spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: spacebar:v1.9.1
Branches Tags
spacebar:main spacebar:1-9-stable spacebar:eval-proxy-options spacebar:more-robust-command-matching spacebar:output-role-with-logs spacebar:proxy-with-bare-hostname spacebar:kamal-proxy-deploy-equals-in-args spacebar:command-line-secret-escaping spacebar:cleanup-default-templates spacebar:local-docker-registry spacebar:proxy-0.5.0 spacebar:proxy-experimental spacebar:1-8-stable spacebar:proxy-experimental-and-revert-905-simplify-builders-config spacebar:revert-905-simplify-builders-config spacebar:xiaohui-zhangxh/git-clone-update-submodules spacebar:simplify-builders spacebar:dot-kamal-slash-env spacebar:no-envify spacebar:kamal-proxy spacebar:parachute spacebar:rename-roles spacebar:mproxy spacebar:per-destination-latest-image-tag spacebar:auto-push-env spacebar:concurrent-docker-login spacebar:error-on-filter-miss spacebar:rollback-short-sha spacebar:fix-per-role-healthcheck-custom spacebar:return-502-if-no-container spacebar:accumulating-asset-path spacebar:zero-downtime-deploys spacebar:more-resilient-zero-downtime-deploy spacebar:audit-broadcasts
spacebar:v1.9.3 spacebar:v2.7.0 spacebar:v2.6.1 spacebar:v2.6.0 spacebar:v2.5.3 spacebar:v2.5.2 spacebar:v2.5.1 spacebar:v2.5.0 spacebar:v2.4.0 spacebar:v2.3.0 spacebar:v2.2.2 spacebar:v2.2.1 spacebar:v2.2.0 spacebar:v1.9.2 spacebar:v2.1.2 spacebar:v2.1.1 spacebar:v2.1.0 spacebar:v1.9.1 spacebar:v2.0.0 spacebar:v1.9.0 spacebar:v2.0.0.rc4 spacebar:v2.0.0.rc3 spacebar:v2.0.0.rc2 spacebar:v2.0.0.rc1 spacebar:v2.0.0.beta2 spacebar:v2.0.0.beta1 spacebar:v1.8.3 spacebar:v1.8.2 spacebar:v1.8.1 spacebar:v1.8.0 spacebar:v1.7.3 spacebar:v1.7.2 spacebar:v1.7.1 spacebar:v1.7.0 spacebar:v1.6.0 spacebar:v1.5.2 spacebar:v1.5.1 spacebar:v1.5.0 spacebar:v1.4.0 spacebar:v1.3.1 spacebar:v1.3.0 spacebar:v1.2.0 spacebar:v1.1.0 spacebar:v1.0.0 spacebar:v0.16.1 spacebar:v0.16.0 spacebar:v0.15.1 spacebar:v0.15.0 spacebar:v0.14.0 spacebar:v0.13.2 spacebar:v0.13.1 spacebar:v0.13.0 spacebar:v0.12.1 spacebar:v0.12.0 spacebar:v0.11.0 spacebar:v0.10.1 spacebar:v0.10.0 spacebar:v0.9.1 spacebar:v0.9.0 spacebar:v.0.0.1 spacebar:v0.8.4 spacebar:v0.8.3 spacebar:v0.8.2 spacebar:v0.8.1 spacebar:v0.8.0 spacebar:v0.7.2 spacebar:v0.7.1 spacebar:v0.7.0 spacebar:v0.6.4 spacebar:v0.6.3 spacebar:v0.6.2 spacebar:v0.6.1 spacebar:v0.6.0 spacebar:v0.5.1 spacebar:v0.5.0 spacebar:v0.4.0 spacebar:v0.3.1 spacebar:v0.3.0 spacebar:v0.2.0 spacebar:v0.1.0 spacebar:v0.0.3 spacebar:v0.0.2 spacebar:v0.0.1
...
compare: spacebar:proxy-experimental
Branches Tags
spacebar:main spacebar:1-9-stable spacebar:eval-proxy-options spacebar:more-robust-command-matching spacebar:output-role-with-logs spacebar:proxy-with-bare-hostname spacebar:kamal-proxy-deploy-equals-in-args spacebar:command-line-secret-escaping spacebar:cleanup-default-templates spacebar:local-docker-registry spacebar:proxy-0.5.0 spacebar:proxy-experimental spacebar:1-8-stable spacebar:proxy-experimental-and-revert-905-simplify-builders-config spacebar:revert-905-simplify-builders-config spacebar:xiaohui-zhangxh/git-clone-update-submodules spacebar:simplify-builders spacebar:dot-kamal-slash-env spacebar:no-envify spacebar:kamal-proxy spacebar:parachute spacebar:rename-roles spacebar:mproxy spacebar:per-destination-latest-image-tag spacebar:auto-push-env spacebar:concurrent-docker-login spacebar:error-on-filter-miss spacebar:rollback-short-sha spacebar:fix-per-role-healthcheck-custom spacebar:return-502-if-no-container spacebar:accumulating-asset-path spacebar:zero-downtime-deploys spacebar:more-resilient-zero-downtime-deploy spacebar:audit-broadcasts
spacebar:v1.9.3 spacebar:v2.7.0 spacebar:v2.6.1 spacebar:v2.6.0 spacebar:v2.5.3 spacebar:v2.5.2 spacebar:v2.5.1 spacebar:v2.5.0 spacebar:v2.4.0 spacebar:v2.3.0 spacebar:v2.2.2 spacebar:v2.2.1 spacebar:v2.2.0 spacebar:v1.9.2 spacebar:v2.1.2 spacebar:v2.1.1 spacebar:v2.1.0 spacebar:v1.9.1 spacebar:v2.0.0 spacebar:v1.9.0 spacebar:v2.0.0.rc4 spacebar:v2.0.0.rc3 spacebar:v2.0.0.rc2 spacebar:v2.0.0.rc1 spacebar:v2.0.0.beta2 spacebar:v2.0.0.beta1 spacebar:v1.8.3 spacebar:v1.8.2 spacebar:v1.8.1 spacebar:v1.8.0 spacebar:v1.7.3 spacebar:v1.7.2 spacebar:v1.7.1 spacebar:v1.7.0 spacebar:v1.6.0 spacebar:v1.5.2 spacebar:v1.5.1 spacebar:v1.5.0 spacebar:v1.4.0 spacebar:v1.3.1 spacebar:v1.3.0 spacebar:v1.2.0 spacebar:v1.1.0 spacebar:v1.0.0 spacebar:v0.16.1 spacebar:v0.16.0 spacebar:v0.15.1 spacebar:v0.15.0 spacebar:v0.14.0 spacebar:v0.13.2 spacebar:v0.13.1 spacebar:v0.13.0 spacebar:v0.12.1 spacebar:v0.12.0 spacebar:v0.11.0 spacebar:v0.10.1 spacebar:v0.10.0 spacebar:v0.9.1 spacebar:v0.9.0 spacebar:v.0.0.1 spacebar:v0.8.4 spacebar:v0.8.3 spacebar:v0.8.2 spacebar:v0.8.1 spacebar:v0.8.0 spacebar:v0.7.2 spacebar:v0.7.1 spacebar:v0.7.0 spacebar:v0.6.4 spacebar:v0.6.3 spacebar:v0.6.2 spacebar:v0.6.1 spacebar:v0.6.0 spacebar:v0.5.1 spacebar:v0.5.0 spacebar:v0.4.0 spacebar:v0.3.1 spacebar:v0.3.0 spacebar:v0.2.0 spacebar:v0.1.0 spacebar:v0.0.3 spacebar:v0.0.2 spacebar:v0.0.1

93 Commits
v1.9.1 ... proxy-expe

Author SHA1 Message Date
Donal McBreen
b0f5997aef All count as proxy hosts 2024-09-16 08:37:36 +01:00
Donal McBreen
85f62ebc22 Map kamal proxy config into .kamal/proxy/config 
This will allow us to share files with the proxy via the host.
 2024-09-11 14:46:56 +01:00
Donal McBreen
e0df051756 Drop run_directory configuration option 
We need to drop to be fixed so multiple applications put the config in
the same place.
 2024-09-11 14:30:14 +01:00
Donal McBreen
0b22fea8a9 Port -> app_port 2024-09-11 14:23:52 +01:00
Donal McBreen
f088e0cb64 Work out the host and port for the container 
Avoid docker inspect:
1. Use the container ID as the host
2. Configure the port, default to 3000
 2024-09-11 14:20:18 +01:00
Donal McBreen
9b673c2114 Add the proxy/ssl config and pass on to kamal-proxy 2024-09-11 14:20:18 +01:00
Donal McBreen
e0d336dc11 Fix tests 2024-09-11 14:20:18 +01:00
Donal McBreen
1422ecaeb8 Remove envify, make proxy booting work with env files 2024-09-11 14:20:18 +01:00
Donal McBreen
f8de2898c9 Use kamal network for accessories 2024-09-11 14:20:18 +01:00
Donal McBreen
0cd1a4fb07 Boot latest version when upgrading proxy 2024-09-11 14:20:18 +01:00
Donal McBreen
4381f3bc5f Add proxy upgrade command 2024-09-11 14:20:18 +01:00
Donal McBreen
35de0891c0 Create proxy and app containers in a kamal network 2024-09-11 14:20:18 +01:00
Donal McBreen
fb9c8f16f1 Fix tests for proxy defaults and required builder arch 2024-09-11 14:20:18 +01:00
Donal McBreen
d92b3628f4 Fix merge error 2024-09-11 14:20:18 +01:00
Donal McBreen
4732543eca Read buffer not buffering 2024-09-11 14:20:18 +01:00
Donal McBreen
e58d33b389 Set request and response headers 2024-09-11 14:20:18 +01:00
Donal McBreen
97b842fcee Split buffer requests/responses 2024-09-11 14:20:18 +01:00
Donal McBreen
98eb38f11c Add forward headers support 2024-09-11 14:20:18 +01:00
Donal McBreen
805fc1554e Set extra fields 2024-09-11 14:20:18 +01:00
Donal McBreen
61715e0a4b Add kamal-proxy in experimental mode 
The proxy can be enabled via the config:

```
proxy:
  enabled: true
  hosts:
    - 10.0.0.1
    - 10.0.0.2
```

This will enable the proxy and cause it to be run on the hosts listed
under `hosts`, after running `kamal proxy reboot`.

Enabling the proxy disables `kamal traefik` commands and replaces them
with `kamal proxy` ones. However only the marked hosts will run the
kamal-proxy container, the rest will run Traefik as before.
 2024-09-11 14:20:18 +01:00
Donal McBreen
debdf00cca Merge pull request #933 from basecamp/common-secrets 
Add secrets-common for shared secrets
 2024-09-11 14:20:01 +01:00
Donal McBreen
9089c41f30 Add secrets-common for shared secrets 
Add a shared secrets file used across all destinations. Useful for
things Github tokens or registry passwords.

The secrets are added to a new file called `secrets-common` to highlight
they are shared, and to avoid acciedentally inheriting a secret from the
`secrets` file to `secrets.destination`.
 2024-09-11 13:41:36 +01:00
Donal McBreen
c9946808b1 Merge pull request #931 from basecamp/dont-git-ignore-dot-kamal-secrets 
Don't git ignore .kamal/secrets
 2024-09-11 13:26:07 +01:00
Donal McBreen
deb2a6d298 Merge pull request #930 from basecamp/hide-1password-login-error 
Hide the 1password login error
 2024-09-11 12:18:09 +01:00
Donal McBreen
0cb69a84f5 Don't git ignore .kamal/secrets 
Secrets should be interpolated at runtime so we do want the file in git.

But add a warning at the top to avoid adding secrets or git ignore the
file if you do.

Also provide examples of the three options for interpolating secrets.
 2024-09-11 12:16:18 +01:00
Donal McBreen
aa630f156a Hide the 1password login error 
Avoid outputting this login error message, it wasn't an error and you
don't need to follow those instructions.

```
[ERROR] 2024/09/11 11:57:08 You are not currently signed in. Please run `op signin --help` for instructions
```
 2024-09-11 12:02:53 +01:00
Donal McBreen
63d0b5ddfa Merge pull request #928 from basecamp/kamal-secrets-inline-aware 
Make the secrets commands inline aware
 2024-09-10 11:08:10 +01:00
Donal McBreen
06f4caa866 Make the secrets commands inline aware 
Rather than redirecting the global $stdout, which is not never clever in
a threaded program, we'll make the secrets commands aware they are
being inlined, so they return the value instead of printing it.

Additionally we no longer need to interrupt the parent process on error
as we've inlined the command - exit 1 is enough.
 2024-09-10 10:39:44 +01:00
Donal McBreen
5aa3d1aeb0 Merge pull request #927 from basecamp/revert-903-integration-test-insecure-registry 
Revert "Integration test insecure registry"
 2024-09-10 10:12:57 +01:00
Donal McBreen
a4d668cd39 Revert "Integration test insecure registry" 2024-09-10 10:02:10 +01:00
Donal McBreen
7156c80f34 Merge pull request #924 from basecamp/secrets 
Secrets
 2024-09-09 15:13:35 +01:00
Donal McBreen
aed2ef99d0 Use env files for secrets 
Add env files back in for secrets - hides them from process lists and
allows you to pick up the latest env file when running
`kamal app exec` without reusing.
 2024-09-09 14:43:12 +01:00
Donal McBreen
57cbf7cdb5 Inline dotenv kamal secrets calls 2024-09-06 16:56:54 +01:00
Donal McBreen
b99c044327 Update lib/kamal/cli/templates/secrets 
Co-authored-by: Sijawusz Pur Rahnama <sija@sija.pl>
 2024-09-06 13:25:39 +01:00
Donal McBreen
8ad6a0ed16 Add .kamal/secrets on kamal init 2024-09-06 11:54:12 +01:00
Donal McBreen
8b62e2694a Test non-ascii secret interpolation 2024-09-05 10:01:56 +01:00
Donal McBreen
be1df4356a fetch_from_vault -> fetch_secrets 2024-09-05 09:53:33 +01:00
Donal McBreen
8210e8e768 Drop redundant rescue 2024-09-05 09:53:18 +01:00
Donal McBreen
9b96ef2412 Shellescape command input 2024-09-05 08:37:50 +01:00
Donal McBreen
1522d94ac9 Pass secrets to pre/post deploy hooks 2024-09-04 16:24:10 +01:00
Donal McBreen
a68294c384 Remote test adapter from test_helper.rb 2024-09-04 12:57:25 +01:00
Donal McBreen
31a347c285 Move int parent comment 2024-09-04 12:52:30 +01:00
Donal McBreen
3d502ab12d Add test adapter and interpolate secrets in integration tests 2024-09-04 12:40:27 +01:00
Donal McBreen
5226d52f8a Interrupting parent on error 2024-09-04 12:14:47 +01:00
Donal McBreen
9deb8af4a0 Don't hide command 2024-09-04 09:32:45 +01:00
Donal McBreen
068aaa0bd0 Fix options 2024-09-04 09:32:45 +01:00
Donal McBreen
a726a86a17 Add lastpass, bitwarden adapters 2024-09-04 09:32:45 +01:00
Donal McBreen
b2e1a4d4c1 Secrets test 2024-09-04 09:32:45 +01:00
Donal McBreen
9ade79fc84 OnePassword, LastPass + Bitwarden adapters 2024-09-04 09:32:45 +01:00
Donal McBreen
79731da619 Single fetch command 2024-09-04 09:32:45 +01:00
Donal McBreen
0ae8046905 Add secret tests 2024-09-04 09:32:45 +01:00
Donal McBreen
d5ecca0fd4 Add tests 2024-09-04 09:32:45 +01:00
Donal McBreen
0c6a593554 Remove redundant test 2024-09-04 09:32:45 +01:00
Donal McBreen
3f37fea7c3 Configuration::Secrets -> Secrets 2024-09-04 09:32:45 +01:00
Donal McBreen
7daaabd4d4 One file, no destination env 2024-09-04 09:32:45 +01:00
Donal McBreen
fcdef5fa06 Set KAMAL_DESTINATION for dotenv parsing 2024-09-04 09:32:45 +01:00
Donal McBreen
5480b40ba3 Correct secret files order 2024-09-04 09:32:45 +01:00
Donal McBreen
1d0e81b00a Eager load only CLI for faster commands 2024-09-04 09:32:45 +01:00
Donal McBreen
5910249d02 Add secrets command + 1password integration 2024-09-04 09:32:45 +01:00
Donal McBreen
b464c4fd4a Include dotenv upgrade 2024-09-04 09:32:45 +01:00
Donal McBreen
56754fe40c Lazily load secrets whenever needed 2024-09-04 09:32:45 +01:00
Donal McBreen
6a06efc9d9 Strip out env loading, envify, env push 2024-09-04 09:32:45 +01:00
Donal McBreen
5c4c33e0a8 Replace .env* with .kamal/env* 
By default look for the env file in .kamal/env to avoid clashes with
other tools using .env.

For now we'll still load .env and issue a deprecation warning, but in
future we'll stop reading those.
 2024-09-04 09:32:45 +01:00
Donal McBreen
0b5506f6f2 Merge pull request #923 from basecamp/disable-local-builder 
Allow disabling of local builds
 2024-09-03 14:53:23 +01:00
Donal McBreen
a2549b1f60 Allow disabling of local builds 
To disable local builds set:
```
builder:
   local: false
   remote: ssh://docker@docker-builder
```
 2024-09-03 14:33:25 +01:00
Donal McBreen
9b9e60ec7f Merge pull request #921 from basecamp/remote-hybrid-builders-cleanup 
Build and clean remote builders correctly
 2024-09-02 15:24:28 +01:00
Donal McBreen
e557eea79c Build and clean remote builders correctly 
Check that the builder and context match what we expect, and if not
remove and re-create them.
 2024-09-02 15:12:19 +01:00
David Heinemeier Hansson
d7e785cd36 Merge pull request #920 from mblayman/env-docs-typos 
Fix typos in "Environment variables" docs.
 2024-09-01 14:22:15 -07:00
Matt Layman
5cda3086c4 Found a typo in the healthcheck docs. 2024-08-31 23:38:28 -04:00
Matt Layman
362f5d00f6 Fix typos in "Environment variables" docs. 2024-08-31 23:29:30 -04:00
Donal McBreen
6adf3c117f Merge pull request #905 from basecamp/simplify-builders-config 
Simplify builders config
 2024-08-29 09:28:51 +01:00
Donal McBreen
9f0b10425c Fix aliases tests 2024-08-29 09:16:07 +01:00
Donal McBreen
5f2384f123 Use docker info to get arch 2024-08-29 08:46:18 +01:00
Donal McBreen
eab7d3adc5 Keep buildx build, in case of old docker versions which don't default to buildkit 2024-08-29 08:45:51 +01:00
Donal McBreen
d2d0223c37 Require an arch to be set, and default to amd64 in the template 2024-08-29 08:45:51 +01:00
Donal McBreen
56268d724d Simplify the builders configuration 
1. Add driver as an option, defaulting to `docker-container`. For a
   "native" build you can set it to `docker`
2. Set arch as a array of architectures to build for, defaulting to
   `[ "amd64", "arm64" ]` unless you are using the docker driver in
   which case we default to not setting a platform
3. Remote is now just a connection string for the remote builder
4. If remote is set, we only use it for non-local arches, if we are
   only building for the local arch, we'll ignore it.

Examples:

On arm64, build for arm64 locally, amd64 remotely or
On amd64, build for amd64 locally, arm64 remotely:

```yaml
builder:
  remote: ssh://docker@docker-builder
```

On arm64, build amd64 on remote,
On amd64 build locally:

```yaml
builder:
  arch:
    - amd64
  remote:
    host: ssh://docker@docker-builder
```

Build amd64 on local:

```yaml
builder:
  arch:
    - amd64
```

Use docker driver, building for local arch:

```yaml
builder:
  driver: docker
```
 2024-08-29 08:45:48 +01:00
Donal McBreen
cffb6c3d7e Allow the driver to be set 2024-08-29 08:44:11 +01:00
Donal McBreen
bd1726f305 docker buildx build -> docker build 2024-08-29 08:44:11 +01:00
Donal McBreen
7ddb122a22 Get tests passing 2024-08-29 08:44:11 +01:00
Donal McBreen
98c951bbdb Simplfy choosing a builder 2024-08-29 08:44:11 +01:00
Donal McBreen
374c117b79 Validate multiarch configuration 
Remote and local are only allowed when multiarch is enabled.
Remote requires a host and arch, local only requires an arch.
 2024-08-29 08:44:11 +01:00
Donal McBreen
d6a5cf3c78 Rip out context_hosts checks 
The remote host is now encoded in the builder name so we don't need
to check it. We'll just do an inspect to confirm the builder exists.
 2024-08-29 08:44:11 +01:00
Donal McBreen
2aeabda455 Move multiarch remote builder to hybrid builder 
Include the host name in the builder name, so we can have one builder
per host/arch across all kamal projects.

Inherit from the remote builder. The difference in the hybrid builder
is that we create a local buildx instance and append the remote context
to it.
 2024-08-29 08:44:11 +01:00
Donal McBreen
c048c097ed Create a context for local builds 
This ensures we use the docker-container driver and not whatever the
local default is.
 2024-08-29 08:44:11 +01:00
Donal McBreen
ed148628fb Local build doesn't need a builder 2024-08-29 08:44:11 +01:00
Donal McBreen
d48080c772 Dump native builder 
We already ensure that buildx is installed, so let's always use it.
 2024-08-29 08:44:11 +01:00
Donal McBreen
3f64338929 Move native remote to just remote 
It's just a remote builder, that will build whichever platform is asked
for, so let's remove the "native" part.

We'll also remove the service name from the builder name, so multiple
services can share the same builder.
 2024-08-29 08:44:11 +01:00
Donal McBreen
0ab838bc25 Combine multiarch and native/cache builders 
Combine the two builders, as they are almost identical. The only
difference was whether the platforms were set.

The native cached builder wasn't using the context it created, so now
we do.

We'll set the driver to `docker-container` - it seems to be the default
but the Docker docs claim it is `docker`.
 2024-08-29 08:44:11 +01:00
Donal McBreen
b7382ceeaf Merge pull request #912 from basecamp/alias 
Add aliases to Kamal
 2024-08-29 08:43:35 +01:00
Donal McBreen
69367fbc6b Merge pull request #917 from basecamp/v2.0-alpha 
Switch the version on main to 2.0.0.alpha
 2024-08-29 08:43:19 +01:00
Donal McBreen
2515bd705c Switch the version on main to 2.0.0.alpha 
All development is now for the 2.0.0 release.
 2024-08-29 08:33:21 +01:00
Donal McBreen
579e169be2 Allow multiple arguments for exec commands 
If you can have an alias like:

```
aliases:
  rails: app exec -p rails
```

Then `kamal rails db:migrate:status` will execute
`kamal app exec -p rails db:migrate:status`.

So this works, we'll allow multiple arguments `app exec` and
`server exec` to accept multiple arguments.

