kamal::Cli::Accessory < Kamal::Cli::Base
  desc "boot [NAME]", "Boot new accessory service on host (use NAME=all to boot all accessories)"
-  def boot(name)
+  def boot(name, login: true)
-    with_lock do
+    mutating do
      if name == "all"
-        MRSK.accessory_names.each { |accessory_name| boot(accessory_name) }
+        KAMAL.accessory_names.each { |accessory_name| boot(accessory_name) }
      else
-        with_accessory(name) do |accessory|
+        with_accessory(name) do |accessory, hosts|
          directories(name)
          upload(name)
-          on(accessory.hosts) do
+          on(hosts) do
-            execute *MRSK.registry.login
+            execute *KAMAL.registry.login if login
-            execute *MRSK.auditor.record("Booted #{name} accessory"), verbosity: :debug
+            execute *KAMAL.auditor.record("Booted #{name} accessory"), verbosity: :debug
            execute *accessory.run
          end
        end
@@ -21,9 +21,9 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "upload [NAME]", "Upload accessory files to host", hide: true
  def upload(name)
-    with_lock do
+    mutating do
-      with_accessory(name) do |accessory|
+      with_accessory(name) do |accessory, hosts|
-        on(accessory.hosts) do
+        on(hosts) do
          accessory.files.each do |(local, remote)|
            accessory.ensure_local_file_present(local)
@@ -38,9 +38,9 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "directories [NAME]", "Create accessory directories on host", hide: true
  def directories(name)
-    with_lock do
+    mutating do
-      with_accessory(name) do |accessory|
+      with_accessory(name) do |accessory, hosts|
-        on(accessory.hosts) do
+        on(hosts) do
          accessory.directories.keys.each do |host_path|
            execute *accessory.make_directory(host_path)
          end
@@ -49,23 +49,31 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
    end
  end
-  desc "reboot [NAME]", "Reboot existing accessory on host (stop container, remove container, start new container)"
+  desc "reboot [NAME]", "Reboot existing accessory on host (stop container, remove container, start new container; use NAME=all to boot all accessories)"
  def reboot(name)
-    with_lock do
+    mutating do
-      with_accessory(name) do |accessory|
+      if name == "all"
-        stop(name)
+        KAMAL.accessory_names.each { |accessory_name| reboot(accessory_name) }
-        remove_container(name)
+      else
-        boot(name)
+        with_accessory(name) do |accessory, hosts|
          on(hosts) do
            execute *KAMAL.registry.login
          end
          stop(name)
          remove_container(name)
          boot(name, login: false)
        end
      end
    end
  end
  desc "start [NAME]", "Start existing accessory container on host"
  def start(name)
-    with_lock do
+    mutating do
-      with_accessory(name) do |accessory|
+      with_accessory(name) do |accessory, hosts|
-        on(accessory.hosts) do
+        on(hosts) do
-          execute *MRSK.auditor.record("Started #{name} accessory"), verbosity: :debug
+          execute *KAMAL.auditor.record("Started #{name} accessory"), verbosity: :debug
          execute *accessory.start
        end
      end
@@ -74,10 +82,10 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "stop [NAME]", "Stop existing accessory container on host"
  def stop(name)
-    with_lock do
+    mutating do
-      with_accessory(name) do |accessory|
+      with_accessory(name) do |accessory, hosts|
-        on(accessory.hosts) do
+        on(hosts) do
-          execute *MRSK.auditor.record("Stopped #{name} accessory"), verbosity: :debug
+          execute *KAMAL.auditor.record("Stopped #{name} accessory"), verbosity: :debug
          execute *accessory.stop, raise_on_non_zero_exit: false
        end
      end
@@ -86,7 +94,7 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "restart [NAME]", "Restart existing accessory container on host"
  def restart(name)
-    with_lock do
+    mutating do
      with_accessory(name) do
        stop(name)
        start(name)
@@ -97,10 +105,10 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "details [NAME]", "Show details about accessory on host (use NAME=all to show all accessories)"
  def details(name)
    if name == "all"
-      MRSK.accessory_names.each { |accessory_name| details(accessory_name) }
+      KAMAL.accessory_names.each { |accessory_name| details(accessory_name) }
    else
-      with_accessory(name) do |accessory|
+      with_accessory(name) do |accessory, hosts|
-        on(accessory.hosts) { puts capture_with_info(*accessory.info) }
+        on(hosts) { puts capture_with_info(*accessory.info) }
      end
    end
  end
@@ -109,7 +117,7 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  option :interactive, aliases: "-i", type: :boolean, default: false, desc: "Execute command over ssh for an interactive shell (use for console/bash)"
  option :reuse, type: :boolean, default: false, desc: "Reuse currently running container instead of starting a new one"
  def exec(name, cmd)
-    with_accessory(name) do |accessory|
+    with_accessory(name) do |accessory, hosts|
      case
      when options[:interactive] && options[:reuse]
        say "Launching interactive command with via SSH from existing container...", :magenta
@@ -121,15 +129,15 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
      when options[:reuse]
        say "Launching command from existing container...", :magenta
-        on(accessory.hosts) do
+        on(hosts) do
-          execute *MRSK.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
+          execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
          capture_with_info(*accessory.execute_in_existing_container(cmd))
        end
      else
        say "Launching command from new container...", :magenta
-        on(accessory.hosts) do
+        on(hosts) do
-          execute *MRSK.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
+          execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on #{name} accessory"), verbosity: :debug
          capture_with_info(*accessory.execute_in_new_container(cmd))
        end
      end
@@ -142,12 +150,12 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
  option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
  def logs(name)
-    with_accessory(name) do |accessory|
+    with_accessory(name) do |accessory, hosts|
      grep = options[:grep]
      if options[:follow]
        run_locally do
-          info "Following logs on #{accessory.hosts}..."
+          info "Following logs on #{hosts}..."
          info accessory.follow_logs(grep: grep)
          exec accessory.follow_logs(grep: grep)
        end
@@ -155,7 +163,7 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
        since = options[:since]
        lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
-        on(accessory.hosts) do
+        on(hosts) do
          puts capture_with_info(*accessory.logs(since: since, lines: lines, grep: grep))
        end
      end
@@ -165,11 +173,11 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "remove [NAME]", "Remove accessory container, image and data directory from host (use NAME=all to remove all accessories)"
  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
  def remove(name)
-    with_lock do
+    mutating do
      if name == "all"
-        MRSK.accessory_names.each { |accessory_name| remove(accessory_name) }
+        KAMAL.accessory_names.each { |accessory_name| remove(accessory_name) }
      else
-        if options[:confirmed] || ask("This will remove all containers, images and data directories for #{name}. Are you sure?", limited_to: %w( y N ), default: "N") == "y"
+        confirming "This will remove all containers, images and data directories for #{name}. Are you sure?" do
          with_accessory(name) do
            stop(name)
            remove_container(name)
@@ -183,10 +191,10 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "remove_container [NAME]", "Remove accessory container from host", hide: true
  def remove_container(name)
-    with_lock do
+    mutating do
-      with_accessory(name) do |accessory|
+      with_accessory(name) do |accessory, hosts|
-        on(accessory.hosts) do
+        on(hosts) do
-          execute *MRSK.auditor.record("Remove #{name} accessory container"), verbosity: :debug
+          execute *KAMAL.auditor.record("Remove #{name} accessory container"), verbosity: :debug
          execute *accessory.remove_container
        end
      end
@@ -195,10 +203,10 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "remove_image [NAME]", "Remove accessory image from host", hide: true
  def remove_image(name)
-    with_lock do
+    mutating do
-      with_accessory(name) do |accessory|
+      with_accessory(name) do |accessory, hosts|
-        on(accessory.hosts) do
+        on(hosts) do
-          execute *MRSK.auditor.record("Removed #{name} accessory image"), verbosity: :debug
+          execute *KAMAL.auditor.record("Removed #{name} accessory image"), verbosity: :debug
          execute *accessory.remove_image
        end
      end
@@ -207,9 +215,9 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  desc "remove_service_directory [NAME]", "Remove accessory directory used for uploaded files and data directories from host", hide: true
  def remove_service_directory(name)
-    with_lock do
+    mutating do
-      with_accessory(name) do |accessory|
+      with_accessory(name) do |accessory, hosts|
-        on(accessory.hosts) do
+        on(hosts) do
          execute *accessory.remove_service_directory
        end
      end
@@ -218,18 +226,27 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
  private
    def with_accessory(name)
-      if accessory = MRSK.accessory(name)
+      if KAMAL.config.accessory(name)
-        yield accessory
+        accessory = KAMAL.accessory(name)
        yield accessory, accessory_hosts(accessory)
      else
        error_on_missing_accessory(name)
      end
    end
    def error_on_missing_accessory(name)
-      options = MRSK.accessory_names.presence
+      options = KAMAL.accessory_names.presence
      error \
        "No accessory by the name of '#{name}'" +
        (options ? " (options: #{options.to_sentence})" : "")
    end
    def accessory_hosts(accessory)
      if KAMAL.specific_hosts&.any?
        KAMAL.specific_hosts & accessory.hosts
      else
        accessory.hosts
      end
    end
 end
--- a/lib/kamal/cli/app.rb
+++ b/lib/kamal/cli/app.rb
@@ -0,0 +1,304 @@
 class Kamal::Cli::App < Kamal::Cli::Base
  desc "boot", "Boot app on servers (or reboot app if already running)"
  def boot
    mutating do
      hold_lock_on_error do
        say "Get most recent version available as an image...", :magenta unless options[:version]
        using_version(version_or_latest) do |version|
          say "Start container with version #{version} using a #{KAMAL.config.readiness_delay}s readiness delay (or reboot if already running)...", :magenta
          # Assets are prepared in a separate step to ensure they are on all hosts before booting
          on(KAMAL.hosts) do
            execute *KAMAL.auditor.record("Tagging #{KAMAL.config.absolute_image} as the latest image"), verbosity: :debug
            execute *KAMAL.app.tag_current_image_as_latest
            KAMAL.roles_on(host).each do |role|
              Kamal::Cli::App::PrepareAssets.new(host, role, self).run
            end
          end
          on(KAMAL.hosts, **KAMAL.boot_strategy) do |host|
            KAMAL.roles_on(host).each do |role|
              Kamal::Cli::App::Boot.new(host, role, version, self).run
            end
          end
        end
      end
    end
  end
  desc "start", "Start existing app container on servers"
  def start
    mutating do
      on(KAMAL.hosts) do |host|
        roles = KAMAL.roles_on(host)
        roles.each do |role|
          app = KAMAL.app(role: role)
          execute *KAMAL.auditor.record("Started app version #{KAMAL.config.version}"), verbosity: :debug
          execute *app.start, raise_on_non_zero_exit: false
          if role.running_proxy?
            version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
            execute *KAMAL.proxy.deploy(app.container_name(version))
          end
        end
      end
    end
  end
  desc "stop", "Stop app container on servers"
  def stop
    mutating do
      on(KAMAL.hosts) do |host|
        roles = KAMAL.roles_on(host)
        roles.each do |role|
          app = KAMAL.app(role: role)
          version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
          execute *KAMAL.auditor.record("Stopped app", role: role), verbosity: :debug
          if role.running_proxy?
            execute *KAMAL.proxy.remove(app.container_name(version)), raise_on_non_zero_exit: false
          end
          execute *app.stop, raise_on_non_zero_exit: false
        end
      end
    end
  end
  # FIXME: Drop in favor of just containers?
  desc "details", "Show details about app containers"
  def details
    on(KAMAL.hosts) do |host|
      roles = KAMAL.roles_on(host)
      roles.each do |role|
        puts_by_host host, capture_with_info(*KAMAL.app(role: role).info)
      end
    end
  end
  desc "exec [CMD]", "Execute a custom command on servers (use --help to show options)"
  option :interactive, aliases: "-i", type: :boolean, default: false, desc: "Execute command over ssh for an interactive shell (use for console/bash)"
  option :reuse, type: :boolean, default: false, desc: "Reuse currently running container instead of starting a new one"
  def exec(cmd)
    case
    when options[:interactive] && options[:reuse]
      say "Get current version of running container...", :magenta unless options[:version]
      using_version(options[:version] || current_running_version) do |version|
        say "Launching interactive command with version #{version} via SSH from existing container on #{KAMAL.primary_host}...", :magenta
        run_locally { exec KAMAL.app(role: KAMAL.primary_role).execute_in_existing_container_over_ssh(cmd, host: KAMAL.primary_host) }
      end
    when options[:interactive]
      say "Get most recent version available as an image...", :magenta unless options[:version]
      using_version(version_or_latest) do |version|
        say "Launching interactive command with version #{version} via SSH from new container on #{KAMAL.primary_host}...", :magenta
        run_locally do
          exec KAMAL.app(role: KAMAL.primary_role).execute_in_new_container_over_ssh(cmd, host: KAMAL.primary_host)
        end
      end
    when options[:reuse]
      say "Get current version of running container...", :magenta unless options[:version]
      using_version(options[:version] || current_running_version) do |version|
        say "Launching command with version #{version} from existing container...", :magenta
        on(KAMAL.hosts) do |host|
          roles = KAMAL.roles_on(host)
          roles.each do |role|
            execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on app version #{version}", role: role), verbosity: :debug
            puts_by_host host, capture_with_info(*KAMAL.app(role: role).execute_in_existing_container(cmd))
          end
        end
      end
    else
      say "Get most recent version available as an image...", :magenta unless options[:version]
      using_version(version_or_latest) do |version|
        say "Launching command with version #{version} from new container...", :magenta
        on(KAMAL.hosts) do |host|
          roles = KAMAL.roles_on(host)
          roles.each do |role|
            execute *KAMAL.auditor.record("Executed cmd '#{cmd}' on app version #{version}"), verbosity: :debug
            puts_by_host host, capture_with_info(*KAMAL.app(role: role).execute_in_new_container(cmd))
          end
        end
      end
    end
  end
  desc "containers", "Show app containers on servers"
  def containers
    on(KAMAL.hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.app.list_containers) }
  end
  desc "stale_containers", "Detect app stale containers"
  option :stop, aliases: "-s", type: :boolean, default: false, desc: "Stop the stale containers found"
  def stale_containers
    mutating do
      stop = options[:stop]
      cli = self
      on(KAMAL.hosts) do |host|
        roles = KAMAL.roles_on(host)
        roles.each do |role|
          cli.send(:stale_versions, host: host, role: role).each do |version|
            if stop
              puts_by_host host, "Stopping stale container for role #{role} with version #{version}"
              execute *KAMAL.app(role: role).stop(version: version), raise_on_non_zero_exit: false
            else
              puts_by_host host,  "Detected stale container for role #{role} with version #{version} (use `kamal app stale_containers --stop` to stop)"
            end
          end
        end
      end
    end
  end
  desc "images", "Show app images on servers"
  def images
    on(KAMAL.hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.app.list_images) }
  end
  desc "logs", "Show log lines from app on servers (use --help to show options)"
  option :since, aliases: "-s", desc: "Show lines since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
  option :lines, type: :numeric, aliases: "-n", desc: "Number of lines to show from each server"
  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
  option :follow, aliases: "-f", desc: "Follow log on primary server (or specific host set by --hosts)"
  def logs
    # FIXME: Catch when app containers aren't running
    grep = options[:grep]
    since = options[:since]
    if options[:follow]
      lines = options[:lines].presence || ((since || grep) ? nil : 10) # Default to 10 lines if since or grep isn't set
      run_locally do
        info "Following logs on #{KAMAL.primary_host}..."
        KAMAL.specific_roles ||= [ "web" ]
        role = KAMAL.roles_on(KAMAL.primary_host).first
        info KAMAL.app(role: role).follow_logs(host: KAMAL.primary_host, lines: lines, grep: grep)
        exec KAMAL.app(role: role).follow_logs(host: KAMAL.primary_host, lines: lines, grep: grep)
      end
    else
      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
      on(KAMAL.hosts) do |host|
        roles = KAMAL.roles_on(host)
        roles.each do |role|
          begin
            puts_by_host host, capture_with_info(*KAMAL.app(role: role).logs(since: since, lines: lines, grep: grep))
          rescue SSHKit::Command::Failed
            puts_by_host host, "Nothing found"
          end
        end
      end
    end
  end
  desc "remove", "Remove app containers and images from servers"
  def remove
    mutating do
      stop
      remove_containers
      remove_images
    end
  end
  desc "remove_container [VERSION]", "Remove app container with given version from servers", hide: true
  def remove_container(version)
    mutating do
      on(KAMAL.hosts) do |host|
        roles = KAMAL.roles_on(host)
        roles.each do |role|
          execute *KAMAL.auditor.record("Removed app container with version #{version}", role: role), verbosity: :debug
          execute *KAMAL.app(role: role).remove_container(version: version)
        end
      end
    end
  end
  desc "remove_containers", "Remove all app containers from servers", hide: true
  def remove_containers
    mutating do
      on(KAMAL.hosts) do |host|
        roles = KAMAL.roles_on(host)
        roles.each do |role|
          execute *KAMAL.auditor.record("Removed all app containers", role: role), verbosity: :debug
          execute *KAMAL.app(role: role).remove_containers
        end
      end
    end
  end
  desc "remove_images", "Remove all app images from servers", hide: true
  def remove_images
    mutating do
      on(KAMAL.hosts) do
        execute *KAMAL.auditor.record("Removed all app images"), verbosity: :debug
        execute *KAMAL.app.remove_images
      end
    end
  end
  desc "version", "Show app version currently running on servers"
  def version
    on(KAMAL.hosts) do |host|
      role = KAMAL.roles_on(host).first
      puts_by_host host, capture_with_info(*KAMAL.app(role: role).current_running_version).strip
    end
  end
  private
    def using_version(new_version)
      if new_version
        begin
          old_version = KAMAL.config.version
          KAMAL.config.version = new_version
          yield new_version
        ensure
          KAMAL.config.version = old_version
        end
      else
        yield KAMAL.config.version
      end
    end
    def current_running_version(host: KAMAL.primary_host)
      version = nil
      on(host) do
        role = KAMAL.roles_on(host).first
        version = capture_with_info(*KAMAL.app(role: role).current_running_version).strip
      end
      version.presence
    end
    def stale_versions(host:, role:)
      versions = nil
      on(host) do
        versions = \
          capture_with_info(*KAMAL.app(role: role).list_versions, raise_on_non_zero_exit: false)
          .split("\n")
          .drop(1)
      end
      versions
    end
    def version_or_latest
      options[:version] || "latest"
    end
 end
--- a/lib/kamal/cli/app/boot.rb
+++ b/lib/kamal/cli/app/boot.rb
@@ -0,0 +1,59 @@
 class Kamal::Cli::App::Boot
  attr_reader :host, :role, :version, :sshkit
  delegate :execute, :capture_with_info, :info, to: :sshkit
  delegate :assets?, :running_proxy?, to: :role
  def initialize(host, role, version, sshkit)
    @host = host
    @role = role
    @version = version
    @sshkit = sshkit
  end
  def run
    old_version = old_version_renamed_if_clashing
    start_new_version
    if old_version
      stop_old_version(old_version)
    end
  end
  private
    def app
      @app ||= KAMAL.app(role: role)
    end
    def auditor
      @auditor = KAMAL.auditor(role: role)
    end
    def audit(message)
      execute *auditor.record(message), verbosity: :debug
    end
    def old_version_renamed_if_clashing
      if capture_with_info(*app.container_id_for_version(version), raise_on_non_zero_exit: false).present?
        renamed_version = "#{version}_replaced_#{SecureRandom.hex(8)}"
        info "Renaming container #{version} to #{renamed_version} as already deployed on #{host}"
        audit("Renaming container #{version} to #{renamed_version}")
        execute *app.rename_container(version: version, new_version: renamed_version)
      end
      capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip.presence
    end
    def start_new_version
      audit "Booted app version #{version}"
      execute *app.run(hostname: "#{host}-#{SecureRandom.hex(6)}")
      if running_proxy?
        execute *KAMAL.proxy.deploy("#{app.container_name(version)}:#{role.port}")
      end
    end
    def stop_old_version(version)
      execute *app.stop(version: version), raise_on_non_zero_exit: false
      execute *app.clean_up_assets if assets?
    end
 end
--- a/lib/kamal/cli/app/prepare_assets.rb
+++ b/lib/kamal/cli/app/prepare_assets.rb
@@ -0,0 +1,24 @@
 class Kamal::Cli::App::PrepareAssets
  attr_reader :host, :role, :sshkit
  delegate :execute, :capture_with_info, :info, to: :sshkit
  delegate :assets?, to: :role
  def initialize(host, role, sshkit)
    @host = host
    @role = role
    @sshkit = sshkit
  end
  def run
    if assets?
      execute *app.extract_assets
      old_version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
      execute *app.sync_asset_volumes(old_version: old_version)
    end
  end
  private
    def app
      @app ||= KAMAL.app(role: role)
    end
 end
--- a/lib/kamal/cli/base.rb
+++ b/lib/kamal/cli/base.rb
@@ -1,8 +1,8 @@
 require "thor"
 require "dotenv"
-require "mrsk/sshkit_with_ext"
+require "kamal/sshkit_with_ext"
-module Mrsk::Cli
+module Kamal::Cli
  class Base < Thor
    include SSHKit::DSL
@@ -14,8 +14,8 @@ module Mrsk::Cli
    class_option :version, desc: "Run commands against a specific app version"
    class_option :primary, type: :boolean, aliases: "-p", desc: "Run commands only on primary host instead of all"
-    class_option :hosts, aliases: "-h", desc: "Run commands on these hosts instead of all (separate by comma)"
+    class_option :hosts, aliases: "-h", desc: "Run commands on these hosts instead of all (separate by comma, supports wildcards with *)"
-    class_option :roles, aliases: "-r", desc: "Run commands on these roles instead of all (separate by comma)"
+    class_option :roles, aliases: "-r", desc: "Run commands on these roles instead of all (separate by comma, supports wildcards with *)"
    class_option :config_file, aliases: "-c", default: "config/deploy.yml", desc: "Path to config file"
    class_option :destination, aliases: "-d", desc: "Specify destination to be used for config file (staging -> deploy.staging.yml)"
@@ -24,6 +24,7 @@ module Mrsk::Cli
    def initialize(*)
      super
      @original_env = ENV.to_h.dup
      load_envs
      initialize_commander(options_with_subcommand_class_options)
    end
@@ -37,12 +38,18 @@ module Mrsk::Cli
        end
      end
      def reload_envs
        ENV.clear
        ENV.update(@original_env)
        load_envs
      end
      def options_with_subcommand_class_options
        options.merge(@_initializer.last[:class_options] || {})
      end
      def initialize_commander(options)
-        MRSK.tap do |commander|
+        KAMAL.tap do |commander|
          if options[:verbose]
            ENV["VERBOSE"] = "1" # For backtraces via cli/start
            commander.verbosity = :debug
@@ -66,82 +73,127 @@ module Mrsk::Cli
      def print_runtime
        started_at = Time.now
        yield
-        return Time.now - started_at
+        Time.now - started_at
      ensure
        runtime = Time.now - started_at
        puts "  Finished all in #{sprintf("%.1f seconds", runtime)}"
      end
-      def with_lock
+      def mutating
-        if MRSK.holding_lock?
+        return yield if KAMAL.holding_lock?
        run_hook "pre-connect"
        ensure_run_and_locks_directory
        acquire_lock
        begin
          yield
-        else
+        rescue
-          run_hook "pre-connect"
+          if KAMAL.hold_lock_on_error?
-
+            error "  \e[31mDeploy lock was not released\e[0m"
-          acquire_lock
+          else
-
+            release_lock
          begin
            yield
          rescue
            if MRSK.hold_lock_on_error?
              error "  \e[31mDeploy lock was not released\e[0m"
            else
              release_lock
            end
            raise
          end
-          release_lock
+          raise
        end
        release_lock
      end
      def confirming(question)
        return yield if options[:confirmed]
        if ask(question, limited_to: %w[ y N ], default: "N") == "y"
          yield
        else
          say "Aborted", :red
        end
      end
      def acquire_lock
        raise_if_locked do
          say "Acquiring the deploy lock...", :magenta
-          on(MRSK.primary_host) { execute *MRSK.lock.acquire("Automatic deploy lock", MRSK.config.version), verbosity: :debug }
+          on(KAMAL.primary_host) { execute *KAMAL.lock.acquire("Automatic deploy lock", KAMAL.config.version), verbosity: :debug }
        end
-        MRSK.holding_lock = true
+        KAMAL.holding_lock = true
      end
      def release_lock
        say "Releasing the deploy lock...", :magenta
-        on(MRSK.primary_host) { execute *MRSK.lock.release, verbosity: :debug }
+        on(KAMAL.primary_host) { execute *KAMAL.lock.release, verbosity: :debug }
-        MRSK.holding_lock = false
+        KAMAL.holding_lock = false
      end
      def raise_if_locked
        yield
      rescue SSHKit::Runner::ExecuteError => e
        if e.message =~ /cannot create directory/
-          on(MRSK.primary_host) { puts capture_with_debug(*MRSK.lock.status) }
+          say "Deploy lock already in place!", :red
-          raise LockError, "Deploy lock found"
+          on(KAMAL.primary_host) { puts capture_with_debug(*KAMAL.lock.status) }
          raise LockError, "Deploy lock found. Run 'kamal lock help' for more information"
        else
          raise e
        end
      end
      def hold_lock_on_error
-        if MRSK.hold_lock_on_error?
+        if KAMAL.hold_lock_on_error?
          yield
        else
-          MRSK.hold_lock_on_error = true
+          KAMAL.hold_lock_on_error = true
          yield
-          MRSK.hold_lock_on_error = false
+          KAMAL.hold_lock_on_error = false
        end
      end
-      def run_hook(hook, **details)
+      def run_hook(hook, **extra_details)
-        if !options[:skip_hooks] && MRSK.hook.hook_exists?(hook)
+        if !options[:skip_hooks] && KAMAL.hook.hook_exists?(hook)
          details = { hosts: KAMAL.hosts.join(","), command: command, subcommand: subcommand }
          say "Running the #{hook} hook...", :magenta
          run_locally do
-            MRSK.with_verbosity(:debug) { execute *MRSK.hook.run(hook, **details, hosts: MRSK.hosts.join(",")) }
+            KAMAL.with_verbosity(:debug) { execute *KAMAL.hook.run(hook, **details, **extra_details) }
          rescue SSHKit::Command::Failed
            raise HookError.new("Hook `#{hook}` failed")
          end
        end
      end
      def command
        @kamal_command ||= begin
          invocation_class, invocation_commands = *first_invocation
          if invocation_class == Kamal::Cli::Main
            invocation_commands[0]
          else
            Kamal::Cli::Main.subcommand_classes.find { |command, clazz| clazz == invocation_class }[0]
          end
        end
      end
      def subcommand
        @kamal_subcommand ||= begin
          invocation_class, invocation_commands = *first_invocation
          invocation_commands[0] if invocation_class != Kamal::Cli::Main
        end
      end
      def first_invocation
        instance_variable_get("@_invocations").first
      end
      def ensure_run_and_locks_directory
        on(KAMAL.hosts) do
          execute(*KAMAL.server.ensure_run_directory)
        end
        on(KAMAL.primary_host) do
          execute(*KAMAL.lock.ensure_locks_directory)
        end
      end
  end
 end
--- a/lib/kamal/cli/build.rb
+++ b/lib/kamal/cli/build.rb
@@ -1,9 +1,11 @@
-class Mrsk::Cli::Build < Mrsk::Cli::Base
+require "uri"
 class Kamal::Cli::Build < Kamal::Cli::Base
  class BuildError < StandardError; end
  desc "deliver", "Build app and push app image to registry then pull image on servers"
  def deliver
-    with_lock do
+    mutating do
      push
      pull
    end
@@ -11,21 +13,27 @@ class Mrsk::Cli::Build < Mrsk::Cli::Base
  desc "push", "Build and push app image to registry"
  def push
-    with_lock do
+    mutating do
      cli = self
      verify_local_dependencies
      run_hook "pre-build"
      if (uncommitted_changes = Kamal::Git.uncommitted_changes).present?
        say "The following paths have uncommitted changes:\n #{uncommitted_changes}", :yellow
      end
      run_locally do
        begin
-          MRSK.with_verbosity(:debug) { execute *MRSK.builder.push }
+          KAMAL.with_verbosity(:debug) do
            execute *KAMAL.builder.push
          end
        rescue SSHKit::Command::Failed => e
          if e.message =~ /(no builder)|(no such file or directory)/
            error "Missing compatible builder, so creating a new one first"
            if cli.create
-              MRSK.with_verbosity(:debug) { execute *MRSK.builder.push }
+              KAMAL.with_verbosity(:debug) { execute *KAMAL.builder.push }
            end
          else
            raise
@@ -37,22 +45,27 @@ class Mrsk::Cli::Build < Mrsk::Cli::Base
  desc "pull", "Pull app image from registry onto servers"
  def pull
-    with_lock do
+    mutating do
-      on(MRSK.hosts) do
+      on(KAMAL.hosts) do
-        execute *MRSK.auditor.record("Pulled image with version #{MRSK.config.version}"), verbosity: :debug
+        execute *KAMAL.auditor.record("Pulled image with version #{KAMAL.config.version}"), verbosity: :debug
-        execute *MRSK.builder.clean, raise_on_non_zero_exit: false
+        execute *KAMAL.builder.clean, raise_on_non_zero_exit: false
-        execute *MRSK.builder.pull
+        execute *KAMAL.builder.pull
        execute *KAMAL.builder.validate_image
      end
    end
  end
  desc "create", "Create a build setup"
  def create
-    with_lock do
+    mutating do
      if (remote_host = KAMAL.config.builder.remote_host)
        connect_to_remote_host(remote_host)
      end
      run_locally do
        begin
-          debug "Using builder: #{MRSK.builder.name}"
+          debug "Using builder: #{KAMAL.builder.name}"
-          execute *MRSK.builder.create
+          execute *KAMAL.builder.create
        rescue SSHKit::Command::Failed => e
          if e.message =~ /stderr=(.*)/
            error "Couldn't create remote builder: #{$1}"
@@ -67,10 +80,10 @@ class Mrsk::Cli::Build < Mrsk::Cli::Base
  desc "remove", "Remove build setup"
  def remove
-    with_lock do
+    mutating do
      run_locally do
-        debug "Using builder: #{MRSK.builder.name}"
+        debug "Using builder: #{KAMAL.builder.name}"
-        execute *MRSK.builder.remove
+        execute *KAMAL.builder.remove
      end
    end
  end
@@ -78,8 +91,8 @@ class Mrsk::Cli::Build < Mrsk::Cli::Base
  desc "details", "Show build setup"
  def details
    run_locally do
-      puts "Builder: #{MRSK.builder.name}"
+      puts "Builder: #{KAMAL.builder.name}"
-      puts capture(*MRSK.builder.info)
+      puts capture(*KAMAL.builder.info)
    end
  end
@@ -87,7 +100,7 @@ class Mrsk::Cli::Build < Mrsk::Cli::Base
    def verify_local_dependencies
      run_locally do
        begin
-          execute *MRSK.builder.ensure_local_dependencies_installed
+          execute *KAMAL.builder.ensure_local_dependencies_installed
        rescue SSHKit::Command::Failed => e
          build_error = e.message =~ /command not found/ ?
            "Docker is not installed locally" :
@@ -97,4 +110,14 @@ class Mrsk::Cli::Build < Mrsk::Cli::Base
        end
      end
    end
    def connect_to_remote_host(remote_host)
      remote_uri = URI.parse(remote_host)
      if remote_uri.scheme == "ssh"
        options = { user: remote_uri.user, port: remote_uri.port }.compact
        on(remote_uri.host, options) do
          execute "true"
        end
      end
    end
 end
--- a/lib/kamal/cli/env.rb
+++ b/lib/kamal/cli/env.rb
@@ -0,0 +1,45 @@
 require "tempfile"
 class Kamal::Cli::Env < Kamal::Cli::Base
  desc "push", "Push the env file to the remote hosts"
  def push
    mutating do
      on(KAMAL.hosts) do
        execute *KAMAL.auditor.record("Pushed env files"), verbosity: :debug
        KAMAL.roles_on(host).each do |role|
          execute *KAMAL.app(role: role).make_env_directory
          upload! role.env.secrets_io, role.env.secrets_file, mode: 400
        end
      end
      on(KAMAL.accessory_hosts) do
        KAMAL.accessories_on(host).each do |accessory|
          accessory_config = KAMAL.config.accessory(accessory)
          execute *KAMAL.accessory(accessory).make_env_directory
          upload! accessory_config.env.secrets_io, accessory_config.env.secrets_file, mode: 400
        end
      end
    end
  end
  desc "delete", "Delete the env file from the remote hosts"
  def delete
    mutating do
      on(KAMAL.hosts) do
        execute *KAMAL.auditor.record("Deleted env files"), verbosity: :debug
        KAMAL.roles_on(host).each do |role|
          execute *KAMAL.app(role: role).remove_env_file
        end
      end
      on(KAMAL.accessory_hosts) do
        KAMAL.accessories_on(host).each do |accessory|
          accessory_config = KAMAL.config.accessory(accessory)
          execute *KAMAL.accessory(accessory).remove_env_file
        end
      end
    end
  end
 end
--- a/lib/kamal/cli/healthcheck.rb
+++ b/lib/kamal/cli/healthcheck.rb
@@ -0,0 +1,21 @@
 class Kamal::Cli::Healthcheck < Kamal::Cli::Base
  default_command :perform
  desc "perform", "Health check current app version"
  def perform
    raise "The primary host is not configured to run a proxy" unless KAMAL.config.role(KAMAL.config.primary_role).running_proxy?
    on(KAMAL.primary_host) do
      begin
        execute *KAMAL.healthcheck.run
        Poller.wait_for_healthy { capture_with_info(*KAMAL.healthcheck.status) }
      rescue Poller::HealthcheckError => e
        error capture_with_info(*KAMAL.healthcheck.logs)
        error capture_with_pretty_json(*KAMAL.healthcheck.container_health_log)
        raise
      ensure
        execute *KAMAL.healthcheck.stop, raise_on_non_zero_exit: false
        execute *KAMAL.healthcheck.remove, raise_on_non_zero_exit: false
      end
    end
  end
 end
--- a/lib/kamal/cli/healthcheck/poller.rb
+++ b/lib/kamal/cli/healthcheck/poller.rb
@@ -0,0 +1,64 @@
 module Kamal::Cli::Healthcheck::Poller
  extend self
  TRAEFIK_UPDATE_DELAY = 5
  class HealthcheckError < StandardError; end
  def wait_for_healthy(pause_after_ready: false, &block)
    attempt = 1
    max_attempts = KAMAL.config.healthcheck["max_attempts"]
    begin
      case status = block.call
      when "healthy"
        sleep TRAEFIK_UPDATE_DELAY if pause_after_ready
      when "running" # No health check configured
        sleep KAMAL.config.readiness_delay if pause_after_ready
      else
        raise HealthcheckError, "container not ready (#{status})"
      end
    rescue HealthcheckError => e
      if attempt <= max_attempts
        info "#{e.message}, retrying in #{attempt}s (attempt #{attempt}/#{max_attempts})..."
        sleep attempt
        attempt += 1
        retry
      else
        raise
      end
    end
    info "Container is healthy!"
  end
  def wait_for_unhealthy(pause_after_ready: false, &block)
    attempt = 1
    max_attempts = KAMAL.config.healthcheck["max_attempts"]
    begin
      case status = block.call
      when "unhealthy"
        sleep TRAEFIK_UPDATE_DELAY if pause_after_ready
      else
        raise HealthcheckError, "container not unhealthy (#{status})"
      end
    rescue HealthcheckError => e
      if attempt <= max_attempts
        info "#{e.message}, retrying in #{attempt}s (attempt #{attempt}/#{max_attempts})..."
        sleep attempt
        attempt += 1
        retry
      else
        raise
      end
    end
    info "Container is unhealthy!"
  end
  private
    def info(message)
      SSHKit.config.output.info(message)
    end
 end
--- a/lib/kamal/cli/lock.rb
+++ b/lib/kamal/cli/lock.rb
@@ -1,17 +1,23 @@
-class Mrsk::Cli::Lock < Mrsk::Cli::Base
+class Kamal::Cli::Lock < Kamal::Cli::Base
  desc "status", "Report lock status"
  def status
    handle_missing_lock do
-      on(MRSK.primary_host) { puts capture_with_debug(*MRSK.lock.status) }
+      on(KAMAL.primary_host) do
        execute *KAMAL.server.ensure_run_directory
        puts capture_with_debug(*KAMAL.lock.status)
      end
    end
  end
  desc "acquire", "Acquire the deploy lock"
-  option :message, aliases: "-m", type: :string, desc: "A lock mesasge", required: true
+  option :message, aliases: "-m", type: :string, desc: "A lock message", required: true
  def acquire
    message = options[:message]
    raise_if_locked do
-      on(MRSK.primary_host) { execute *MRSK.lock.acquire(message, MRSK.config.version), verbosity: :debug }
+      on(KAMAL.primary_host) do
        execute *KAMAL.server.ensure_run_directory
        execute *KAMAL.lock.acquire(message, KAMAL.config.version), verbosity: :debug
      end
      say "Acquired the deploy lock"
    end
  end
@@ -19,7 +25,10 @@ class Mrsk::Cli::Lock < Mrsk::Cli::Base
  desc "release", "Release the deploy lock"
  def release
    handle_missing_lock do
-      on(MRSK.primary_host) { execute *MRSK.lock.release, verbosity: :debug }
+      on(KAMAL.primary_host) do
        execute *KAMAL.server.ensure_run_directory
        execute *KAMAL.lock.release, verbosity: :debug
      end
      say "Released the deploy lock"
    end
  end
--- a/lib/kamal/cli/main.rb
+++ b/lib/kamal/cli/main.rb
@@ -0,0 +1,268 @@
 class Kamal::Cli::Main < Kamal::Cli::Base
  desc "setup", "Setup all accessories, push the env, and deploy app to servers"
  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
  def setup
    print_runtime do
      mutating do
        invoke_options = deploy_options
        say "Ensure Docker is installed...", :magenta
        invoke "kamal:cli:server:bootstrap", [], invoke_options
        say "Push env files...", :magenta
        invoke "kamal:cli:env:push", [], invoke_options
        invoke "kamal:cli:accessory:boot", [ "all" ], invoke_options
        deploy
      end
    end
  end
  desc "deploy", "Deploy app to servers"
  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
  def deploy
    runtime = print_runtime do
      mutating do
        invoke_options = deploy_options
        say "Log into image registry...", :magenta
        invoke "kamal:cli:registry:login", [], invoke_options
        if options[:skip_push]
          say "Pull app image...", :magenta
          invoke "kamal:cli:build:pull", [], invoke_options
        else
          say "Build and push app image...", :magenta
          invoke "kamal:cli:build:deliver", [], invoke_options
        end
        run_hook "pre-deploy"
        say "Ensure proxy is running...", :magenta
        invoke "kamal:cli:proxy:boot", [], invoke_options
        if KAMAL.config.role(KAMAL.config.primary_role).running_proxy?
          say "Ensure app can pass healthcheck...", :magenta
          invoke "kamal:cli:healthcheck:perform", [], invoke_options
        end
        say "Detect stale containers...", :magenta
        invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
        invoke "kamal:cli:app:boot", [], invoke_options
        say "Prune old containers and images...", :magenta
        invoke "kamal:cli:prune:all", [], invoke_options
      end
    end
    run_hook "post-deploy", runtime: runtime.round
  end
  desc "redeploy", "Deploy app to servers without bootstrapping servers, starting proxy, pruning, and registry login"
  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
  def redeploy
    runtime = print_runtime do
      mutating do
        invoke_options = deploy_options
        if options[:skip_push]
          say "Pull app image...", :magenta
          invoke "kamal:cli:build:pull", [], invoke_options
        else
          say "Build and push app image...", :magenta
          invoke "kamal:cli:build:deliver", [], invoke_options
        end
        run_hook "pre-deploy"
        say "Ensure app can pass healthcheck...", :magenta
        invoke "kamal:cli:healthcheck:perform", [], invoke_options
        say "Detect stale containers...", :magenta
        invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
        invoke "kamal:cli:app:boot", [], invoke_options
      end
    end
    run_hook "post-deploy", runtime: runtime.round
  end
  desc "rollback [VERSION]", "Rollback app to VERSION"
  def rollback(version)
    rolled_back = false
    runtime = print_runtime do
      mutating do
        invoke_options = deploy_options
        KAMAL.config.version = version
        old_version = nil
        if container_available?(version)
          run_hook "pre-deploy"
          invoke "kamal:cli:app:boot", [], invoke_options.merge(version: version)
          rolled_back = true
        else
          say "The app version '#{version}' is not available as a container (use 'kamal app containers' for available versions)", :red
        end
      end
    end
    run_hook "post-deploy", runtime: runtime.round if rolled_back
  end
  desc "details", "Show details about all containers"
  def details
    invoke "kamal:cli:proxy:details"
    invoke "kamal:cli:app:details"
    invoke "kamal:cli:accessory:details", [ "all" ]
  end
  desc "audit", "Show audit log from servers"
  def audit
    on(KAMAL.hosts) do |host|
      puts_by_host host, capture_with_info(*KAMAL.auditor.reveal)
    end
  end
  desc "config", "Show combined config (including secrets!)"
  def config
    run_locally do
      puts Kamal::Utils.redacted(KAMAL.config.to_h).to_yaml
    end
  end
  desc "init", "Create config stub in config/deploy.yml and env stub in .env"
  option :bundle, type: :boolean, default: false, desc: "Add Kamal to the Gemfile and create a bin/kamal binstub"
  def init
    require "fileutils"
    if (deploy_file = Pathname.new(File.expand_path("config/deploy.yml"))).exist?
      puts "Config file already exists in config/deploy.yml (remove first to create a new one)"
    else
      FileUtils.mkdir_p deploy_file.dirname
      FileUtils.cp_r Pathname.new(File.expand_path("templates/deploy.yml", __dir__)), deploy_file
      puts "Created configuration file in config/deploy.yml"
    end
    unless (deploy_file = Pathname.new(File.expand_path(".env"))).exist?