The arguments are combined by simply joining them with a space. This
means that these are equivalent:

```
kamal app exec -p rails db:migrate:status
kamal app exec -p "rails db:migrate:status"
```

If you want to pass an argument with spaces, you'll need to quote it:

```
kamal app exec -p "git commit -am \"My comment\""
kamal app exec -p git commit -am "\"My comment\""
```
 2024-08-28 10:58:25 +01:00
Donal McBreen
b8af719bb7 Add aliases to Kamal 
Aliases are defined in the configuration file under the `aliases` key.

The configuration is a map of alias name to command. When we run the
command the we just do a literal replacement of the alias with the
string.

So if we have:

```yaml
aliases:
  console: app exec -r console -i --reuse "rails console"
```

Then running `kamal console -r workers` will run the command

```sh
$ kamal app exec -r console -i --reuse "rails console" -r workers
```

Because of the order Thor parses the arguments, this allows us to
override the role from the alias command.

There might be cases where we need to munge the command a bit more but
that would involve getting into Thor command parsing internals,
which are complicated and possibly subject to change.

There's a chance that your aliases could conflict with future built-in
commands, but there's not likely to be many of those and if it happens
you'll get a validation error when you upgrade.

Thanks to @dhnaranjo for the idea!
 2024-08-26 10:47:43 +01:00
160 changed files with 3404 additions and 1396 deletions
Expand all files Collapse all files

109
Gemfile.lock
View File

@@ -1,24 +1,24 @@
PATH
remote: .
specs:
kamal (1.8.2)
kamal (2.0.0.alpha)
activesupport (>= 7.0)
base64 (~> 0.2)
bcrypt_pbkdf (~> 1.0)
concurrent-ruby (~> 1.2)
dotenv (~> 2.8)
dotenv (~> 3.1)
ed25519 (~> 1.2)
net-ssh (~> 7.0)
sshkit (>= 1.23.0, < 2.0)
thor (~> 1.2)
thor (~> 1.3)
zeitwerk (~> 2.5)
GEM
remote: https://rubygems.org/
specs:
actionpack (7.1.2)
actionview (= 7.1.2)
activesupport (= 7.1.2)
actionpack (7.1.3.4)
actionview (= 7.1.3.4)
activesupport (= 7.1.3.4)
nokogiri (>= 1.8.5)
racc
rack (>= 2.2.4)
@@ -26,13 +26,13 @@ GEM
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
actionview (7.1.2)
activesupport (= 7.1.2)
actionview (7.1.3.4)
activesupport (= 7.1.3.4)
builder (~> 3.1)
erubi (~> 1.11)
rails-dom-testing (~> 2.2)
rails-html-sanitizer (~> 1.6)
activesupport (7.1.2)
activesupport (7.1.3.4)
base64
bigdecimal
concurrent-ruby (~> 1.0, >= 1.0.2)
@@ -44,54 +44,55 @@ GEM
tzinfo (~> 2.0)
ast (2.4.2)
base64 (0.2.0)
bcrypt_pbkdf (1.1.0)
bigdecimal (3.1.5)
builder (3.2.4)
concurrent-ruby (1.2.2)
bcrypt_pbkdf (1.1.1)
bcrypt_pbkdf (1.1.1-arm64-darwin)
bcrypt_pbkdf (1.1.1-x86_64-darwin)
bigdecimal (3.1.8)
builder (3.3.0)
concurrent-ruby (1.3.3)
connection_pool (2.4.1)
crass (1.0.6)
debug (1.9.1)
debug (1.9.2)
irb (~> 1.10)
reline (>= 0.3.8)
dotenv (2.8.1)
drb (2.2.0)
ruby2_keywords
dotenv (3.1.2)
drb (2.2.1)
ed25519 (1.3.0)
erubi (1.12.0)
i18n (1.14.1)
erubi (1.13.0)
i18n (1.14.5)
concurrent-ruby (~> 1.0)
io-console (0.7.1)
irb (1.11.0)
rdoc
reline (>= 0.3.8)
json (2.7.1)
io-console (0.7.2)
irb (1.14.0)
rdoc (>= 4.0.0)
reline (>= 0.4.2)
json (2.7.2)
language_server-protocol (3.17.0.3)
loofah (2.22.0)
crass (~> 1.0.2)
nokogiri (>= 1.12.0)
minitest (5.20.0)
mocha (2.1.0)
minitest (5.24.1)
mocha (2.4.5)
ruby2_keywords (>= 0.0.5)
mutex_m (0.2.0)
net-scp (4.0.0)
net-ssh (>= 2.6.5, < 8.0.0)
net-sftp (4.0.0)
net-ssh (>= 5.0.0, < 8.0.0)
net-ssh (7.2.1)
nokogiri (1.16.0-arm64-darwin)
net-ssh (7.2.3)
nokogiri (1.16.7-arm64-darwin)
racc (~> 1.4)
nokogiri (1.16.0-x86_64-darwin)
nokogiri (1.16.7-x86_64-darwin)
racc (~> 1.4)
nokogiri (1.16.0-x86_64-linux)
nokogiri (1.16.7-x86_64-linux)
racc (~> 1.4)
parallel (1.24.0)
parser (3.3.0.5)
parallel (1.25.1)
parser (3.3.4.0)
ast (~> 2.4.1)
racc
psych (5.1.2)
stringio
racc (1.7.3)
rack (3.0.8)
racc (1.8.1)
rack (3.1.7)
rack-session (2.0.0)
rack (>= 3.0.0)
rack-test (2.1.0)
@@ -106,42 +107,43 @@ GEM
rails-html-sanitizer (1.6.0)
loofah (~> 2.21)
nokogiri (~> 1.14)
railties (7.1.2)
actionpack (= 7.1.2)
activesupport (= 7.1.2)
railties (7.1.3.4)
actionpack (= 7.1.3.4)
activesupport (= 7.1.3.4)
irb
rackup (>= 1.0.0)
rake (>= 12.2)
thor (~> 1.0, >= 1.2.2)
zeitwerk (~> 2.6)
rainbow (3.1.1)
rake (13.1.0)
rdoc (6.6.2)
rake (13.2.1)
rdoc (6.7.0)
psych (>= 4.0.0)
regexp_parser (2.9.0)
reline (0.4.2)
regexp_parser (2.9.2)
reline (0.5.9)
io-console (~> 0.5)
rexml (3.2.6)
rubocop (1.62.1)
rexml (3.3.4)
strscan
rubocop (1.65.1)
json (~> 2.3)
language_server-protocol (>= 3.17.0)
parallel (~> 1.10)
parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
regexp_parser (>= 2.4, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.31.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
rubocop-ast (1.31.2)
parser (>= 3.3.0.4)
rubocop-minitest (0.35.0)
rubocop-ast (1.32.0)
parser (>= 3.3.1.0)
rubocop-minitest (0.35.1)
rubocop (>= 1.61, < 2.0)
rubocop-ast (>= 1.31.1, < 2.0)
rubocop-performance (1.20.2)
rubocop-performance (1.21.1)
rubocop (>= 1.48.1, < 2.0)
rubocop-ast (>= 1.30.0, < 2.0)
rubocop-rails (2.24.0)
rubocop-ast (>= 1.31.1, < 2.0)
rubocop-rails (2.25.1)
activesupport (>= 4.2.0)
rack (>= 1.1)
rubocop (>= 1.33.0, < 2.0)
@@ -158,13 +160,14 @@ GEM
net-scp (>= 1.1.2)
net-sftp (>= 2.1.2)
net-ssh (>= 2.8.0)
stringio (3.1.0)
thor (1.3.0)
stringio (3.1.1)
strscan (3.1.0)
thor (1.3.1)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
unicode-display_width (2.5.0)
webrick (1.8.1)
zeitwerk (2.6.12)
zeitwerk (2.6.17)
PLATFORMS
arm64-darwin

21
bin/docs
View File

@@ -17,12 +17,14 @@ end
DOCS = {
"accessory" => "Accessories",
"alias" => "Aliases",
"boot" => "Booting",
"builder" => "Builders",
"configuration" => "Configuration overview",
"env" => "Environment variables",
"healthcheck" => "Healthchecks",
"logging" => "Logging",
"proxy" => "Proxy (Experimental)",
"registry" => "Docker Registry",
"role" => "Roles",
"servers" => "Servers",
@@ -67,26 +69,27 @@ class DocWriter
output.puts
place = :new_section
elsif line =~ /^ *#/
generate_line(line, place: place)
generate_line(line, heading: place == :new_section)
place = :in_section
else
output.puts "```yaml"
output.print line
output.puts line
place = :in_yaml
end
when :in_yaml
when :in_yaml, :in_empty_line_yaml
if line =~ /^ *#/
output.puts "```"
generate_line(line, place: :new_section)
generate_line(line, heading: place == :in_empty_line_yaml)
place = :in_section
elsif line.empty?
place = :in_empty_line_yaml
else
output.puts
output.print line
output.puts line
end
end
end
output.puts "\n```" if place == :in_yaml
output.puts "```" if place == :in_yaml
end
def generate_header
@@ -98,7 +101,7 @@ class DocWriter
output.puts
end
def generate_line(line, place: :in_section)
def generate_line(line, heading: false)
line = line.gsub(/^ *#\s?/, "")
if line =~ /(.*)kamal docs ([a-z]*)(.*)/
@@ -109,7 +112,7 @@ class DocWriter
line = "#{$1}[#{titlify($2.split("/").last)}](#{$2})#{$3}"
end
if place == :new_section
if heading
output.puts "## [#{line}](##{linkify(line)})"
else
output.puts line

4
kamal.gemspec
View File

@@ -14,8 +14,8 @@ Gem::Specification.new do |spec|
spec.add_dependency "activesupport", ">= 7.0"
spec.add_dependency "sshkit", ">= 1.23.0", "< 2.0"
spec.add_dependency "net-ssh", "~> 7.0"
spec.add_dependency "thor", "~> 1.2"
spec.add_dependency "dotenv", "~> 2.8"
spec.add_dependency "thor", "~> 1.3"
spec.add_dependency "dotenv", "~> 3.1"
spec.add_dependency "zeitwerk", "~> 2.5"
spec.add_dependency "ed25519", "~> 1.2"
spec.add_dependency "bcrypt_pbkdf", "~> 1.0"

4
lib/kamal.rb
View File

@@ -5,8 +5,10 @@ end
require "active_support"
require "zeitwerk"
require "yaml"
require "tmpdir"
require "pathname"
loader = Zeitwerk::Loader.for_gem
loader.ignore(File.join(__dir__, "kamal", "sshkit_with_ext.rb"))
loader.setup
loader.eager_load # We need all commands loaded.
loader.eager_load_namespace(Kamal::Cli) # We need all commands loaded.

1
lib/kamal/cli.rb
View File

@@ -1,4 +1,5 @@
module Kamal::Cli
class BootError < StandardError; end
class HookError < StandardError; end
class LockError < StandardError; end
end

45
lib/kamal/cli/accessory.rb
View File

@@ -1,17 +1,20 @@
class Kamal::Cli::Accessory < Kamal::Cli::Base
desc "boot [NAME]", "Boot new accessory service on host (use NAME=all to boot all accessories)"
def boot(name, login: true)
def boot(name, prepare: true)
with_lock do
if name == "all"
KAMAL.accessory_names.each { |accessory_name| boot(accessory_name) }
else
prepare(name) if prepare
with_accessory(name) do |accessory, hosts|
directories(name)
upload(name)
on(hosts) do
execute *KAMAL.registry.login if login
execute *KAMAL.auditor.record("Booted #{name} accessory"), verbosity: :debug
execute *accessory.ensure_env_directory
upload! accessory.secrets_io, accessory.secrets_path, mode: "0600"
execute *accessory.run
end
end
@@ -55,15 +58,10 @@ class Kamal::Cli::Accessory < Kamal::Cli::Base
if name == "all"
KAMAL.accessory_names.each { |accessory_name| reboot(accessory_name) }
else
with_accessory(name) do |accessory, hosts|
on(hosts) do
execute *KAMAL.registry.login
end
stop(name)
remove_container(name)
boot(name, login: false)
end
prepare(name)
stop(name)
remove_container(name)
boot(name, prepare: false)
end
end
end
@@ -95,10 +93,8 @@ class Kamal::Cli::Accessory < Kamal::Cli::Base
desc "restart [NAME]", "Restart existing accessory container on host"
def restart(name)
with_lock do
with_accessory(name) do
stop(name)
start(name)
end
stop(name)
start(name)
end
end
@@ -249,11 +245,20 @@ class Kamal::Cli::Accessory < Kamal::Cli::Base
end
def remove_accessory(name)
with_accessory(name) do
stop(name)
remove_container(name)
remove_image(name)
remove_service_directory(name)
stop(name)
remove_container(name)
remove_image(name)
remove_service_directory(name)
end
def prepare(name)
with_accessory(name) do |accessory, hosts|
on(hosts) do
execute *KAMAL.registry.login
execute *KAMAL.docker.create_network
rescue SSHKit::Command::Failed => e
raise unless e.message.include?("already exists")
end
end
end
end

9
lib/kamal/cli/alias/command.rb Normal file
View File

@@ -0,0 +1,9 @@
class Kamal::Cli::Alias::Command < Thor::DynamicCommand
def run(instance, args = [])
if (_alias = KAMAL.config.aliases[name])
Kamal::Cli::Main.start(Shellwords.split(_alias.command) + ARGV[1..-1])
else
super
end
end
end

28
lib/kamal/cli/app.rb
View File

@@ -38,8 +38,17 @@ class Kamal::Cli::App < Kamal::Cli::Base
roles = KAMAL.roles_on(host)
roles.each do |role|
app = KAMAL.app(role: role, host: host)
execute *KAMAL.auditor.record("Started app version #{KAMAL.config.version}"), verbosity: :debug
execute *KAMAL.app(role: role, host: host).start, raise_on_non_zero_exit: false
execute *app.start, raise_on_non_zero_exit: false
if role.running_traefik? && KAMAL.proxy_host?(host)
version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
endpoint = capture_with_info(*app.container_id_for_version(version)).strip
raise Kamal::Cli::BootError, "Failed to get endpoint for #{role} on #{host}, did the container boot?" if endpoint.empty?
execute *KAMAL.proxy.deploy(role.container_prefix, target: endpoint)
end
end
end
end
@@ -52,8 +61,18 @@ class Kamal::Cli::App < Kamal::Cli::Base
roles = KAMAL.roles_on(host)
roles.each do |role|
app = KAMAL.app(role: role, host: host)
execute *KAMAL.auditor.record("Stopped app", role: role), verbosity: :debug
execute *KAMAL.app(role: role, host: host).stop, raise_on_non_zero_exit: false
if role.running_traefik? && KAMAL.proxy_host?(host)
version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
endpoint = capture_with_info(*app.container_id_for_version(version)).strip
if endpoint.present?
execute *KAMAL.proxy.remove(role.container_prefix, target: endpoint), raise_on_non_zero_exit: false
end
end
execute *app.stop, raise_on_non_zero_exit: false
end
end
end
@@ -71,11 +90,12 @@ class Kamal::Cli::App < Kamal::Cli::Base
end
end
desc "exec [CMD]", "Execute a custom command on servers within the app container (use --help to show options)"
desc "exec [CMD...]", "Execute a custom command on servers within the app container (use --help to show options)"
option :interactive, aliases: "-i", type: :boolean, default: false, desc: "Execute command over ssh for an interactive shell (use for console/bash)"
option :reuse, type: :boolean, default: false, desc: "Reuse currently running container instead of starting a new one"
option :env, aliases: "-e", type: :hash, desc: "Set environment variables for the command"
def exec(cmd)
def exec(*cmd)
cmd = Kamal::Utils.join_commands(cmd)
env = options[:env]
case
when options[:interactive] && options[:reuse]

38
lib/kamal/cli/app/boot.rb
View File

@@ -1,6 +1,6 @@
class Kamal::Cli::App::Boot
attr_reader :host, :role, :version, :barrier, :sshkit
delegate :execute, :capture_with_info, :capture_with_pretty_json, :info, :error, to: :sshkit
delegate :execute, :capture_with_info, :capture_with_pretty_json, :info, :error, :upload!, to: :sshkit
delegate :uses_cord?, :assets?, :running_traefik?, to: :role
def initialize(host, role, sshkit, version, barrier)
@@ -45,11 +45,25 @@ class Kamal::Cli::App::Boot
def start_new_version
audit "Booted app version #{version}"
execute *app.tie_cord(role.cord_host_file) if uses_cord?
hostname = "#{host.to_s[0...51].gsub(/\.+$/, '')}-#{SecureRandom.hex(6)}"
execute *app.run(hostname: hostname)
Kamal::Cli::Healthcheck::Poller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
execute *app.ensure_env_directory
upload! role.secrets_io(host), role.secrets_path, mode: "0600"
if proxy_host?
execute *app.run_for_proxy(hostname: hostname)
if running_traefik?
endpoint = capture_with_info(*app.container_id_for_version(version)).strip
raise Kamal::Cli::BootError, "Failed to get endpoint for #{role} on #{host}, did the container boot?" if endpoint.empty?
execute *KAMAL.proxy.deploy(role.container_prefix, target: endpoint)
else
Kamal::Cli::Healthcheck::Poller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
end
else
execute *app.tie_cord(role.cord_host_file) if uses_cord?
execute *app.run(hostname: hostname)
Kamal::Cli::Healthcheck::Poller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
end
end
def stop_new_version
@@ -57,7 +71,7 @@ class Kamal::Cli::App::Boot
end
def stop_old_version(version)
if uses_cord?
if uses_cord? && !proxy_host?
cord = capture_with_info(*app.cord(version: version), raise_on_non_zero_exit: false).strip
if cord.present?
execute *app.cut_cord(cord)
@@ -88,8 +102,12 @@ class Kamal::Cli::App::Boot
def close_barrier
if barrier.close
info "First #{KAMAL.primary_role} container is unhealthy on #{host}, not booting any other roles"
error capture_with_info(*app.logs(version: version))
error capture_with_info(*app.container_health_log(version: version))
begin
error capture_with_info(*app.logs(version: version))
error capture_with_info(*app.container_health_log(version: version))
rescue SSHKit::Command::Failed
error "Could not fetch logs for #{version}"
end
end
end
@@ -116,4 +134,8 @@ class Kamal::Cli::App::Boot
def queuer?
barrier && !barrier_role?
end
def proxy_host?
KAMAL.proxy_host?(host)
end
end

60
lib/kamal/cli/base.rb
View File

@@ -1,12 +1,12 @@
require "thor"
require "dotenv"
require "kamal/sshkit_with_ext"
module Kamal::Cli
class Base < Thor
include SSHKit::DSL
def self.exit_on_failure?() true end
def self.exit_on_failure?() false end
def self.dynamic_command_class() Kamal::Cli::Alias::Command end
class_option :verbose, type: :boolean, aliases: "-v", desc: "Detailed logging"
class_option :quiet, type: :boolean, aliases: "-q", desc: "Minimal logging"
@@ -22,55 +22,23 @@ module Kamal::Cli
class_option :skip_hooks, aliases: "-H", type: :boolean, default: false, desc: "Don't run hooks"
def initialize(*)
super
@original_env = ENV.to_h.dup
load_env
initialize_commander(options_with_subcommand_class_options)
def initialize(args = [], local_options = {}, config = {})
if config[:current_command].is_a?(Kamal::Cli::Alias::Command)
# When Thor generates a dynamic command, it doesn't attempt to parse the arguments.
# For our purposes, it means the arguments are passed in args rather than local_options.
super([], args, config)
else
super
end
initialize_commander unless KAMAL.configured?
end
private
def reload_env
reset_env
load_env
end
def load_env
if destination = options[:destination]
Dotenv.load(".env.#{destination}", ".env")
else
Dotenv.load(".env")
end
end
def reset_env
replace_env @original_env
end
def replace_env(env)
ENV.clear
ENV.update(env)
end
def with_original_env
keeping_current_env do
reset_env
yield
end
end
def keeping_current_env
current_env = ENV.to_h.dup
yield
ensure
replace_env(current_env)
end
def options_with_subcommand_class_options
options.merge(@_initializer.last[:class_options] || {})
end
def initialize_commander(options)
def initialize_commander
KAMAL.tap do |commander|
if options[:verbose]
ENV["VERBOSE"] = "1" # For backtraces via cli/start
@@ -105,8 +73,6 @@ module Kamal::Cli
if KAMAL.holding_lock?
yield
else
ensure_run_and_locks_directory
acquire_lock
begin
@@ -135,6 +101,8 @@ module Kamal::Cli
end
def acquire_lock
ensure_run_and_locks_directory
raise_if_locked do
say "Acquiring the deploy lock...", :magenta
on(KAMAL.primary_host) { execute *KAMAL.lock.acquire("Automatic deploy lock", KAMAL.config.version), verbosity: :debug }

25
lib/kamal/cli/build.rb
View File

@@ -30,29 +30,28 @@ class Kamal::Cli::Build < Kamal::Cli::Base
say "Building with uncommitted changes:\n #{uncommitted_changes}", :yellow
end
# Get the command here to ensure the Dir.chdir doesn't interfere with it
push = KAMAL.builder.push
run_locally do
begin
context_hosts = capture_with_info(*KAMAL.builder.context_hosts).split("\n")
if context_hosts != KAMAL.builder.config_context_hosts
warn "Context hosts have changed, so re-creating builder, was: #{context_hosts.join(", ")}], now: #{KAMAL.builder.config_context_hosts.join(", ")}"
cli.remove
cli.create
end
execute *KAMAL.builder.inspect_builder
rescue SSHKit::Command::Failed => e
if e.message =~ /(context not found|no builder|does not exist)/
if e.message =~ /(context not found|no builder|no compatible builder|does not exist)/
warn "Missing compatible builder, so creating a new one first"
begin
cli.remove
rescue SSHKit::Command::Failed
raise unless e.message =~ /(context not found|no builder|does not exist)/
end
cli.create
else
raise
end
end
# Get the command here to ensure the Dir.chdir doesn't interfere with it
push = KAMAL.builder.push
KAMAL.with_verbosity(:debug) do
Dir.chdir(KAMAL.config.builder.build_directory) { execute *push }
Dir.chdir(KAMAL.config.builder.build_directory) { execute *push, env: KAMAL.config.builder.secrets }
end
end
end
@@ -72,7 +71,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
desc "create", "Create a build setup"
def create
if (remote_host = KAMAL.config.builder.remote_host)
if (remote_host = KAMAL.config.builder.remote)
connect_to_remote_host(remote_host)
end

54
lib/kamal/cli/env.rb
View File

@@ -1,54 +0,0 @@
require "tempfile"
class Kamal::Cli::Env < Kamal::Cli::Base
desc "push", "Push the env file to the remote hosts"
def push
with_lock do
on(KAMAL.hosts) do
execute *KAMAL.auditor.record("Pushed env files"), verbosity: :debug
KAMAL.roles_on(host).each do |role|
execute *KAMAL.app(role: role, host: host).make_env_directory
upload! role.env(host).secrets_io, role.env(host).secrets_file, mode: 400
end
end
on(KAMAL.traefik_hosts) do
execute *KAMAL.traefik.make_env_directory
upload! KAMAL.traefik.env.secrets_io, KAMAL.traefik.env.secrets_file, mode: 400
end
on(KAMAL.accessory_hosts) do
KAMAL.accessories_on(host).each do |accessory|
accessory_config = KAMAL.config.accessory(accessory)
execute *KAMAL.accessory(accessory).make_env_directory
upload! accessory_config.env.secrets_io, accessory_config.env.secrets_file, mode: 400
end
end
end
end
desc "delete", "Delete the env file from the remote hosts"
def delete
with_lock do
on(KAMAL.hosts) do
execute *KAMAL.auditor.record("Deleted env files"), verbosity: :debug
KAMAL.roles_on(host).each do |role|
execute *KAMAL.app(role: role, host: host).remove_env_file
end
end
on(KAMAL.traefik_hosts) do
execute *KAMAL.traefik.remove_env_file
end
on(KAMAL.accessory_hosts) do
KAMAL.accessories_on(host).each do |accessory|
accessory_config = KAMAL.config.accessory(accessory)
execute *KAMAL.accessory(accessory).remove_env_file
end
end
end
end
end