      FileUtils.cp_r Pathname.new(File.expand_path("templates/template.env", __dir__)), deploy_file
      puts "Created .env file"
    end
    unless (hooks_dir = Pathname.new(File.expand_path(".kamal/hooks"))).exist?
      hooks_dir.mkpath
      Pathname.new(File.expand_path("templates/sample_hooks", __dir__)).each_child do |sample_hook|
        FileUtils.cp sample_hook, hooks_dir, preserve: true
      end
      puts "Created sample hooks in .kamal/hooks"
    end
    if options[:bundle]
      if (binstub = Pathname.new(File.expand_path("bin/kamal"))).exist?
        puts "Binstub already exists in bin/kamal (remove first to create a new one)"
      else
        puts "Adding Kamal to Gemfile and bundle..."
        run_locally do
          execute :bundle, :add, :kamal
          execute :bundle, :binstubs, :kamal
        end
        puts "Created binstub file in bin/kamal"
      end
    end
  end
  desc "envify", "Create .env by evaluating .env.erb (or .env.staging.erb -> .env.staging when using -d staging)"
  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip .env file push"
  def envify
    if destination = options[:destination]
      env_template_path = ".env.#{destination}.erb"
      env_path          = ".env.#{destination}"
    else
      env_template_path = ".env.erb"
      env_path          = ".env"
    end
    File.write(env_path, ERB.new(File.read(env_template_path), trim_mode: "-").result, perm: 0600)
    unless options[:skip_push]
      reload_envs
      invoke "kamal:cli:env:push", options
    end
  end
  desc "remove", "Remove proxy, app, accessories, and registry session from servers"
  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
  def remove
    mutating do
      confirming "This will remove all containers and images. Are you sure?" do
        invoke "kamal:cli:proxy:remove", [], options.without(:confirmed)
        invoke "kamal:cli:app:remove", [], options.without(:confirmed)
        invoke "kamal:cli:accessory:remove", [ "all" ], options
        invoke "kamal:cli:registry:logout", [], options.without(:confirmed)
      end
    end
  end
  desc "version", "Show Kamal version"
  def version
    puts Kamal::VERSION
  end
  desc "accessory", "Manage accessories (db/redis/search)"
  subcommand "accessory", Kamal::Cli::Accessory
  desc "app", "Manage application"
  subcommand "app", Kamal::Cli::App
  desc "build", "Build application image"
  subcommand "build", Kamal::Cli::Build
  desc "env", "Manage environment files"
  subcommand "env", Kamal::Cli::Env
  desc "healthcheck", "Healthcheck application"
  subcommand "healthcheck", Kamal::Cli::Healthcheck
  desc "lock", "Manage the deploy lock"
  subcommand "lock", Kamal::Cli::Lock
  desc "prune", "Prune old application images and containers"
  subcommand "prune", Kamal::Cli::Prune
  desc "registry", "Login and -out of the image registry"
  subcommand "registry", Kamal::Cli::Registry
  desc "server", "Bootstrap servers with curl and Docker"
  subcommand "server", Kamal::Cli::Server
  desc "proxy", "Manage load balancer proxy"
  subcommand "proxy", Kamal::Cli::Proxy
  private
    def container_available?(version)
      begin
        on(KAMAL.hosts) do
          KAMAL.roles_on(host).each do |role|
            container_id = capture_with_info(*KAMAL.app(role: role).container_id_for_version(version))
            raise "Container not found" unless container_id.present?
          end
        end
      rescue SSHKit::Runner::ExecuteError => e
        if e.message =~ /Container not found/
          say "Error looking for container version #{version}: #{e.message}"
          return false
        else
          raise
        end
      end
      true
    end
    def deploy_options
      { "version" => KAMAL.config.version }.merge(options.without("skip_push"))
    end
 end
--- a/lib/kamal/cli/proxy.rb
+++ b/lib/kamal/cli/proxy.rb
@@ -0,0 +1,120 @@
 class Kamal::Cli::Proxy < Kamal::Cli::Base
  desc "boot", "Boot proxy on servers"
  def boot
    mutating do
      on(KAMAL.proxy_hosts) do
        execute *KAMAL.registry.login
        execute *KAMAL.proxy.start_or_run
      end
    end
  end
  desc "reboot", "Reboot proxy on servers (stop container, remove container, start new container)"
  option :rolling, type: :boolean, default: false, desc: "Reboot proxy on hosts in sequence, rather than in parallel"
  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
  def reboot
    confirming "This will cause a brief outage on each host. Are you sure?" do
      mutating do
        host_groups = options[:rolling] ? KAMAL.proxy_hosts : [ KAMAL.proxy_hosts ]
        host_groups.each do |hosts|
          host_list = Array(hosts).join(",")
          run_hook "pre-proxy-reboot", hosts: host_list
          on(hosts) do
            execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
            execute *KAMAL.registry.login
            execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
            execute *KAMAL.proxy.remove_container
            execute *KAMAL.proxy.run
          end
          run_hook "post-proxy-reboot", hosts: host_list
        end
      end
    end
  end
  desc "start", "Start existing proxy container on servers"
  def start
    mutating do
      on(KAMAL.proxy_hosts) do
        execute *KAMAL.auditor.record("Started proxy"), verbosity: :debug
        execute *KAMAL.proxy.start
      end
    end
  end
  desc "stop", "Stop existing proxy container on servers"
  def stop
    mutating do
      on(KAMAL.proxy_hosts) do
        execute *KAMAL.auditor.record("Stopped proxy"), verbosity: :debug
        execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
      end
    end
  end
  desc "restart", "Restart existing proxy container on servers"
  def restart
    mutating do
      stop
      start
    end
  end
  desc "details", "Show details about proxy container from servers"
  def details
    on(KAMAL.proxy_hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.proxy.info), type: "Proxy" }
  end
  desc "logs", "Show log lines from proxy on servers"
  option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
  option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"
  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
  option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
  def logs
    grep = options[:grep]
    if options[:follow]
      run_locally do
        info "Following logs on #{KAMAL.primary_host}..."
        info KAMAL.proxy.follow_logs(host: KAMAL.primary_host, grep: grep)
        exec KAMAL.proxy.follow_logs(host: KAMAL.primary_host, grep: grep)
      end
    else
      since = options[:since]
      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
      on(KAMAL.proxy_hosts) do |host|
        puts_by_host host, capture(*KAMAL.proxy.logs(since: since, lines: lines, grep: grep)), type: "Proxy"
      end
    end
  end
  desc "remove", "Remove proxy container and image from servers"
  def remove
    mutating do
      stop
      remove_container
      remove_image
    end
  end
  desc "remove_container", "Remove proxy container from servers", hide: true
  def remove_container
    mutating do
      on(KAMAL.proxy_hosts) do
        execute *KAMAL.auditor.record("Removed proxy container"), verbosity: :debug
        execute *KAMAL.proxy.remove_container
      end
    end
  end
  desc "remove_image", "Remove proxy image from servers", hide: true
  def remove_image
    mutating do
      on(KAMAL.proxy_hosts) do
        execute *KAMAL.auditor.record("Removed proxy image"), verbosity: :debug
        execute *KAMAL.proxy.remove_image
      end
    end
  end
 end
--- a/lib/kamal/cli/prune.rb
+++ b/lib/kamal/cli/prune.rb
@@ -0,0 +1,35 @@
 class Kamal::Cli::Prune < Kamal::Cli::Base
  desc "all", "Prune unused images and stopped containers"
  def all
    mutating do
      containers
      images
    end
  end
  desc "images", "Prune unused images"
  def images
    mutating do
      on(KAMAL.hosts) do
        execute *KAMAL.auditor.record("Pruned images"), verbosity: :debug
        execute *KAMAL.prune.dangling_images
        execute *KAMAL.prune.tagged_images
      end
    end
  end
  desc "containers", "Prune all stopped containers, except the last n (default 5)"
  option :retain, type: :numeric, default: nil, desc: "Number of containers to retain"
  def containers
    retain = options.fetch(:retain, KAMAL.config.retain_containers)
    raise "retain must be at least 1" if retain < 1
    mutating do
      on(KAMAL.hosts) do
        execute *KAMAL.auditor.record("Pruned containers"), verbosity: :debug
        execute *KAMAL.prune.app_containers(retain: retain)
        execute *KAMAL.prune.healthcheck_containers
      end
    end
  end
 end
--- a/lib/kamal/cli/registry.rb
+++ b/lib/kamal/cli/registry.rb
@@ -1,8 +1,8 @@
-class Mrsk::Cli::Registry < Mrsk::Cli::Base
+class Kamal::Cli::Registry < Kamal::Cli::Base
  desc "login", "Log in to registry locally and remotely"
  def login
-    run_locally    { execute *MRSK.registry.login }
+    run_locally    { execute *KAMAL.registry.login }
-    on(MRSK.hosts) { execute *MRSK.registry.login }
+    on(KAMAL.hosts) { execute *KAMAL.registry.login }
  # FIXME: This rescue needed?
  rescue ArgumentError => e
    puts e.message
@@ -10,7 +10,7 @@ class Mrsk::Cli::Registry < Mrsk::Cli::Base
  desc "logout", "Log out of registry remotely"
  def logout
-    on(MRSK.hosts) { execute *MRSK.registry.logout }
+    on(KAMAL.hosts) { execute *KAMAL.registry.logout }
  # FIXME: This rescue needed?
  rescue ArgumentError => e
    puts e.message
--- a/lib/kamal/cli/server.rb
+++ b/lib/kamal/cli/server.rb
@@ -0,0 +1,33 @@
 class Kamal::Cli::Server < Kamal::Cli::Base
  desc "bootstrap", "Set up Docker to run Kamal apps"
  def bootstrap
    missing = []
    on(KAMAL.hosts | KAMAL.accessory_hosts) do |host|
      unless execute(*KAMAL.docker.installed?, raise_on_non_zero_exit: false)
        if execute(*KAMAL.docker.superuser?, raise_on_non_zero_exit: false)
          info "Missing Docker on #{host}. Installing…"
          execute *KAMAL.docker.install
        else
          missing << host
        end
      end
      execute(*KAMAL.server.ensure_run_directory)
      begin
        execute(*KAMAL.docker.create_kamal_network)
      rescue SSHKit::Command::Failed => e
        if e.message !~ /network with name kamal already exists/
          raise
        end
      end
    end
    if missing.any?
      raise "Docker is not installed on #{missing.join(", ")} and can't be automatically installed without having root access and either `wget` or `curl`. Install Docker manually: https://docs.docker.com/engine/install/"
    end
    run_hook "docker-setup"
  end
 end
--- a/lib/kamal/cli/templates/deploy.yml
+++ b/lib/kamal/cli/templates/deploy.yml
@@ -16,9 +16,10 @@ registry:
  # Always use an access token rather than real password when possible.
  password:
-    - MRSK_REGISTRY_PASSWORD
+    - KAMAL_REGISTRY_PASSWORD
 # Inject ENV variables into containers (secrets come from .env).
 # Remember to run `kamal env push` after making changes!
 # env:
 #   clear:
 #     DB_HOST: 192.168.0.2
@@ -52,7 +53,7 @@ registry:
 #         - MYSQL_ROOT_PASSWORD
 #     files:
 #       - config/mysql/production.cnf:/etc/mysql/my.cnf
-#       - db/production.sql.erb:/docker-entrypoint-initdb.d/setup.sql
+#       - db/production.sql:/docker-entrypoint-initdb.d/setup.sql
 #     directories:
 #       - data:/var/lib/mysql
 #   redis:
@@ -62,13 +63,33 @@ registry:
 #     directories:
 #       - data:/data
 # Configure custom arguments for Traefik
 # traefik:
 #   args:
 #     accesslog: true
 #     accesslog.format: json
 # Configure a custom healthcheck (default is /up on port 3000)
 # healthcheck:
 #   path: /healthz
 #   port: 4000
 # Bridge fingerprinted assets, like JS and CSS, between versions to avoid
 # hitting 404 on in-flight requests. Combines all files from new and old
 # version inside the asset_path.
 #
 # If your app is using the Sprockets gem, ensure it sets `config.assets.manifest`.
 # See https://github.com/basecamp/kamal/issues/626 for details
 #
 # asset_path: /rails/public/assets
 # Configure rolling deploys by setting a wait time between batches of restarts.
 # boot:
 #   limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
 #   wait: 2
 # Configure the role used to determine the primary_host. This host takes
 # deploy locks, runs health checks during the deploy, and follow logs, etc.
 #
 # Caution: there's no support for role renaming yet, so be careful to cleanup
 #          the previous role on the deployed hosts.
 # primary_role: web
 # Controls if we abort when see a role with no hosts. Disabling this may be
 # useful for more complex deploy configurations.
 #
 # allow_empty_roles: false
--- a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample
+++ b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample
@@ -0,0 +1,7 @@
 #!/usr/bin/env ruby
 # A sample docker-setup hook
 #
 # Sets up a Docker network which can then be used by the application’s containers
 ssh user@example.com docker network create kamal
--- a/lib/kamal/cli/templates/sample_hooks/post-deploy.sample
+++ b/lib/kamal/cli/templates/sample_hooks/post-deploy.sample
@@ -0,0 +1,14 @@
 #!/bin/sh
 # A sample post-deploy hook
 #
 # These environment variables are available:
 # KAMAL_RECORDED_AT
 # KAMAL_PERFORMER
 # KAMAL_VERSION
 # KAMAL_HOSTS
 # KAMAL_ROLE (if set)
 # KAMAL_DESTINATION (if set)
 # KAMAL_RUNTIME
 echo "$KAMAL_PERFORMER deployed $KAMAL_VERSION to $KAMAL_DESTINATION in $KAMAL_RUNTIME seconds"
--- a/lib/kamal/cli/templates/sample_hooks/post-traefik-reboot.sample
+++ b/lib/kamal/cli/templates/sample_hooks/post-traefik-reboot.sample
@@ -0,0 +1,3 @@
 #!/bin/sh
 echo "Rebooted proxy on $KAMAL_HOSTS"
--- a/lib/kamal/cli/templates/sample_hooks/pre-build.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-build.sample
@@ -9,12 +9,12 @@
 # 4. The version we are deploying matches the remote
 #
 # These environment variables are available:
-# MRSK_RECORDED_AT
+# KAMAL_RECORDED_AT
-# MRSK_PERFORMER
+# KAMAL_PERFORMER
-# MRSK_VERSION
+# KAMAL_VERSION
-# MRSK_HOSTS
+# KAMAL_HOSTS
-# MRSK_ROLE (if set)
+# KAMAL_ROLE (if set)
-# MRSK_DESTINATION (if set)
+# KAMAL_DESTINATION (if set)
 if [ -n "$(git status --porcelain)" ]; then
  echo "Git checkout is not clean, aborting..." >&2
@@ -32,7 +32,7 @@ fi
 current_branch=$(git branch --show-current)
 if [ -z "$current_branch" ]; then
-  echo "No git remote set, aborting..." >&2
+  echo "Not on a git branch, aborting..." >&2
  exit 1
 fi
@@ -43,8 +43,8 @@ if [ -z "$remote_head" ]; then
  exit 1
 fi
-if [ "$MRSK_VERSION" != "$remote_head" ]; then
+if [ "$KAMAL_VERSION" != "$remote_head" ]; then
-  echo "Version ($MRSK_VERSION) does not match remote HEAD ($remote_head), aborting..." >&2
+  echo "Version ($KAMAL_VERSION) does not match remote HEAD ($remote_head), aborting..." >&2
  exit 1
 fi
--- a/lib/kamal/cli/templates/sample_hooks/pre-connect.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-connect.sample
@@ -5,15 +5,15 @@
 # Warms DNS before connecting to hosts in parallel
 #
 # These environment variables are available:
-# MRSK_RECORDED_AT
+# KAMAL_RECORDED_AT
-# MRSK_PERFORMER
+# KAMAL_PERFORMER
-# MRSK_VERSION
+# KAMAL_VERSION
-# MRSK_HOSTS
+# KAMAL_HOSTS
-# MRSK_ROLE (if set)
+# KAMAL_ROLE (if set)
-# MRSK_DESTINATION (if set)
+# KAMAL_DESTINATION (if set)
-# MRSK_RUNTIME
+# KAMAL_RUNTIME
-hosts = ENV["MRSK_HOSTS"].split(",")
+hosts = ENV["KAMAL_HOSTS"].split(",")
 results = nil
 max = 3
--- a/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample
@@ -0,0 +1,109 @@
 #!/usr/bin/env ruby
 # A sample pre-deploy hook
 #
 # Checks the Github status of the build, waiting for a pending build to complete for up to 720 seconds.
 #
 # Fails unless the combined status is "success"
 #
 # These environment variables are available:
 # KAMAL_RECORDED_AT
 # KAMAL_PERFORMER
 # KAMAL_VERSION
 # KAMAL_HOSTS
 # KAMAL_COMMAND
 # KAMAL_SUBCOMMAND
 # KAMAL_ROLE (if set)
 # KAMAL_DESTINATION (if set)
 # Only check the build status for production deployments
 if ENV["KAMAL_COMMAND"] == "rollback" || ENV["KAMAL_DESTINATION"] != "production"
  exit 0
 end
 require "bundler/inline"
 # true = install gems so this is fast on repeat invocations
 gemfile(true, quiet: true) do
  source "https://rubygems.org"
  gem "octokit"
  gem "faraday-retry"
 end
 MAX_ATTEMPTS = 72
 ATTEMPTS_GAP = 10
 def exit_with_error(message)
  $stderr.puts message
  exit 1
 end
 class GithubStatusChecks
  attr_reader :remote_url, :git_sha, :github_client, :combined_status
  def initialize
    @remote_url = `git config --get remote.origin.url`.strip.delete_prefix("https://github.com/")
    @git_sha = `git rev-parse HEAD`.strip
    @github_client = Octokit::Client.new(access_token: ENV["GITHUB_TOKEN"])
    refresh!
  end
  def refresh!
    @combined_status = github_client.combined_status(remote_url, git_sha)
  end
  def state
    combined_status[:state]
  end
  def first_status_url
    first_status = combined_status[:statuses].find { |status| status[:state] == state }
    first_status && first_status[:target_url]
  end
  def complete_count
    combined_status[:statuses].count { |status| status[:state] != "pending"}
  end
  def total_count
    combined_status[:statuses].count
  end
  def current_status
    if total_count > 0
      "Completed #{complete_count}/#{total_count} checks, see #{first_status_url} ..."
    else
      "Build not started..."
    end
  end
 end
 $stdout.sync = true
 puts "Checking build status..."
 attempts = 0
 checks = GithubStatusChecks.new
 begin
  loop do
    case checks.state
    when "success"
      puts "Checks passed, see #{checks.first_status_url}"
      exit 0
    when "failure"
      exit_with_error "Checks failed, see #{checks.first_status_url}"
    when "pending"
      attempts += 1
    end
    exit_with_error "Checks are still pending, gave up after #{MAX_ATTEMPTS * ATTEMPTS_GAP} seconds" if attempts == MAX_ATTEMPTS
    puts checks.current_status
    sleep(ATTEMPTS_GAP)
    checks.refresh!
  end
 rescue Octokit::NotFound
  exit_with_error "Build status could not be found"
 end
--- a/lib/kamal/cli/templates/sample_hooks/pre-traefik-reboot.sample
+++ b/lib/kamal/cli/templates/sample_hooks/pre-traefik-reboot.sample
@@ -0,0 +1,3 @@
 #!/bin/sh
 echo "Rebooting proxy on $KAMAL_HOSTS..."
--- a/lib/kamal/cli/templates/template.env
+++ b/lib/kamal/cli/templates/template.env
@@ -0,0 +1,2 @@
 KAMAL_REGISTRY_PASSWORD=change-this
 RAILS_MASTER_KEY=another-env
--- a/lib/kamal/commander.rb
+++ b/lib/kamal/commander.rb
@@ -0,0 +1,184 @@
 require "active_support/core_ext/enumerable"
 require "active_support/core_ext/module/delegation"
 class Kamal::Commander
  attr_accessor :verbosity, :holding_lock, :hold_lock_on_error
  def initialize
    self.verbosity = :info
    self.holding_lock = false
    self.hold_lock_on_error = false
  end
  def config
    @config ||= Kamal::Configuration.create_from(**@config_kwargs).tap do |config|
      @config_kwargs = nil
      configure_sshkit_with(config)
    end
  end
  def configure(**kwargs)
    @config, @config_kwargs = nil, kwargs
  end
  attr_reader :specific_roles, :specific_hosts
  def specific_primary!
    self.specific_hosts = [ config.primary_host ]
  end
  def specific_roles=(role_names)
    if role_names.present?
      @specific_roles = Kamal::Utils.filter_specific_items(role_names, config.roles)
      if @specific_roles.empty?
        raise ArgumentError, "No --roles match for #{role_names.join(',')}"
      end
      @specific_roles
    end
  end
  def specific_hosts=(hosts)
    if hosts.present?
      @specific_hosts = Kamal::Utils.filter_specific_items(hosts, config.all_hosts)
      if @specific_hosts.empty?
        raise ArgumentError, "No --hosts match for #{hosts.join(',')}"
      end
      @specific_hosts
    end
  end
  def primary_host
    # Given a list of specific roles, make an effort to match up with the primary_role
    specific_hosts&.first || specific_roles&.detect { |role| role == config.primary_role }&.primary_host || specific_roles&.first&.primary_host || config.primary_host
  end
  def primary_role
    roles_on(primary_host).first
  end
  def roles
    (specific_roles || config.roles).select do |role|
      ((specific_hosts || config.all_hosts) & role.hosts).any?
    end
  end
  def hosts
    (specific_hosts || config.all_hosts).select do |host|
      (specific_roles || config.roles).flat_map(&:hosts).include?(host)
    end
  end
  def roles_on(host)
    roles.select { |role| role.hosts.include?(host.to_s) }
  end
  def proxy_hosts
    specific_hosts || config.proxy_hosts
  end
  def accessory_hosts
    specific_hosts || config.accessories.flat_map(&:hosts)
  end
  def accessory_names
    config.accessories&.collect(&:name) || []
  end
  def accessories_on(host)
    config.accessories.select { |accessory| accessory.hosts.include?(host.to_s) }.map(&:name)
  end
  def app(role: nil)
    Kamal::Commands::App.new(config, role: role)
  end
  def accessory(name)
    Kamal::Commands::Accessory.new(config, name: name)
  end
  def auditor(**details)
    Kamal::Commands::Auditor.new(config, **details)
  end
  def builder
    @builder ||= Kamal::Commands::Builder.new(config)
  end
  def docker
    @docker ||= Kamal::Commands::Docker.new(config)
  end
  def healthcheck
    @healthcheck ||= Kamal::Commands::Healthcheck.new(config)
  end
  def hook
    @hook ||= Kamal::Commands::Hook.new(config)
  end
  def lock
    @lock ||= Kamal::Commands::Lock.new(config)
  end
  def prune
    @prune ||= Kamal::Commands::Prune.new(config)
  end
  def registry
    @registry ||= Kamal::Commands::Registry.new(config)
  end
  def server
    @server ||= Kamal::Commands::Server.new(config)
  end
  def proxy
    @proxy ||= Kamal::Commands::Proxy.new(config)
  end
  def with_verbosity(level)
    old_level = self.verbosity
    self.verbosity = level
    SSHKit.config.output_verbosity = level
    yield
  ensure
    self.verbosity = old_level
    SSHKit.config.output_verbosity = old_level
  end
  def boot_strategy
    if config.boot.limit.present?
      { in: :groups, limit: config.boot.limit, wait: config.boot.wait }
    else
      {}
    end
  end
  def holding_lock?
    self.holding_lock
  end
  def hold_lock_on_error?
    self.hold_lock_on_error
  end
  private
    # Lazy setup of SSHKit
    def configure_sshkit_with(config)
      SSHKit::Backend::Netssh.pool.idle_timeout = config.sshkit.pool_idle_timeout
      SSHKit::Backend::Netssh.configure do |sshkit|
        sshkit.max_concurrent_starts = config.sshkit.max_concurrent_starts
        sshkit.ssh_options = config.ssh.options
      end
      SSHKit.config.command_map[:docker] = "docker" # No need to use /usr/bin/env, just clogs up the logs
      SSHKit.config.output_verbosity = verbosity
    end
 end
--- a/lib/kamal/commands.rb
+++ b/lib/kamal/commands.rb
@@ -0,0 +1,2 @@
 module Kamal::Commands
 end
--- a/lib/kamal/commands/accessory.rb
+++ b/lib/kamal/commands/accessory.rb
@@ -1,4 +1,4 @@
-class Mrsk::Commands::Accessory < Mrsk::Commands::Base
+class Kamal::Commands::Accessory < Kamal::Commands::Base
  attr_reader :accessory_config
  delegate :service_name, :image, :hosts, :port, :files, :directories, :cmd,
           :publish_args, :env_args, :volume_args, :label_args, :option_args, to: :accessory_config
@@ -86,14 +86,6 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
    end
  end
  def make_directory_for(remote_file)
    make_directory Pathname.new(remote_file).dirname.to_s
  end
  def make_directory(path)
    [ :mkdir, "-p", path ]
  end
  def remove_service_directory
    [ :rm, "-rf", service_name ]
  end
@@ -106,6 +98,14 @@ class Mrsk::Commands::Accessory < Mrsk::Commands::Base
    docker :image, :rm, "--force", image
  end
  def make_env_directory
    make_directory accessory_config.env.secrets_directory
  end
  def remove_env_file
    [ :rm, "-f", accessory_config.env.secrets_file ]
  end
  private
    def service_filter
      [ "--filter", "label=service=#{service_name}" ]
--- a/lib/kamal/commands/app.rb
+++ b/lib/kamal/commands/app.rb
@@ -0,0 +1,98 @@
 class Kamal::Commands::App < Kamal::Commands::Base
  include Assets, Containers, Execution, Images, Logging
  ACTIVE_DOCKER_STATUSES = [ :running, :restarting ]
  attr_reader :role, :role
  def initialize(config, role: nil)
    super(config)
    @role = role
  end
  def run(hostname: nil)
    docker :run,
      "--detach",
      "--restart unless-stopped",
      "--name", container_name,
      "--network kamal",
      *([ "--hostname", hostname ] if hostname),
      "-e", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
      "-e", "KAMAL_VERSION=\"#{config.version}\"",
      *role.env_args,
      *role.health_check_args,
      *role.logging_args,
      *config.volume_args,
      *role.asset_volume_args,
      *role.label_args,
      *role.option_args,
      config.absolute_image,
      role.cmd
  end
  def start
    docker :start, container_name
  end
  def status(version:)
    pipe container_id_for_version(version), xargs(docker(:inspect, "--format", DOCKER_HEALTH_STATUS_FORMAT))
  end
  def stop(version: nil)
    pipe \
      version ? container_id_for_version(version) : current_running_container_id,
      xargs(config.stop_wait_time ? docker(:stop, "-t", config.stop_wait_time) : docker(:stop))
  end
  def info
    docker :ps, *filter_args
  end
  def current_running_container_id
    docker :ps, "--quiet", *filter_args(statuses: ACTIVE_DOCKER_STATUSES), "--latest"
  end
  def container_id_for_version(version, only_running: false)
    container_id_for(container_name: container_name(version), only_running: only_running)
  end
  def container_name(version = nil)
    [ role.container_prefix, version || config.version ].compact.join("-")
  end
  def current_running_version
    list_versions("--latest", statuses: ACTIVE_DOCKER_STATUSES)
  end
  def list_versions(*docker_args, statuses: nil)
    pipe \
      docker(:ps, *filter_args(statuses: statuses), *docker_args, "--format", '"{{.Names}}"'),
      %(while read line; do echo ${line##{role.container_prefix}-}; done) # Extract SHA from "service-role-dest-SHA"
  end
  def make_env_directory
    make_directory role.env.secrets_directory
  end
  def remove_env_file
    [ :rm, "-f", role.env.secrets_file ]
  end
  private
    def filter_args(statuses: nil)
      argumentize "--filter", filters(statuses: statuses)
    end
    def filters(statuses: nil)
      [ "label=service=#{config.service}" ].tap do |filters|
        filters << "label=destination=#{config.destination}" if config.destination
        filters << "label=role=#{role}" if role
        statuses&.each do |status|
          filters << "status=#{status}"
        end
      end
    end
 end
--- a/lib/kamal/commands/app/assets.rb
+++ b/lib/kamal/commands/app/assets.rb
@@ -0,0 +1,51 @@
 module Kamal::Commands::App::Assets
  def extract_assets
    asset_container = "#{role.container_prefix}-assets"
    combine \
      make_directory(role.asset_extracted_path),
      [ *docker(:stop, "-t 1", asset_container, "2> /dev/null"), "|| true" ],
      docker(:run, "--name", asset_container, "--detach", "--rm", config.latest_image, "sleep 1000000"),
      docker(:cp, "-L", "#{asset_container}:#{role.asset_path}/.", role.asset_extracted_path),
      docker(:stop, "-t 1", asset_container),
      by: "&&"
  end
  def sync_asset_volumes(old_version: nil)
    new_extracted_path, new_volume_path = role.asset_extracted_path(config.version), role.asset_volume.host_path
    if old_version.present?
      old_extracted_path, old_volume_path = role.asset_extracted_path(old_version), role.asset_volume(old_version).host_path
    end
    commands = [ make_directory(new_volume_path), copy_contents(new_extracted_path, new_volume_path) ]
    if old_version.present?
      commands << copy_contents(new_extracted_path, old_volume_path, continue_on_error: true)
      commands << copy_contents(old_extracted_path, new_volume_path, continue_on_error: true)
    end
    chain *commands
  end
  def clean_up_assets
    chain \
      find_and_remove_older_siblings(role.asset_extracted_path),
      find_and_remove_older_siblings(role.asset_volume_path)
  end
  private
    def find_and_remove_older_siblings(path)
      [
        :find,
        Pathname.new(path).dirname.to_s,
        "-maxdepth 1",
        "-name", "'#{role.container_prefix}-*'",
        "!", "-name", Pathname.new(path).basename.to_s,
        "-exec rm -rf \"{}\" +"
      ]
    end
    def copy_contents(source, destination, continue_on_error: false)
      [ :cp, "-rnT", "#{source}", destination, *("|| true" if continue_on_error) ]
    end
 end
--- a/lib/kamal/commands/app/containers.rb
+++ b/lib/kamal/commands/app/containers.rb
@@ -0,0 +1,23 @@
 module Kamal::Commands::App::Containers
  def list_containers
    docker :container, :ls, "--all", *filter_args
  end
  def list_container_names
    [ *list_containers, "--format", "'{{ .Names }}'" ]
  end
  def remove_container(version:)
    pipe \
      container_id_for(container_name: container_name(version)),
      xargs(docker(:container, :rm))
  end
  def rename_container(version:, new_version:)
    docker :rename, container_name(version), container_name(new_version)
  end
  def remove_containers
    docker :container, :prune, "--force", *filter_args
  end
 end
--- a/lib/kamal/commands/app/execution.rb
+++ b/lib/kamal/commands/app/execution.rb
@@ -0,0 +1,27 @@
 module Kamal::Commands::App::Execution
  def execute_in_existing_container(*command, interactive: false)
    docker :exec,
      ("-it" if interactive),
      container_name,
      *command
  end
  def execute_in_new_container(*command, interactive: false)
    docker :run,
      ("-it" if interactive),
      "--rm",
      *role&.env_args,
      *config.volume_args,
      *role&.option_args,
      config.absolute_image,
      *command
  end
  def execute_in_existing_container_over_ssh(*command, host:)
    run_over_ssh execute_in_existing_container(*command, interactive: true), host: host
  end
  def execute_in_new_container_over_ssh(*command, host:)
    run_over_ssh execute_in_new_container(*command, interactive: true), host: host
  end
 end
--- a/lib/kamal/commands/app/images.rb
+++ b/lib/kamal/commands/app/images.rb
@@ -0,0 +1,13 @@
 module Kamal::Commands::App::Images
  def list_images
    docker :image, :ls, config.repository
  end
  def remove_images
    docker :image, :prune, "--all", "--force", *filter_args
  end
  def tag_current_image_as_latest
    docker :tag, config.absolute_image, config.latest_image
  end
 end
--- a/lib/kamal/commands/app/logging.rb
+++ b/lib/kamal/commands/app/logging.rb
@@ -0,0 +1,18 @@
 module Kamal::Commands::App::Logging
  def logs(since: nil, lines: nil, grep: nil)
    pipe \
      current_running_container_id,
      "xargs docker logs#{" --since #{since}" if since}#{" --tail #{lines}" if lines} 2>&1",
      ("grep '#{grep}'" if grep)
  end
  def follow_logs(host:, lines: nil, grep: nil)
    run_over_ssh \
      pipe(
        current_running_container_id,
        "xargs docker logs --timestamps#{" --tail #{lines}" if lines} --follow 2>&1",
        (%(grep "#{grep}") if grep)
      ),
      host: host
  end
 end
--- a/lib/kamal/commands/auditor.rb
+++ b/lib/kamal/commands/auditor.rb
@@ -1,4 +1,4 @@
-class Mrsk::Commands::Auditor < Mrsk::Commands::Base
+class Kamal::Commands::Auditor < Kamal::Commands::Base
  attr_reader :details
  def initialize(config, **details)
@@ -19,7 +19,9 @@ class Mrsk::Commands::Auditor < Mrsk::Commands::Base
  private
    def audit_log_file
-      [ "mrsk", config.service, config.destination, "audit.log" ].compact.join("-")
+      file = [ config.service, config.destination, "audit.log" ].compact.join("-")
      "#{config.run_directory}/#{file}"
    end
    def audit_tags(**details)
--- a/lib/kamal/commands/base.rb
+++ b/lib/kamal/commands/base.rb
@@ -1,6 +1,6 @@
-module Mrsk::Commands
+module Kamal::Commands
  class Base
-    delegate :sensitive, :argumentize, to: Mrsk::Utils
+    delegate :sensitive, :argumentize, to: Kamal::Utils
    DOCKER_HEALTH_STATUS_FORMAT = "'{{if .State.Health}}{{.State.Health.Status}}{{else}}{{.State.Status}}{{end}}'"
    DOCKER_HEALTH_LOG_FORMAT    = "'{{json .State.Health}}'"
@@ -13,8 +13,12 @@ module Mrsk::Commands
    def run_over_ssh(*command, host:)
      "ssh".tap do |cmd|
-        cmd << " -J #{config.ssh_proxy.jump_proxies}" if config.ssh_proxy
+        if config.ssh.proxy && config.ssh.proxy.is_a?(Net::SSH::Proxy::Jump)
-        cmd << " -t #{config.ssh_user}@#{host} '#{command.join(" ")}'"
+          cmd << " -J #{config.ssh.proxy.jump_proxies}"
        elsif config.ssh.proxy && config.ssh.proxy.is_a?(Net::SSH::Proxy::Command)
          cmd << " -o ProxyCommand='#{config.ssh.proxy.command_line_template}'"
        end
        cmd << " -t #{config.ssh.user}@#{host} -p #{config.ssh.port} '#{command.join(" ")}'"
      end
    end
@@ -22,6 +26,18 @@ module Mrsk::Commands
      docker :container, :ls, *("--all" unless only_running), "--filter", "name=^#{container_name}$", "--quiet"
    end
    def make_directory_for(remote_file)
      make_directory Pathname.new(remote_file).dirname.to_s
    end
    def make_directory(path)
      [ :mkdir, "-p", path ]
    end
    def remove_directory(path)
      [ :rm, "-r", path ]
    end
    private
      def combine(*commands, by: "&&")
        commands
@@ -46,16 +62,28 @@ module Mrsk::Commands
        combine *commands, by: ">"
      end
      def any(*commands)
        combine *commands, by: "||"
      end
      def xargs(command)
        [ :xargs, command ].flatten
      end
      def shell(command)
        [ :sh, "-c", "'#{command.flatten.join(" ").gsub("'", "'\\''")}'" ]
      end
      def docker(*args)
        args.compact.unshift :docker
      end
      def git(*args)
        args.compact.unshift :git
      end
      def tags(**details)
-        Mrsk::Tags.from_config(config, **details)
+        Kamal::Tags.from_config(config, **details)
      end
  end
 end
--- a/lib/kamal/commands/builder.rb
+++ b/lib/kamal/commands/builder.rb
@@ -0,0 +1,64 @@
 require "active_support/core_ext/string/filters"
 class Kamal::Commands::Builder < Kamal::Commands::Base
  delegate :create, :remove, :push, :clean, :pull, :info, :validate_image, to: :target
  def name
    target.class.to_s.remove("Kamal::Commands::Builder::").underscore.inquiry
  end
  def target
    case
    when !config.builder.multiarch? && !config.builder.cached?
      native
    when !config.builder.multiarch? && config.builder.cached?
      native_cached
    when config.builder.local? && config.builder.remote?
      multiarch_remote
    when config.builder.remote?
      native_remote
    else
      multiarch
    end
  end
  def native
    @native ||= Kamal::Commands::Builder::Native.new(config)
  end
  def native_cached
    @native ||= Kamal::Commands::Builder::Native::Cached.new(config)
  end
  def native_remote
    @native ||= Kamal::Commands::Builder::Native::Remote.new(config)
  end
  def multiarch
    @multiarch ||= Kamal::Commands::Builder::Multiarch.new(config)
  end
  def multiarch_remote
    @multiarch_remote ||= Kamal::Commands::Builder::Multiarch::Remote.new(config)
  end
  def ensure_local_dependencies_installed
    if name.native?
      ensure_local_docker_installed
    else
      combine \
        ensure_local_docker_installed,
        ensure_local_buildx_installed
    end
  end
  private
    def ensure_local_docker_installed
      docker "--version"
    end
    def ensure_local_buildx_installed
      docker :buildx, "version"
    end
 end
--- a/lib/kamal/commands/builder/base.rb
+++ b/lib/kamal/commands/builder/base.rb
@@ -0,0 +1,83 @@
 class Kamal::Commands::Builder::Base < Kamal::Commands::Base
  class BuilderError < StandardError; end
  delegate :argumentize, to: Kamal::Utils
  delegate :args, :secrets, :dockerfile, :local_arch, :local_host, :remote_arch, :remote_host, :cache_from, :cache_to, :ssh, :git_archive?, to: :builder_config
  def clean
    docker :image, :rm, "--force", config.absolute_image
  end
  def pull
    docker :pull, config.absolute_image
  end
  def push
    if git_archive?
      pipe \
        git(:archive, "--format=tar", :HEAD),
        build_and_push
    else
      build_and_push
    end
  end
  def build_options
    [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_ssh ]
  end
  def build_context
    config.builder.context
  end
  def validate_image
    pipe \
      docker(:inspect, "-f", "'{{ .Config.Labels.service }}'", config.absolute_image),
      any(
        [ :grep, "-x", config.service ],
        "(echo \"Image #{config.absolute_image} is missing the 'service' label\" && exit 1)"
      )
  end
  private
    def build_tags
      [ "-t", config.absolute_image, "-t", config.latest_image ]
    end
    def build_cache
      if cache_to && cache_from
        [ "--cache-to", cache_to,
          "--cache-from", cache_from ]
      end
    end
    def build_labels
      argumentize "--label", { service: config.service }
    end
    def build_args
      argumentize "--build-arg", args, sensitive: true
    end
    def build_secrets
      argumentize "--secret", secrets.collect { |secret| [ "id", secret ] }
    end
    def build_dockerfile
      if Pathname.new(File.expand_path(dockerfile)).exist?
        argumentize "--file", dockerfile
      else
        raise BuilderError, "Missing #{dockerfile}"
      end
    end
    def build_ssh
      argumentize "--ssh", ssh if ssh.present?
    end
    def builder_config
      config.builder
    end
 end
--- a/lib/kamal/commands/builder/multiarch.rb
+++ b/lib/kamal/commands/builder/multiarch.rb
@@ -0,0 +1,37 @@
 class Kamal::Commands::Builder::Multiarch < Kamal::Commands::Builder::Base
  def create
    docker :buildx, :create, "--use", "--name", builder_name
  end
  def remove
    docker :buildx, :rm, builder_name
  end
  def info
    combine \
      docker(:context, :ls),
      docker(:buildx, :ls)
  end
  private
    def builder_name
      "kamal-#{config.service}-multiarch"
    end
    def platform_names
      if local_arch
        "linux/#{local_arch}"
      else
        "linux/amd64,linux/arm64"
      end
    end
    def build_and_push
      docker :buildx, :build,
        "--push",
        "--platform", platform_names,
        "--builder", builder_name,
        *build_options,
        build_context
    end
 end
--- a/lib/kamal/commands/builder/multiarch/remote.rb
+++ b/lib/kamal/commands/builder/multiarch/remote.rb
@@ -1,4 +1,4 @@
-class Mrsk::Commands::Builder::Multiarch::Remote < Mrsk::Commands::Builder::Multiarch
+class Kamal::Commands::Builder::Multiarch::Remote < Kamal::Commands::Builder::Multiarch
  def create
    combine \
      create_contexts,
@@ -22,17 +22,17 @@ class Mrsk::Commands::Builder::Multiarch::Remote < Mrsk::Commands::Builder::Mult
    end
    def create_local_buildx
-      docker :buildx, :create, "--name", builder_name, builder_name_with_arch(local["arch"]), "--platform", "linux/#{local["arch"]}"
+      docker :buildx, :create, "--name", builder_name, builder_name_with_arch(local_arch), "--platform", "linux/#{local_arch}"
    end
    def append_remote_buildx
-      docker :buildx, :create, "--append", "--name", builder_name, builder_name_with_arch(remote["arch"]), "--platform", "linux/#{remote["arch"]}"
+      docker :buildx, :create, "--append", "--name", builder_name, builder_name_with_arch(remote_arch), "--platform", "linux/#{remote_arch}"
    end
    def create_contexts
      combine \
-        create_context(local["arch"], local["host"]),
+        create_context(local_arch, local_host),
-        create_context(remote["arch"], remote["host"])
+        create_context(remote_arch, remote_host)
    end
    def create_context(arch, host)
@@ -41,19 +41,11 @@ class Mrsk::Commands::Builder::Multiarch::Remote < Mrsk::Commands::Builder::Mult
    def remove_contexts
      combine \
-        remove_context(local["arch"]),
+        remove_context(local_arch),
-        remove_context(remote["arch"])
+        remove_context(remote_arch)
    end
    def remove_context(arch)
      docker :context, :rm, builder_name_with_arch(arch)
    end
    def local
      config.builder["local"]
    end
    def remote
      config.builder["remote"]
    end
 end
--- a/lib/kamal/commands/builder/native.rb
+++ b/lib/kamal/commands/builder/native.rb
@@ -0,0 +1,21 @@
 class Kamal::Commands::Builder::Native < Kamal::Commands::Builder::Base
  def create
    # No-op on native without cache
  end
  def remove
    # No-op on native without cache
  end
  def info
    # No-op on native
  end
  private
    def build_and_push
      combine \
        docker(:build, *build_options, build_context),
        docker(:push, config.absolute_image),
        docker(:push, config.latest_image)
    end
 end
--- a/lib/kamal/commands/builder/native/cached.rb
+++ b/lib/kamal/commands/builder/native/cached.rb
@@ -0,0 +1,17 @@
 class Kamal::Commands::Builder::Native::Cached < Kamal::Commands::Builder::Native
  def create
    docker :buildx, :create, "--use", "--driver=docker-container"
  end
  def remove
    docker :buildx, :rm, builder_name
  end
  private
    def build_and_push
      docker :buildx, :build,
        "--push",
        *build_options,
        build_context
    end
 end
--- a/lib/kamal/commands/builder/native/remote.rb
+++ b/lib/kamal/commands/builder/native/remote.rb
@@ -1,4 +1,4 @@
-class Mrsk::Commands::Builder::Native::Remote < Mrsk::Commands::Builder::Native
+class Kamal::Commands::Builder::Native::Remote < Kamal::Commands::Builder::Native
  def create
    chain \
      create_context,
@@ -11,15 +11,6 @@ class Mrsk::Commands::Builder::Native::Remote < Mrsk::Commands::Builder::Native
      remove_buildx
  end
  def push
    docker :buildx, :build,
      "--push",
      "--platform", platform,
      "--builder", builder_name,
      *build_options,
      build_context
  end
  def info
    chain \
      docker(:context, :ls),
@@ -28,29 +19,21 @@ class Mrsk::Commands::Builder::Native::Remote < Mrsk::Commands::Builder::Native
  private
    def arch
      config.builder["remote"]["arch"]
    end
    def host
      config.builder["remote"]["host"]
    end
    def builder_name
-      "mrsk-#{config.service}-native-remote"
+      "kamal-#{config.service}-native-remote"
    end
    def builder_name_with_arch
-      "#{builder_name}-#{arch}"
+      "#{builder_name}-#{remote_arch}"
    end
    def platform
-      "linux/#{arch}"
+      "linux/#{remote_arch}"
    end
    def create_context
      docker :context, :create,
-        builder_name_with_arch, "--description", "'#{builder_name} #{arch} native host'", "--docker", "'host=#{host}'"
+        builder_name_with_arch, "--description", "'#{builder_name} #{remote_arch} native host'", "--docker", "'host=#{remote_host}'"
    end
    def remove_context
@@ -64,4 +47,13 @@ class Mrsk::Commands::Builder::Native::Remote < Mrsk::Commands::Builder::Native
    def remove_buildx
      docker :buildx, :rm, builder_name
    end
    def build_and_push
      docker :buildx, :build,
      "--push",
      "--platform", platform,
      "--builder", builder_name,
      *build_options,
      build_context
    end
 end
--- a/lib/kamal/commands/docker.rb
+++ b/lib/kamal/commands/docker.rb
@@ -0,0 +1,34 @@
 class Kamal::Commands::Docker < Kamal::Commands::Base
  # Install Docker using the https://github.com/docker/docker-install convenience script.
  def install
    pipe get_docker, :sh
  end
  # Checks the Docker client version. Fails if Docker is not installed.
  def installed?
    docker "-v"
  end
  # Checks the Docker server version. Fails if Docker is not running.
  def running?
    docker :version
  end
  # Do we have superuser access to install Docker and start system services?
  def superuser?