2
lib/kamal/cli/healthcheck/barrier.rb
View File

@@ -1,3 +1,5 @@
require "concurrent/ivar"
class Kamal::Cli::Healthcheck::Barrier
def initialize
@ivar = Concurrent::IVar.new

5
lib/kamal/cli/lock.rb
View File

@@ -3,7 +3,6 @@ class Kamal::Cli::Lock < Kamal::Cli::Base
def status
handle_missing_lock do
on(KAMAL.primary_host) do
execute *KAMAL.server.ensure_run_directory
puts capture_with_debug(*KAMAL.lock.status)
end
end
@@ -13,9 +12,10 @@ class Kamal::Cli::Lock < Kamal::Cli::Base
option :message, aliases: "-m", type: :string, desc: "A lock message", required: true
def acquire
message = options[:message]
ensure_run_and_locks_directory
raise_if_locked do
on(KAMAL.primary_host) do
execute *KAMAL.server.ensure_run_directory
execute *KAMAL.lock.acquire(message, KAMAL.config.version), verbosity: :debug
end
say "Acquired the deploy lock"
@@ -26,7 +26,6 @@ class Kamal::Cli::Lock < Kamal::Cli::Base
def release
handle_missing_lock do
on(KAMAL.primary_host) do
execute *KAMAL.server.ensure_run_directory
execute *KAMAL.lock.release, verbosity: :debug
end
say "Released the deploy lock"

78
lib/kamal/cli/main.rb
View File

@@ -9,10 +9,6 @@ class Kamal::Cli::Main < Kamal::Cli::Base
say "Ensure Docker is installed...", :magenta
invoke "kamal:cli:server:bootstrap", [], invoke_options
say "Evaluate and push env files...", :magenta
invoke "kamal:cli:main:envify", [], invoke_options
invoke "kamal:cli:env:push", [], invoke_options
invoke "kamal:cli:accessory:boot", [ "all" ], invoke_options
deploy
end
@@ -37,10 +33,15 @@ class Kamal::Cli::Main < Kamal::Cli::Base
end
with_lock do
run_hook "pre-deploy"
run_hook "pre-deploy", secrets: true
say "Ensure Traefik is running...", :magenta
invoke "kamal:cli:traefik:boot", [], invoke_options
if KAMAL.config.proxy.enabled?
say "Ensure Traefik/kamal-proxy is running...", :magenta
invoke "kamal:cli:proxy:boot", [], invoke_options
else
say "Ensure Traefik is running...", :magenta
invoke "kamal:cli:traefik:boot", [], invoke_options
end
say "Detect stale containers...", :magenta
invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
@@ -52,7 +53,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
end
end
run_hook "post-deploy", runtime: runtime.round
run_hook "post-deploy", secrets: true, runtime: runtime.round
end
desc "redeploy", "Deploy app to servers without bootstrapping servers, starting Traefik, pruning, and registry login"
@@ -70,7 +71,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
end
with_lock do
run_hook "pre-deploy"
run_hook "pre-deploy", secrets: true
say "Detect stale containers...", :magenta
invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
@@ -79,7 +80,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
end
end
run_hook "post-deploy", runtime: runtime.round
run_hook "post-deploy", secrets: true, runtime: runtime.round
end
desc "rollback [VERSION]", "Rollback app to VERSION"
@@ -93,7 +94,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
old_version = nil
if container_available?(version)
run_hook "pre-deploy"
run_hook "pre-deploy", secrets: true
invoke "kamal:cli:app:boot", [], invoke_options.merge(version: version)
rolled_back = true
@@ -103,12 +104,16 @@ class Kamal::Cli::Main < Kamal::Cli::Base
end
end
run_hook "post-deploy", runtime: runtime.round if rolled_back
run_hook "post-deploy", secrets: true, runtime: runtime.round if rolled_back
end
desc "details", "Show details about all containers"
def details
invoke "kamal:cli:traefik:details"
if KAMAL.config.proxy.enabled?
invoke "kamal:cli:proxy:details"
else
invoke "kamal:cli:traefik:details"
end
invoke "kamal:cli:app:details"
invoke "kamal:cli:accessory:details", [ "all" ]
end
@@ -152,9 +157,10 @@ class Kamal::Cli::Main < Kamal::Cli::Base
puts "Created configuration file in config/deploy.yml"
end
unless (deploy_file = Pathname.new(File.expand_path(".env"))).exist?
FileUtils.cp_r Pathname.new(File.expand_path("templates/template.env", __dir__)), deploy_file
puts "Created .env file"
unless (secrets_file = Pathname.new(File.expand_path(".kamal/secrets"))).exist?
FileUtils.mkdir_p secrets_file.dirname
FileUtils.cp_r Pathname.new(File.expand_path("templates/secrets", __dir__)), secrets_file
puts "Created .kamal/secrets file"
end
unless (hooks_dir = Pathname.new(File.expand_path(".kamal/hooks"))).exist?
@@ -179,37 +185,16 @@ class Kamal::Cli::Main < Kamal::Cli::Base
end
end
desc "envify", "Create .env by evaluating .env.erb (or .env.staging.erb -> .env.staging when using -d staging)"
option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip .env file push"
def envify
if destination = options[:destination]
env_template_path = ".env.#{destination}.erb"
env_path = ".env.#{destination}"
else
env_template_path = ".env.erb"
env_path = ".env"
end
if Pathname.new(File.expand_path(env_template_path)).exist?
# Ensure existing env doesn't pollute template evaluation
content = with_original_env { ERB.new(File.read(env_template_path), trim_mode: "-").result }
File.write(env_path, content, perm: 0600)
unless options[:skip_push]
reload_env
invoke "kamal:cli:env:push", options
end
else
puts "Skipping envify (no #{env_template_path} exist)"
end
end
desc "remove", "Remove Traefik, app, accessories, and registry session from servers"
option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
def remove
confirming "This will remove all containers and images. Are you sure?" do
with_lock do
invoke "kamal:cli:traefik:remove", [], options.without(:confirmed)
if KAMAL.config.proxy.enabled?
invoke "kamal:cli:proxy:remove", [], options.without(:confirmed)
else
invoke "kamal:cli:traefik:remove", [], options.without(:confirmed)
end
invoke "kamal:cli:app:remove", [], options.without(:confirmed)
invoke "kamal:cli:accessory:remove", [ "all" ], options
invoke "kamal:cli:registry:logout", [], options.without(:confirmed).merge(skip_local: true)
@@ -231,18 +216,21 @@ class Kamal::Cli::Main < Kamal::Cli::Base
desc "build", "Build application image"
subcommand "build", Kamal::Cli::Build
desc "env", "Manage environment files"
subcommand "env", Kamal::Cli::Env
desc "lock", "Manage the deploy lock"
subcommand "lock", Kamal::Cli::Lock
desc "proxy", "Prune old application images and containers"
subcommand "proxy", Kamal::Cli::Proxy
desc "prune", "Prune old application images and containers"
subcommand "prune", Kamal::Cli::Prune
desc "registry", "Login and -out of the image registry"
subcommand "registry", Kamal::Cli::Registry
desc "secrets", "Helpers for extracting secrets"
subcommand "secrets", Kamal::Cli::Secrets
desc "server", "Bootstrap servers with curl and Docker"
subcommand "server", Kamal::Cli::Server

213
lib/kamal/cli/proxy.rb Normal file
View File

@@ -0,0 +1,213 @@
class Kamal::Cli::Proxy < Kamal::Cli::Base
desc "boot", "Boot proxy on servers"
def boot
raise_unless_kamal_proxy_enabled!
with_lock do
on(KAMAL.hosts) do |host|
execute *KAMAL.docker.create_network
rescue SSHKit::Command::Failed => e
raise unless e.message.include?("already exists")
end
on(KAMAL.traefik_hosts) do |host|
execute *KAMAL.registry.login
if KAMAL.proxy_host?(host)
execute *KAMAL.proxy.start_or_run
else
execute *KAMAL.traefik.ensure_env_directory
upload! KAMAL.traefik.secrets_io, KAMAL.traefik.secrets_path, mode: "0600"
execute *KAMAL.traefik.start_or_run
end
end
end
end
desc "reboot", "Reboot proxy on servers (stop container, remove container, start new container)"
option :rolling, type: :boolean, default: false, desc: "Reboot proxy on hosts in sequence, rather than in parallel"
option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
def reboot
raise_unless_kamal_proxy_enabled!
confirming "This will cause a brief outage on each host. Are you sure?" do
with_lock do
host_groups = options[:rolling] ? KAMAL.traefik_hosts : [ KAMAL.traefik_hosts ]
host_groups.each do |hosts|
host_list = Array(hosts).join(",")
run_hook "pre-traefik-reboot", hosts: host_list
on(hosts) do |host|
execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
execute *KAMAL.registry.login
"Stopping and removing Traefik on #{host}, if running..."
execute *KAMAL.traefik.stop, raise_on_non_zero_exit: false
execute *KAMAL.traefik.remove_container
"Stopping and removing kamal-proxy on #{host}, if running..."
execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
execute *KAMAL.proxy.remove_container
execute *KAMAL.traefik_or_proxy(host).run
if KAMAL.proxy_host?(host)
KAMAL.roles_on(host).select(&:running_traefik?).each do |role|
app = KAMAL.app(role: role, host: host)
version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
endpoint = capture_with_info(*app.container_id_for_version(version)).strip
if endpoint.present?
info "Deploying #{endpoint} for role `#{role}` on #{host}..."
execute *KAMAL.proxy.deploy(role.container_prefix, target: endpoint)
end
end
end
end
run_hook "post-traefik-reboot", hosts: host_list
end
end
end
end
desc "upgrade", "Upgrade to correct proxy on servers (stop container, remove container, start new container)"
option :rolling, type: :boolean, default: false, desc: "Reboot proxy on hosts in sequence, rather than in parallel"
option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
def upgrade
invoke_options = { "version" => KAMAL.config.version }.merge(options)
raise_unless_kamal_proxy_enabled!
confirming "This will cause a brief outage on each host. Are you sure?" do
host_groups = options[:rolling] ? KAMAL.hosts : [ KAMAL.hosts ]
host_groups.each do |hosts|
host_list = Array(hosts).join(",")
run_hook "pre-traefik-reboot", hosts: host_list
on(hosts) do |host|
execute *KAMAL.auditor.record("Rebooted proxy"), verbosity: :debug
execute *KAMAL.registry.login
"Stopping and removing Traefik on #{host}, if running..."
execute *KAMAL.traefik.stop, raise_on_non_zero_exit: false
execute *KAMAL.traefik.remove_container
"Stopping and removing kamal-proxy on #{host}, if running..."
execute *KAMAL.proxy.stop, raise_on_non_zero_exit: false
execute *KAMAL.proxy.remove_container
end
invoke "kamal:cli:proxy:boot", [], invoke_options.merge("hosts" => host_list)
reset_invocation(Kamal::Cli::Proxy)
invoke "kamal:cli:app:boot", [], invoke_options.merge("hosts" => host_list, version: KAMAL.config.latest_tag)
reset_invocation(Kamal::Cli::App)
invoke "kamal:cli:prune:all", [], invoke_options.merge("hosts" => host_list)
reset_invocation(Kamal::Cli::Prune)
run_hook "post-traefik-reboot", hosts: host_list
end
end
end
desc "start", "Start existing proxy container on servers"
def start
raise_unless_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do |host|
execute *KAMAL.auditor.record("Started proxy"), verbosity: :debug
execute *KAMAL.traefik_or_proxy(host).start
end
end
end
desc "stop", "Stop existing proxy container on servers"
def stop
raise_unless_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do |host|
execute *KAMAL.auditor.record("Stopped proxy"), verbosity: :debug
execute *KAMAL.traefik_or_proxy(host).stop, raise_on_non_zero_exit: false
end
end
end
desc "restart", "Restart existing proxy container on servers"
def restart
raise_unless_kamal_proxy_enabled!
with_lock do
stop
start
end
end
desc "details", "Show details about proxy container from servers"
def details
raise_unless_kamal_proxy_enabled!
on(KAMAL.traefik_hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.traefik_or_proxy(host).info), type: "Proxy" }
end
desc "logs", "Show log lines from proxy on servers"
option :since, aliases: "-s", desc: "Show logs since timestamp (e.g. 2013-01-02T13:23:37Z) or relative (e.g. 42m for 42 minutes)"
option :lines, type: :numeric, aliases: "-n", desc: "Number of log lines to pull from each server"
option :grep, aliases: "-g", desc: "Show lines with grep match only (use this to fetch specific requests by id)"
option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
def logs
raise_unless_kamal_proxy_enabled!
grep = options[:grep]
if options[:follow]
run_locally do
info "Following logs on #{KAMAL.primary_host}..."
info KAMAL.traefik_or_proxy(KAMAL.primary_host).follow_logs(host: KAMAL.primary_host, grep: grep)
exec KAMAL.traefik_or_proxy(KAMAL.primary_host).follow_logs(host: KAMAL.primary_host, grep: grep)
end
else
since = options[:since]
lines = options[:lines].presence || ((since || grep) ? nil : 100) # Default to 100 lines if since or grep isn't set
on(KAMAL.traefik_hosts) do |host|
puts_by_host host, capture(*KAMAL.traefik_or_proxy(host).logs(since: since, lines: lines, grep: grep)), type: "Proxy"
end
end
end
desc "remove", "Remove proxy container and image from servers"
def remove
raise_unless_kamal_proxy_enabled!
with_lock do
stop
remove_container
remove_image
end
end
desc "remove_container", "Remove proxy container from servers", hide: true
def remove_container
raise_unless_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do
execute *KAMAL.auditor.record("Removed proxy container"), verbosity: :debug
execute *KAMAL.proxy.remove_container
execute *KAMAL.traefik.remove_container
end
end
end
desc "remove_image", "Remove proxy image from servers", hide: true
def remove_image
raise_unless_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do
execute *KAMAL.auditor.record("Removed proxy image"), verbosity: :debug
execute *KAMAL.proxy.remove_image
execute *KAMAL.traefik.remove_image
end
end
end
private
def raise_unless_kamal_proxy_enabled!
unless KAMAL.config.proxy.enabled?
raise "kamal proxy commands are disabled unless experimental proxy support is enabled. Use `kamal traefik` commands instead."
end
end
def reset_invocation(cli_class)
instance_variable_get("@_invocations")[cli_class].pop
end
end

47
lib/kamal/cli/secrets.rb Normal file
View File

@@ -0,0 +1,47 @@
class Kamal::Cli::Secrets < Kamal::Cli::Base
desc "fetch [SECRETS...]", "Fetch secrets from a vault"
option :adapter, type: :string, aliases: "-a", required: true, desc: "Which vault adapter to use"
option :account, type: :string, required: true, desc: "The account identifier or username"
option :from, type: :string, required: false, desc: "A vault or folder to fetch the secrets from"
option :inline, type: :boolean, required: false, hidden: true
def fetch(*secrets)
handle_output(inline: options[:inline]) do
results = adapter(options[:adapter]).fetch(secrets, **options.slice(:account, :from).symbolize_keys)
JSON.dump(results).shellescape
end
end
desc "extract", "Extract a single secret from the results of a fetch call"
option :inline, type: :boolean, required: false, hidden: true
def extract(name, secrets)
handle_output(inline: options[:inline]) do
parsed_secrets = JSON.parse(secrets)
value = parsed_secrets[name] || parsed_secrets.find { |k, v| k.end_with?("/#{name}") }&.last
raise "Could not find secret #{name}" if value.nil?
value
end
end
private
def adapter(adapter)
Kamal::Secrets::Adapters.lookup(adapter)
end
def handle_output(inline: nil)
yield.tap do |output|
puts output unless inline
end
rescue => e
handle_error(e)
end
def handle_error(e)
$stderr.puts " \e[31mERROR (#{e.class}): #{e.message}\e[0m"
$stderr.puts e.backtrace if ENV["VERBOSE"]
exit 1
end
end

3
lib/kamal/cli/server.rb
View File

@@ -1,7 +1,8 @@
class Kamal::Cli::Server < Kamal::Cli::Base
desc "exec", "Run a custom command on the server (use --help to show options)"
option :interactive, type: :boolean, aliases: "-i", default: false, desc: "Run the command interactively (use for console/bash)"
def exec(cmd)
def exec(*cmd)
cmd = Kamal::Utils.join_commands(cmd)
hosts = KAMAL.hosts | KAMAL.accessory_hosts
case

14
lib/kamal/cli/templates/deploy.yml
View File

@@ -18,6 +18,10 @@ registry:
password:
- KAMAL_REGISTRY_PASSWORD
# Configure builder setup.
builder:
arch: amd64
# Inject ENV variables into containers (secrets come from .env).
# Remember to run `kamal env push` after making changes!
# env:
@@ -30,16 +34,6 @@ registry:
# ssh:
# user: app
# Configure builder setup.
# builder:
# args:
# RUBY_VERSION: 3.2.0
# secrets:
# - GITHUB_TOKEN
# remote:
# arch: amd64
# host: ssh://app@192.168.0.1
# Use accessory services (secrets come from .env).
# accessories:
# db:

16
lib/kamal/cli/templates/secrets Normal file
View File

@@ -0,0 +1,16 @@
# WARNING: Avoid adding secrets directly to this file
# If you must, then add `.kamal/secrets*` to your .gitignore file
# Option 1: Read secrets from the environment
KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
# Option 2: Read secrets via a command
# RAILS_MASTER_KEY=$(cat config/master.key)
# Option 3: Read secrets via kamal secrets helpers
# These will handle logging in and fetching the secrets in as few calls as possible
# There are adapters for 1Password, LastPass + Bitwarden
#
# SECRETS=$(kamal secrets fetch --adapter 1password --account my-account --from MyVault/MyItem KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY)
# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD $SECRETS)
# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY $SECRETS)

2
lib/kamal/cli/templates/template.env
View File

@@ -1,2 +0,0 @@
KAMAL_REGISTRY_PASSWORD=change-this
RAILS_MASTER_KEY=another-env

19
lib/kamal/cli/traefik.rb
View File

@@ -1,9 +1,12 @@
class Kamal::Cli::Traefik < Kamal::Cli::Base
desc "boot", "Boot Traefik on servers"
def boot
raise_if_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do
execute *KAMAL.registry.login
execute *KAMAL.traefik.ensure_env_directory
upload! KAMAL.traefik.secrets_io, KAMAL.traefik.secrets_path, mode: "0600"
execute *KAMAL.traefik.start_or_run
end
end
@@ -13,6 +16,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
option :rolling, type: :boolean, default: false, desc: "Reboot traefik on hosts in sequence, rather than in parallel"
option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
def reboot
raise_if_kamal_proxy_enabled!
confirming "This will cause a brief outage on each host. Are you sure?" do
with_lock do
host_groups = options[:rolling] ? KAMAL.traefik_hosts : [ KAMAL.traefik_hosts ]
@@ -34,6 +38,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
desc "start", "Start existing Traefik container on servers"
def start
raise_if_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do
execute *KAMAL.auditor.record("Started traefik"), verbosity: :debug
@@ -44,6 +49,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
desc "stop", "Stop existing Traefik container on servers"
def stop
raise_if_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do
execute *KAMAL.auditor.record("Stopped traefik"), verbosity: :debug
@@ -54,6 +60,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
desc "restart", "Restart existing Traefik container on servers"
def restart
raise_if_kamal_proxy_enabled!
with_lock do
stop
start
@@ -62,6 +69,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
desc "details", "Show details about Traefik container from servers"
def details
raise_if_kamal_proxy_enabled!
on(KAMAL.traefik_hosts) { |host| puts_by_host host, capture_with_info(*KAMAL.traefik.info), type: "Traefik" }
end
@@ -72,6 +80,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
option :grep_options, aliases: "-o", desc: "Additional options supplied to grep"
option :follow, aliases: "-f", desc: "Follow logs on primary server (or specific host set by --hosts)"
def logs
raise_if_kamal_proxy_enabled!
grep = options[:grep]
grep_options = options[:grep_options]
@@ -93,6 +102,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
desc "remove", "Remove Traefik container and image from servers"
def remove
raise_if_kamal_proxy_enabled!
with_lock do
stop
remove_container
@@ -102,6 +112,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
desc "remove_container", "Remove Traefik container from servers", hide: true
def remove_container
raise_if_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do
execute *KAMAL.auditor.record("Removed traefik container"), verbosity: :debug
@@ -112,6 +123,7 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
desc "remove_image", "Remove Traefik image from servers", hide: true
def remove_image
raise_if_kamal_proxy_enabled!
with_lock do
on(KAMAL.traefik_hosts) do
execute *KAMAL.auditor.record("Removed traefik image"), verbosity: :debug
@@ -119,4 +131,11 @@ class Kamal::Cli::Traefik < Kamal::Cli::Base
end
end
end
private
def raise_if_kamal_proxy_enabled!
if KAMAL.config.proxy.enabled?
raise "kamal traefik commands are disabled when experimental proxy support is enabled. Use `kamal proxy` commands instead."
end
end
end

25
lib/kamal/commander.rb
View File

@@ -1,9 +1,10 @@
require "active_support/core_ext/enumerable"
require "active_support/core_ext/module/delegation"
require "active_support/core_ext/object/blank"
class Kamal::Commander
attr_accessor :verbosity, :holding_lock, :connected
delegate :hosts, :roles, :primary_host, :primary_role, :roles_on, :traefik_hosts, :accessory_hosts, to: :specifics
delegate :hosts, :roles, :primary_host, :primary_role, :roles_on, :traefik_hosts, :proxy_hosts, :proxy_host?, :accessory_hosts, to: :specifics
def initialize
self.verbosity = :info
@@ -23,11 +24,19 @@ class Kamal::Commander
@config, @config_kwargs = nil, kwargs
end
def configured?
@config || @config_kwargs
end
attr_reader :specific_roles, :specific_hosts
def specific_primary!
@specifics = nil
self.specific_hosts = [ config.primary_host ]
if specific_roles.present?
self.specific_hosts = [ specific_roles.first.primary_host ]
else
self.specific_hosts = [ config.primary_host ]
end
end
def specific_roles=(role_names)
@@ -97,6 +106,10 @@ class Kamal::Commander
@lock ||= Kamal::Commands::Lock.new(config)
end
def proxy
@proxy ||= Kamal::Commands::Proxy.new(config)
end
def prune
@prune ||= Kamal::Commands::Prune.new(config)
end
@@ -113,6 +126,14 @@ class Kamal::Commander
@traefik ||= Kamal::Commands::Traefik.new(config)
end
def alias(name)
config.aliases[name]
end
def traefik_or_proxy(host)
proxy_host?(host) ? proxy : traefik
end
def with_verbosity(level)
old_level = self.verbosity