    [ '[ "${EUID:-$(id -u)}" -eq 0 ] || command -v sudo >/dev/null || command -v su >/dev/null' ]
  end
  def create_kamal_network
    docker :network, :create, :kamal
  end
  private
    def get_docker
      shell \
        any \
          [ :curl, "-fsSL", "https://get.docker.com" ],
          [ :wget, "-O -", "https://get.docker.com" ],
          [ :echo, "\"exit 1\"" ]
    end
 end
--- a/lib/kamal/commands/healthcheck.rb
+++ b/lib/kamal/commands/healthcheck.rb
@@ -1,21 +1,19 @@
-class Mrsk::Commands::Healthcheck < Mrsk::Commands::Base
+class Kamal::Commands::Healthcheck < Kamal::Commands::Base
  EXPOSED_PORT = 3999
  def run
-    web = config.role(:web)
+    primary = config.role(config.primary_role)
    docker :run,
      "--detach",
      "--name", container_name_with_version,
-      "--publish", "#{EXPOSED_PORT}:#{config.healthcheck["port"]}",
+      "--publish", "#{exposed_port}:#{config.healthcheck["port"]}",
-      "--label", "service=#{container_name}",
+      "--label", "service=#{config.healthcheck_service}",
-      "-e", "MRSK_CONTAINER_NAME=\"#{container_name}\"",
+      "-e", "KAMAL_CONTAINER_NAME=\"#{config.healthcheck_service}\"",
-      *web.env_args,
+      *primary.env_args,
-      *web.health_check_args,
+      *primary.health_check_args,
      *config.volume_args,
-      *web.option_args,
+      *primary.option_args,
      config.absolute_image,
-      web.cmd
+      primary.cmd
  end
  def status
@@ -27,7 +25,7 @@ class Mrsk::Commands::Healthcheck < Mrsk::Commands::Base
  end
  def logs
-    pipe container_id, xargs(docker(:logs, "--tail", 50, "2>&1"))
+    pipe container_id, xargs(docker(:logs, "--tail", log_lines, "2>&1"))
  end
  def stop
@@ -39,12 +37,8 @@ class Mrsk::Commands::Healthcheck < Mrsk::Commands::Base
  end
  private
    def container_name
      [ "healthcheck", config.service, config.destination ].compact.join("-")
    end
    def container_name_with_version
-      "#{container_name}-#{config.version}"
+      "#{config.healthcheck_service}-#{config.version}"
    end
    def container_id
@@ -52,6 +46,14 @@ class Mrsk::Commands::Healthcheck < Mrsk::Commands::Base
    end
    def health_url
-      "http://localhost:#{EXPOSED_PORT}#{config.healthcheck["path"]}"
+      "http://localhost:#{exposed_port}#{config.healthcheck["path"]}"
    end
    def exposed_port
      config.healthcheck["exposed_port"]
    end
    def log_lines
      config.healthcheck["log_lines"]
    end
 end
--- a/lib/kamal/commands/hook.rb
+++ b/lib/kamal/commands/hook.rb
@@ -1,4 +1,4 @@
-class Mrsk::Commands::Hook < Mrsk::Commands::Base
+class Kamal::Commands::Hook < Kamal::Commands::Base
  def run(hook, **details)
    [ hook_file(hook), env: tags(**details).env ]
  end
--- a/lib/kamal/commands/lock.rb
+++ b/lib/kamal/commands/lock.rb
@@ -1,17 +1,18 @@
 require "active_support/duration"
 require "time"
 require "base64"
-class Mrsk::Commands::Lock < Mrsk::Commands::Base
+class Kamal::Commands::Lock < Kamal::Commands::Base
  def acquire(message, version)
    combine \
-      [:mkdir, lock_dir],
+      [ :mkdir, lock_dir ],
      write_lock_details(message, version)
  end
  def release
    combine \
-      [:rm, lock_details_file],
+      [ :rm, lock_details_file ],
-      [:rm, "-r", lock_dir]
+      [ :rm, "-r", lock_dir ]
  end
  def status
@@ -20,31 +21,41 @@ class Mrsk::Commands::Lock < Mrsk::Commands::Base
      read_lock_details
  end
  def ensure_locks_directory
    [ :mkdir, "-p", locks_dir ]
  end
  private
    def write_lock_details(message, version)
      write \
-        [:echo, "\"#{Base64.encode64(lock_details(message, version))}\""],
+        [ :echo, "\"#{Base64.encode64(lock_details(message, version))}\"" ],
        lock_details_file
    end
    def read_lock_details
      pipe \
-        [:cat, lock_details_file],
+        [ :cat, lock_details_file ],
-        [:base64, "-d"]
+        [ :base64, "-d" ]
    end
    def stat_lock_dir
      write \
-        [:stat, lock_dir],
+        [ :stat, lock_dir ],
        "/dev/null"
    end
    def locks_dir
      File.join(config.run_directory, "locks")
    end
    def lock_dir
-      :mrsk_lock
+      dir_name = [ config.service, config.destination ].compact.join("-")
      File.join(locks_dir, dir_name)
    end
    def lock_details_file
-      [lock_dir, :details].join("/")
+      File.join(lock_dir, "details")
    end
    def lock_details(message, version)
@@ -56,7 +67,7 @@ class Mrsk::Commands::Lock < Mrsk::Commands::Base
    end
    def locked_by
-      `git config user.name`.strip
+      Kamal::Git.user_name
    rescue Errno::ENOENT
      "Unknown"
    end
--- a/lib/kamal/commands/proxy.rb
+++ b/lib/kamal/commands/proxy.rb
@@ -0,0 +1,116 @@
 class Kamal::Commands::Proxy < Kamal::Commands::Base
  CONTAINER_PORT = 80
  delegate :argumentize, :optionize, to: Kamal::Utils
  DEFAULT_IMAGE = "dmcbreen/mproxy:latest"
  def run
    docker :run,
      "--name", container_name,
      "--detach",
      "--restart", "unless-stopped",
      "--network kamal",
      *publish_args,
      "--volume", "/var/run/docker.sock:/var/run/docker.sock",
      *config.logging_args,
      *label_args,
      *docker_options_args,
      image,
      *cmd_option_args
  end
  def start
    docker :container, :start, container_name
  end
  def stop
    docker :container, :stop, container_name
  end
  def start_or_run
    combine start, run, by: "||"
  end
  def deploy(version)
    docker :exec, container_name, :mproxy, :deploy, version
  end
  def remove(version)
    docker :exec, container_name, :mproxy, :remove, version
  end
  def info
    docker :ps, "--filter", "name=^#{container_name}$"
  end
  def logs(since: nil, lines: nil, grep: nil)
    pipe \
      docker(:logs, container_name, (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
      ("grep '#{grep}'" if grep)
  end
  def follow_logs(host:, grep: nil)
    run_over_ssh pipe(
      docker(:logs, container_name, "--timestamps", "--tail", "10", "--follow", "2>&1"),
      (%(grep "#{grep}") if grep)
    ).join(" "), host: host
  end
  def remove_container
    docker :container, :prune, "--force", "--filter", container_filter
  end
  def remove_image
    docker :image, :prune, "--all", "--force", "--filter", image_filter
  end
  def port
    "#{host_port}:#{CONTAINER_PORT}"
  end
  private
    def container_filter
      "label=org.opencontainers.image.title=mproxy"
    end
    def image_filter
      "label=org.opencontainers.image.title=mproxy"
    end
    def publish_args
      argumentize "--publish", port unless config.proxy["publish"] == false
    end
    def label_args
      argumentize "--label", labels
    end
    def labels
      config.proxy["labels"] || {}
    end
    def image
      config.proxy.fetch("image") { DEFAULT_IMAGE }
    end
    def docker_options_args
      optionize(config.proxy["options"] || {})
    end
    def cmd_option_args
      optionize cmd_args, with: "="
    end
    def cmd_args
      config.proxy["args"] || {}
    end
    def host_port
      config.proxy["host_port"] || CONTAINER_PORT
    end
    def container_name
      "mproxy"
    end
 end
--- a/lib/kamal/commands/prune.rb
+++ b/lib/kamal/commands/prune.rb
@@ -0,0 +1,46 @@
 require "active_support/duration"
 require "active_support/core_ext/numeric/time"
 class Kamal::Commands::Prune < Kamal::Commands::Base
  def dangling_images
    docker :image, :prune, "--force", "--filter", "label=service=#{config.service}"
  end
  def tagged_images
    pipe \
      docker(:image, :ls, *service_filter, "--format", "'{{.ID}} {{.Repository}}:{{.Tag}}'"),
      "grep -v -w \"#{active_image_list}\"",
      "while read image tag; do docker rmi $tag; done"
  end
  def app_containers(retain:)
    pipe \
      docker(:ps, "-q", "-a", *service_filter, *stopped_containers_filters),
      "tail -n +#{retain + 1}",
      "while read container_id; do docker rm $container_id; done"
  end
  def healthcheck_containers
    docker :container, :prune, "--force", *healthcheck_service_filter
  end
  private
    def stopped_containers_filters
      [ "created", "exited", "dead" ].flat_map { |status| [ "--filter", "status=#{status}" ] }
    end
    def active_image_list
      # Pull the images that are used by any containers
      # Append repo:latest - to avoid deleting the latest tag
      # Append repo:<none> - to avoid deleting dangling images that are in use. Unused dangling images are deleted separately
      "$(docker container ls -a --format '{{.Image}}\\|' --filter label=service=#{config.service} | tr -d '\\n')#{config.latest_image}\\|#{config.repository}:<none>"
    end
    def service_filter
      [ "--filter", "label=service=#{config.service}" ]
    end
    def healthcheck_service_filter
      [ "--filter", "label=service=#{config.healthcheck_service}" ]
    end
 end
--- a/lib/kamal/commands/registry.rb
+++ b/lib/kamal/commands/registry.rb
@@ -1,8 +1,11 @@
-class Mrsk::Commands::Registry < Mrsk::Commands::Base
+class Kamal::Commands::Registry < Kamal::Commands::Base
  delegate :registry, to: :config
  def login
-    docker :login, registry["server"], "-u", sensitive(lookup("username")), "-p", sensitive(lookup("password"))
+    docker :login,
      registry["server"],
      "-u", sensitive(Kamal::Utils.escape_shell_value(lookup("username"))),
      "-p", sensitive(Kamal::Utils.escape_shell_value(lookup("password")))
  end
  def logout
--- a/lib/kamal/commands/server.rb
+++ b/lib/kamal/commands/server.rb
@@ -0,0 +1,5 @@
 class Kamal::Commands::Server < Kamal::Commands::Base
  def ensure_run_directory
    [ :mkdir, "-p", config.run_directory ]
  end
 end
--- a/lib/kamal/configuration.rb
+++ b/lib/kamal/configuration.rb
@@ -0,0 +1,335 @@
 require "active_support/ordered_options"
 require "active_support/core_ext/string/inquiry"
 require "active_support/core_ext/module/delegation"
 require "pathname"
 require "erb"
 require "net/ssh/proxy/jump"
 class Kamal::Configuration
  delegate :service, :image, :port, :servers, :labels, :registry, :stop_wait_time, :hooks_path, :logging, to: :raw_config, allow_nil: true
  delegate :argumentize, :optionize, to: Kamal::Utils
  attr_reader :destination, :raw_config
  class << self
    def create_from(config_file:, destination: nil, version: nil)
      raw_config = load_config_files(config_file, *destination_config_file(config_file, destination))
      new raw_config, destination: destination, version: version
    end
    private
      def load_config_files(*files)
        files.inject({}) { |config, file| config.deep_merge! load_config_file(file) }
      end
      def load_config_file(file)
        if file.exist?
          # Newer Psych doesn't load aliases by default
          load_method = YAML.respond_to?(:unsafe_load) ? :unsafe_load : :load
          YAML.send(load_method, ERB.new(IO.read(file)).result).symbolize_keys
        else
          raise "Configuration file not found in #{file}"
        end
      end
      def destination_config_file(base_config_file, destination)
        base_config_file.sub_ext(".#{destination}.yml") if destination
      end
  end
  def initialize(raw_config, destination: nil, version: nil, validate: true)
    @raw_config = ActiveSupport::InheritableOptions.new(raw_config)
    @destination = destination
    @declared_version = version
    valid? if validate
  end
  def version=(version)
    @declared_version = version
  end
  def version
    @declared_version.presence || ENV["VERSION"] || git_version
  end
  def abbreviated_version
    if version
      # Don't abbreviate <sha>_uncommitted_<etc>
      if version.include?("_")
        version
      else
        version[0...7]
      end
    end
  end
  def minimum_version
    raw_config.minimum_version
  end
  def roles
    @roles ||= role_names.collect { |role_name| Role.new(role_name, config: self) }
  end
  def role(name)
    roles.detect { |r| r.name == name.to_s }
  end
  def accessories
    @accessories ||= raw_config.accessories&.keys&.collect { |name| Kamal::Configuration::Accessory.new(name, config: self) } || []
  end
  def accessory(name)
    accessories.detect { |a| a.name == name.to_s }
  end
  def all_hosts
    roles.flat_map(&:hosts).uniq
  end
  def primary_host
    primary_role&.primary_host
  end
  def primary_role_name
    raw_config.primary_role || "web"
  end
  def primary_role
    role(primary_role_name)
  end
  def allow_empty_roles?
    raw_config.allow_empty_roles
  end
  def proxy_roles
    roles.select(&:running_proxy?)
  end
  def proxy_role_names
    proxy_roles.flat_map(&:name)
  end
  def proxy_hosts
    proxy_roles.flat_map(&:hosts).uniq
  end
  def repository
    [ raw_config.registry["server"], image ].compact.join("/")
  end
  def absolute_image
    "#{repository}:#{version}"
  end
  def latest_image
    "#{repository}:latest"
  end
  def service_with_version
    "#{service}-#{version}"
  end
  def require_destination?
    raw_config.require_destination
  end
  def retain_containers
    raw_config.retain_containers || 5
  end
  def volume_args
    if raw_config.volumes.present?
      argumentize "--volume", raw_config.volumes
    else
      []
    end
  end
  def logging_args
    if logging.present?
      optionize({ "log-driver" => logging["driver"] }.compact) +
        argumentize("--log-opt", logging["options"])
    else
      argumentize("--log-opt", { "max-size" => "10m" })
    end
  end
  def boot
    Kamal::Configuration::Boot.new(config: self)
  end
  def builder
    Kamal::Configuration::Builder.new(config: self)
  end
  def proxy
    raw_config.proxy || {}
  end
  def ssh
    Kamal::Configuration::Ssh.new(config: self)
  end
  def sshkit
    Kamal::Configuration::Sshkit.new(config: self)
  end
  def healthcheck
    { "path" => "/up", "port" => 3000, "max_attempts" => 7, "exposed_port" => 3999, "log_lines" => 50 }.merge(raw_config.healthcheck || {})
  end
  def healthcheck_service
    [ "healthcheck", service, destination ].compact.join("-")
  end
  def readiness_delay
    raw_config.readiness_delay || 7
  end
  def run_id
    @run_id ||= SecureRandom.hex(16)
  end
  def run_directory
    raw_config.run_directory || ".kamal"
  end
  def run_directory_as_docker_volume
    if Pathname.new(run_directory).absolute?
      run_directory
    else
      File.join "$(pwd)", run_directory
    end
  end
  def hooks_path
    raw_config.hooks_path || ".kamal/hooks"
  end
  def asset_path
    raw_config.asset_path
  end
  def host_env_directory
    "#{run_directory}/env"
  end
  def env
    raw_config.env || {}
  end
  def valid?
    ensure_destination_if_required && ensure_required_keys_present && ensure_valid_kamal_version && ensure_retain_containers_valid && ensure_valid_service_name
  end
  def to_h
    {
      roles: role_names,
      hosts: all_hosts,
      primary_host: primary_host,
      version: version,
      repository: repository,
      absolute_image: absolute_image,
      service_with_version: service_with_version,
      volume_args: volume_args,
      ssh_options: ssh.to_h,
      sshkit: sshkit.to_h,
      builder: builder.to_h,
      accessories: raw_config.accessories,
      logging: logging_args,
      healthcheck: healthcheck
    }.compact
  end
  private
    # Will raise ArgumentError if any required config keys are missing
    def ensure_destination_if_required
      if require_destination? && destination.nil?
        raise ArgumentError, "You must specify a destination"
      end
      true
    end
    def ensure_required_keys_present
      %i[ service image registry servers ].each do |key|
        raise ArgumentError, "Missing required configuration for #{key}" unless raw_config[key].present?
      end
      if raw_config.registry["username"].blank?
        raise ArgumentError, "You must specify a username for the registry in config/deploy.yml"
      end
      if raw_config.registry["password"].blank?
        raise ArgumentError, "You must specify a password for the registry in config/deploy.yml (or set the ENV variable if that's used)"
      end
      unless role_names.include?(primary_role_name)
        raise ArgumentError, "The primary_role #{primary_role_name} isn't defined"
      end
      if primary_role.hosts.empty?
        raise ArgumentError, "No servers specified for the #{primary_role.name} primary_role"
      end
      unless allow_empty_roles?
        roles.each do |role|
          if role.hosts.empty?
            raise ArgumentError, "No servers specified for the #{role.name} role. You can ignore this with allow_empty_roles: true"
          end
        end
      end
      true
    end
    def ensure_valid_service_name
      raise ArgumentError, "Service name can only include alphanumeric characters, hyphens, and underscores" unless raw_config[:service] =~ /^[a-z0-9_-]+$/
      true
    end
    def ensure_valid_kamal_version
      if minimum_version && Gem::Version.new(minimum_version) > Gem::Version.new(Kamal::VERSION)
        raise ArgumentError, "Current version is #{Kamal::VERSION}, minimum required is #{minimum_version}"
      end
      true
    end
    def ensure_retain_containers_valid
      raise ArgumentError, "Must retain at least 1 container" if retain_containers < 1
      true
    end
    def role_names
      raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
    end
    def git_version
      @git_version ||=
        if Kamal::Git.used?
          if Kamal::Git.uncommitted_changes.present? && !builder.git_archive?
            uncommitted_suffix = "_uncommitted_#{SecureRandom.hex(8)}"
          end
          [ Kamal::Git.revision, uncommitted_suffix ].compact.join
        else
          raise "Can't use commit hash as version, no git repository found in #{Dir.pwd}"
        end
    end
 end
--- a/lib/kamal/configuration/accessory.rb
+++ b/lib/kamal/configuration/accessory.rb
@@ -1,5 +1,5 @@
-class Mrsk::Configuration::Accessory
+class Kamal::Configuration::Accessory
-  delegate :argumentize, :argumentize_env_with_secrets, :optionize, to: Mrsk::Utils
+  delegate :argumentize, :optionize, to: Kamal::Utils
  attr_accessor :name, :specifics
@@ -8,7 +8,7 @@ class Mrsk::Configuration::Accessory
  end
  def service_name
-    "#{config.service}-#{name}"
+    specifics["service"] || "#{config.service}-#{name}"
  end
  def image
@@ -16,7 +16,7 @@ class Mrsk::Configuration::Accessory
  end
  def hosts
-    if (specifics.keys & ["host", "hosts", "roles"]).size != 1
+    if (specifics.keys & [ "host", "hosts", "roles" ]).size != 1
      raise ArgumentError, "Specify one of `host`, `hosts` or `roles` for accessory `#{name}`"
    end
@@ -42,11 +42,13 @@ class Mrsk::Configuration::Accessory
  end
  def env
-    specifics["env"] || {}
+    Kamal::Configuration::Env.from_config \
      config: specifics.fetch("env", {}),
      secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env")
  end
  def env_args
-    argumentize_env_with_secrets env
+    env.args
  end
  def files
@@ -58,8 +60,8 @@ class Mrsk::Configuration::Accessory
  def directories
    specifics["directories"]&.to_h do |host_to_container_mapping|
-      host_relative_path, container_path = host_to_container_mapping.split(":")
+      host_path, container_path = host_to_container_mapping.split(":")
-      [ expand_host_path(host_relative_path), container_path ]
+      [ expand_host_path(host_path), container_path ]
    end || {}
  end
@@ -99,10 +101,10 @@ class Mrsk::Configuration::Accessory
    end
    def with_clear_env_loaded
-      (env["clear"] || env).each { |k, v| ENV[k] = v }
+      env.clear.each { |k, v| ENV[k] = v }
      yield
    ensure
-      (env["clear"] || env).each { |k, v| ENV.delete(k) }
+      env.clear.each { |k, v| ENV.delete(k) }
    end
    def read_dynamic_file(local_file)
@@ -126,13 +128,17 @@ class Mrsk::Configuration::Accessory
    def remote_directories_as_volumes
      specifics["directories"]&.collect do |host_to_container_mapping|
-        host_relative_path, container_path = host_to_container_mapping.split(":")
+        host_path, container_path = host_to_container_mapping.split(":")
-        [ expand_host_path(host_relative_path), container_path ].join(":")
+        [ expand_host_path(host_path), container_path ].join(":")
      end || []
    end
-    def expand_host_path(host_relative_path)
+    def expand_host_path(host_path)
-      "#{service_data_directory}/#{host_relative_path}"
+      absolute_path?(host_path) ? host_path : "#{service_data_directory}/#{host_path}"
    end
    def absolute_path?(path)
      Pathname.new(path).absolute?
    end
    def service_data_directory
@@ -143,7 +149,7 @@ class Mrsk::Configuration::Accessory
      if specifics.key?("host")
        host = specifics["host"]
        if host
-          [host]
+          [ host ]
        else
          raise ArgumentError, "Missing host for accessory `#{name}`"
        end
--- a/lib/kamal/configuration/boot.rb
+++ b/lib/kamal/configuration/boot.rb
@@ -1,4 +1,4 @@
-class Mrsk::Configuration::Boot
+class Kamal::Configuration::Boot
  def initialize(config:)
    @options = config.raw_config.boot || {}
    @host_count = config.all_hosts.count
@@ -8,7 +8,7 @@ class Mrsk::Configuration::Boot
    limit = @options["limit"]
    if limit.to_s.end_with?("%")
-      @host_count * limit.to_i / 100
+      [ @host_count * limit.to_i / 100, 1 ].max
    else
      limit
    end
--- a/lib/kamal/configuration/builder.rb
+++ b/lib/kamal/configuration/builder.rb
@@ -0,0 +1,122 @@
 class Kamal::Configuration::Builder
  def initialize(config:)
    @options = config.raw_config.builder || {}
    @image = config.image
    @server = config.registry["server"]
    valid?
  end
  def to_h
    @options
  end
  def multiarch?