9
lib/kamal/commander/specifics.rb
View File

@@ -22,6 +22,15 @@ class Kamal::Commander::Specifics
config.traefik_hosts & specified_hosts
end
def proxy_hosts
config.proxy_hosts
end
def proxy_host?(host)
host = host.hostname if host.is_a?(SSHKit::Host)
proxy_hosts.include?(host)
end
def accessory_hosts
specific_hosts || config.accessories.flat_map(&:hosts)
end

14
lib/kamal/commands/accessory.rb
View File

@@ -1,7 +1,9 @@
class Kamal::Commands::Accessory < Kamal::Commands::Base
attr_reader :accessory_config
delegate :service_name, :image, :hosts, :port, :files, :directories, :cmd,
:publish_args, :env_args, :volume_args, :label_args, :option_args, to: :accessory_config
:publish_args, :env_args, :volume_args, :label_args, :option_args,
:secrets_io, :secrets_path, :env_directory,
to: :accessory_config
def initialize(config, name:)
super(config)
@@ -13,6 +15,7 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
"--name", service_name,
"--detach",
"--restart", "unless-stopped",
"--network", "kamal",
*config.logging_args,
*publish_args,
*env_args,
@@ -61,6 +64,7 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
docker :run,
("-it" if interactive),
"--rm",
"--network", "kamal",
*env_args,
*volume_args,
image,
@@ -98,12 +102,8 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
docker :image, :rm, "--force", image
end
def make_env_directory
make_directory accessory_config.env.secrets_directory
end
def remove_env_file
[ :rm, "-f", accessory_config.env.secrets_file ]
def ensure_env_directory
make_directory env_directory
end
private

35
lib/kamal/commands/app.rb
View File

@@ -5,6 +5,8 @@ class Kamal::Commands::App < Kamal::Commands::Base
attr_reader :role, :host
delegate :container_name, to: :role
def initialize(config, role: nil, host: nil)
super(config)
@role = role
@@ -30,6 +32,25 @@ class Kamal::Commands::App < Kamal::Commands::Base
role.cmd
end
def run_for_proxy(hostname: nil)
docker :run,
"--detach",
"--restart unless-stopped",
"--name", container_name,
"--network", "kamal",
*([ "--hostname", hostname ] if hostname),
"-e", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
"-e", "KAMAL_VERSION=\"#{config.version}\"",
*role.env_args(host),
*role.logging_args,
*config.volume_args,
*role.asset_volume_args,
*role.label_args_for_proxy,
*role.option_args,
config.absolute_image,
role.cmd
end
def start
docker :start, container_name
end
@@ -69,21 +90,11 @@ class Kamal::Commands::App < Kamal::Commands::Base
extract_version_from_name
end
def make_env_directory
make_directory role.env(host).secrets_directory
def ensure_env_directory
make_directory role.env_directory
end
def remove_env_file
[ :rm, "-f", role.env(host).secrets_file ]
end
private
def container_name(version = nil)
[ role.container_prefix, version || config.version ].compact.join("-")
end
def latest_image_id
docker :image, :ls, *argumentize("--filter", "reference=#{config.latest_image}"), "--format", "'{{.ID}}'"
end

9
lib/kamal/commands/auditor.rb
View File

@@ -8,9 +8,12 @@ class Kamal::Commands::Auditor < Kamal::Commands::Base
# Runs remotely
def record(line, **details)
append \
[ :echo, audit_tags(**details).except(:version, :service_version, :service).to_s, line ],
audit_log_file
combine \
[ :mkdir, "-p", config.run_directory ],
append(
[ :echo, audit_tags(**details).except(:version, :service_version, :service).to_s, line ],
audit_log_file
)
end
def reveal

8
lib/kamal/commands/base.rb
View File

@@ -37,6 +37,10 @@ module Kamal::Commands
[ :rm, "-r", path ]
end
def remove_file(path)
[ :rm, path ]
end
private
def combine(*commands, by: "&&")
commands
@@ -81,6 +85,10 @@ module Kamal::Commands
[ :git, *([ "-C", path ] if path), *args.compact ]
end
def grep(*args)
args.compact.unshift :grep
end
def tags(**details)
Kamal::Tags.from_config(config, **details)
end

42
lib/kamal/commands/builder.rb
View File

@@ -1,8 +1,8 @@
require "active_support/core_ext/string/filters"
class Kamal::Commands::Builder < Kamal::Commands::Base
delegate :create, :remove, :push, :clean, :pull, :info, :context_hosts, :config_context_hosts, :validate_image,
:first_mirror, to: :target
delegate :create, :remove, :push, :clean, :pull, :info, :inspect_builder, :validate_image, :first_mirror, to: :target
delegate :local?, :remote?, to: "config.builder"
include Clone
@@ -11,43 +11,27 @@ class Kamal::Commands::Builder < Kamal::Commands::Base
end
def target
if config.builder.multiarch?
if config.builder.remote?
if config.builder.local?
multiarch_remote
else
native_remote
end
if remote?
if local?
hybrid
else
multiarch
remote
end
else
if config.builder.cached?
native_cached
else
native
end
local
end
end
def native
@native ||= Kamal::Commands::Builder::Native.new(config)
def remote
@remote ||= Kamal::Commands::Builder::Remote.new(config)
end
def native_cached
@native ||= Kamal::Commands::Builder::Native::Cached.new(config)
def local
@local ||= Kamal::Commands::Builder::Local.new(config)
end
def native_remote
@native ||= Kamal::Commands::Builder::Native::Remote.new(config)
end
def multiarch
@multiarch ||= Kamal::Commands::Builder::Multiarch.new(config)
end
def multiarch_remote
@multiarch_remote ||= Kamal::Commands::Builder::Multiarch::Remote.new(config)
def hybrid
@hybrid ||= Kamal::Commands::Builder::Hybrid.new(config)
end

39
lib/kamal/commands/builder/base.rb
View File

@@ -1,20 +1,41 @@
class Kamal::Commands::Builder::Base < Kamal::Commands::Base
class BuilderError < StandardError; end
ENDPOINT_DOCKER_HOST_INSPECT = "'{{.Endpoints.docker.Host}}'"
delegate :argumentize, to: Kamal::Utils
delegate :args, :secrets, :dockerfile, :target, :local_arch, :local_host, :remote_arch, :remote_host, :cache_from, :cache_to, :ssh, to: :builder_config
delegate \
:args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
:cache_from, :cache_to, :ssh, :driver, :docker_driver?,
to: :builder_config
def clean
docker :image, :rm, "--force", config.absolute_image
end
def push
docker :buildx, :build,
"--push",
*platform_options(arches),
*([ "--builder", builder_name ] unless docker_driver?),
*build_options,
build_context
end
def pull
docker :pull, config.absolute_image
end
def info
combine \
docker(:context, :ls),
docker(:buildx, :ls)
end
def inspect_builder
docker :buildx, :inspect, builder_name unless docker_driver?
end
def build_options
[ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh ]
end
@@ -32,14 +53,6 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
)
end
def context_hosts
:true
end
def config_context_hosts
[]
end
def first_mirror
docker(:info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
end
@@ -65,7 +78,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
end
def build_secrets
argumentize "--secret", secrets.collect { |secret| [ "id", secret ] }
argumentize "--secret", secrets.keys.collect { |secret| [ "id", secret ] }
end
def build_dockerfile
@@ -88,7 +101,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
config.builder
end
def context_host(builder_name)
docker :context, :inspect, builder_name, "--format", ENDPOINT_DOCKER_HOST_INSPECT
def platform_options(arches)
argumentize "--platform", arches.map { |arch| "linux/#{arch}" }.join(",") if arches.any?
end
end

21
lib/kamal/commands/builder/hybrid.rb Normal file
View File

@@ -0,0 +1,21 @@
class Kamal::Commands::Builder::Hybrid < Kamal::Commands::Builder::Remote
def create
combine \
create_local_buildx,
create_remote_context,
append_remote_buildx
end
private
def builder_name
"kamal-hybrid-#{driver}-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
end
def create_local_buildx
docker :buildx, :create, *platform_options(local_arches), "--name", builder_name, "--driver=#{driver}"
end
def append_remote_buildx
docker :buildx, :create, *platform_options(remote_arches), "--append", "--name", builder_name, remote_context_name
end
end

14
lib/kamal/commands/builder/local.rb Normal file
View File

@@ -0,0 +1,14 @@
class Kamal::Commands::Builder::Local < Kamal::Commands::Builder::Base
def create
docker :buildx, :create, "--name", builder_name, "--driver=#{driver}" unless docker_driver?
end
def remove
docker :buildx, :rm, builder_name unless docker_driver?
end
private
def builder_name
"kamal-local-#{driver}"
end
end

41
lib/kamal/commands/builder/multiarch.rb
View File

@@ -1,41 +0,0 @@
class Kamal::Commands::Builder::Multiarch < Kamal::Commands::Builder::Base
def create
docker :buildx, :create, "--use", "--name", builder_name
end
def remove
docker :buildx, :rm, builder_name
end
def info
combine \
docker(:context, :ls),
docker(:buildx, :ls)
end
def push
docker :buildx, :build,
"--push",
"--platform", platform_names,
"--builder", builder_name,
*build_options,
build_context
end
def context_hosts
docker :buildx, :inspect, builder_name, "> /dev/null"
end
private
def builder_name
"kamal-#{config.service}-multiarch"
end
def platform_names
if local_arch
"linux/#{local_arch}"
else
"linux/amd64,linux/arm64"
end
end
end

61
lib/kamal/commands/builder/multiarch/remote.rb
View File

@@ -1,61 +0,0 @@
class Kamal::Commands::Builder::Multiarch::Remote < Kamal::Commands::Builder::Multiarch
def create
combine \
create_contexts,
create_local_buildx,
append_remote_buildx
end
def remove
combine \
remove_contexts,
super
end
def context_hosts
chain \
context_host(builder_name_with_arch(local_arch)),
context_host(builder_name_with_arch(remote_arch))
end
def config_context_hosts
[ local_host, remote_host ].compact
end
private
def builder_name
super + "-remote"
end
def builder_name_with_arch(arch)
"#{builder_name}-#{arch}"
end
def create_local_buildx
docker :buildx, :create, "--name", builder_name, builder_name_with_arch(local_arch), "--platform", "linux/#{local_arch}"
end
def append_remote_buildx
docker :buildx, :create, "--append", "--name", builder_name, builder_name_with_arch(remote_arch), "--platform", "linux/#{remote_arch}"
end
def create_contexts
combine \
create_context(local_arch, local_host),
create_context(remote_arch, remote_host)
end
def create_context(arch, host)
docker :context, :create, builder_name_with_arch(arch), "--description", "'#{builder_name} #{arch} native host'", "--docker", "'host=#{host}'"
end
def remove_contexts
combine \
remove_context(local_arch),
remove_context(remote_arch)
end
def remove_context(arch)
docker :context, :rm, builder_name_with_arch(arch)
end
end

20
lib/kamal/commands/builder/native.rb
View File

@@ -1,20 +0,0 @@
class Kamal::Commands::Builder::Native < Kamal::Commands::Builder::Base
def create
# No-op on native without cache
end
def remove
# No-op on native without cache
end
def info
# No-op on native
end
def push
combine \
docker(:build, *build_options, build_context),
docker(:push, config.absolute_image),
docker(:push, config.latest_image)
end
end

25
lib/kamal/commands/builder/native/cached.rb
View File

@@ -1,25 +0,0 @@
class Kamal::Commands::Builder::Native::Cached < Kamal::Commands::Builder::Native
def create
docker :buildx, :create, "--name", builder_name, "--use", "--driver=docker-container"
end
def remove
docker :buildx, :rm, builder_name
end
def push
docker :buildx, :build,
"--push",
*build_options,
build_context
end
def context_hosts
docker :buildx, :inspect, builder_name, "> /dev/null"
end
private
def builder_name
"kamal-#{config.service}-native-cached"
end
end

67
lib/kamal/commands/builder/native/remote.rb
View File

@@ -1,67 +0,0 @@
class Kamal::Commands::Builder::Native::Remote < Kamal::Commands::Builder::Native
def create
chain \
create_context,
create_buildx
end
def remove
chain \
remove_context,
remove_buildx
end
def info
chain \
docker(:context, :ls),
docker(:buildx, :ls)
end
def push
docker :buildx, :build,
"--push",
"--platform", platform,
"--builder", builder_name,
*build_options,
build_context
end
def context_hosts
context_host(builder_name_with_arch)
end
def config_context_hosts
[ remote_host ]
end
private
def builder_name
"kamal-#{config.service}-native-remote"
end
def builder_name_with_arch
"#{builder_name}-#{remote_arch}"
end
def platform
"linux/#{remote_arch}"
end
def create_context
docker :context, :create,
builder_name_with_arch, "--description", "'#{builder_name} #{remote_arch} native host'", "--docker", "'host=#{remote_host}'"
end
def remove_context
docker :context, :rm, builder_name_with_arch
end
def create_buildx
docker :buildx, :create, "--name", builder_name, builder_name_with_arch, "--platform", platform
end
def remove_buildx
docker :buildx, :rm, builder_name
end
end

63
lib/kamal/commands/builder/remote.rb Normal file
View File

@@ -0,0 +1,63 @@
class Kamal::Commands::Builder::Remote < Kamal::Commands::Builder::Base
def create
chain \
create_remote_context,
create_buildx
end
def remove
chain \
remove_remote_context,
remove_buildx
end
def info
chain \
docker(:context, :ls),
docker(:buildx, :ls)
end
def inspect_builder
combine \
combine inspect_buildx, inspect_remote_context,
[ "(echo no compatible builder && exit 1)" ],
by: "||"
end
private
def builder_name
"kamal-remote-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
end
def remote_context_name
"#{builder_name}-context"
end
def inspect_buildx
pipe \
docker(:buildx, :inspect, builder_name),
grep("-q", "Endpoint:.*#{remote_context_name}")
end
def inspect_remote_context
pipe \
docker(:context, :inspect, remote_context_name, "--format", ENDPOINT_DOCKER_HOST_INSPECT),
grep("-xq", remote)
end
def create_remote_context
docker :context, :create, remote_context_name, "--description", "'#{builder_name} host'", "--docker", "'host=#{remote}'"
end
def remove_remote_context
docker :context, :rm, remote_context_name
end
def create_buildx
docker :buildx, :create, "--name", builder_name, remote_context_name
end
def remove_buildx
docker :buildx, :rm, builder_name
end
end

4
lib/kamal/commands/docker.rb
View File

@@ -19,6 +19,10 @@ class Kamal::Commands::Docker < Kamal::Commands::Base
[ '[ "${EUID:-$(id -u)}" -eq 0 ] || command -v sudo >/dev/null || command -v su >/dev/null' ]
end
def create_network
docker :network, :create, :kamal
end
private
def get_docker
shell \

7
lib/kamal/commands/hook.rb
View File

@@ -1,6 +1,9 @@
class Kamal::Commands::Hook < Kamal::Commands::Base
def run(hook, **details)
[ hook_file(hook), env: tags(**details).env ]
def run(hook, secrets: false, **details)
env = tags(**details).env
env.merge!(config.secrets.to_h) if secrets
[ hook_file(hook), env: env ]
end
def hook_exists?(hook)

69
lib/kamal/commands/proxy.rb Normal file
View File

@@ -0,0 +1,69 @@
class Kamal::Commands::Proxy < Kamal::Commands::Base
delegate :argumentize, :optionize, to: Kamal::Utils
delegate :container_name, :app_port, to: :proxy_config
attr_reader :proxy_config
def initialize(config)
super
@proxy_config = config.proxy
end
def run
docker :run,
"--name", container_name,
"--network", "kamal",
"--detach",
"--restart", "unless-stopped",
*proxy_config.publish_args,
"--volume", "/var/run/docker.sock:/var/run/docker.sock",
"--volume", "#{proxy_config.config_directory_as_docker_volume}:/root/.config/kamal-proxy",
*config.logging_args,
proxy_config.image
end
def start
docker :container, :start, container_name
end
def stop(name: container_name)
docker :container, :stop, name
end
def start_or_run
combine start, run, by: "||"
end
def deploy(service, target:)
docker :exec, container_name, "kamal-proxy", :deploy, service, *optionize({ target: "#{target}:#{app_port}" }), *proxy_config.deploy_command_args
end
def remove(service, target:)
docker :exec, container_name, "kamal-proxy", :remove, service, *optionize({ target: "#{target}:#{app_port}" })
end
def info
docker :ps, "--filter", "name=^#{container_name}$"
end
def logs(since: nil, lines: nil, grep: nil, grep_options: nil)
pipe \
docker(:logs, container_name, (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
("grep '#{grep}'#{" #{grep_options}" if grep_options}" if grep)
end
def follow_logs(host:, grep: nil, grep_options: nil)
run_over_ssh pipe(
docker(:logs, container_name, "--timestamps", "--tail", "10", "--follow", "2>&1"),
(%(grep "#{grep}"#{" #{grep_options}" if grep_options}) if grep)
).join(" "), host: host
end
def remove_container
docker :container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=kamal-proxy"
end
def remove_image
docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=kamal-proxy"
end
end

2
lib/kamal/commands/prune.rb
View File

@@ -9,7 +9,7 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
def tagged_images
pipe \
docker(:image, :ls, *service_filter, "--format", "'{{.ID}} {{.Repository}}:{{.Tag}}'"),
"grep -v -w \"#{active_image_list}\"",
grep("-v -w \"#{active_image_list}\""),
"while read image tag; do docker rmi $tag; done"
end

14
lib/kamal/commands/traefik.rb
View File

@@ -1,6 +1,6 @@
class Kamal::Commands::Traefik < Kamal::Commands::Base
delegate :argumentize, :optionize, to: Kamal::Utils
delegate :port, :publish?, :labels, :env, :image, :options, :args, to: :"config.traefik"
delegate :port, :publish?, :labels, :env, :image, :options, :args, :env_args, :secrets_io, :env_directory, :secrets_path, to: :"config.traefik"
def run
docker :run, "--name traefik",
@@ -54,12 +54,8 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
end
def make_env_directory
make_directory(env.secrets_directory)
end
def remove_env_file
[ :rm, "-f", env.secrets_file ]
def ensure_env_directory
make_directory env_directory
end
private
@@ -71,10 +67,6 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
argumentize "--label", labels
end
def env_args
env.args
end
def docker_options_args
optionize(options)
end

27
lib/kamal/configuration.rb
View File

@@ -2,7 +2,6 @@ require "active_support/ordered_options"
require "active_support/core_ext/string/inquiry"
require "active_support/core_ext/module/delegation"
require "active_support/core_ext/hash/keys"
require "pathname"
require "erb"
require "net/ssh/proxy/jump"
@@ -11,7 +10,7 @@ class Kamal::Configuration
delegate :argumentize, :optionize, to: Kamal::Utils
attr_reader :destination, :raw_config
attr_reader :accessories, :boot, :builder, :env, :healthcheck, :logging, :traefik, :servers, :ssh, :sshkit, :registry
attr_reader :accessories, :aliases, :boot, :builder, :env, :healthcheck, :logging, :proxy, :traefik, :servers, :ssh, :sshkit, :registry
include Validation
@@ -54,12 +53,14 @@ class Kamal::Configuration
@registry = Registry.new(config: self)
@accessories = @raw_config.accessories&.keys&.collect { |name| Accessory.new(name, config: self) } || []
@aliases = @raw_config.aliases&.keys&.to_h { |name| [ name, Alias.new(name, config: self) ] } || {}
@boot = Boot.new(config: self)
@builder = Builder.new(config: self)
@env = Env.new(config: @raw_config.env || {})
@env = Env.new(config: @raw_config.env || {}, secrets: secrets)
@healthcheck = Healthcheck.new(healthcheck_config: @raw_config.healthcheck)
@logging = Logging.new(logging_config: @raw_config.logging)
@proxy = Proxy.new(config: self)
@traefik = Traefik.new(config: self)
@ssh = Ssh.new(config: self)
@sshkit = Sshkit.new(config: self)
@@ -141,6 +142,10 @@ class Kamal::Configuration
traefik_roles.flat_map(&:hosts).uniq
end
def proxy_hosts
proxy.hosts
end
def repository
[ registry.server, image ].compact.join("/")
end
@@ -197,15 +202,11 @@ class Kamal::Configuration
def run_directory
raw_config.run_directory || ".kamal"
".kamal"
end
def run_directory_as_docker_volume
if Pathname.new(run_directory).absolute?
run_directory
else
File.join "$(pwd)", run_directory
end
File.join "$(pwd)", run_directory
end
def hooks_path
@@ -217,13 +218,13 @@ class Kamal::Configuration
end
def host_env_directory
def env_directory
File.join(run_directory, "env")
end
def env_tags
@env_tags ||= if (tags = raw_config.env["tags"])
tags.collect { |name, config| Env::Tag.new(name, config: config) }
tags.collect { |name, config| Env::Tag.new(name, config: config, secrets: secrets) }
else
[]
end
@@ -253,6 +254,10 @@ class Kamal::Configuration
}.compact
end
def secrets
@secrets ||= Kamal::Secrets.new(destination: destination)
end
private
# Will raise ArgumentError if any required config keys are missing
def ensure_destination_if_required

16
lib/kamal/configuration/accessory.rb
View File

@@ -16,7 +16,7 @@ class Kamal::Configuration::Accessory
@env = Kamal::Configuration::Env.new \
config: accessory_config.fetch("env", {}),
secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env"),
secrets: config.secrets,
context: "accessories/#{name}/env"
end
@@ -51,7 +51,19 @@ class Kamal::Configuration::Accessory
end
def env_args
env.args
[ *env.clear_args, *argumentize("--env-file", secrets_path) ]
end
def env_directory
File.join(config.env_directory, "accessories")
end
def secrets_io
env.secrets_io
end
def secrets_path
File.join(config.env_directory, "accessories", "#{service_name}.env")
end
def files

15
lib/kamal/configuration/alias.rb Normal file
View File

@@ -0,0 +1,15 @@
class Kamal::Configuration::Alias
include Kamal::Configuration::Validation
attr_reader :name, :command
def initialize(name, config:)
@name, @command = name.inquiry, config.raw_config["aliases"][name]
validate! \
command,
example: validation_yml["aliases"]["uname"],
context: "aliases/#{name}",
with: Kamal::Configuration::Validator::Alias
end
end