    @options["multiarch"] != false
  end
  def local?
    !!@options["local"]
  end
  def remote?
    !!@options["remote"]
  end
  def cached?
    !!@options["cache"]
  end
  def args
    @options["args"] || {}
  end
  def secrets
    @options["secrets"] || []
  end
  def dockerfile
    @options["dockerfile"] || "Dockerfile"
  end
  def context
    @options["context"] || (git_archive? ? "-" : ".")
  end
  def local_arch
    @options["local"]["arch"] if local?
  end
  def local_host
    @options["local"]["host"] if local?
  end
  def remote_arch
    @options["remote"]["arch"] if remote?
  end
  def remote_host
    @options["remote"]["host"] if remote?
  end
  def cache_from
    if cached?
      case @options["cache"]["type"]
      when "gha"
        cache_from_config_for_gha
      when "registry"
        cache_from_config_for_registry
      end
    end
  end
  def cache_to
    if cached?
      case @options["cache"]["type"]
      when "gha"
        cache_to_config_for_gha
      when "registry"
        cache_to_config_for_registry
      end
    end
  end
  def ssh
    @options["ssh"]
  end
  def git_archive?
    Kamal::Git.used? && @options["context"].nil?
  end
  private
    def valid?
      if @options["cache"] && @options["cache"]["type"]
        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
      end
    end
    def cache_image
      @options["cache"]&.fetch("image", nil) || "#{@image}-build-cache"
    end
    def cache_image_ref
      [ @server, cache_image ].compact.join("/")
    end
    def cache_from_config_for_gha
      "type=gha"
    end
    def cache_from_config_for_registry
      [ "type=registry", "ref=#{cache_image_ref}" ].compact.join(",")
    end
    def cache_to_config_for_gha
      [ "type=gha", @options["cache"]&.fetch("options", nil) ].compact.join(",")
    end
    def cache_to_config_for_registry
      [ "type=registry", @options["cache"]&.fetch("options", nil), "ref=#{cache_image_ref}" ].compact.join(",")
    end
 end
--- a/lib/kamal/configuration/env.rb
+++ b/lib/kamal/configuration/env.rb
@@ -0,0 +1,40 @@
 class Kamal::Configuration::Env
  attr_reader :secrets_keys, :clear, :secrets_file
  delegate :argumentize, to: Kamal::Utils
  def self.from_config(config:, secrets_file: nil)
    secrets_keys = config.fetch("secret", [])
    clear = config.fetch("clear", config.key?("secret") ? {} : config)
    new clear: clear, secrets_keys: secrets_keys, secrets_file: secrets_file
  end
  def initialize(clear:, secrets_keys:, secrets_file:)
    @clear = clear
    @secrets_keys = secrets_keys
    @secrets_file = secrets_file
  end
  def args
    [ "--env-file", secrets_file, *argumentize("--env", clear) ]
  end
  def secrets_io
    StringIO.new(Kamal::EnvFile.new(secrets).to_s)
  end
  def secrets
    @secrets ||= secrets_keys.to_h { |key| [ key, ENV.fetch(key) ] }
  end
  def secrets_directory
    File.dirname(secrets_file)
  end
  def merge(other)
    self.class.new \
      clear: @clear.merge(other.clear),
      secrets_keys: @secrets_keys | other.secrets_keys,
      secrets_file: secrets_file
  end
 end
--- a/lib/kamal/configuration/role.rb
+++ b/lib/kamal/configuration/role.rb
@@ -0,0 +1,184 @@
 class Kamal::Configuration::Role
  delegate :argumentize, :optionize, to: Kamal::Utils
  attr_accessor :name
  alias to_s name
  def initialize(name, config:)
    @name, @config = name.inquiry, config
  end
  def primary_host
    hosts.first
  end
  def hosts
    @hosts ||= extract_hosts_from_config
  end
  def port
    specializations["port"] || config.port || "3000"
  end
  def cmd
    specializations["cmd"]
  end
  def option_args
    if args = specializations["options"]
      optionize args
    else
      []
    end
  end
  def labels
    default_labels.merge(custom_labels)
  end
  def label_args
    argumentize "--label", labels
  end
  def logging_args
    args = config.logging || {}
    args.deep_merge!(specializations["logging"]) if specializations["logging"].present?
    if args.any?
      optionize({ "log-driver" => args["driver"] }.compact) +
        argumentize("--log-opt", args["options"])
    else
      config.logging_args
    end
  end
  def env
    @env ||= base_env.merge(specialized_env)
  end
  def env_args
    env.args
  end
  def asset_volume_args
    asset_volume&.docker_args
  end
  def health_check_args
    if health_check_cmd.present?
      optionize({ "health-cmd" => health_check_cmd, "health-interval" => health_check_interval })
    else
      []
    end
  end
  def health_check_cmd
    health_check_options["cmd"] || http_health_check(port: health_check_options["port"], path: health_check_options["path"])
  end
  def health_check_interval
    health_check_options["interval"] || "1s"
  end
  def running_proxy?
    if specializations["proxy"].nil?
      primary?
    else
      specializations["proxy"]
    end
  end
  def primary?
    self == @config.primary_role
  end
  def container_name(version = nil)
    [ container_prefix, version || config.version ].compact.join("-")
  end
  def container_prefix
    [ config.service, name, config.destination ].compact.join("-")
  end
  def asset_path
    specializations["asset_path"] || config.asset_path
  end
  def assets?
    asset_path.present? && running_proxy?
  end
  def asset_volume(version = nil)
    if assets?
      Kamal::Configuration::Volume.new \
        host_path: asset_volume_path(version), container_path: asset_path
    end
  end
  def asset_extracted_path(version = nil)
    File.join config.run_directory, "assets", "extracted", container_name(version)
  end
  def asset_volume_path(version = nil)
    File.join config.run_directory, "assets", "volumes", container_name(version)
  end
  private
    attr_accessor :config
    def extract_hosts_from_config
      if config.servers.is_a?(Array)
        config.servers
      else
        servers = config.servers[name]
        servers.is_a?(Array) ? servers : Array(servers["hosts"])
      end
    end
    def default_labels
      { "service" => config.service, "role" => name, "destination" => config.destination }
    end
    def custom_labels
      Hash.new.tap do |labels|
        labels.merge!(config.labels) if config.labels.present?
        labels.merge!(specializations["labels"]) if specializations["labels"].present?
      end
    end
    def specializations
      if config.servers.is_a?(Array) || config.servers[name].is_a?(Array)
        {}
      else
        config.servers[name].except("hosts")
      end
    end
    def specialized_env
      Kamal::Configuration::Env.from_config config: specializations.fetch("env", {})
    end
    # Secrets are stored in an array, which won't merge by default, so have to do it by hand.
    def base_env
      Kamal::Configuration::Env.from_config \
        config: config.env,
        secrets_file: File.join(config.host_env_directory, "roles", "#{container_prefix}.env")
    end
    def http_health_check(port:, path:)
      "curl -f #{URI.join("http://localhost:#{port}", path)} || exit 1" if path.present? || port.present?
    end
    def health_check_options
      @health_check_options ||= begin
        options = specializations["healthcheck"] || {}
        options = config.healthcheck.merge(options) if running_proxy?
        options
      end
    end
 end
--- a/lib/kamal/configuration/ssh.rb
+++ b/lib/kamal/configuration/ssh.rb
@@ -0,0 +1,42 @@
 class Kamal::Configuration::Ssh
  LOGGER = ::Logger.new(STDERR)
  def initialize(config:)
    @config = config.raw_config.ssh || {}
  end
  def user
    config.fetch("user", "root")
  end
  def port
    config.fetch("port", 22)
  end
  def proxy
    if (proxy = config["proxy"])
      Net::SSH::Proxy::Jump.new(proxy.include?("@") ? proxy : "root@#{proxy}")
    elsif (proxy_command = config["proxy_command"])
      Net::SSH::Proxy::Command.new(proxy_command)
    end
  end
  def options
    { user: user, port: port, proxy: proxy, logger: logger, keepalive: true, keepalive_interval: 30 }.compact
  end
  def to_h
    options.except(:logger).merge(log_level: log_level)
  end
  private
    attr_accessor :config
    def logger
      LOGGER.tap { |logger| logger.level = log_level }
    end
    def log_level
      config.fetch("log_level", :fatal)
    end
 end
--- a/lib/kamal/configuration/sshkit.rb
+++ b/lib/kamal/configuration/sshkit.rb
@@ -0,0 +1,20 @@
 class Kamal::Configuration::Sshkit
  def initialize(config:)
    @options = config.raw_config.sshkit || {}
  end
  def max_concurrent_starts
    options.fetch("max_concurrent_starts", 30)
  end
  def pool_idle_timeout
    options.fetch("pool_idle_timeout", 900)
  end
  def to_h
    options
  end
  private
    attr_accessor :options
 end
--- a/lib/kamal/configuration/volume.rb
+++ b/lib/kamal/configuration/volume.rb
@@ -0,0 +1,22 @@
 class Kamal::Configuration::Volume
  attr_reader :host_path, :container_path
  delegate :argumentize, to: Kamal::Utils
  def initialize(host_path:, container_path:)
    @host_path = host_path
    @container_path = container_path
  end
  def docker_args
    argumentize "--volume", "#{host_path_for_docker_volume}:#{container_path}"
  end
  private
    def host_path_for_docker_volume
      if Pathname.new(host_path).absolute?
        host_path
      else
        File.join "$(pwd)", host_path
      end
    end
 end
--- a/lib/kamal/env_file.rb
+++ b/lib/kamal/env_file.rb
@@ -0,0 +1,31 @@
 # Encode an env hash as a string where secret values have been looked up and all values escaped for Docker.
 class Kamal::EnvFile
  def initialize(env)
    @env = env
  end
  def to_s
    env_file = StringIO.new.tap do |contents|
      @env.each do |key, value|
        contents << docker_env_file_line(key, value)
      end
    end.string
    # Ensure the file has some contents to avoid the SSHKIT empty file warning
    env_file.presence || "\n"
  end
  alias to_str to_s
  private
    def docker_env_file_line(key, value)
      "#{key}=#{escape_docker_env_file_value(value)}\n"
    end
    # Escape a value to make it safe to dump in a docker file.
    def escape_docker_env_file_value(value)
      # Doublequotes are treated literally in docker env files
      # so remove leading and trailing ones and unescape any others
      value.to_s.dump[1..-2].gsub(/\\"/, "\"")
    end
 end
--- a/lib/kamal/git.rb
+++ b/lib/kamal/git.rb
@@ -0,0 +1,19 @@
 module Kamal::Git
  extend self
  def used?
    system("git rev-parse")
  end
  def user_name
    `git config user.name`.strip
  end
  def revision
    `git rev-parse HEAD`.strip
  end
  def uncommitted_changes
    `git status --porcelain`.strip
  end
 end
--- a/lib/kamal/sshkit_with_ext.rb
+++ b/lib/kamal/sshkit_with_ext.rb
@@ -1,5 +1,6 @@
 require "sshkit"
 require "sshkit/dsl"
 require "net/scp"
 require "active_support/core_ext/hash/deep_merge"
 require "json"
@@ -54,3 +55,51 @@ class SSHKit::Backend::Abstract
  end
  prepend CommandEnvMerge
 end
 class SSHKit::Backend::Netssh::Configuration
  attr_accessor :max_concurrent_starts
 end
 class SSHKit::Backend::Netssh
  module LimitConcurrentStartsClass
    attr_reader :start_semaphore
    def configure(&block)
      super &block
      # Create this here to avoid lazy creation by multiple threads
      if config.max_concurrent_starts
        @start_semaphore = Concurrent::Semaphore.new(config.max_concurrent_starts)
      end
    end
  end
  class << self
    prepend LimitConcurrentStartsClass
  end
  module LimitConcurrentStartsInstance
    private
      def with_ssh(&block)
        host.ssh_options = self.class.config.ssh_options.merge(host.ssh_options || {})
        self.class.pool.with(
          method(:start_with_concurrency_limit),
          String(host.hostname),
          host.username,
          host.netssh_options,
          &block
        )
      end
      def start_with_concurrency_limit(*args)
        if self.class.start_semaphore
          self.class.start_semaphore.acquire do
            Net::SSH.start(*args)
          end
        else
          Net::SSH.start(*args)
        end
      end
  end
  prepend LimitConcurrentStartsInstance
 end
--- a/lib/kamal/tags.rb
+++ b/lib/kamal/tags.rb
@@ -1,6 +1,6 @@
 require "time"
-class Mrsk::Tags
+class Kamal::Tags
  attr_reader :config, :tags
  class << self
@@ -26,7 +26,7 @@ class Mrsk::Tags
  end
  def env
-    tags.transform_keys { |detail| "MRSK_#{detail.upcase}" }
+    tags.transform_keys { |detail| "KAMAL_#{detail.upcase}" }
  end
  def to_s
--- a/lib/kamal/utils.rb
+++ b/lib/kamal/utils.rb
@@ -1,4 +1,4 @@
-module Mrsk::Utils
+module Kamal::Utils
  extend self
  DOLLAR_SIGN_WITHOUT_SHELL_EXPANSION_REGEX = /\$(?!{[^\}]*\})/
@@ -9,23 +9,13 @@ module Mrsk::Utils
      if value.present?
        attr = "#{key}=#{escape_shell_value(value)}"
        attr = self.sensitive(attr, redaction: "#{key}=[REDACTED]") if sensitive
-        [ argument, attr]
+        [ argument, attr ]
      else
        [ argument, key ]
      end
    end
  end
  # Return a list of shell arguments using the same named argument against the passed attributes,
  # but redacts and expands secrets.
  def argumentize_env_with_secrets(env)
    if (secrets = env["secret"]).present?
      argumentize("-e", secrets.to_h { |key| [ key, ENV.fetch(key) ] }, sensitive: true) + argumentize("-e", env["clear"])
    else
      argumentize "-e", env.fetch("clear", env)
    end
  end
  # Returns a list of shell-dashed option arguments. If the value is true, it's treated like a value-less option.
  def optionize(args, with: nil)
    options = if with
@@ -39,14 +29,14 @@ module Mrsk::Utils
  # Flattens a one-to-many structure into an array of two-element arrays each containing a key-value pair
  def flatten_args(args)
-    args.flat_map { |key, value| value.try(:map) { |entry| [key, entry] } || [ [ key, value ] ] }
+    args.flat_map { |key, value| value.try(:map) { |entry| [ key, entry ] } || [ [ key, value ] ] }
  end
  # Marks sensitive values for redaction in logs and human-visible output.
  # Pass `redaction:` to change the default `"[REDACTED]"` redaction, e.g.
  # `sensitive "#{arg}=#{secret}", redaction: "#{arg}=xxxx"
  def sensitive(...)
-    Mrsk::Utils::Sensitive.new(...)
+    Kamal::Utils::Sensitive.new(...)
  end
  def redacted(value)
@@ -62,19 +52,6 @@ module Mrsk::Utils
    end
  end
  def unredacted(value)
    case
    when value.respond_to?(:unredacted)
      value.unredacted
    when value.respond_to?(:transform_values)
      value.transform_values { |value| unredacted value }
    when value.respond_to?(:map)
      value.map { |element| unredacted element }
    else
      value
    end
  end
  # Escape a value to make it safe for shell use.
  def escape_shell_value(value)
    value.to_s.dump
@@ -82,15 +59,19 @@ module Mrsk::Utils
      .gsub(DOLLAR_SIGN_WITHOUT_SHELL_EXPANSION_REGEX, '\$')
  end
-  # Abbreviate a git revhash for concise display
+  # Apply a list of host or role filters, including wildcard matches
-  def abbreviate_version(version)
+  def filter_specific_items(filters, items)
-    if version
+    matches = []
-      # Don't abbreviate <sha>_uncommitted_<etc>
+
-      if version.include?("_")
+    Array(filters).select do |filter|
-        version
+      matches += Array(items).select do |item|
-      else
+        # Only allow * for a wildcard
-        version[0...7]
+        pattern = Regexp.escape(filter).gsub('\*', ".*")
        # items are roles or hosts
        (item.respond_to?(:name) ? item.name : item).match(/^#{pattern}$/)
      end
    end
    matches
  end
 end
--- a/lib/kamal/utils/sensitive.rb
+++ b/lib/kamal/utils/sensitive.rb
@@ -1,6 +1,7 @@
 require "active_support/core_ext/module/delegation"
 require "sshkit"
-class Mrsk::Utils::Sensitive
+class Kamal::Utils::Sensitive
  # So SSHKit knows to redact these values.
  include SSHKit::Redaction
--- a/lib/kamal/version.rb
+++ b/lib/kamal/version.rb
@@ -0,0 +1,3 @@
 module Kamal
  VERSION = "1.4.0"
 end
--- a/lib/mrsk/cli/app.rb
+++ b/lib/mrsk/cli/app.rb
@@ -1,290 +0,0 @@
 class Mrsk::Cli::App < Mrsk::Cli::Base
  desc "boot", "Boot app on servers (or reboot app if already running)"
  def boot
    with_lock do
      hold_lock_on_error do
        say "Get most recent version available as an image...", :magenta unless options[:version]
        using_version(version_or_latest) do |version|
          say "Start container with version #{version} using a #{MRSK.config.readiness_delay}s readiness delay (or reboot if already running)...", :magenta
          on(MRSK.hosts) do
            execute *MRSK.auditor.record("Tagging #{MRSK.config.absolute_image} as the latest image"), verbosity: :debug
            execute *MRSK.app.tag_current_as_latest
          end
          on(MRSK.hosts, **MRSK.boot_strategy) do |host|
            roles = MRSK.roles_on(host)
            roles.each do |role|
              app = MRSK.app(role: role)
              auditor = MRSK.auditor(role: role)
              if capture_with_info(*app.container_id_for_version(version, only_running: true), raise_on_non_zero_exit: false).present?
                tmp_version = "#{version}_replaced_#{SecureRandom.hex(8)}"
                info "Renaming container #{version} to #{tmp_version} as already deployed on #{host}"
                execute *auditor.record("Renaming container #{version} to #{tmp_version}"), verbosity: :debug
                execute *app.rename_container(version: version, new_version: tmp_version)
              end
              execute *auditor.record("Booted app version #{version}"), verbosity: :debug
              old_version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
              execute *app.start_or_run
              Mrsk::Utils::HealthcheckPoller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
              execute *app.stop(version: old_version), raise_on_non_zero_exit: false if old_version.present?