70
lib/kamal/configuration/builder.rb
View File

@@ -19,16 +19,38 @@ class Kamal::Configuration::Builder
builder_config
end
def multiarch?
builder_config["multiarch"] != false
def remote
builder_config["remote"]
end
def local?
!!builder_config["local"]
def arches
Array(builder_config.fetch("arch", default_arch))
end
def local_arches
@local_arches ||= if local_disabled?
[]
elsif remote
arches & [ Kamal::Utils.docker_arch ]
else
arches
end
end
def remote_arches
@remote_arches ||= if remote
arches - local_arches
else
[]
end
end
def remote?
!!builder_config["remote"]
remote_arches.any?
end
def local?
!local_disabled? && (arches.empty? || local_arches.any?)
end
def cached?
@@ -40,7 +62,7 @@ class Kamal::Configuration::Builder
end
def secrets
builder_config["secrets"] || []
(builder_config["secrets"] || []).to_h { |key| [ key, config.secrets[key] ] }
end
def dockerfile
@@ -55,20 +77,12 @@ class Kamal::Configuration::Builder
builder_config["context"] || "."
end
def local_arch
builder_config["local"]["arch"] if local?
def driver
builder_config.fetch("driver", "docker-container")
end
def local_host
builder_config["local"]["host"] if local?
end
def remote_arch
builder_config["remote"]["arch"] if remote?
end
def remote_host
builder_config["remote"]["host"] if remote?
def local_disabled?
builder_config["local"] == false
end
def cache_from
@@ -114,7 +128,23 @@ class Kamal::Configuration::Builder
end
end
def docker_driver?
driver == "docker"
end
private
def valid?
if docker_driver?
raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support remote builders" if remote
raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support caching" if cached?
raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support multiple arches" if arches.many?
end
if @options["cache"] && @options["cache"]["type"]
raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
end
end
def cache_image
builder_config["cache"]&.fetch("image", nil) || "#{image}-build-cache"
end
@@ -150,4 +180,8 @@ class Kamal::Configuration::Builder
def pwd_sha
Digest::SHA256.hexdigest(Dir.pwd)[0..12]
end
def default_arch
docker_driver? ? [] : [ "amd64", "arm64" ]
end
end

26
lib/kamal/configuration/docs/alias.yml Normal file
View File

@@ -0,0 +1,26 @@
# Aliases
#
# Aliases are shortcuts for Kamal commands.
#
# For example, for a Rails app, you might open a console with:
#
# ```shell
# kamal app exec -i -r console "rails console"
# ```
#
# By defining an alias, like this:
aliases:
console: app exec -r console -i "rails console"
# You can now open the console with:
# ```shell
# kamal console
# ```
# Configuring aliases
#
# Aliases are defined in the root config under the alias key
#
# Each alias is named and can only contain lowercase letters, numbers, dashes and underscores.
aliases:
uname: app exec -p -q -r web "uname -a"

44
lib/kamal/configuration/docs/builder.yml
View File

@@ -1,10 +1,10 @@
# Builder
#
# The builder configuration controls how the application is built with `docker build` or `docker buildx build`
# The builder configuration controls how the application is built with `docker build`
#
# If no configuration is specified, Kamal will:
# 1. Create a buildx context called `kamal-<service>-multiarch`
# 2. Use `docker buildx build` to build a multiarch image for linux/amd64,linux/arm64 with that context
# 1. Create a buildx context called `kamal-local-docker-container`, using the docker-container driver
# 2. Use `docker build` to build a multiarch image for linux/amd64,linux/arm64 with that context
#
# See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information
@@ -12,36 +12,34 @@
#
# Options go under the builder key in the root configuration.
builder:
# Driver
#
# The build driver to use, defaults to `docker-container`
driver: docker
# Multiarch
# Arch
#
# Enables multiarch builds, defaults to `true`
multiarch: false
# Local configuration
#
# The build configuration for local builds, only used if multiarch is enabled (the default)
#
# If there is no remote configuration, by default we build for amd64 and arm64.
# If you only want to build for one architecture, you can specify it here.
# The docker socket is optional and uses the default docker host socket when not specified
local:
arch: amd64
host: /var/run/docker.sock
# The architectures to build for, defaults to `[ amd64, arm64 ]`
# Unless you are using the docker driver, when it defaults to the local architecture
# You can set an array or just a single value
arch:
- amd64
# Remote configuration
#
# The build configuration for remote builds, also only used if multiarch is enabled.
# The arch is required and can be either amd64 or arm64.
remote:
arch: arm64
host: ssh://docker@docker-builder
# If you have a remote builder, you can configure it here
remote: ssh://docker@docker-builder
# Whether to allow local builds
#
# Defaults to true
local: true
# Builder cache
#
# The type must be either 'gha' or 'registry'
#
# The image is only used for registry cache
# The image is only used for registry cache. Not compatible with the docker driver
cache:
type: registry
options: mode=max

12
lib/kamal/configuration/docs/configuration.yml
View File

@@ -143,6 +143,12 @@ accessories:
traefik:
...
# Proxy
#
# **Experimental** Configuration for kamal-proxy the replacement for Traefik, see kamal docs proxy
proxy:
...
# SSHKit
#
# See kamal docs sshkit
@@ -166,3 +172,9 @@ healthcheck:
# Docker logging configuration, see kamal docs logging
logging:
...
# Aliases
#
# Alias configuration, see kamal docs alias
aliases:
...

6
lib/kamal/configuration/docs/env.yml
View File

@@ -1,7 +1,7 @@
# Environment variables
#
# Environment variables can be set directory in the Kamal configuration or
# for loaded from a .env file, for secrets that should not be checked into Git.
# Environment variables can be set directly in the Kamal configuration or
# loaded from a .env file, for secrets that should not be checked into Git.
# Reading environment variables from the configuration
#
@@ -24,14 +24,12 @@ env:
# KAMAL_REGISTRY_PASSWORD=pw
# DB_PASSWORD=secret123
# ```
# See https://kamal-deploy.org/docs/commands/envify/ for how to use generated .env files.
#
# To pass the secrets you should list them under the `secret` key. When you do this the
# other variables need to be moved under the `clear` key.
#
# Unlike clear values, secrets are not passed directly to the container,
# but are stored in an env file on the host
# The file is not updated when deploying, only when running `kamal envify` or `kamal env push`.
env:
clear:
DB_USER: app

2
lib/kamal/configuration/docs/healthcheck.yml
View File

@@ -3,7 +3,7 @@
# On roles that are running Traefik, Kamal will supply a default healthcheck to `docker run`.
# For other roles, by default no healthcheck is supplied.
#
# If no healthcheck is supplied and the image does not define one, they we wait for the container
# If no healthcheck is supplied and the image does not define one, then we wait for the container
# to reach a running state and then pause for the readiness delay.
#
# The default healthcheck is `curl -f http://localhost:<port>/<path>`, so it assumes that `curl`

127
lib/kamal/configuration/docs/proxy.yml Normal file
View File

@@ -0,0 +1,127 @@
# Proxy
#
# **Experimental** [kamal-proxy](http://github.com/basecamp/kamal-proxy) is a
# custom built specifically for Kamal. It will replace Traefik in Kamal v2.0,
# but currently is available as an experimental feature.
#
# When this is enabled, the proxy will be started on the hosts listed under the hosts key.
# In addition, the kamal traefik command will be disabled and replaced by kamal proxy.
#
# The kamal proxy command works identically to kamal traefik on hosts that have not
# been included. It will also handle switching between Traefik and kamal-proxy when you
# run kamal proxy reboot.
# Limitations
#
# Currently the proxy will run on ports 80 and 443 and will bind to those
# ports on the host.
#
# There is no way to set custom options for `docker run` when booting the proxy.
#
# If you have custom Traefik configuration via labels or boot arguments they may
# not have an equivalent in kamal-proxy.
# Proxy settings
#
# The proxy is configured in the root configuration under `traefik`. These are
# options that are set when deploying the application, not when booting the proxy
#
# They are application specific, so are not shared when multiple applications
# with the same proxy.
proxy:
# Enabled
#
# Whether to enable experimental proxy support. Defaults to false
enabled: true
# Hosts
#
# The hosts to run the proxy on, instead of Traefik
# This is a temporary setting and will be removed when we full switch to kamal-proxy
#
# If you run `kamal traefik reboot`, then the proxy will be started on these hosts
# in place of traefik.
hosts:
- 10.0.0.1
- 10.0.0.2
# Host
#
# This is the host that will be used to serve the app. By setting this you can run
# multiple apps on the same server sharing the same instance of the proxy.
#
# If this is set only requests that match this host will be forwarded by the proxy.
# if this is not set, then all requests will be forwarded, except for matching
# requests for other apps that do have a host set.
host: foo.example.com
# App port
#
# The port the application container is exposed on
# Defaults to 80
app_port: 3000
# SSL
#
# Kamal Proxy can automatically obtain and renew TLS certificates for your applications.
# To ensure this set, the ssl flag. This only works if we are deploying to one server and
# the host flag is set.
ssl: true
# Deploy timeout
#
# How long to wait for the app to boot when deploying, defaults to 30 seconds
deploy_timeout: 10s
# Response timeout
#
# How long to wait for requests to complete before timing out, defaults to 30 seconds
response_timeout: 10
# Healthcheck
#
# When deploying, the proxy will by default hit /up once every second until we hit
# the deploy timeout, with a 5 second timeout for each request.
#
# Once the app is up, the proxy will stop hitting the healthcheck endpoint.
healthcheck:
interval: 3
path: /health
timeout: 3
# Buffering
#
# Whether to buffer request and response bodies in the proxy
#
# By default buffering is enabled with a max request body size of 1GB and no limit
# for response size.
#
# You can also set the memory limit for buffering, which defaults to 1MB, anything
# larger than that is written to disk.
buffering:
requests: true
responses: true
max_request_body: 40_000_000
max_response_body: 0
memory: 2_000_000
# Logging
#
# Configure request logging for the proxy
# You can specify request and response headers to log.
# By default, Cache-Control and Last-Modified request headers are logged
logging:
request_headers:
- Cache-Control
- X-Forwarded-Proto
response_headers:
- X-Request-ID
- X-Request-Start
# Forward headers
#
# Whether to forward the X-Forwarded-For and X-Forwarded-Proto headers (defaults to false)
#
# If you are behind a trusted proxy, you can set this to true to forward the headers.
forward_headers: true

27
lib/kamal/configuration/env.rb
View File

@@ -1,36 +1,29 @@
class Kamal::Configuration::Env
include Kamal::Configuration::Validation
attr_reader :secrets_keys, :clear, :secrets_file, :context
attr_reader :context, :secrets
attr_reader :clear, :secret_keys
delegate :argumentize, to: Kamal::Utils
def initialize(config:, secrets_file: nil, context: "env")
def initialize(config:, secrets:, context: "env")
@clear = config.fetch("clear", config.key?("secret") || config.key?("tags") ? {} : config)
@secrets_keys = config.fetch("secret", [])
@secrets_file = secrets_file
@secrets = secrets
@secret_keys = config.fetch("secret", [])
@context = context
validate! config, context: context, with: Kamal::Configuration::Validator::Env
end
def args
[ "--env-file", secrets_file, *argumentize("--env", clear) ]
def clear_args
argumentize("--env", clear)
end
def secrets_io
StringIO.new(Kamal::EnvFile.new(secrets).to_s)
end
def secrets
@secrets ||= secrets_keys.to_h { |key| [ key, ENV.fetch(key) ] }
end
def secrets_directory
File.dirname(secrets_file)
Kamal::EnvFile.new(secret_keys.to_h { |key| [ key, secrets[key] ] }).to_io
end
def merge(other)
self.class.new \
config: { "clear" => clear.merge(other.clear), "secret" => secrets_keys | other.secrets_keys },
secrets_file: secrets_file || other.secrets_file
config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys },
secrets: secrets
end
end

7
lib/kamal/configuration/env/tag.rb vendored
View File

@@ -1,12 +1,13 @@
class Kamal::Configuration::Env::Tag
attr_reader :name, :config
attr_reader :name, :config, :secrets
def initialize(name, config:)
def initialize(name, config:, secrets:)
@name = name
@config = config
@secrets = secrets
end
def env
Kamal::Configuration::Env.new(config: config)
Kamal::Configuration::Env.new(config: config, secrets: secrets)
end
end

80
lib/kamal/configuration/proxy.rb Normal file
View File

@@ -0,0 +1,80 @@
class Kamal::Configuration::Proxy
include Kamal::Configuration::Validation
DEFAULT_HTTP_PORT = 80
DEFAULT_HTTPS_PORT = 443
DEFAULT_IMAGE = "basecamp/kamal-proxy:latest"
DEFAULT_LOG_REQUEST_HEADERS = [ "Cache-Control", "Last-Modified" ]
delegate :argumentize, :optionize, to: Kamal::Utils
def initialize(config:)
@config = config
@proxy_config = config.raw_config.proxy || {}
validate! proxy_config, with: Kamal::Configuration::Validator::Proxy
end
def enabled?
!!proxy_config.fetch("enabled", false)
end
def hosts
if enabled?
proxy_config.fetch("hosts", [])
else
[]
end
end
def app_port
proxy_config.fetch("app_port", 80)
end
def image
proxy_config.fetch("image", DEFAULT_IMAGE)
end
def container_name
"kamal-proxy"
end
def publish_args
argumentize "--publish", [ "#{DEFAULT_HTTP_PORT}:#{DEFAULT_HTTP_PORT}", "#{DEFAULT_HTTPS_PORT}:#{DEFAULT_HTTPS_PORT}" ]
end
def ssl?
proxy_config.fetch("ssl", false)
end
def deploy_options
{
host: proxy_config["host"],
tls: proxy_config["ssl"],
"deploy-timeout": proxy_config["deploy_timeout"],
"drain-timeout": proxy_config["drain_timeout"],
"health-check-interval": proxy_config.dig("health_check", "interval"),
"health-check-timeout": proxy_config.dig("health_check", "timeout"),
"health-check-path": proxy_config.dig("health_check", "path"),
"target-timeout": proxy_config["response_timeout"],
"buffer-requests": proxy_config.fetch("buffering", { "requests": true }).fetch("requests", true),
"buffer-responses": proxy_config.fetch("buffering", { "responses": true }).fetch("responses", true),
"buffer-memory": proxy_config.dig("buffering", "memory"),
"max-request-body": proxy_config.dig("buffering", "max_request_body"),
"max-response-body": proxy_config.dig("buffering", "max_response_body"),
"forward-headers": proxy_config.dig("forward_headers"),
"log-request-header": proxy_config.dig("logging", "request_headers") || DEFAULT_LOG_REQUEST_HEADERS,
"log-response-header": proxy_config.dig("logging", "response_headers")
}.compact
end
def deploy_command_args
optionize deploy_options
end
def config_directory_as_docker_volume
File.join config.run_directory_as_docker_volume, "proxy", "config"
end
private
attr_reader :config, :proxy_config
end

5
lib/kamal/configuration/registry.rb
View File

@@ -1,10 +1,11 @@
class Kamal::Configuration::Registry
include Kamal::Configuration::Validation
attr_reader :registry_config
attr_reader :registry_config, :secrets
def initialize(config:)
@registry_config = config.raw_config.registry || {}
@secrets = config.secrets
validate! registry_config, with: Kamal::Configuration::Validator::Registry
end
@@ -23,7 +24,7 @@ class Kamal::Configuration::Registry
private
def lookup(key)
if registry_config[key].is_a?(Array)
ENV.fetch(registry_config[key].first).dup
secrets[registry_config[key].first]
else
registry_config[key]
end

24
lib/kamal/configuration/role.rb
View File

@@ -18,7 +18,7 @@ class Kamal::Configuration::Role
@specialized_env = Kamal::Configuration::Env.new \
config: specializations.fetch("env", {}),
secrets_file: File.join(config.host_env_directory, "roles", "#{container_prefix}.env"),
secrets: config.secrets,
context: "servers/#{name}/env"
@specialized_logging = Kamal::Configuration::Logging.new \
@@ -58,10 +58,18 @@ class Kamal::Configuration::Role
default_labels.merge(traefik_labels).merge(custom_labels)
end
def labels_for_proxy
default_labels.merge(custom_labels)
end
def label_args
argumentize "--label", labels
end
def label_args_for_proxy
argumentize "--label", labels_for_proxy
end
def logging_args
logging.args
end
@@ -77,7 +85,19 @@ class Kamal::Configuration::Role
end
def env_args(host)
env(host).args
[ *env(host).clear_args, *argumentize("--env-file", secrets_path) ]
end
def env_directory
File.join(config.env_directory, "roles")
end
def secrets_io(host)
env(host).secrets_io
end
def secrets_path
File.join(config.env_directory, "roles", "#{container_prefix}.env")
end
def asset_volume_args

20
lib/kamal/configuration/traefik.rb
View File

@@ -1,4 +1,6 @@
class Kamal::Configuration::Traefik
delegate :argumentize, to: Kamal::Utils
DEFAULT_IMAGE = "traefik:v2.10"
CONTAINER_PORT = 80
DEFAULT_ARGS = {
@@ -34,7 +36,7 @@ class Kamal::Configuration::Traefik
def env
Kamal::Configuration::Env.new \
config: traefik_config.fetch("env", {}),
secrets_file: File.join(config.host_env_directory, "traefik", "traefik.env"),
secrets: config.secrets,
context: "traefik/env"
end
@@ -57,4 +59,20 @@ class Kamal::Configuration::Traefik
def image
traefik_config.fetch("image", DEFAULT_IMAGE)
end
def env_args
[ *env.clear_args, *argumentize("--env-file", secrets_path) ]
end
def env_directory
File.join(config.env_directory, "traefik")
end
def secrets_io
env.secrets_io
end
def secrets_path
File.join(config.env_directory, "traefik", "traefik.env")
end
end

58
lib/kamal/configuration/validator.rb
View File

@@ -13,32 +13,38 @@ class Kamal::Configuration::Validator
private
def validate_against_example!(validation_config, example)
validate_type! validation_config, Hash
validate_type! validation_config, example.class
check_unknown_keys! validation_config, example
if example.class == Hash
check_unknown_keys! validation_config, example
validation_config.each do |key, value|
next if extension?(key)
with_context(key) do
example_value = example[key]
validation_config.each do |key, value|
next if extension?(key)
with_context(key) do
example_value = example[key]
if example_value == "..."
validate_type! value, *(Array if key == :servers), Hash
elsif key == "hosts"
validate_servers! value
elsif example_value.is_a?(Array)
validate_array_of! value, example_value.first.class
elsif example_value.is_a?(Hash)
case key.to_s
when "options", "args"
validate_type! value, Hash
when "labels"
validate_hash_of! value, example_value.first[1].class
if example_value == "..."
validate_type! value, *(Array if key == :servers), Hash
elsif key == "hosts"
validate_servers! value
elsif example_value.is_a?(Array)
if key == "arch"
validate_array_of_or_type! value, example_value.first.class
else
validate_array_of! value, example_value.first.class
end
elsif example_value.is_a?(Hash)
case key.to_s
when "options", "args"
validate_type! value, Hash
when "labels"
validate_hash_of! value, example_value.first[1].class
else
validate_against_example! value, example_value
end
else
validate_against_example! value, example_value
validate_type! value, example_value.class
end
else
validate_type! value, example_value.class
end
end
end
@@ -69,6 +75,16 @@ class Kamal::Configuration::Validator
value.is_a?(String) || value.is_a?(Symbol) || value.is_a?(Numeric) || value.is_a?(TrueClass) || value.is_a?(FalseClass)
end
def validate_array_of_or_type!(value, type)
if value.is_a?(Array)
validate_array_of! value, type
else
validate_type! value, type
end
rescue Kamal::ConfigurationError
type_error(Array, type)
end
def validate_array_of!(array, type)
validate_type! array, Array

15
lib/kamal/configuration/validator/alias.rb Normal file
View File

@@ -0,0 +1,15 @@
class Kamal::Configuration::Validator::Alias < Kamal::Configuration::Validator
def validate!
super
name = context.delete_prefix("aliases/")
if name !~ /\A[a-z0-9_-]+\z/
error "Invalid alias name: '#{name}'. Must only contain lowercase letters, alphanumeric, hyphens and underscores."
end
if Kamal::Cli::Main.commands.include?(name)
error "Alias '#{name}' conflicts with a built-in command."
end
end
end

4
lib/kamal/configuration/validator/builder.rb
View File

@@ -5,5 +5,9 @@ class Kamal::Configuration::Validator::Builder < Kamal::Configuration::Validator
if config["cache"] && config["cache"]["type"]
error "Invalid cache type: #{config["cache"]["type"]}" unless [ "gha", "registry" ].include?(config["cache"]["type"])
end
error "Builder arch not set" unless config["arch"].present?
error "Cannot disable local builds, no remote is set" if config["local"] == false && config["remote"].blank?
end
end

9
lib/kamal/configuration/validator/proxy.rb Normal file
View File

@@ -0,0 +1,9 @@
class Kamal::Configuration::Validator::Proxy < Kamal::Configuration::Validator
def validate!
super
if config["host"].blank? && config["ssl"]
error "Must set a host to enable automatic SSL"
end
end
end

4
lib/kamal/env_file.rb
View File

@@ -15,6 +15,10 @@ class Kamal::EnvFile
env_file.presence || "\n"
end
def to_io
StringIO.new(to_s)
end
alias to_str to_s
private

33
lib/kamal/secrets.rb Normal file
View File

@@ -0,0 +1,33 @@
require "dotenv"
class Kamal::Secrets
attr_reader :secrets_files
Kamal::Secrets::Dotenv::InlineCommandSubstitution.install!
def initialize(destination: nil)
@secrets_files = \
[ ".kamal/secrets-common", ".kamal/secrets#{(".#{destination}" if destination)}" ].select { |f| File.exist?(f) }
end
def [](key)
secrets.fetch(key)
rescue KeyError
if secrets_files
raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_files.join(", ")}"
else
raise Kamal::ConfigurationError, "Secret '#{key}' not found, no secret files provided"
end
end
def to_h
secrets
end
private
def secrets
@secrets ||= secrets_files.inject({}) do |secrets, secrets_file|
secrets.merge!(::Dotenv.parse(secrets_file))
end
end
end

14
lib/kamal/secrets/adapters.rb Normal file
View File

@@ -0,0 +1,14 @@
require "active_support/core_ext/string/inflections"
module Kamal::Secrets::Adapters
def self.lookup(name)
name = "one_password" if name.downcase == "1password"
name = "last_pass" if name.downcase == "lastpass"
adapter_class(name)
end
def self.adapter_class(name)
Object.const_get("Kamal::Secrets::Adapters::#{name.camelize}").new
rescue NameError => e
raise RuntimeError, "Unknown secrets adapter: #{name}"
end
end

18
lib/kamal/secrets/adapters/base.rb Normal file
View File

@@ -0,0 +1,18 @@
class Kamal::Secrets::Adapters::Base
delegate :optionize, to: Kamal::Utils
def fetch(secrets, account:, from: nil)
session = login(account)
full_secrets = secrets.map { |secret| [ from, secret ].compact.join("/") }
fetch_secrets(full_secrets, account: account, session: session)
end
private
def login(...)
raise NotImplementedError
end
def fetch_secrets(...)
raise NotImplementedError
end
end

64
lib/kamal/secrets/adapters/bitwarden.rb Normal file
View File

@@ -0,0 +1,64 @@
class Kamal::Secrets::Adapters::Bitwarden < Kamal::Secrets::Adapters::Base
private
def login(account)
status = run_command("status")
if status["status"] == "unauthenticated"
run_command("login #{account.shellescape}", raw: true)
status = run_command("status")
end
if status["status"] == "locked"
session = run_command("unlock --raw", raw: true).presence
status = run_command("status", session: session)
end
raise RuntimeError, "Failed to login to and unlock Bitwarden" unless status["status"] == "unlocked"
run_command("sync", session: session, raw: true)
raise RuntimeError, "Failed to sync Bitwarden" unless $?.success?
session
end
def fetch_secrets(secrets, account:, session:)
{}.tap do |results|
items_fields(secrets).each do |item, fields|
item_json = run_command("get item #{item.shellescape}", session: session, raw: true)
raise RuntimeError, "Could not read #{secret} from Bitwarden" unless $?.success?
item_json = JSON.parse(item_json)
if fields.any?
fields.each do |field|
item_field = item_json["fields"].find { |f| f["name"] == field }
raise RuntimeError, "Could not find field #{field} in item #{item} in Bitwarden" unless item_field
value = item_field["value"]
results["#{item}/#{field}"] = value
end
else
results[item] = item_json["login"]["password"]
end
end
end
end
def items_fields(secrets)
{}.tap do |items|
secrets.each do |secret|
item, field = secret.split("/")
items[item] ||= []
items[item] << field
end
end
end
def signedin?(account)
run_command("status")["status"] != "unauthenticated"
end
def run_command(command, session: nil, raw: false)
full_command = [ *("BW_SESSION=#{session.shellescape}" if session), "bw", command ].join(" ")
result = `#{full_command}`.strip
raw ? result : JSON.parse(result)
end
end

30
lib/kamal/secrets/adapters/last_pass.rb Normal file
View File

@@ -0,0 +1,30 @@
class Kamal::Secrets::Adapters::LastPass < Kamal::Secrets::Adapters::Base
private
def login(account)
unless loggedin?(account)
`lpass login #{account.shellescape}`
raise RuntimeError, "Failed to login to 1Password" unless $?.success?
end
end
def loggedin?(account)
`lpass status --color never`.strip == "Logged in as #{account}."
end
def fetch_secrets(secrets, account:, session:)
items = `lpass show #{secrets.map(&:shellescape).join(" ")} --json`
raise RuntimeError, "Could not read #{secrets} from 1Password" unless $?.success?
items = JSON.parse(items)
{}.tap do |results|
items.each do |item|
results[item["fullname"]] = item["password"]
end
if (missing_items = secrets - results.keys).any?
raise RuntimeError, "Could not find #{missing_items.join(", ")} in LassPass"
end
end
end
end

61
lib/kamal/secrets/adapters/one_password.rb Normal file
View File

@@ -0,0 +1,61 @@
class Kamal::Secrets::Adapters::OnePassword < Kamal::Secrets::Adapters::Base
delegate :optionize, to: Kamal::Utils
private
def login(account)
unless loggedin?(account)
`op signin #{to_options(account: account, force: true, raw: true)}`.tap do
raise RuntimeError, "Failed to login to 1Password" unless $?.success?
end
end
end
def loggedin?(account)
`op account get --account #{account.shellescape} 2> /dev/null`
$?.success?
end
def fetch_secrets(secrets, account:, session:)
{}.tap do |results|
vaults_items_fields(secrets).map do |vault, items|
items.each do |item, fields|
fields_json = JSON.parse(op_item_get(vault, item, fields, account: account, session: session))
fields_json = [ fields_json ] if fields.one?
fields_json.each do |field_json|
# The reference is in the form `op://vault/item/field[/field]`
field = field_json["reference"].delete_prefix("op://").delete_suffix("/password")
results[field] = field_json["value"]
end
end
end
end
end
def to_options(**options)
optionize(options.compact).join(" ")
end
def vaults_items_fields(secrets)
{}.tap do |vaults|
secrets.each do |secret|
secret = secret.delete_prefix("op://")
vault, item, *fields = secret.split("/")
fields << "password" if fields.empty?
vaults[vault] ||= {}
vaults[vault][item] ||= []
vaults[vault][item] << fields.join(".")
end
end
end
def op_item_get(vault, item, fields, account:, session:)
labels = fields.map { |field| "label=#{field}" }.join(",")
options = to_options(vault: vault, fields: labels, format: "json", account: account, session: session.presence)
`op item get #{item.shellescape} #{options}`.tap do
raise RuntimeError, "Could not read #{fields.join(", ")} from #{item} in the #{vault} 1Password vault" unless $?.success?
end
end
end

10
lib/kamal/secrets/adapters/test.rb Normal file
View File

@@ -0,0 +1,10 @@
class Kamal::Secrets::Adapters::Test < Kamal::Secrets::Adapters::Base
private
def login(account)
true
end
def fetch_secrets(secrets, account:, session:)
secrets.to_h { |secret| [ secret, secret.reverse ] }
end
end

32
lib/kamal/secrets/dotenv/inline_command_substitution.rb Normal file
View File

@@ -0,0 +1,32 @@
class Kamal::Secrets::Dotenv::InlineCommandSubstitution
class << self
def install!
::Dotenv::Parser.substitutions.map! { |sub| sub == ::Dotenv::Substitutions::Command ? self : sub }
end
def call(value, _env, overwrite: false)
# Process interpolated shell commands
value.gsub(Dotenv::Substitutions::Command.singleton_class::INTERPOLATED_SHELL_COMMAND) do |*|
# Eliminate opening and closing parentheses
command = $LAST_MATCH_INFO[:cmd][1..-2]
if $LAST_MATCH_INFO[:backslash]
# Command is escaped, don't replace it.
$LAST_MATCH_INFO[0][1..]
else
if command =~ /\A\s*kamal\s*secrets\s+/
# Inline the command
inline_secrets_command(command)
else
# Execute the command and return the value
`#{command}`.chomp
end
end
end
end
def inline_secrets_command(command)
Kamal::Cli::Main.start(command.shellsplit[1..] + [ "--inline" ]).chomp
end
end
end

1
lib/kamal/sshkit_with_ext.rb
View File

@@ -3,6 +3,7 @@ require "sshkit/dsl"
require "net/scp"
require "active_support/core_ext/hash/deep_merge"
require "json"
require "concurrent/atomic/semaphore"
class SSHKit::Backend::Abstract
def capture_with_info(*args, **kwargs)

24
lib/kamal/utils.rb
View File

@@ -1,3 +1,5 @@
require "active_support/core_ext/object/try"
module Kamal::Utils
extend self
@@ -54,6 +56,12 @@ module Kamal::Utils
# Escape a value to make it safe for shell use.
def escape_shell_value(value)
value.to_s.scan(/[\x00-\x7F]+|[^\x00-\x7F]+/) \
.map { |part| part.ascii_only? ? escape_ascii_shell_value(part) : part }
.join
end
def escape_ascii_shell_value(value)
value.to_s.dump
.gsub(/`/, '\\\\`')
.gsub(DOLLAR_SIGN_WITHOUT_SHELL_EXPANSION_REGEX, '\$')
@@ -77,4 +85,20 @@ module Kamal::Utils
def stable_sort!(elements, &block)
elements.sort_by!.with_index { |element, index| [ block.call(element), index ] }
end
def join_commands(commands)
commands.map(&:strip).join(" ")
end
def docker_arch
arch = `docker info --format '{{.Architecture}}'`.strip
case arch
when /aarch64/
"arm64"
when /x86_64/
"amd64"
else
arch
end
end
end

2
lib/kamal/version.rb
View File

@@ -1,3 +1,3 @@
module Kamal
VERSION = "1.8.2"
VERSION = "2.0.0.alpha"
end

33
test/cli/accessory_test.rb
View File

@@ -1,13 +1,21 @@
require_relative "cli_test_case"
class CliAccessoryTest < CliTestCase
setup do
setup_test_secrets("secrets" => "MYSQL_ROOT_PASSWORD=secret")
end
teardown do
teardown_test_secrets
end
test "boot" do
Kamal::Cli::Accessory.any_instance.expects(:directories).with("mysql")
Kamal::Cli::Accessory.any_instance.expects(:upload).with("mysql")
run_command("boot", "mysql").tap do |output|
assert_match /docker login.*on 1.1.1.3/, output
assert_match "docker run --name app-mysql --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 3306:3306 --env-file .kamal/env/accessories/app-mysql.env --env MYSQL_ROOT_HOST=\"%\" --volume $PWD/app-mysql/etc/mysql/my.cnf:/etc/mysql/my.cnf --volume $PWD/app-mysql/data:/var/lib/mysql --label service=\"app-mysql\" mysql:5.7 on 1.1.1.3", output
assert_match "docker run --name app-mysql --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 3306:3306 --env MYSQL_ROOT_HOST=\"%\" --env-file .kamal/env/accessories/app-mysql.env --volume $PWD/app-mysql/etc/mysql/my.cnf:/etc/mysql/my.cnf --volume $PWD/app-mysql/data:/var/lib/mysql --label service=\"app-mysql\" mysql:5.7 on 1.1.1.3", output
end
end
@@ -21,9 +29,12 @@ class CliAccessoryTest < CliTestCase
assert_match /docker login.*on 1.1.1.3/, output
assert_match /docker login.*on 1.1.1.1/, output
assert_match /docker login.*on 1.1.1.2/, output
assert_match "docker run --name app-mysql --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 3306:3306 --env-file .kamal/env/accessories/app-mysql.env --env MYSQL_ROOT_HOST=\"%\" --volume $PWD/app-mysql/etc/mysql/my.cnf:/etc/mysql/my.cnf --volume $PWD/app-mysql/data:/var/lib/mysql --label service=\"app-mysql\" mysql:5.7 on 1.1.1.3", output
assert_match "docker run --name app-redis --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.1", output
assert_match "docker run --name app-redis --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.2", output
assert_match /docker network create kamal.*on 1.1.1.1/, output
assert_match /docker network create kamal.*on 1.1.1.2/, output
assert_match /docker network create kamal.*on 1.1.1.3/, output
assert_match "docker run --name app-mysql --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 3306:3306 --env MYSQL_ROOT_HOST=\"%\" --env-file .kamal/env/accessories/app-mysql.env --volume $PWD/app-mysql/etc/mysql/my.cnf:/etc/mysql/my.cnf --volume $PWD/app-mysql/data:/var/lib/mysql --label service=\"app-mysql\" mysql:5.7 on 1.1.1.3", output
assert_match "docker run --name app-redis --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.1", output
assert_match "docker run --name app-redis --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.2", output
end
end
@@ -43,7 +54,7 @@ class CliAccessoryTest < CliTestCase
Kamal::Commands::Registry.any_instance.expects(:login)
Kamal::Cli::Accessory.any_instance.expects(:stop).with("mysql")
Kamal::Cli::Accessory.any_instance.expects(:remove_container).with("mysql")
Kamal::Cli::Accessory.any_instance.expects(:boot).with("mysql", login: false)
Kamal::Cli::Accessory.any_instance.expects(:boot).with("mysql", prepare: false)
run_command("reboot", "mysql")
end
@@ -52,10 +63,10 @@ class CliAccessoryTest < CliTestCase
Kamal::Commands::Registry.any_instance.expects(:login).times(3)
Kamal::Cli::Accessory.any_instance.expects(:stop).with("mysql")
Kamal::Cli::Accessory.any_instance.expects(:remove_container).with("mysql")
Kamal::Cli::Accessory.any_instance.expects(:boot).with("mysql", login: false)
Kamal::Cli::Accessory.any_instance.expects(:boot).with("mysql", prepare: false)
Kamal::Cli::Accessory.any_instance.expects(:stop).with("redis")
Kamal::Cli::Accessory.any_instance.expects(:remove_container).with("redis")
Kamal::Cli::Accessory.any_instance.expects(:boot).with("redis", login: false)
Kamal::Cli::Accessory.any_instance.expects(:boot).with("redis", prepare: false)
run_command("reboot", "all")
end
@@ -192,8 +203,8 @@ class CliAccessoryTest < CliTestCase
run_command("boot", "redis", "--hosts", "1.1.1.1").tap do |output|
assert_match /docker login.*on 1.1.1.1/, output
assert_no_match /docker login.*on 1.1.1.2/, output
assert_match "docker run --name app-redis --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.1", output
assert_no_match "docker run --name app-redis --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.2", output
assert_match "docker run --name app-redis --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.1", output
assert_no_match "docker run --name app-redis --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.2", output
end
end
@@ -204,8 +215,8 @@ class CliAccessoryTest < CliTestCase
run_command("boot", "redis", "--hosts", "1.1.1.1,1.1.1.3").tap do |output|
assert_match /docker login.*on 1.1.1.1/, output
assert_no_match /docker login.*on 1.1.1.3/, output
assert_match "docker run --name app-redis --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.1", output
assert_no_match "docker run --name app-redis --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.3", output
assert_match "docker run --name app-redis --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.1", output
assert_no_match "docker run --name app-redis --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --volume $PWD/app-redis/data:/data --label service=\"app-redis\" redis:latest on 1.1.1.3", output
end
end

20
test/cli/app_test.rb
View File

@@ -113,7 +113,7 @@ class CliAppTest < CliTestCase
run_command("boot", config: :with_env_tags).tap do |output|
assert_match "docker tag dhh/app:latest dhh/app:latest", output
assert_match %r{docker run --detach --restart unless-stopped --name app-web-latest --hostname 1.1.1.1-[0-9a-f]{12} -e KAMAL_CONTAINER_NAME="app-web-latest" -e KAMAL_VERSION="latest" --env-file .kamal/env/roles/app-web.env --env TEST="root" --env EXPERIMENT="disabled" --env SITE="site1"}, output
assert_match %r{docker run --detach --restart unless-stopped --name app-web-latest --hostname 1.1.1.1-[0-9a-f]{12} -e KAMAL_CONTAINER_NAME="app-web-latest" -e KAMAL_VERSION="latest" --env TEST="root" --env EXPERIMENT="disabled" --env SITE="site1"}, output
assert_match "docker container ls --all --filter name=^app-web-123$ --quiet | xargs docker stop", output
end
end
@@ -247,6 +247,12 @@ class CliAppTest < CliTestCase
end
end
test "exec separate arguments" do
run_command("exec", "ruby", " -v").tap do |output|
assert_match "docker run --rm --env-file .kamal/env/roles/app-web.env dhh/app:latest ruby -v", output
end
end
test "exec with reuse" do
run_command("exec", "--reuse", "ruby -v").tap do |output|
assert_match "sh -c 'docker ps --latest --format '\\''{{.Names}}'\\'' --filter label=service=app --filter label=role=web --filter status=running --filter status=restarting --filter ancestor=$(docker image ls --filter reference=dhh/app:latest --format '\\''{{.ID}}'\\'') ; docker ps --latest --format '\\''{{.Names}}'\\'' --filter label=service=app --filter label=role=web --filter status=running --filter status=restarting' | head -1 | while read line; do echo ${line#app-web-}; done", output # Get current version
@@ -350,6 +356,18 @@ class CliAppTest < CliTestCase
end
end
test "boot proxy" do
SSHKit::Backend::Abstract.any_instance.stubs(:capture_with_info).returns("123") # old version
run_command("boot", config: :with_proxy).tap do |output|
assert_match /Renaming container .* to .* as already deployed on 1.1.1.1/, output # Rename
assert_match /docker rename app-web-latest app-web-latest_replaced_[0-9a-f]{16}/, output
assert_match /docker run --detach --restart unless-stopped --name app-web-latest --network kamal --hostname 1.1.1.1-[0-9a-f]{12} -e KAMAL_CONTAINER_NAME="app-web-latest" -e KAMAL_VERSION="latest" --env-file .kamal\/env\/roles\/app-web.env --log-opt max-size="10m" --label service="app" --label role="web" --label destination dhh\/app:latest/, output
assert_match /docker exec kamal-proxy kamal-proxy deploy app-web --target "123:80"/, output
assert_match "docker container ls --all --filter name=^app-web-123$ --quiet | xargs docker stop", output
end
end
private
def run_command(*command, config: :with_accessories, host: "1.1.1.1", allow_execute_error: false)
stdouted do

46
test/cli/build_test.rb
View File

@@ -21,16 +21,12 @@ class CliBuildTest < CliTestCase
.with(:git, "-C", anything, :status, "--porcelain")
.returns("")
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:docker, :buildx, :inspect, "kamal-app-multiarch", "> /dev/null")
.returns("")
run_command("push", "--verbose").tap do |output|
assert_hook_ran "pre-build", output, **hook_variables
assert_match /Cloning repo into build directory/, output
assert_match /git -C #{Dir.tmpdir}\/kamal-clones\/app-#{pwd_sha} clone #{Dir.pwd}/, output
assert_match /docker --version && docker buildx version/, output
assert_match /docker buildx build --push --platform linux\/amd64,linux\/arm64 --builder kamal-app-multiarch -t dhh\/app:999 -t dhh\/app:latest --label service="app" --file Dockerfile \. as .*@localhost/, output
assert_match /docker buildx build --push --platform linux\/amd64 --builder kamal-local-docker-container -t dhh\/app:999 -t dhh\/app:latest --label service="app" --file Dockerfile \. as .*@localhost/, output
end
end
end
@@ -53,7 +49,7 @@ class CliBuildTest < CliTestCase
SSHKit::Backend::Abstract.any_instance.expects(:execute).with(:git, "-C", build_directory, :submodule, :update, "--init")
SSHKit::Backend::Abstract.any_instance.expects(:execute)
.with(:docker, :buildx, :build, "--push", "--platform", "linux/amd64,linux/arm64", "--builder", "kamal-app-multiarch", "-t", "dhh/app:999", "-t", "dhh/app:latest", "--label", "service=\"app\"", "--file", "Dockerfile", ".")
.with(:docker, :buildx, :build, "--push", "--platform", "linux/amd64", "--builder", "kamal-local-docker-container", "-t", "dhh/app:999", "-t", "dhh/app:latest", "--label", "service=\"app\"", "--file", "Dockerfile", ".", env: {})
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:git, "-C", anything, :"rev-parse", :HEAD)
@@ -78,7 +74,7 @@ class CliBuildTest < CliTestCase
assert_no_match /Cloning repo into build directory/, output
assert_hook_ran "pre-build", output, **hook_variables
assert_match /docker --version && docker buildx version/, output
assert_match /docker buildx build --push --platform linux\/amd64,linux\/arm64 --builder kamal-app-multiarch -t dhh\/app:999 -t dhh\/app:latest --label service="app" --file Dockerfile . as .*@localhost/, output
assert_match /docker buildx build --push --platform linux\/amd64 --builder kamal-local-docker-container -t dhh\/app:999 -t dhh\/app:latest --label service="app" --file Dockerfile . as .*@localhost/, output
end
end
@@ -124,10 +120,13 @@ class CliBuildTest < CliTestCase
.with(:docker, "--version", "&&", :docker, :buildx, "version")
SSHKit::Backend::Abstract.any_instance.expects(:execute)
.with(:docker, :buildx, :create, "--use", "--name", "kamal-app-multiarch")
.with(:docker, :buildx, :rm, "kamal-local-docker-container")
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:docker, :buildx, :inspect, "kamal-app-multiarch", "> /dev/null")
SSHKit::Backend::Abstract.any_instance.expects(:execute)
.with(:docker, :buildx, :create, "--name", "kamal-local-docker-container", "--driver=docker-container")
SSHKit::Backend::Abstract.any_instance.expects(:execute)
.with(:docker, :buildx, :inspect, "kamal-local-docker-container")
.raises(SSHKit::Command::Failed.new("no builder"))
SSHKit::Backend::Abstract.any_instance.expects(:execute).with { |*args| args.first.start_with?("git") }
@@ -141,7 +140,7 @@ class CliBuildTest < CliTestCase
.returns("")
SSHKit::Backend::Abstract.any_instance.expects(:execute)
.with(:docker, :buildx, :build, "--push", "--platform", "linux/amd64,linux/arm64", "--builder", "kamal-app-multiarch", "-t", "dhh/app:999", "-t", "dhh/app:latest", "--label", "service=\"app\"", "--file", "Dockerfile", ".")
.with(:docker, :buildx, :build, "--push", "--platform", "linux/amd64", "--builder", "kamal-local-docker-container", "-t", "dhh/app:999", "-t", "dhh/app:latest", "--label", "service=\"app\"", "--file", "Dockerfile", ".", env: {})
run_command("push").tap do |output|
assert_match /WARN Missing compatible builder, so creating a new one first/, output
@@ -165,7 +164,7 @@ class CliBuildTest < CliTestCase
error = assert_raises(Kamal::Cli::HookError) { run_command("push") }
assert_equal "Hook `pre-build` failed:\nfailed", error.message
assert @executions.none? { |args| args[0..2] == [ :docker, :buildx, :build ] }
assert @executions.none? { |args| args[0..2] == [ :docker, :build ] }
end
test "pull" do
@@ -207,23 +206,32 @@ class CliBuildTest < CliTestCase
test "create" do
run_command("create").tap do |output|
assert_match /docker buildx create --use --name kamal-app-multiarch/, output
assert_match /docker buildx create --name kamal-local-docker-container --driver=docker-container/, output
end
end
test "create remote" do
run_command("create", fixture: :with_remote_builder).tap do |output|
assert_match "Running /usr/bin/env true on 1.1.1.5", output
assert_match "docker context create kamal-app-native-remote-amd64 --description 'kamal-app-native-remote amd64 native host' --docker 'host=ssh://app@1.1.1.5'", output
assert_match "docker buildx create --name kamal-app-native-remote kamal-app-native-remote-amd64 --platform linux/amd64", output
assert_match "docker context create kamal-remote-ssh---app-1-1-1-5-context --description 'kamal-remote-ssh---app-1-1-1-5 host' --docker 'host=ssh://app@1.1.1.5'", output
assert_match "docker buildx create --name kamal-remote-ssh---app-1-1-1-5 kamal-remote-ssh---app-1-1-1-5-context", output
end
end
test "create remote with custom ports" do
run_command("create", fixture: :with_remote_builder_and_custom_ports).tap do |output|
assert_match "Running /usr/bin/env true on 1.1.1.5", output
assert_match "docker context create kamal-app-native-remote-amd64 --description 'kamal-app-native-remote amd64 native host' --docker 'host=ssh://app@1.1.1.5:2122'", output
assert_match "docker buildx create --name kamal-app-native-remote kamal-app-native-remote-amd64 --platform linux/amd64", output
assert_match "docker context create kamal-remote-ssh---app-1-1-1-5-2122-context --description 'kamal-remote-ssh---app-1-1-1-5-2122 host' --docker 'host=ssh://app@1.1.1.5:2122'", output
assert_match "docker buildx create --name kamal-remote-ssh---app-1-1-1-5-2122 kamal-remote-ssh---app-1-1-1-5-2122-context", output
end
end
test "create hybrid" do
run_command("create", fixture: :with_hybrid_builder).tap do |output|
assert_match "Running /usr/bin/env true on 1.1.1.5", output
assert_match "docker buildx create --platform linux/#{Kamal::Utils.docker_arch} --name kamal-hybrid-docker-container-ssh---app-1-1-1-5 --driver=docker-container", output
assert_match "docker context create kamal-hybrid-docker-container-ssh---app-1-1-1-5-context --description 'kamal-hybrid-docker-container-ssh---app-1-1-1-5 host' --docker 'host=ssh://app@1.1.1.5'", output
assert_match "docker buildx create --platform linux/#{Kamal::Utils.docker_arch == "amd64" ? "arm64" : "amd64"} --append --name kamal-hybrid-docker-container-ssh---app-1-1-1-5 kamal-hybrid-docker-container-ssh---app-1-1-1-5-context", output
end
end
@@ -240,7 +248,7 @@ class CliBuildTest < CliTestCase
test "remove" do
run_command("remove").tap do |output|
assert_match /docker buildx rm kamal-app-multiarch/, output
assert_match /docker buildx rm kamal-local/, output
end
end
@@ -250,7 +258,7 @@ class CliBuildTest < CliTestCase
.returns("docker builder info")
run_command("details").tap do |output|
assert_match /Builder: multiarch/, output
assert_match /Builder: local/, output
assert_match /docker builder info/, output
end
end