            end
          end
        end
      end
    end
  end
  desc "start", "Start existing app container on servers"
  def start
    with_lock do
      on(MRSK.hosts) do |host|
        roles = MRSK.roles_on(host)
        roles.each do |role|
          execute *MRSK.auditor.record("Started app version #{MRSK.config.version}"), verbosity: :debug
          execute *MRSK.app(role: role).start, raise_on_non_zero_exit: false
        end
      end
    end
  end
  desc "stop", "Stop app container on servers"
  def stop
    with_lock do
      on(MRSK.hosts) do |host|
        roles = MRSK.roles_on(host)
        roles.each do |role|
          execute *MRSK.auditor.record("Stopped app", role: role), verbosity: :debug
          execute *MRSK.app(role: role).stop, raise_on_non_zero_exit: false
        end
      end
    end
  end
  # FIXME: Drop in favor of just containers?
  desc "details", "Show details about app containers"
  def details
    on(MRSK.hosts) do |host|
      roles = MRSK.roles_on(host)
      roles.each do |role|
        puts_by_host host, capture_with_info(*MRSK.app(role: role).info)
      end
    end
  end
  desc "exec [CMD]", "Execute a custom command on servers (use --help to show options)"
  option :interactive, aliases: "-i", type: :boolean, default: false, desc: "Execute command over ssh for an interactive shell (use for console/bash)"
  option :reuse, type: :boolean, default: false, desc: "Reuse currently running container instead of starting a new one"
  def exec(cmd)
    case
    when options[:interactive] && options[:reuse]
      say "Get current version of running container...", :magenta unless options[:version]
      using_version(options[:version] || current_running_version) do |version|
        say "Launching interactive command with version #{version} via SSH from existing container on #{MRSK.primary_host}...", :magenta
        run_locally { exec MRSK.app(role: "web").execute_in_existing_container_over_ssh(cmd, host: MRSK.primary_host) }
      end
    when options[:interactive]
      say "Get most recent version available as an image...", :magenta unless options[:version]
      using_version(version_or_latest) do |version|
        say "Launching interactive command with version #{version} via SSH from new container on #{MRSK.primary_host}...", :magenta
        run_locally { exec MRSK.app.execute_in_new_container_over_ssh(cmd, host: MRSK.primary_host) }
      end
    when options[:reuse]
      say "Get current version of running container...", :magenta unless options[:version]
      using_version(options[:version] || current_running_version) do |version|
        say "Launching command with version #{version} from existing container...", :magenta
        on(MRSK.hosts) do |host|
          roles = MRSK.roles_on(host)
          roles.each do |role|
            execute *MRSK.auditor.record("Executed cmd '#{cmd}' on app version #{version}", role: role), verbosity: :debug
            puts_by_host host, capture_with_info(*MRSK.app(role: role).execute_in_existing_container(cmd))
          end
        end
      end
    else
      say "Get most recent version available as an image...", :magenta unless options[:version]
      using_version(version_or_latest) do |version|
        say "Launching command with version #{version} from new container...", :magenta
        on(MRSK.hosts) do |host|
          execute *MRSK.auditor.record("Executed cmd '#{cmd}' on app version #{version}"), verbosity: :debug
          puts_by_host host, capture_with_info(*MRSK.app.execute_in_new_container(cmd))
        end
      end
    end
  end
  desc "containers", "Show app containers on servers"
  def containers
    on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.list_containers) }
  end
  desc "stale_containers", "Detect app stale containers"
  option :stop, aliases: "-s", type: :boolean, default: false, desc: "Stop the stale containers found"
  def stale_containers
    with_lock do
      stop = options[:stop]
      cli = self
      on(MRSK.hosts) do |host|
        roles = MRSK.roles_on(host)
        roles.each do |role|
          cli.send(:stale_versions, host: host, role: role).each do |version|
            if stop
              puts_by_host host, "Stopping stale container for role #{role} with version #{version}"
              execute *MRSK.app(role: role).stop(version: version), raise_on_non_zero_exit: false
            else
              puts_by_host host,  "Detected stale container for role #{role} with version #{version} (use `mrsk app stale_containers --stop` to stop)"
            end
          end
        end
      end
    end
  end
  desc "images", "Show app images on servers"
  def images
    on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.list_images) }
  end
  desc "logs", "Show log lines from app on servers (use --help to show options)"
  option :since, aliases: "-s", desc: "Show lines since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
  option :lines, type: :numeric, aliases: "-n", desc: "Number of lines to show from each server"
  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
  option :follow, aliases: "-f", desc: "Follow log on primary server (or specific host set by --hosts)"
  def logs
    # FIXME: Catch when app containers aren't running
    grep = options[:grep]
    if options[:follow]
      run_locally do
        info "Following logs on #{MRSK.primary_host}..."
        MRSK.specific_roles ||= ["web"]
        role = MRSK.roles_on(MRSK.primary_host).first
        info MRSK.app(role: role).follow_logs(host: MRSK.primary_host, grep: grep)
        exec MRSK.app(role: role).follow_logs(host: MRSK.primary_host, grep: grep)
      end
    else
      since = options[:since]
      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
      on(MRSK.hosts) do |host|
        roles = MRSK.roles_on(host)
        roles.each do |role|
          begin
            puts_by_host host, capture_with_info(*MRSK.app(role: role).logs(since: since, lines: lines, grep: grep))
          rescue SSHKit::Command::Failed
            puts_by_host host, "Nothing found"
          end
        end
      end
    end
  end
  desc "remove", "Remove app containers and images from servers"
  def remove
    with_lock do
      stop
      remove_containers
      remove_images
    end
  end
  desc "remove_container [VERSION]", "Remove app container with given version from servers", hide: true
  def remove_container(version)
    with_lock do
      on(MRSK.hosts) do |host|
        roles = MRSK.roles_on(host)
        roles.each do |role|
          execute *MRSK.auditor.record("Removed app container with version #{version}", role: role), verbosity: :debug
          execute *MRSK.app(role: role).remove_container(version: version)
        end
      end
    end
  end
  desc "remove_containers", "Remove all app containers from servers", hide: true
  def remove_containers
    with_lock do
      on(MRSK.hosts) do |host|
        roles = MRSK.roles_on(host)
        roles.each do |role|
          execute *MRSK.auditor.record("Removed all app containers", role: role), verbosity: :debug
          execute *MRSK.app(role: role).remove_containers
        end
      end
    end
  end
  desc "remove_images", "Remove all app images from servers", hide: true
  def remove_images
    with_lock do
      on(MRSK.hosts) do
        execute *MRSK.auditor.record("Removed all app images"), verbosity: :debug
        execute *MRSK.app.remove_images
      end
    end
  end
  desc "version", "Show app version currently running on servers"
  def version
    on(MRSK.hosts) { |host| puts_by_host host, capture_with_info(*MRSK.app.current_running_version).strip }
  end
  private
    def using_version(new_version)
      if new_version
        begin
          old_version = MRSK.config.version
          MRSK.config.version = new_version
          yield new_version
        ensure
          MRSK.config.version = old_version
        end
      else
        yield MRSK.config.version
      end
    end
    def current_running_version(host: MRSK.primary_host)
      version = nil
      on(host) { version = capture_with_info(*MRSK.app.current_running_version).strip }
      version.presence
    end
    def stale_versions(host:, role:)
      versions = nil
      on(host) do
        versions = \
          capture_with_info(*MRSK.app(role: role).list_versions, raise_on_non_zero_exit: false)
          .split("\n")
          .drop(1)
      end
      versions
    end
    def version_or_latest
      options[:version] || "latest"
    end
 end
--- a/lib/mrsk/cli/healthcheck.rb
+++ b/lib/mrsk/cli/healthcheck.rb
@@ -1,20 +0,0 @@
 class Mrsk::Cli::Healthcheck < Mrsk::Cli::Base
  default_command :perform
  desc "perform", "Health check current app version"
  def perform
    on(MRSK.primary_host) do
      begin
        execute *MRSK.healthcheck.run
        Mrsk::Utils::HealthcheckPoller.wait_for_healthy { capture_with_info(*MRSK.healthcheck.status) }
      rescue Mrsk::Utils::HealthcheckPoller::HealthcheckError => e
        error capture_with_info(*MRSK.healthcheck.logs)
        error capture_with_pretty_json(*MRSK.healthcheck.container_health_log)
        raise
      ensure
        execute *MRSK.healthcheck.stop, raise_on_non_zero_exit: false
        execute *MRSK.healthcheck.remove, raise_on_non_zero_exit: false
      end
    end
  end
 end
--- a/lib/mrsk/cli/main.rb
+++ b/lib/mrsk/cli/main.rb
@@ -1,243 +0,0 @@
 class Mrsk::Cli::Main < Mrsk::Cli::Base
  desc "setup", "Setup all accessories and deploy app to servers"
  def setup
    print_runtime do
      with_lock do
        invoke "mrsk:cli:server:bootstrap"
        invoke "mrsk:cli:accessory:boot", [ "all" ]
        deploy
      end
    end
  end
  desc "deploy", "Deploy app to servers"
  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
  def deploy
    runtime = print_runtime do
      with_lock do
        invoke_options = deploy_options
        say "Log into image registry...", :magenta
        invoke "mrsk:cli:registry:login", [], invoke_options
        if options[:skip_push]
          say "Pull app image...", :magenta
          invoke "mrsk:cli:build:pull", [], invoke_options
        else
          say "Build and push app image...", :magenta
          invoke "mrsk:cli:build:deliver", [], invoke_options
        end
        say "Ensure Traefik is running...", :magenta
        invoke "mrsk:cli:traefik:boot", [], invoke_options
        say "Ensure app can pass healthcheck...", :magenta
        invoke "mrsk:cli:healthcheck:perform", [], invoke_options
        say "Detect stale containers...", :magenta
        invoke "mrsk:cli:app:stale_containers", [], invoke_options
        invoke "mrsk:cli:app:boot", [], invoke_options
        say "Prune old containers and images...", :magenta
        invoke "mrsk:cli:prune:all", [], invoke_options
      end
    end
    run_hook "post-deploy", runtime: runtime.round
  end
  desc "redeploy", "Deploy app to servers without bootstrapping servers, starting Traefik, pruning, and registry login"
  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
  def redeploy
    runtime = print_runtime do
      with_lock do
        invoke_options = deploy_options
        if options[:skip_push]
          say "Pull app image...", :magenta
          invoke "mrsk:cli:build:pull", [], invoke_options
        else
          say "Build and push app image...", :magenta
          invoke "mrsk:cli:build:deliver", [], invoke_options
        end
        say "Ensure app can pass healthcheck...", :magenta
        invoke "mrsk:cli:healthcheck:perform", [], invoke_options
        say "Detect stale containers...", :magenta
        invoke "mrsk:cli:app:stale_containers", [], invoke_options
        invoke "mrsk:cli:app:boot", [], invoke_options
      end
    end
    run_hook "post-deploy", runtime: runtime.round
  end
  desc "rollback [VERSION]", "Rollback app to VERSION"
  def rollback(version)
    rolled_back = false
    runtime = print_runtime do
      with_lock do
        invoke_options = deploy_options
        MRSK.config.version = version
        old_version = nil
        if container_available?(version)
          invoke "mrsk:cli:app:boot", [], invoke_options.merge(version: version)
          rolled_back = true
        else
          say "The app version '#{version}' is not available as a container (use 'mrsk app containers' for available versions)", :red
        end
      end
    end
    run_hook "post-deploy", runtime: runtime.round if rolled_back
  end
  desc "details", "Show details about all containers"
  def details
    invoke "mrsk:cli:traefik:details"
    invoke "mrsk:cli:app:details"
    invoke "mrsk:cli:accessory:details", [ "all" ]
  end
  desc "audit", "Show audit log from servers"
  def audit
    on(MRSK.hosts) do |host|
      puts_by_host host, capture_with_info(*MRSK.auditor.reveal)
    end
  end
  desc "config", "Show combined config (including secrets!)"
  def config
    run_locally do
      puts Mrsk::Utils.redacted(MRSK.config.to_h).to_yaml
    end
  end
  desc "init", "Create config stub in config/deploy.yml and env stub in .env"
  option :bundle, type: :boolean, default: false, desc: "Add MRSK to the Gemfile and create a bin/mrsk binstub"
  def init
    require "fileutils"
    if (deploy_file = Pathname.new(File.expand_path("config/deploy.yml"))).exist?
      puts "Config file already exists in config/deploy.yml (remove first to create a new one)"
    else
      FileUtils.mkdir_p deploy_file.dirname
      FileUtils.cp_r Pathname.new(File.expand_path("templates/deploy.yml", __dir__)), deploy_file
      puts "Created configuration file in config/deploy.yml"
    end
    unless (deploy_file = Pathname.new(File.expand_path(".env"))).exist?
      FileUtils.cp_r Pathname.new(File.expand_path("templates/template.env", __dir__)), deploy_file
      puts "Created .env file"
    end
    unless (hooks_dir = Pathname.new(File.expand_path(".mrsk/hooks"))).exist?
      hooks_dir.mkpath
      Pathname.new(File.expand_path("templates/sample_hooks", __dir__)).each_child do |sample_hook|
        FileUtils.cp sample_hook, hooks_dir, preserve: true
      end
      puts "Created sample hooks in .mrsk/hooks"
    end
    if options[:bundle]
      if (binstub = Pathname.new(File.expand_path("bin/mrsk"))).exist?
        puts "Binstub already exists in bin/mrsk (remove first to create a new one)"
      else
        puts "Adding MRSK to Gemfile and bundle..."
        run_locally do
          execute :bundle, :add, :mrsk
          execute :bundle, :binstubs, :mrsk
        end
        puts "Created binstub file in bin/mrsk"
      end
    end
  end
  desc "envify", "Create .env by evaluating .env.erb (or .env.staging.erb -> .env.staging when using -d staging)"
  def envify
    if destination = options[:destination]
      env_template_path = ".env.#{destination}.erb"
      env_path          = ".env.#{destination}"
    else
      env_template_path = ".env.erb"
      env_path          = ".env"
    end
    File.write(env_path, ERB.new(File.read(env_template_path)).result, perm: 0600)
  end
  desc "remove", "Remove Traefik, app, accessories, and registry session from servers"
  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
  def remove
    with_lock do
      if options[:confirmed] || ask("This will remove all containers and images. Are you sure?", limited_to: %w( y N ), default: "N") == "y"
        invoke "mrsk:cli:traefik:remove", [], options.without(:confirmed)
        invoke "mrsk:cli:app:remove", [], options.without(:confirmed)
        invoke "mrsk:cli:accessory:remove", [ "all" ], options
        invoke "mrsk:cli:registry:logout", [], options.without(:confirmed)
      end
    end
  end
  desc "version", "Show MRSK version"
  def version
    puts Mrsk::VERSION
  end
  desc "accessory", "Manage accessories (db/redis/search)"
  subcommand "accessory", Mrsk::Cli::Accessory
  desc "app", "Manage application"
  subcommand "app", Mrsk::Cli::App
  desc "build", "Build application image"
  subcommand "build", Mrsk::Cli::Build
  desc "healthcheck", "Healthcheck application"
  subcommand "healthcheck", Mrsk::Cli::Healthcheck
  desc "lock", "Manage the deploy lock"
  subcommand "lock", Mrsk::Cli::Lock
  desc "prune", "Prune old application images and containers"
  subcommand "prune", Mrsk::Cli::Prune
  desc "registry", "Login and -out of the image registry"
  subcommand "registry", Mrsk::Cli::Registry
  desc "server", "Bootstrap servers with curl and Docker"
  subcommand "server", Mrsk::Cli::Server
  desc "traefik", "Manage Traefik load balancer"
  subcommand "traefik", Mrsk::Cli::Traefik
  private
    def container_available?(version)
      begin
        on(MRSK.hosts) do
          MRSK.roles_on(host).each do |role|
            container_id = capture_with_info(*MRSK.app(role: role).container_id_for_version(version))
            raise "Container not found" unless container_id.present?
          end
        end
      rescue SSHKit::Runner::ExecuteError => e
        if e.message =~ /Container not found/
          say "Error looking for container version #{version}: #{e.message}"
          return false
        else
          raise
        end
      end
      true
    end
    def deploy_options
      { "version" => MRSK.config.version }.merge(options.without("skip_push"))
    end
 end
--- a/lib/mrsk/cli/prune.rb
+++ b/lib/mrsk/cli/prune.rb
@@ -1,29 +0,0 @@
 class Mrsk::Cli::Prune < Mrsk::Cli::Base
  desc "all", "Prune unused images and stopped containers"
  def all
    with_lock do
      containers
      images
    end
  end
  desc "images", "Prune dangling images"
  def images
    with_lock do
      on(MRSK.hosts) do
        execute *MRSK.auditor.record("Pruned images"), verbosity: :debug
        execute *MRSK.prune.images
      end
    end
  end
  desc "containers", "Prune all stopped containers, except the last 5"
  def containers
    with_lock do
      on(MRSK.hosts) do
        execute *MRSK.auditor.record("Pruned containers"), verbosity: :debug
        execute *MRSK.prune.containers
      end
    end
  end
 end
--- a/lib/mrsk/cli/server.rb
+++ b/lib/mrsk/cli/server.rb
@@ -1,21 +0,0 @@
 class Mrsk::Cli::Server < Mrsk::Cli::Base
  desc "bootstrap", "Set up Docker to run MRSK apps"
  def bootstrap
    missing = []
    on(MRSK.hosts | MRSK.accessory_hosts) do |host|
      unless execute(*MRSK.docker.installed?, raise_on_non_zero_exit: false)
        if execute(*MRSK.docker.superuser?, raise_on_non_zero_exit: false)
          info "Missing Docker on #{host}. Installing…"
          execute *MRSK.docker.install
        else
          missing << host
        end
      end
    end
    if missing.any?
      raise "Docker is not installed on #{missing.join(", ")} and can't be automatically installed without having root access and the `curl` command available. Install Docker manually: https://docs.docker.com/engine/install/"
    end
  end
 end
--- a/lib/mrsk/cli/templates/sample_hooks/post-deploy.sample
+++ b/lib/mrsk/cli/templates/sample_hooks/post-deploy.sample
@@ -1,14 +0,0 @@
 #!/bin/sh
 # A sample post-deploy hook
 #
 # These environment variables are available:
 # MRSK_RECORDED_AT
 # MRSK_PERFORMER
 # MRSK_VERSION
 # MRSK_HOSTS
 # MRSK_ROLE (if set)
 # MRSK_DESTINATION (if set)
 # MRSK_RUNTIME
 echo "$MRSK_PERFORMER deployed $MRSK_VERSION to $MRSK_DESTINATION in $MRSK_RUNTIME seconds"
--- a/lib/mrsk/cli/templates/template.env
+++ b/lib/mrsk/cli/templates/template.env
@@ -1,2 +0,0 @@
 MRSK_REGISTRY_PASSWORD=change-this
 RAILS_MASTER_KEY=another-env
--- a/lib/mrsk/cli/traefik.rb
+++ b/lib/mrsk/cli/traefik.rb
@@ -1,106 +0,0 @@
 class Mrsk::Cli::Traefik < Mrsk::Cli::Base
  desc "boot", "Boot Traefik on servers"
  def boot
    with_lock do
      on(MRSK.traefik_hosts) do
        execute *MRSK.registry.login
        execute *MRSK.traefik.run, raise_on_non_zero_exit: false
      end
    end
  end
  desc "reboot", "Reboot Traefik on servers (stop container, remove container, start new container)"
  def reboot
    with_lock do
      stop
      remove_container
      boot
    end
  end
  desc "start", "Start existing Traefik container on servers"
  def start
    with_lock do
      on(MRSK.traefik_hosts) do
        execute *MRSK.auditor.record("Started traefik"), verbosity: :debug
        execute *MRSK.traefik.start, raise_on_non_zero_exit: false
      end
    end
  end
  desc "stop", "Stop existing Traefik container on servers"
  def stop
    with_lock do
      on(MRSK.traefik_hosts) do
        execute *MRSK.auditor.record("Stopped traefik"), verbosity: :debug
        execute *MRSK.traefik.stop, raise_on_non_zero_exit: false
      end
    end
  end
  desc "restart", "Restart existing Traefik container on servers"
  def restart
    with_lock do
      stop
      start
    end
  end
  desc "details", "Show details about Traefik container from servers"
  def details
    on(MRSK.traefik_hosts) { |host| puts_by_host host, capture_with_info(*MRSK.traefik.info), type: "Traefik" }
  end
  desc "logs", "Show log lines from Traefik on servers"
  option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
  option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"
  option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
  option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
  def logs
    grep = options[:grep]
    if options[:follow]
      run_locally do
        info "Following logs on #{MRSK.primary_host}..."
        info MRSK.traefik.follow_logs(host: MRSK.primary_host, grep: grep)
        exec MRSK.traefik.follow_logs(host: MRSK.primary_host, grep: grep)
      end
    else
      since = options[:since]
      lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
      on(MRSK.traefik_hosts) do |host|
        puts_by_host host, capture(*MRSK.traefik.logs(since: since, lines: lines, grep: grep)), type: "Traefik"
      end
    end
  end
  desc "remove", "Remove Traefik container and image from servers"
  def remove
    with_lock do
      stop
      remove_container
      remove_image
    end
  end
  desc "remove_container", "Remove Traefik container from servers", hide: true
  def remove_container
    with_lock do
      on(MRSK.traefik_hosts) do
        execute *MRSK.auditor.record("Removed traefik container"), verbosity: :debug
        execute *MRSK.traefik.remove_container
      end
    end
  end
  desc "remove_image", "Remove Traefik image from servers", hide: true
  def remove_image
    with_lock do
      on(MRSK.traefik_hosts) do
        execute *MRSK.auditor.record("Removed traefik image"), verbosity: :debug
        execute *MRSK.traefik.remove_image
      end
    end
  end
 end
--- a/lib/mrsk/commander.rb
+++ b/lib/mrsk/commander.rb
@@ -1,150 +0,0 @@
 require "active_support/core_ext/enumerable"
 require "active_support/core_ext/module/delegation"
 class Mrsk::Commander
  attr_accessor :verbosity, :holding_lock, :hold_lock_on_error
  def initialize
    self.verbosity = :info
    self.holding_lock = false
    self.hold_lock_on_error = false
  end
  def config
    @config ||= Mrsk::Configuration.create_from(**@config_kwargs).tap do |config|
      @config_kwargs = nil
      configure_sshkit_with(config)
    end
  end
  def configure(**kwargs)
    @config, @config_kwargs = nil, kwargs
  end
  attr_reader :specific_roles, :specific_hosts
  def specific_primary!
    self.specific_hosts = [ config.primary_web_host ]
  end
  def specific_roles=(role_names)
    @specific_roles = config.roles.select { |r| role_names.include?(r.name) } if role_names.present?
  end
  def specific_hosts=(hosts)
    @specific_hosts = config.all_hosts & hosts if hosts.present?
  end
  def primary_host
    specific_hosts&.first || specific_roles&.first&.primary_host || config.primary_web_host
  end
  def roles
    (specific_roles || config.roles).select do |role|
      ((specific_hosts || config.all_hosts) & role.hosts).any?
    end
  end
  def hosts
    (specific_hosts || config.all_hosts).select do |host|
      (specific_roles || config.roles).flat_map(&:hosts).include?(host)
    end
  end
  def boot_strategy
    if config.boot.limit.present?