16
test/cli/cli_test_case.rb
View File

@@ -36,12 +36,11 @@ class CliTestCase < ActiveSupport::TestCase
.with { |arg1, arg2| arg1 == :mkdir && arg2 == ".kamal/locks/app" }
SSHKit::Backend::Abstract.any_instance.stubs(:execute)
.with { |arg1, arg2| arg1 == :rm && arg2 == ".kamal/locks/app/details" }
SSHKit::Backend::Abstract.any_instance.stubs(:capture_with_info)
.with { |*args| args[0..2] == [ :docker, :buildx, :inspect ] }
.returns("")
SSHKit::Backend::Abstract.any_instance.stubs(:execute)
.with(:docker, :buildx, :inspect, "kamal-local-docker-container")
end
def assert_hook_ran(hook, output, version:, service_version:, hosts:, command:, subcommand: nil, runtime: false)
def assert_hook_ran(hook, output, version:, service_version:, hosts:, command:, subcommand: nil, runtime: false, secrets: false)
whoami = `whoami`.chomp
performer = Kamal::Git.email.presence || whoami
service = service_version.split("@").first
@@ -59,8 +58,17 @@ class CliTestCase < ActiveSupport::TestCase
KAMAL_COMMAND=\"#{command}\"\s
#{"KAMAL_SUBCOMMAND=\\\"#{subcommand}\\\"\\s" if subcommand}
#{"KAMAL_RUNTIME=\\\"\\d+\\\"\\s" if runtime}
#{"DB_PASSWORD=\"secret\"\\s" if secrets}
;\s/usr/bin/env\s\.kamal/hooks/#{hook} }x
assert_match expected, output
end
def with_argv(*argv)
old_argv = ARGV
ARGV.replace(*argv)
yield
ensure
ARGV.replace(old_argv)
end
end

37
test/cli/env_test.rb
View File

@@ -1,37 +0,0 @@
require_relative "cli_test_case"
class CliEnvTest < CliTestCase
test "push" do
run_command("push").tap do |output|
assert_match "Running /usr/bin/env mkdir -p .kamal/env/roles on 1.1.1.1", output
assert_match "Running /usr/bin/env mkdir -p .kamal/env/traefik on 1.1.1.1", output
assert_match "Running /usr/bin/env mkdir -p .kamal/env/accessories on 1.1.1.1", output
assert_match "Running /usr/bin/env mkdir -p .kamal/env/roles on 1.1.1.1", output
assert_match "Running /usr/bin/env mkdir -p .kamal/env/traefik on 1.1.1.2", output
assert_match "Running /usr/bin/env mkdir -p .kamal/env/accessories on 1.1.1.1", output
assert_match ".kamal/env/roles/app-web.env", output
assert_match ".kamal/env/roles/app-workers.env", output
assert_match ".kamal/env/traefik/traefik.env", output
assert_match ".kamal/env/accessories/app-redis.env", output
end
end
test "delete" do
run_command("delete").tap do |output|
assert_match "Running /usr/bin/env rm -f .kamal/env/roles/app-web.env on 1.1.1.1", output
assert_match "Running /usr/bin/env rm -f .kamal/env/roles/app-web.env on 1.1.1.2", output
assert_match "Running /usr/bin/env rm -f .kamal/env/roles/app-workers.env on 1.1.1.3", output
assert_match "Running /usr/bin/env rm -f .kamal/env/roles/app-workers.env on 1.1.1.4", output
assert_match "Running /usr/bin/env rm -f .kamal/env/traefik/traefik.env on 1.1.1.1", output
assert_match "Running /usr/bin/env rm -f .kamal/env/traefik/traefik.env on 1.1.1.2", output
assert_match "Running /usr/bin/env rm -f .kamal/env/accessories/app-redis.env on 1.1.1.1", output
assert_match "Running /usr/bin/env rm -f .kamal/env/accessories/app-redis.env on 1.1.1.2", output
assert_match "Running /usr/bin/env rm -f .kamal/env/accessories/app-mysql.env on 1.1.1.3", output
end
end
private
def run_command(*command)
stdouted { Kamal::Cli::Env.start([ *command, "-c", "test/fixtures/deploy_with_accessories.yml" ]) }
end
end

200
test/cli/main_test.rb
View File

@@ -8,14 +8,11 @@ class CliMainTest < CliTestCase
invoke_options = { "config_file" => "test/fixtures/deploy_simple.yml", "version" => "999", "skip_hooks" => false }
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:server:bootstrap", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:main:envify", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:env:push", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:accessory:boot", [ "all" ], invoke_options)
Kamal::Cli::Main.any_instance.expects(:deploy)
run_command("setup").tap do |output|
assert_match /Ensure Docker is installed.../, output
assert_match /Evaluate and push env files.../, output
end
end
@@ -23,8 +20,6 @@ class CliMainTest < CliTestCase
invoke_options = { "config_file" => "test/fixtures/deploy_simple.yml", "version" => "999", "skip_hooks" => false }
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:server:bootstrap", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:env:push", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:main:envify", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:accessory:boot", [ "all" ], invoke_options)
# deploy
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: true))
@@ -36,7 +31,6 @@ class CliMainTest < CliTestCase
run_command("setup", "--skip_push").tap do |output|
assert_match /Ensure Docker is installed.../, output
assert_match /Evaluate and push env files.../, output
# deploy
assert_match /Acquiring the deploy lock/, output
assert_match /Log into image registry/, output
@@ -49,27 +43,29 @@ class CliMainTest < CliTestCase
end
test "deploy" do
invoke_options = { "config_file" => "test/fixtures/deploy_simple.yml", "version" => "999", "skip_hooks" => false, "verbose" => true }
with_test_secrets("secrets" => "DB_PASSWORD=secret") do
invoke_options = { "config_file" => "test/fixtures/deploy_simple.yml", "version" => "999", "skip_hooks" => false, "verbose" => true }
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: false))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:build:deliver", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:traefik:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:prune:all", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:registry:login", [], invoke_options.merge(skip_local: false))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:build:deliver", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:traefik:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true))
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:boot", [], invoke_options)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:prune:all", [], invoke_options)
Kamal::Commands::Hook.any_instance.stubs(:hook_exists?).returns(true)
hook_variables = { version: 999, service_version: "app@999", hosts: "1.1.1.1,1.1.1.2", command: "deploy" }
Kamal::Commands::Hook.any_instance.stubs(:hook_exists?).returns(true)
hook_variables = { version: 999, service_version: "app@999", hosts: "1.1.1.1,1.1.1.2", command: "deploy" }
run_command("deploy", "--verbose").tap do |output|
assert_hook_ran "pre-connect", output, **hook_variables
assert_match /Log into image registry/, output
assert_match /Build and push app image/, output
assert_hook_ran "pre-deploy", output, **hook_variables
assert_match /Ensure Traefik is running/, output
assert_match /Detect stale containers/, output
assert_match /Prune old containers and images/, output
assert_hook_ran "post-deploy", output, **hook_variables, runtime: true
run_command("deploy", "--verbose").tap do |output|
assert_hook_ran "pre-connect", output, **hook_variables
assert_match /Log into image registry/, output
assert_match /Build and push app image/, output
assert_hook_ran "pre-deploy", output, **hook_variables, secrets: true
assert_match /Ensure Traefik is running/, output
assert_match /Detect stale containers/, output
assert_match /Prune old containers and images/, output
assert_hook_ran "post-deploy", output, **hook_variables, runtime: true, secrets: true
end
end
end
@@ -121,10 +117,6 @@ class CliMainTest < CliTestCase
.with(:git, "-C", anything, :status, "--porcelain")
.returns("")
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:docker, :buildx, :inspect, "kamal-app-multiarch", "> /dev/null")
.returns("")
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:docker, :info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
.returns("")
@@ -159,10 +151,6 @@ class CliMainTest < CliTestCase
.with(:git, "-C", anything, :status, "--porcelain")
.returns("")
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:docker, :buildx, :inspect, "kamal-app-multiarch", "> /dev/null")
.returns("")
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:docker, :info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
.returns("")
@@ -396,40 +384,38 @@ class CliMainTest < CliTestCase
end
test "init" do
Pathname.any_instance.expects(:exist?).returns(false).times(3)
Pathname.any_instance.stubs(:mkpath)
FileUtils.stubs(:mkdir_p)
FileUtils.stubs(:cp_r)
FileUtils.stubs(:cp)
in_dummy_git_repo do
run_command("init").tap do |output|
assert_match "Created configuration file in config/deploy.yml", output
assert_match "Created .kamal/secrets file", output
end
run_command("init").tap do |output|
assert_match /Created configuration file in config\/deploy.yml/, output
assert_match /Created \.env file/, output
assert_file "config/deploy.yml", "service: my-app"
assert_file ".kamal/secrets", "KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD"
end
end
test "init with existing config" do
Pathname.any_instance.expects(:exist?).returns(true).times(3)
in_dummy_git_repo do
run_command("init")
run_command("init").tap do |output|
assert_match /Config file already exists in config\/deploy.yml \(remove first to create a new one\)/, output
run_command("init").tap do |output|
assert_match /Config file already exists in config\/deploy.yml \(remove first to create a new one\)/, output
assert_no_match /Added .kamal\/secrets/, output
end
end
end
test "init with bundle option" do
Pathname.any_instance.expects(:exist?).returns(false).times(4)
Pathname.any_instance.stubs(:mkpath)
FileUtils.stubs(:mkdir_p)
FileUtils.stubs(:cp_r)
FileUtils.stubs(:cp)
run_command("init", "--bundle").tap do |output|
assert_match /Created configuration file in config\/deploy.yml/, output
assert_match /Created \.env file/, output
assert_match /Adding Kamal to Gemfile and bundle/, output
assert_match /bundle add kamal/, output
assert_match /bundle binstubs kamal/, output
assert_match /Created binstub file in bin\/kamal/, output
in_dummy_git_repo do
run_command("init", "--bundle").tap do |output|
assert_match "Created configuration file in config/deploy.yml", output
assert_match "Created .kamal/secrets file", output
assert_match /Adding Kamal to Gemfile and bundle/, output
assert_match /bundle add kamal/, output
assert_match /bundle binstubs kamal/, output
assert_match /Created binstub file in bin\/kamal/, output
end
end
end
@@ -446,50 +432,6 @@ class CliMainTest < CliTestCase
end
end
test "envify" do
with_test_dotenv(".env.erb": "HELLO=<%= 'world' %>") do
run_command("envify")
assert_equal("HELLO=world", File.read(".env"))
end
end
test "envify with blank line trimming" do
file = <<~EOF
HELLO=<%= 'world' %>
<% if true -%>
KEY=value
<% end -%>
EOF
with_test_dotenv(".env.erb": file) do
run_command("envify")
assert_equal("HELLO=world\nKEY=value\n", File.read(".env"))
end
end
test "envify with destination" do
with_test_dotenv(".env.world.erb": "HELLO=<%= 'world' %>") do
run_command("envify", "-d", "world", config_file: "deploy_for_dest")
assert_equal "HELLO=world", File.read(".env.world")
end
end
test "envify with skip_push" do
Pathname.any_instance.expects(:exist?).returns(true).times(1)
File.expects(:read).with(".env.erb").returns("HELLO=<%= 'world' %>")
File.expects(:write).with(".env", "HELLO=world", perm: 0600)
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:env:push").never
run_command("envify", "--skip-push")
end
test "envify with clean env" do
with_test_dotenv(".env": "HELLO=already", ".env.erb": "HELLO=<%= ENV.fetch 'HELLO', 'never' %>") do
run_command("envify", "--skip-push")
assert_equal "HELLO=never", File.read(".env")
end
end
test "remove with confirmation" do
run_command("remove", "-y", config_file: "deploy_with_accessories").tap do |output|
assert_match /docker container stop traefik/, output
@@ -537,23 +479,59 @@ class CliMainTest < CliTestCase
assert_equal Kamal::VERSION, version
end
test "run an alias for details" do
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:traefik:details")
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:app:details")
Kamal::Cli::Main.any_instance.expects(:invoke).with("kamal:cli:accessory:details", [ "all" ])
run_command("info", config_file: "deploy_with_aliases")
end
test "run an alias for a console" do
run_command("console", config_file: "deploy_with_aliases").tap do |output|
assert_match "docker exec app-console-999 bin/console on 1.1.1.5", output
assert_match "App Host: 1.1.1.5", output
end
end
test "run an alias for a console overriding role" do
run_command("console", "-r", "workers", config_file: "deploy_with_aliases").tap do |output|
assert_match "docker exec app-workers-999 bin/console on 1.1.1.3", output
assert_match "App Host: 1.1.1.3", output
end
end
test "run an alias for a console passing command" do
run_command("exec", "bin/job", config_file: "deploy_with_aliases").tap do |output|
assert_match "docker exec app-console-999 bin/job on 1.1.1.5", output
assert_match "App Host: 1.1.1.5", output
end
end
test "append to command with an alias" do
run_command("rails", "db:migrate:status", config_file: "deploy_with_aliases").tap do |output|
assert_match "docker exec app-console-999 rails db:migrate:status on 1.1.1.5", output
assert_match "App Host: 1.1.1.5", output
end
end
private
def run_command(*command, config_file: "deploy_simple")
stdouted { Kamal::Cli::Main.start([ *command, "-c", "test/fixtures/#{config_file}.yml" ]) }
with_argv([ *command, "-c", "test/fixtures/#{config_file}.yml" ]) do
stdouted { Kamal::Cli::Main.start }
end
end
def with_test_dotenv(**files)
Dir.mktmpdir do |dir|
fixtures_dup = File.join(dir, "test")
FileUtils.mkdir_p(fixtures_dup)
FileUtils.cp_r("test/fixtures/", fixtures_dup)
Dir.chdir(dir) do
files.each do |filename, contents|
File.binwrite(filename.to_s, contents)
end
def in_dummy_git_repo
Dir.mktmpdir do |tmpdir|
Dir.chdir(tmpdir) do
`git init`
yield
end
end
end
def assert_file(file, content)
assert_match content, File.read(file)
end
end

141
test/cli/proxy_test.rb Normal file
View File

@@ -0,0 +1,141 @@
require_relative "cli_test_case"
class CliProxyTest < CliTestCase
test "boot" do
run_command("boot").tap do |output|
assert_match "docker login", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume /var/run/docker.sock:/var/run/docker.sock --volume $(pwd)/.kamal/proxy/config:/root/.config/kamal-proxy --log-opt max-size=\"10m\" #{Kamal::Configuration::Proxy::DEFAULT_IMAGE}", output
end
end
test "reboot" do
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:docker, :container, :ls, "--all", "--filter", "name=^app-web-123$", "--quiet")
.returns("abcdefabcdef")
.at_least_once
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with { |*args| args[0..1] == [ :sh, "-c" ] }
.returns("123")
.at_least_once
run_command("reboot", "-y").tap do |output|
assert_match "docker container stop kamal-proxy on 1.1.1.1", output
assert_match "docker container stop traefik on 1.1.1.1", output
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.1", output
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.1", output
assert_match "docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume /var/run/docker.sock:/var/run/docker.sock --volume $(pwd)/.kamal/proxy/config:/root/.config/kamal-proxy --log-opt max-size=\"10m\" #{Kamal::Configuration::Proxy::DEFAULT_IMAGE} on 1.1.1.1", output
assert_match "docker exec kamal-proxy kamal-proxy deploy app-web --target \"abcdefabcdef:80\" --deploy-timeout \"6s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" on 1.1.1.1", output
assert_match "docker container stop kamal-proxy on 1.1.1.2", output
assert_match "docker container stop traefik on 1.1.1.2", output
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.2", output
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=Traefik on 1.1.1.2", output
assert_match "docker run --name traefik --detach --restart unless-stopped --publish 80:80 --volume /var/run/docker.sock:/var/run/docker.sock --env-file .kamal/env/traefik/traefik.env --log-opt max-size=\"10m\" --label traefik.http.routers.catchall.entryPoints=\"http\" --label traefik.http.routers.catchall.rule=\"PathPrefix(\\`/\\`)\" --label traefik.http.routers.catchall.service=\"unavailable\" --label traefik.http.routers.catchall.priority=\"1\" --label traefik.http.services.unavailable.loadbalancer.server.port=\"0\" traefik:v2.10 --providers.docker --log.level=\"DEBUG\" on 1.1.1.2", output
end
end
test "reboot --rolling" do
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with(:docker, :container, :ls, "--all", "--filter", "name=^app-web-123$", "--quiet")
.returns("abcdefabcdef")
.at_least_once
SSHKit::Backend::Abstract.any_instance.expects(:capture_with_info)
.with { |*args| args[0..1] == [ :sh, "-c" ] }
.returns("123")
.at_least_once
run_command("reboot", "--rolling", "-y").tap do |output|
assert_match "Running docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy on 1.1.1.1", output
end
end
test "start" do
run_command("start").tap do |output|
assert_match "docker container start kamal-proxy", output
end
end
test "stop" do
run_command("stop").tap do |output|
assert_match "docker container stop kamal-proxy", output
end
end
test "restart" do
Kamal::Cli::Proxy.any_instance.expects(:stop)
Kamal::Cli::Proxy.any_instance.expects(:start)
run_command("restart")
end
test "details" do
run_command("details").tap do |output|
assert_match "docker ps --filter name=^kamal-proxy$", output
end
end
test "logs" do
SSHKit::Backend::Abstract.any_instance.stubs(:capture)
.with(:docker, :logs, "kamal-proxy", " --tail 100", "--timestamps", "2>&1")
.returns("Log entry")
SSHKit::Backend::Abstract.any_instance.stubs(:capture)
.with(:docker, :logs, "traefik", " --tail 100", "--timestamps", "2>&1")
.returns("Log entry")
run_command("logs").tap do |output|
assert_match "Proxy Host: 1.1.1.1", output
assert_match "Log entry", output
end
end
test "logs with follow" do
SSHKit::Backend::Abstract.any_instance.stubs(:exec)
.with("ssh -t root@1.1.1.1 -p 22 'docker logs kamal-proxy --timestamps --tail 10 --follow 2>&1'")
assert_match "docker logs kamal-proxy --timestamps --tail 10 --follow", run_command("logs", "--follow")
end
test "remove" do
Kamal::Cli::Proxy.any_instance.expects(:stop)
Kamal::Cli::Proxy.any_instance.expects(:remove_container)
Kamal::Cli::Proxy.any_instance.expects(:remove_image)
run_command("remove")
end
test "remove_container" do
run_command("remove_container").tap do |output|
assert_match "docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy", output
end
end
test "remove_image" do
run_command("remove_image").tap do |output|
assert_match "docker image prune --all --force --filter label=org.opencontainers.image.title=kamal-proxy", output
end
end
test "commands disallowed when proxy is disabled" do
assert_raises_when_disabled "boot"
assert_raises_when_disabled "reboot"
assert_raises_when_disabled "start"
assert_raises_when_disabled "stop"
assert_raises_when_disabled "details"
assert_raises_when_disabled "logs"
assert_raises_when_disabled "remove"
end
private
def run_command(*command, fixture: :with_proxy)
stdouted { Kamal::Cli::Proxy.start([ *command, "-c", "test/fixtures/deploy_#{fixture}.yml" ]) }
end
def assert_raises_when_disabled(command)
assert_raises "kamal proxy commands are disabled unless experimental proxy support is enabled. Use `kamal traefik` commands instead." do
run_command(command, fixture: :with_accessories)
end
end
end

22
test/cli/secrets_test.rb Normal file
View File

@@ -0,0 +1,22 @@
require_relative "cli_test_case"
class CliSecretsTest < CliTestCase
test "fetch" do
assert_equal \
"\\{\\\"foo\\\":\\\"oof\\\",\\\"bar\\\":\\\"rab\\\",\\\"baz\\\":\\\"zab\\\"\\}",
run_command("fetch", "foo", "bar", "baz", "--account", "myaccount", "--adapter", "test")
end
test "extract" do
assert_equal "oof", run_command("extract", "foo", "{\"foo\":\"oof\", \"bar\":\"rab\", \"baz\":\"zab\"}")
end
test "extract match from end" do
assert_equal "oof", run_command("extract", "foo", "{\"abc/foo\":\"oof\", \"bar\":\"rab\", \"baz\":\"zab\"}")
end
private
def run_command(*command)
stdouted { Kamal::Cli::Secrets.start([ *command, "-c", "test/fixtures/deploy_with_accessories.yml" ]) }
end
end

18
test/cli/server_test.rb
View File

@@ -3,8 +3,8 @@ require_relative "cli_test_case"
class CliServerTest < CliTestCase
test "running a command with exec" do
SSHKit::Backend::Abstract.any_instance.stubs(:capture)
.with("date", verbosity: 1)
.returns("Today")
.with("date", verbosity: 1)
.returns("Today")
hosts = "1.1.1.1".."1.1.1.4"
run_command("exec", "date").tap do |output|
@@ -15,6 +15,20 @@ class CliServerTest < CliTestCase
end
end
test "running a command with exec multiple arguments" do
SSHKit::Backend::Abstract.any_instance.stubs(:capture)
.with("date -j", verbosity: 1)
.returns("Today")
hosts = "1.1.1.1".."1.1.1.4"
run_command("exec", "date", "-j").tap do |output|
hosts.map do |host|
assert_match "Running 'date -j' on #{hosts.to_a.join(', ')}...", output
assert_match "App Host: #{host}\nToday", output
end
end
end
test "bootstrap already installed" do
stub_setup
SSHKit::Backend::Abstract.any_instance.expects(:execute).with(:docker, "-v", raise_on_non_zero_exit: false).returns(true).at_least_once