      { in: :groups, limit: config.boot.limit, wait: config.boot.wait }
    else
      {}
    end
  end
  def roles_on(host)
    roles.select { |role| role.hosts.include?(host.to_s) }.map(&:name)
  end
  def traefik_hosts
    specific_hosts || config.traefik_hosts
  end
  def accessory_hosts
    specific_hosts || config.accessories.flat_map(&:hosts)
  end
  def accessory_names
    config.accessories&.collect(&:name) || []
  end
  def app(role: nil)
    Mrsk::Commands::App.new(config, role: role)
  end
  def accessory(name)
    Mrsk::Commands::Accessory.new(config, name: name)
  end
  def auditor(**details)
    Mrsk::Commands::Auditor.new(config, **details)
  end
  def builder
    @builder ||= Mrsk::Commands::Builder.new(config)
  end
  def docker
    @docker ||= Mrsk::Commands::Docker.new(config)
  end
  def healthcheck
    @healthcheck ||= Mrsk::Commands::Healthcheck.new(config)
  end
  def hook
    @hook ||= Mrsk::Commands::Hook.new(config)
  end
  def lock
    @lock ||= Mrsk::Commands::Lock.new(config)
  end
  def prune
    @prune ||= Mrsk::Commands::Prune.new(config)
  end
  def registry
    @registry ||= Mrsk::Commands::Registry.new(config)
  end
  def traefik
    @traefik ||= Mrsk::Commands::Traefik.new(config)
  end
  def with_verbosity(level)
    old_level = self.verbosity
    self.verbosity = level
    SSHKit.config.output_verbosity = level
    yield
  ensure
    self.verbosity = old_level
    SSHKit.config.output_verbosity = old_level
  end
  def holding_lock?
    self.holding_lock
  end
  def hold_lock_on_error?
    self.hold_lock_on_error
  end
  private
    # Lazy setup of SSHKit
    def configure_sshkit_with(config)
      SSHKit::Backend::Netssh.configure { |ssh| ssh.ssh_options = config.ssh_options }
      SSHKit.config.command_map[:docker] = "docker" # No need to use /usr/bin/env, just clogs up the logs
      SSHKit.config.output_verbosity = verbosity
    end
 end
--- a/lib/mrsk/commands.rb
+++ b/lib/mrsk/commands.rb
@@ -1,2 +0,0 @@
 module Mrsk::Commands
 end
--- a/lib/mrsk/commands/app.rb
+++ b/lib/mrsk/commands/app.rb
@@ -1,164 +0,0 @@
 class Mrsk::Commands::App < Mrsk::Commands::Base
  attr_reader :role
  def initialize(config, role: nil)
    super(config)
    @role = role
  end
  def start_or_run
    combine start, run, by: "||"
  end
  def run
    role = config.role(self.role)
    docker :run,
      "--detach",
      "--restart unless-stopped",
      "--name", container_name,
      "-e", "MRSK_CONTAINER_NAME=\"#{container_name}\"",
      *role.env_args,
      *role.health_check_args,
      *config.logging_args,
      *config.volume_args,
      *role.label_args,
      *role.option_args,
      config.absolute_image,
      role.cmd
  end
  def start
    docker :start, container_name
  end
  def status(version:)
    pipe container_id_for_version(version), xargs(docker(:inspect, "--format", DOCKER_HEALTH_STATUS_FORMAT))
  end
  def stop(version: nil)
    pipe \
      version ? container_id_for_version(version) : current_running_container_id,
      xargs(config.stop_wait_time ? docker(:stop, "-t", config.stop_wait_time) : docker(:stop))
  end
  def info
    docker :ps, *filter_args
  end
  def logs(since: nil, lines: nil, grep: nil)
    pipe \
      current_running_container_id,
      "xargs docker logs#{" --since #{since}" if since}#{" --tail #{lines}" if lines} 2>&1",
      ("grep '#{grep}'" if grep)
  end
  def follow_logs(host:, grep: nil)
    run_over_ssh \
      pipe(
        current_running_container_id,
        "xargs docker logs --timestamps --tail 10 --follow 2>&1",
        (%(grep "#{grep}") if grep)
      ),
      host: host
  end
  def execute_in_existing_container(*command, interactive: false)
    docker :exec,
      ("-it" if interactive),
      container_name,
      *command
  end
  def execute_in_new_container(*command, interactive: false)
    docker :run,
      ("-it" if interactive),
      "--rm",
      *config.env_args,
      *config.volume_args,
      config.absolute_image,
      *command
  end
  def execute_in_existing_container_over_ssh(*command, host:)
    run_over_ssh execute_in_existing_container(*command, interactive: true), host: host
  end
  def execute_in_new_container_over_ssh(*command, host:)
    run_over_ssh execute_in_new_container(*command, interactive: true), host: host
  end
  def current_running_container_id
    docker :ps, "--quiet", *filter_args(status: :running), "--latest"
  end
  def container_id_for_version(version, only_running: false)
    container_id_for(container_name: container_name(version), only_running: only_running)
  end
  def current_running_version
    list_versions("--latest", status: :running)
  end
  def list_versions(*docker_args, status: nil)
    pipe \
      docker(:ps, *filter_args(status: status), *docker_args, "--format", '"{{.Names}}"'),
      %(grep -oE "\\-[^-]+$"), # Extract SHA from "service-role-dest-SHA"
      %(cut -c 2-)
  end
  def list_containers
    docker :container, :ls, "--all", *filter_args
  end
  def list_container_names
    [ *list_containers, "--format", "'{{ .Names }}'" ]
  end
  def remove_container(version:)
    pipe \
      container_id_for(container_name: container_name(version)),
      xargs(docker(:container, :rm))
  end
  def rename_container(version:, new_version:)
    docker :rename, container_name(version), container_name(new_version)
  end
  def remove_containers
    docker :container, :prune, "--force", *filter_args
  end
  def list_images
    docker :image, :ls, config.repository
  end
  def remove_images
    docker :image, :prune, "--all", "--force", *filter_args
  end
  def tag_current_as_latest
    docker :tag, config.absolute_image, config.latest_image
  end
  private
    def container_name(version = nil)
      [ config.service, role, config.destination, version || config.version ].compact.join("-")
    end
    def filter_args(status: nil)
      argumentize "--filter", filters(status: status)
    end
    def filters(status: nil)
      [ "label=service=#{config.service}" ].tap do |filters|
        filters << "label=destination=#{config.destination}" if config.destination
        filters << "label=role=#{role}" if role
        filters << "status=#{status}" if status
      end
    end
 end
--- a/lib/mrsk/commands/builder.rb
+++ b/lib/mrsk/commands/builder.rb
@@ -1,56 +0,0 @@
 class Mrsk::Commands::Builder < Mrsk::Commands::Base
  delegate :create, :remove, :push, :clean, :pull, :info, to: :target
  def name
    target.class.to_s.remove("Mrsk::Commands::Builder::").underscore.inquiry
  end
  def target
    case
    when config.builder && config.builder["multiarch"] == false
      native
    when config.builder && config.builder["local"] && config.builder["remote"]
      multiarch_remote
    when config.builder && config.builder["remote"]
      native_remote
    else
      multiarch
    end
  end
  def native
    @native ||= Mrsk::Commands::Builder::Native.new(config)
  end
  def native_remote
    @native ||= Mrsk::Commands::Builder::Native::Remote.new(config)
  end
  def multiarch
    @multiarch ||= Mrsk::Commands::Builder::Multiarch.new(config)
  end
  def multiarch_remote
    @multiarch_remote ||= Mrsk::Commands::Builder::Multiarch::Remote.new(config)
  end
  def ensure_local_dependencies_installed
    if name.native?
      ensure_local_docker_installed
    else
      combine \
        ensure_local_docker_installed,
        ensure_local_buildx_installed
    end
  end
  private
    def ensure_local_docker_installed
      docker "--version"
    end
    def ensure_local_buildx_installed
      docker :buildx, "version"
    end
 end
--- a/lib/mrsk/commands/builder/base.rb
+++ b/lib/mrsk/commands/builder/base.rb
@@ -1,64 +0,0 @@
 class Mrsk::Commands::Builder::Base < Mrsk::Commands::Base
  class BuilderError < StandardError; end
  delegate :argumentize, to: Mrsk::Utils
  def clean
    docker :image, :rm, "--force", config.absolute_image
  end
  def pull
    docker :pull, config.absolute_image
  end
  def build_options
    [ *build_tags, *build_labels, *build_args, *build_secrets, *build_dockerfile ]
  end
  def build_context
    context
  end
  private
    def build_tags
      [ "-t", config.absolute_image, "-t", config.latest_image ]
    end
    def build_labels
      argumentize "--label", { service: config.service }
    end
    def build_args
      argumentize "--build-arg", args, sensitive: true
    end
    def build_secrets
      argumentize "--secret", secrets.collect { |secret| [ "id", secret ] }
    end
    def build_dockerfile
      if Pathname.new(File.expand_path(dockerfile)).exist?
        argumentize "--file", dockerfile
      else
        raise BuilderError, "Missing #{dockerfile}"
      end
    end
    def args
      (config.builder && config.builder["args"]) || {}
    end
    def secrets
      (config.builder && config.builder["secrets"]) || []
    end
    def dockerfile
      (config.builder && config.builder["dockerfile"]) || "Dockerfile"
    end
    def context
      (config.builder && config.builder["context"]) || "."
    end
 end
--- a/lib/mrsk/commands/builder/multiarch.rb
+++ b/lib/mrsk/commands/builder/multiarch.rb
@@ -1,29 +0,0 @@
 class Mrsk::Commands::Builder::Multiarch < Mrsk::Commands::Builder::Base
  def create
    docker :buildx, :create, "--use", "--name", builder_name
  end
  def remove
    docker :buildx, :rm, builder_name
  end
  def push
    docker :buildx, :build,
      "--push",
      "--platform", "linux/amd64,linux/arm64",
      "--builder", builder_name,
      *build_options,
      build_context
  end
  def info
    combine \
      docker(:context, :ls),
      docker(:buildx, :ls)
  end
  private
    def builder_name
      "mrsk-#{config.service}-multiarch"
    end
 end
--- a/lib/mrsk/commands/builder/native.rb
+++ b/lib/mrsk/commands/builder/native.rb
@@ -1,20 +0,0 @@
 class Mrsk::Commands::Builder::Native < Mrsk::Commands::Builder::Base
  def create
    # No-op on native
  end
  def remove
    # No-op on native
  end
  def push
    combine \
      docker(:build, *build_options, build_context),
      docker(:push, config.absolute_image),
      docker(:push, config.latest_image)
  end
  def info
    # No-op on native
  end
 end
--- a/lib/mrsk/commands/docker.rb
+++ b/lib/mrsk/commands/docker.rb
@@ -1,21 +0,0 @@
 class Mrsk::Commands::Docker < Mrsk::Commands::Base
  # Install Docker using the https://github.com/docker/docker-install convenience script.
  def install
    pipe [ :curl, "-fsSL", "https://get.docker.com" ], :sh
  end
  # Checks the Docker client version. Fails if Docker is not installed.
  def installed?
    docker "-v"
  end
  # Checks the Docker server version. Fails if Docker is not running.
  def running?
    docker :version
  end
  # Do we have superuser access to install Docker and start system services?
  def superuser?
    [ '[ "${EUID:-$(id -u)}" -eq 0 ]' ]
  end
 end
--- a/lib/mrsk/commands/prune.rb
+++ b/lib/mrsk/commands/prune.rb
@@ -1,20 +0,0 @@
 require "active_support/duration"
 require "active_support/core_ext/numeric/time"
 class Mrsk::Commands::Prune < Mrsk::Commands::Base
  def images
    docker :image, :prune, "--force", "--filter", "label=service=#{config.service}", "--filter", "dangling=true"
  end
  def containers(keep_last: 5)
    pipe \
      docker(:ps, "-q", "-a", "--filter", "label=service=#{config.service}", *stopped_containers_filters),
      "tail -n +#{keep_last + 1}",
      "while read container_id; do docker rm $container_id; done"
  end
  private
    def stopped_containers_filters
      [ "created", "exited", "dead" ].flat_map { |status| ["--filter", "status=#{status}"] }
    end
 end
--- a/lib/mrsk/commands/traefik.rb
+++ b/lib/mrsk/commands/traefik.rb
@@ -1,98 +0,0 @@
 class Mrsk::Commands::Traefik < Mrsk::Commands::Base
  delegate :argumentize, :argumentize_env_with_secrets, :optionize, to: Mrsk::Utils
  DEFAULT_IMAGE = "traefik:v2.9"
  CONTAINER_PORT = 80
  def run
    docker :run, "--name traefik",
      "--detach",
      "--restart", "unless-stopped",
      "--publish", port,
      "--volume", "/var/run/docker.sock:/var/run/docker.sock",
      *env_args,
      *config.logging_args,
      *label_args,
      *docker_options_args,
      image,
      "--providers.docker",
      "--log.level=DEBUG",
      *cmd_option_args
  end
  def start
    docker :container, :start, "traefik"
  end
  def stop
    docker :container, :stop, "traefik"
  end
  def info
    docker :ps, "--filter", "name=^traefik$"
  end
  def logs(since: nil, lines: nil, grep: nil)
    pipe \
      docker(:logs, "traefik", (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
      ("grep '#{grep}'" if grep)
  end
  def follow_logs(host:, grep: nil)
    run_over_ssh pipe(
      docker(:logs, "traefik", "--timestamps", "--tail", "10", "--follow", "2>&1"),
      (%(grep "#{grep}") if grep)
    ).join(" "), host: host
  end
  def remove_container
    docker :container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
  end
  def remove_image
    docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
  end
  def port
    "#{host_port}:#{CONTAINER_PORT}"
  end
  private
    def label_args
      argumentize "--label", labels
    end
    def env_args
      env_config = config.traefik["env"] || {}
      if env_config.present?
        argumentize_env_with_secrets(env_config)
      else
        []
      end
    end
    def labels
      config.traefik["labels"] || []
    end
    def image
      config.traefik.fetch("image") { DEFAULT_IMAGE }
    end
    def docker_options_args
      optionize(config.traefik["options"] || {})
    end
    def cmd_option_args
      if args = config.traefik["args"]
        optionize args, with: "="
      else
        []
      end
    end
    def host_port
      config.traefik["host_port"] || CONTAINER_PORT
    end
 end
--- a/lib/mrsk/configuration.rb
+++ b/lib/mrsk/configuration.rb
@@ -1,246 +0,0 @@
 require "active_support/ordered_options"
 require "active_support/core_ext/string/inquiry"
 require "active_support/core_ext/module/delegation"
 require "pathname"
 require "erb"
 require "net/ssh/proxy/jump"
 class Mrsk::Configuration
  delegate :service, :image, :servers, :env, :labels, :registry, :builder, :stop_wait_time, :hooks_path, to: :raw_config, allow_nil: true
  delegate :argumentize, :argumentize_env_with_secrets, :optionize, to: Mrsk::Utils
  attr_accessor :destination
  attr_accessor :raw_config
  class << self
    def create_from(config_file:, destination: nil, version: nil)
      raw_config = load_config_files(config_file, *destination_config_file(config_file, destination))
      new raw_config, destination: destination, version: version
    end
    private
      def load_config_files(*files)
        files.inject({}) { |config, file| config.deep_merge! load_config_file(file) }
      end
      def load_config_file(file)
        if file.exist?
          YAML.load(ERB.new(IO.read(file)).result).symbolize_keys
        else
          raise "Configuration file not found in #{file}"
        end
      end
      def destination_config_file(base_config_file, destination)
        base_config_file.sub_ext(".#{destination}.yml") if destination
      end
  end
  def initialize(raw_config, destination: nil, version: nil, validate: true)
    @raw_config = ActiveSupport::InheritableOptions.new(raw_config)
    @destination = destination
    @declared_version = version
    valid? if validate
  end
  def version=(version)
    @declared_version = version
  end
  def version
    @declared_version.presence || ENV["VERSION"] || git_version
  end
  def abbreviated_version
    Mrsk::Utils.abbreviate_version(version)
  end
  def roles
    @roles ||= role_names.collect { |role_name| Role.new(role_name, config: self) }
  end
  def role(name)
    roles.detect { |r| r.name == name.to_s }
  end
  def accessories
    @accessories ||= raw_config.accessories&.keys&.collect { |name| Mrsk::Configuration::Accessory.new(name, config: self) } || []
  end
  def accessory(name)
    accessories.detect { |a| a.name == name.to_s }
  end
  def all_hosts
    roles.flat_map(&:hosts).uniq
  end
  def primary_web_host
    role(:web).primary_host
  end
  def traefik_hosts
    roles.select(&:running_traefik?).flat_map(&:hosts).uniq
  end
  def boot
    Mrsk::Configuration::Boot.new(config: self)
  end
  def repository
    [ raw_config.registry["server"], image ].compact.join("/")
  end
  def absolute_image
    "#{repository}:#{version}"
  end
  def latest_image
    "#{repository}:latest"
  end
  def service_with_version
    "#{service}-#{version}"
  end
  def env_args
    if raw_config.env.present?
      argumentize_env_with_secrets(raw_config.env)
    else
      []
    end
  end
  def volume_args
    if raw_config.volumes.present?
      argumentize "--volume", raw_config.volumes
    else
      []
    end
  end
  def logging_args
    if raw_config.logging.present?
      optionize({ "log-driver" => raw_config.logging["driver"] }.compact) +
        argumentize("--log-opt", raw_config.logging["options"])
    else
      argumentize("--log-opt", { "max-size" => "10m" })
    end
  end
  def ssh_user
    if raw_config.ssh.present?
      raw_config.ssh["user"] || "root"
    else
      "root"
    end
  end
  def ssh_proxy
    if raw_config.ssh.present? && raw_config.ssh["proxy"]
      Net::SSH::Proxy::Jump.new \
        raw_config.ssh["proxy"].include?("@") ? raw_config.ssh["proxy"] : "root@#{raw_config.ssh["proxy"]}"
    elsif raw_config.ssh.present? && raw_config.ssh["proxy_command"]
      Net::SSH::Proxy::Command.new(raw_config.ssh["proxy_command"])
    end
  end
  def ssh_options
    { user: ssh_user, proxy: ssh_proxy, auth_methods: [ "publickey" ] }.compact
  end
  def healthcheck
    { "path" => "/up", "port" => 3000, "max_attempts" => 7 }.merge(raw_config.healthcheck || {})
  end
  def readiness_delay
    raw_config.readiness_delay || 7
  end
  def valid?
    ensure_required_keys_present && ensure_env_available
  end
  def to_h
    {
      roles: role_names,
      hosts: all_hosts,
      primary_host: primary_web_host,
      version: version,
      repository: repository,
      absolute_image: absolute_image,
      service_with_version: service_with_version,
      env_args: env_args,
      volume_args: volume_args,
      ssh_options: ssh_options,
      builder: raw_config.builder,
      accessories: raw_config.accessories,
      logging: logging_args,
      healthcheck: healthcheck
    }.compact
  end
  def traefik
    raw_config.traefik || {}
  end
  def hooks_path
    raw_config.hooks_path || ".mrsk/hooks"
  end
  private
    # Will raise ArgumentError if any required config keys are missing
    def ensure_required_keys_present
      %i[ service image registry servers ].each do |key|
        raise ArgumentError, "Missing required configuration for #{key}" unless raw_config[key].present?
      end
      if raw_config.registry["username"].blank?
        raise ArgumentError, "You must specify a username for the registry in config/deploy.yml"
      end
      if raw_config.registry["password"].blank?
        raise ArgumentError, "You must specify a password for the registry in config/deploy.yml (or set the ENV variable if that's used)"
      end
      roles.each do |role|
        if role.hosts.empty?
          raise ArgumentError, "No servers specified for the #{role.name} role"
        end
      end
      true
    end
    # Will raise KeyError if any secret ENVs are missing
    def ensure_env_available
      env_args
      roles.each(&:env_args)
      true
    end
    def role_names
      raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
    end
    def git_version
      @git_version ||=
        if system("git rev-parse")
          uncommitted_suffix = `git status --porcelain`.strip.present? ? "_uncommitted_#{SecureRandom.hex(8)}" : ""
          "#{`git rev-parse HEAD`.strip}#{uncommitted_suffix}"
        else
          raise "Can't use commit hash as version, no git repository found in #{Dir.pwd}"
        end
    end
 end
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							`inherit_gem:`
							`rubocop-rails-omakase: rubocop.yml`
		`@@ -0,0 +1,3 @@`
							`#!/bin/sh`

							`echo "Rebooted proxy on $KAMAL_HOSTS"`
		`@@ -0,0 +1,3 @@`
							`#!/bin/sh`

							`echo "Rebooting proxy on $KAMAL_HOSTS..."`
		`@@ -0,0 +1,2 @@`
							`KAMAL_REGISTRY_PASSWORD=change-this`
							`RAILS_MASTER_KEY=another-env`
		`@@ -1,2 +0,0 @@`
			`MRSK_REGISTRY_PASSWORD=change-this`
			`RAILS_MASTER_KEY=another-env`