27
test/commands/accessory_test.rb
View File

@@ -2,9 +2,12 @@ require "test_helper"
class CommandsAccessoryTest < ActiveSupport::TestCase
setup do
setup_test_secrets("secrets" => "MYSQL_ROOT_PASSWORD=secret123")
@config = {
service: "app", image: "dhh/app", registry: { "server" => "private.registry", "username" => "dhh", "password" => "secret" },
servers: [ "1.1.1.1" ],
builder: { "arch" => "amd64" },
accessories: {
"mysql" => {
"image" => "private.registry/mysql:8.0",
@@ -40,25 +43,23 @@ class CommandsAccessoryTest < ActiveSupport::TestCase
}
}
}
ENV["MYSQL_ROOT_PASSWORD"] = "secret123"
end
teardown do
ENV.delete("MYSQL_ROOT_PASSWORD")
teardown_test_secrets
end
test "run" do
assert_equal \
"docker run --name app-mysql --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 3306:3306 --env-file .kamal/env/accessories/app-mysql.env --env MYSQL_ROOT_HOST=\"%\" --label service=\"app-mysql\" private.registry/mysql:8.0",
"docker run --name app-mysql --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 3306:3306 --env MYSQL_ROOT_HOST=\"%\" --env-file .kamal/env/accessories/app-mysql.env --label service=\"app-mysql\" private.registry/mysql:8.0",
new_command(:mysql).run.join(" ")
assert_equal \
"docker run --name app-redis --detach --restart unless-stopped --log-opt max-size=\"10m\" --publish 6379:6379 --env-file .kamal/env/accessories/app-redis.env --env SOMETHING=\"else\" --volume /var/lib/redis:/data --label service=\"app-redis\" --label cache=\"true\" redis:latest",
"docker run --name app-redis --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --publish 6379:6379 --env SOMETHING=\"else\" --env-file .kamal/env/accessories/app-redis.env --volume /var/lib/redis:/data --label service=\"app-redis\" --label cache=\"true\" redis:latest",
new_command(:redis).run.join(" ")
assert_equal \
"docker run --name custom-busybox --detach --restart unless-stopped --log-opt max-size=\"10m\" --env-file .kamal/env/accessories/custom-busybox.env --label service=\"custom-busybox\" busybox:latest",
"docker run --name custom-busybox --detach --restart unless-stopped --network kamal --log-opt max-size=\"10m\" --env-file .kamal/env/accessories/custom-busybox.env --label service=\"custom-busybox\" busybox:latest",
new_command(:busybox).run.join(" ")
end
@@ -66,7 +67,7 @@ class CommandsAccessoryTest < ActiveSupport::TestCase
@config[:logging] = { "driver" => "local", "options" => { "max-size" => "100m", "max-file" => "3" } }
assert_equal \
"docker run --name custom-busybox --detach --restart unless-stopped --log-driver \"local\" --log-opt max-size=\"100m\" --log-opt max-file=\"3\" --env-file .kamal/env/accessories/custom-busybox.env --label service=\"custom-busybox\" busybox:latest",
"docker run --name custom-busybox --detach --restart unless-stopped --network kamal --log-driver \"local\" --log-opt max-size=\"100m\" --log-opt max-file=\"3\" --env-file .kamal/env/accessories/custom-busybox.env --label service=\"custom-busybox\" busybox:latest",
new_command(:busybox).run.join(" ")
end
@@ -91,7 +92,7 @@ class CommandsAccessoryTest < ActiveSupport::TestCase
test "execute in new container" do
assert_equal \
"docker run --rm --env-file .kamal/env/accessories/app-mysql.env --env MYSQL_ROOT_HOST=\"%\" private.registry/mysql:8.0 mysql -u root",
"docker run --rm --network kamal --env MYSQL_ROOT_HOST=\"%\" --env-file .kamal/env/accessories/app-mysql.env private.registry/mysql:8.0 mysql -u root",
new_command(:mysql).execute_in_new_container("mysql", "-u", "root").join(" ")
end
@@ -103,7 +104,7 @@ class CommandsAccessoryTest < ActiveSupport::TestCase
test "execute in new container over ssh" do
new_command(:mysql).stub(:run_over_ssh, ->(cmd) { cmd.join(" ") }) do
assert_match %r{docker run -it --rm --env-file .kamal/env/accessories/app-mysql.env --env MYSQL_ROOT_HOST=\"%\" private.registry/mysql:8.0 mysql -u root},
assert_match %r{docker run -it --rm --network kamal --env MYSQL_ROOT_HOST=\"%\" --env-file .kamal/env/accessories/app-mysql.env private.registry/mysql:8.0 mysql -u root},
new_command(:mysql).execute_in_new_container_over_ssh("mysql", "-u", "root")
end
end
@@ -149,14 +150,6 @@ class CommandsAccessoryTest < ActiveSupport::TestCase
new_command(:mysql).remove_image.join(" ")
end
test "make_env_directory" do
assert_equal "mkdir -p .kamal/env/accessories", new_command(:mysql).make_env_directory.join(" ")
end
test "remove_env_file" do
assert_equal "rm -f .kamal/env/accessories/app-mysql.env", new_command(:mysql).remove_env_file.join(" ")
end
private
def new_command(accessory)
Kamal::Commands::Accessory.new(Kamal::Configuration.new(@config), name: accessory)

20
test/commands/app_test.rb
View File

@@ -2,14 +2,14 @@ require "test_helper"
class CommandsAppTest < ActiveSupport::TestCase
setup do
ENV["RAILS_MASTER_KEY"] = "456"
setup_test_secrets("secrets" => "RAILS_MASTER_KEY=456")
Kamal::Configuration.any_instance.stubs(:run_id).returns("12345678901234567890123456789012")
@config = { service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ], env: { "secret" => [ "RAILS_MASTER_KEY" ] } }
@config = { service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ], env: { "secret" => [ "RAILS_MASTER_KEY" ] }, builder: { "arch" => "amd64" } }
end
teardown do
ENV.delete("RAILS_MASTER_KEY")
teardown_test_secrets
end
test "run" do
@@ -85,7 +85,7 @@ class CommandsAppTest < ActiveSupport::TestCase
@config[:env]["tags"] = { "tag1" => { "ENV1" => "value1" } }
assert_equal \
"docker run --detach --restart unless-stopped --name app-web-999 -e KAMAL_CONTAINER_NAME=\"app-web-999\" -e KAMAL_VERSION=\"999\" --env-file .kamal/env/roles/app-web.env --env ENV1=\"value1\" --health-cmd \"(curl -f http://localhost:3000/up || exit 1) && (stat /tmp/kamal-cord/cord > /dev/null || exit 1)\" --health-interval \"1s\" --volume $(pwd)/.kamal/cords/app-web-12345678901234567890123456789012:/tmp/kamal-cord --log-opt max-size=\"10m\" --label service=\"app\" --label role=\"web\" --label destination --label traefik.http.services.app-web.loadbalancer.server.scheme=\"http\" --label traefik.http.routers.app-web.rule=\"PathPrefix(\\`/\\`)\" --label traefik.http.routers.app-web.priority=\"2\" --label traefik.http.middlewares.app-web-retry.retry.attempts=\"5\" --label traefik.http.middlewares.app-web-retry.retry.initialinterval=\"500ms\" --label traefik.http.routers.app-web.middlewares=\"app-web-retry@docker\" dhh/app:999",
"docker run --detach --restart unless-stopped --name app-web-999 -e KAMAL_CONTAINER_NAME=\"app-web-999\" -e KAMAL_VERSION=\"999\" --env ENV1=\"value1\" --env-file .kamal/env/roles/app-web.env --health-cmd \"(curl -f http://localhost:3000/up || exit 1) && (stat /tmp/kamal-cord/cord > /dev/null || exit 1)\" --health-interval \"1s\" --volume $(pwd)/.kamal/cords/app-web-12345678901234567890123456789012:/tmp/kamal-cord --log-opt max-size=\"10m\" --label service=\"app\" --label role=\"web\" --label destination --label traefik.http.services.app-web.loadbalancer.server.scheme=\"http\" --label traefik.http.routers.app-web.rule=\"PathPrefix(\\`/\\`)\" --label traefik.http.routers.app-web.priority=\"2\" --label traefik.http.middlewares.app-web-retry.retry.attempts=\"5\" --label traefik.http.middlewares.app-web-retry.retry.initialinterval=\"500ms\" --label traefik.http.routers.app-web.middlewares=\"app-web-retry@docker\" dhh/app:999",
new_command.run.join(" ")
end
@@ -219,7 +219,7 @@ class CommandsAppTest < ActiveSupport::TestCase
@config[:env]["tags"] = { "tag1" => { "ENV1" => "value1" } }
assert_equal \
"docker run --rm --env-file .kamal/env/roles/app-web.env --env ENV1=\"value1\" dhh/app:999 bin/rails db:setup",
"docker run --rm --env ENV1=\"value1\" --env-file .kamal/env/roles/app-web.env dhh/app:999 bin/rails db:setup",
new_command.execute_in_new_container("bin/rails", "db:setup", env: {}).join(" ")
end
@@ -251,7 +251,7 @@ class CommandsAppTest < ActiveSupport::TestCase
@config[:servers] = [ { "1.1.1.1" => "tag1" } ]
@config[:env]["tags"] = { "tag1" => { "ENV1" => "value1" } }
assert_equal "ssh -t root@1.1.1.1 -p 22 'docker run -it --rm --env-file .kamal/env/roles/app-web.env --env ENV1=\"value1\" dhh/app:999 bin/rails c'",
assert_equal "ssh -t root@1.1.1.1 -p 22 'docker run -it --rm --env ENV1=\"value1\" --env-file .kamal/env/roles/app-web.env dhh/app:999 bin/rails c'",
new_command.execute_in_new_container_over_ssh("bin/rails", "c", env: {})
end
@@ -412,14 +412,6 @@ class CommandsAppTest < ActiveSupport::TestCase
new_command.tag_latest_image.join(" ")
end
test "make_env_directory" do
assert_equal "mkdir -p .kamal/env/roles", new_command.make_env_directory.join(" ")
end
test "remove_env_file" do
assert_equal "rm -f .kamal/env/roles/app-web.env", new_command.remove_env_file.join(" ")
end
test "cord" do
assert_equal "docker inspect -f '{{ range .Mounts }}{{printf \"%s %s\\n\" .Source .Destination}}{{ end }}' app-web-123 | awk '$2 == \"/tmp/kamal-cord\" {print $1}'", new_command.cord(version: 123).join(" ")
end

6
test/commands/auditor_test.rb
View File

@@ -8,7 +8,7 @@ class CommandsAuditorTest < ActiveSupport::TestCase
freeze_time
@config = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ]
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, builder: { "arch" => "amd64" }, servers: [ "1.1.1.1" ]
}
@auditor = new_command
@@ -18,6 +18,7 @@ class CommandsAuditorTest < ActiveSupport::TestCase
test "record" do
assert_equal [
:mkdir, "-p", ".kamal", "&&",
:echo,
"[#{@recorded_at}] [#{@performer}]",
"app removed container",
@@ -28,6 +29,7 @@ class CommandsAuditorTest < ActiveSupport::TestCase
test "record with destination" do
new_command(destination: "staging").tap do |auditor|
assert_equal [
:mkdir, "-p", ".kamal", "&&",
:echo,
"[#{@recorded_at}] [#{@performer}] [staging]",
"app removed container",
@@ -39,6 +41,7 @@ class CommandsAuditorTest < ActiveSupport::TestCase
test "record with command details" do
new_command(role: "web").tap do |auditor|
assert_equal [
:mkdir, "-p", ".kamal", "&&",
:echo,
"[#{@recorded_at}] [#{@performer}] [web]",
"app removed container",
@@ -49,6 +52,7 @@ class CommandsAuditorTest < ActiveSupport::TestCase
test "record with arg details" do
assert_equal [
:mkdir, "-p", ".kamal", "&&",
:echo,
"[#{@recorded_at}] [#{@performer}] [value]",
"app removed container",

170
test/commands/builder_test.rb
View File

@@ -2,54 +2,62 @@ require "test_helper"
class CommandsBuilderTest < ActiveSupport::TestCase
setup do
@config = { service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ] }
@config = { service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ], builder: { "arch" => "amd64" } }
end
test "target multiarch by default" do
test "target linux/amd64 locally by default" do
builder = new_builder_command(builder: { "cache" => { "type" => "gha" } })
assert_equal "multiarch", builder.name
assert_equal "local", builder.name
assert_equal \
"docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
builder.push.join(" ")
end
test "target native when multiarch is off" do
builder = new_builder_command(builder: { "multiarch" => false })
assert_equal "native", builder.name
test "target specified arch locally by default" do
builder = new_builder_command(builder: { "arch" => [ "amd64" ] })
assert_equal "local", builder.name
assert_equal \
"docker build -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile . && docker push dhh/app:123 && docker push dhh/app:latest",
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile .",
builder.push.join(" ")
end
test "target native cached when multiarch is off and cache is set" do
builder = new_builder_command(builder: { "multiarch" => false, "cache" => { "type" => "gha" } })
assert_equal "native/cached", builder.name
test "build with caching" do
builder = new_builder_command(builder: { "cache" => { "type" => "gha" } })
assert_equal "local", builder.name
assert_equal \
"docker buildx build --push -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
builder.push.join(" ")
end
test "target multiarch remote when local and remote is set" do
builder = new_builder_command(builder: { "local" => {}, "remote" => {}, "cache" => { "type" => "gha" } })
assert_equal "multiarch/remote", builder.name
test "hybrid build if remote is set and building multiarch" do
builder = new_builder_command(builder: { "arch" => [ "amd64", "arm64" ], "remote" => "ssh://app@127.0.0.1", "cache" => { "type" => "gha" } })
assert_equal "hybrid", builder.name
assert_equal \
"docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch-remote -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
"docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-hybrid-docker-container-ssh---app-127-0-0-1 -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
builder.push.join(" ")
end
test "target multiarch local when arch is set" do
builder = new_builder_command(builder: { "local" => { "arch" => "amd64" } })
assert_equal "multiarch", builder.name
test "remote build if remote is set and local disabled" do
builder = new_builder_command(builder: { "arch" => [ "amd64", "arm64" ], "remote" => "ssh://app@127.0.0.1", "cache" => { "type" => "gha" }, "local" => false })
assert_equal "remote", builder.name
assert_equal \
"docker buildx build --push --platform linux/amd64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile .",
"docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-remote-ssh---app-127-0-0-1 -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
builder.push.join(" ")
end
test "target native remote when only remote is set" do
builder = new_builder_command(builder: { "remote" => { "arch" => "amd64" }, "cache" => { "type" => "gha" } })
assert_equal "native/remote", builder.name
test "target remote when remote set and arch is non local" do
builder = new_builder_command(builder: { "arch" => [ "#{remote_arch}" ], "remote" => "ssh://app@host", "cache" => { "type" => "gha" } })
assert_equal "remote", builder.name
assert_equal \
"docker buildx build --push --platform linux/amd64 --builder kamal-app-native-remote -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
"docker buildx build --push --platform linux/#{remote_arch} --builder kamal-remote-ssh---app-host -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
builder.push.join(" ")
end
test "target local when remote set and arch is local" do
builder = new_builder_command(builder: { "arch" => [ "#{local_arch}" ], "remote" => "ssh://app@host", "cache" => { "type" => "gha" } })
assert_equal "local", builder.name
assert_equal \
"docker buildx build --push --platform linux/#{local_arch} --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile .",
builder.push.join(" ")
end
@@ -61,10 +69,13 @@ class CommandsBuilderTest < ActiveSupport::TestCase
end
test "build secrets" do
builder = new_builder_command(builder: { "secrets" => [ "token_a", "token_b" ] })
assert_equal \
"-t dhh/app:123 -t dhh/app:latest --label service=\"app\" --secret id=\"token_a\" --secret id=\"token_b\" --file Dockerfile",
builder.target.build_options.join(" ")
with_test_secrets("secrets" => "token_a=foo\ntoken_b=bar") do
FileUtils.touch("Dockerfile")
builder = new_builder_command(builder: { "secrets" => [ "token_a", "token_b" ] })
assert_equal \
"-t dhh/app:123 -t dhh/app:latest --label service=\"app\" --secret id=\"token_a\" --secret id=\"token_b\" --file Dockerfile",
builder.target.build_options.join(" ")
end
end
test "build dockerfile" do
@@ -93,29 +104,25 @@ class CommandsBuilderTest < ActiveSupport::TestCase
test "build context" do
builder = new_builder_command(builder: { "context" => ".." })
assert_equal \
"docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ..",
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ..",
builder.push.join(" ")
end
test "native push with build args" do
builder = new_builder_command(builder: { "multiarch" => false, "args" => { "a" => 1, "b" => 2 } })
assert_equal \
"docker build -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --build-arg a=\"1\" --build-arg b=\"2\" --file Dockerfile . && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
end
test "multiarch push with build args" do
test "push with build args" do
builder = new_builder_command(builder: { "args" => { "a" => 1, "b" => 2 } })
assert_equal \
"docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --build-arg a=\"1\" --build-arg b=\"2\" --file Dockerfile .",
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --build-arg a=\"1\" --build-arg b=\"2\" --file Dockerfile .",
builder.push.join(" ")
end
test "native push with build secrets" do
builder = new_builder_command(builder: { "multiarch" => false, "secrets" => [ "a", "b" ] })
assert_equal \
"docker build -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --secret id=\"a\" --secret id=\"b\" --file Dockerfile . && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
test "push with build secrets" do
with_test_secrets("secrets" => "a=foo\nb=bar") do
FileUtils.touch("Dockerfile")
builder = new_builder_command(builder: { "secrets" => [ "a", "b" ] })
assert_equal \
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --secret id=\"a\" --secret id=\"b\" --file Dockerfile .",
builder.push.join(" ")
end
end
test "build with ssh agent socket" do
@@ -130,76 +137,13 @@ class CommandsBuilderTest < ActiveSupport::TestCase
assert_equal "docker inspect -f '{{ .Config.Labels.service }}' dhh/app:123 | grep -x app || (echo \"Image dhh/app:123 is missing the 'service' label\" && exit 1)", new_builder_command.validate_image.join(" ")
end
test "multiarch context build" do
test "context build" do
builder = new_builder_command(builder: { "context" => "./foo" })
assert_equal \
"docker buildx build --push --platform linux/amd64,linux/arm64 --builder kamal-app-multiarch -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo",
"docker buildx build --push --platform linux/amd64 --builder kamal-local-docker-container -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo",
builder.push.join(" ")
end
test "native context build" do
builder = new_builder_command(builder: { "multiarch" => false, "context" => "./foo" })
assert_equal \
"docker build -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo && docker push dhh/app:123 && docker push dhh/app:latest",
builder.push.join(" ")
end
test "cached context build" do
builder = new_builder_command(builder: { "multiarch" => false, "context" => "./foo", "cache" => { "type" => "gha" } })
assert_equal \
"docker buildx build --push -t dhh/app:123 -t dhh/app:latest --cache-to type=gha --cache-from type=gha --label service=\"app\" --file Dockerfile ./foo",
builder.push.join(" ")
end
test "remote context build" do
builder = new_builder_command(builder: { "remote" => { "arch" => "amd64" }, "context" => "./foo" })
assert_equal \
"docker buildx build --push --platform linux/amd64 --builder kamal-app-native-remote -t dhh/app:123 -t dhh/app:latest --label service=\"app\" --file Dockerfile ./foo",
builder.push.join(" ")
end
test "multiarch context hosts" do
command = new_builder_command
assert_equal "docker buildx inspect kamal-app-multiarch > /dev/null", command.context_hosts.join(" ")
assert_equal "", command.config_context_hosts.join(" ")
end
test "native context hosts" do
command = new_builder_command(builder: { "multiarch" => false })
assert_equal :true, command.context_hosts
assert_equal "", command.config_context_hosts.join(" ")
end
test "native cached context hosts" do
command = new_builder_command(builder: { "multiarch" => false, "cache" => { "type" => "registry" } })
assert_equal "docker buildx inspect kamal-app-native-cached > /dev/null", command.context_hosts.join(" ")
assert_equal "", command.config_context_hosts.join(" ")
end
test "native remote context hosts" do
command = new_builder_command(builder: { "remote" => { "arch" => "amd64", "host" => "ssh://host" } })
assert_equal "docker context inspect kamal-app-native-remote-amd64 --format '{{.Endpoints.docker.Host}}'", command.context_hosts.join(" ")
assert_equal [ "ssh://host" ], command.config_context_hosts
end
test "multiarch remote context hosts" do
command = new_builder_command(builder: {
"remote" => { "arch" => "amd64", "host" => "ssh://host" },
"local" => { "arch" => "arm64" }
})
assert_equal "docker context inspect kamal-app-multiarch-remote-arm64 --format '{{.Endpoints.docker.Host}}' ; docker context inspect kamal-app-multiarch-remote-amd64 --format '{{.Endpoints.docker.Host}}'", command.context_hosts.join(" ")
assert_equal [ "ssh://host" ], command.config_context_hosts
end
test "multiarch remote context hosts with local host" do
command = new_builder_command(builder: {
"remote" => { "arch" => "amd64", "host" => "ssh://host" },
"local" => { "arch" => "arm64", "host" => "unix:///var/run/docker.sock" }
})
assert_equal "docker context inspect kamal-app-multiarch-remote-arm64 --format '{{.Endpoints.docker.Host}}' ; docker context inspect kamal-app-multiarch-remote-amd64 --format '{{.Endpoints.docker.Host}}'", command.context_hosts.join(" ")
assert_equal [ "unix:///var/run/docker.sock", "ssh://host" ], command.config_context_hosts
end
test "mirror count" do
command = new_builder_command
assert_equal "docker info --format '{{index .RegistryConfig.Mirrors 0}}'", command.first_mirror.join(" ")
@@ -207,10 +151,18 @@ class CommandsBuilderTest < ActiveSupport::TestCase
private
def new_builder_command(additional_config = {})
Kamal::Commands::Builder.new(Kamal::Configuration.new(@config.merge(additional_config), version: "123"))
Kamal::Commands::Builder.new(Kamal::Configuration.new(@config.deep_merge(additional_config), version: "123"))
end
def build_directory
"#{Dir.tmpdir}/kamal-clones/app/kamal/"
end
def local_arch
Kamal::Utils.docker_arch
end
def remote_arch
Kamal::Utils.docker_arch == "arm64" ? "amd64" : "arm64"
end
end

2
test/commands/docker_test.rb
View File

@@ -3,7 +3,7 @@ require "test_helper"
class CommandsDockerTest < ActiveSupport::TestCase
setup do
@config = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ]
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ], builder: { "arch" => "amd64" }
}
@docker = Kamal::Commands::Docker.new(Kamal::Configuration.new(@config))
end

17
test/commands/hook_test.rb
View File

@@ -8,7 +8,7 @@ class CommandsHookTest < ActiveSupport::TestCase
@config = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ],
traefik: { "args" => { "accesslog.format" => "json", "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
builder: { "arch" => "amd64" }, traefik: { "args" => { "accesslog.format" => "json", "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
}
@performer = Kamal::Git.email.presence || `whoami`.chomp
@@ -39,6 +39,21 @@ class CommandsHookTest < ActiveSupport::TestCase
], new_command(hooks_path: "custom/hooks/path").run("foo")
end
test "hook with secrets" do
with_test_secrets("secrets" => "DB_PASSWORD=secret") do
assert_equal [
".kamal/hooks/foo",
{ env: {
"KAMAL_RECORDED_AT" => @recorded_at,
"KAMAL_PERFORMER" => @performer,
"KAMAL_VERSION" => "123",
"KAMAL_SERVICE_VERSION" => "app@123",
"KAMAL_SERVICE" => "app",
"DB_PASSWORD" => "secret" } }
], new_command(env: { "secret" => [ "DB_PASSWORD" ] }).run("foo", secrets: true)
end
end
private
def new_command(**extra_config)
Kamal::Commands::Hook.new(Kamal::Configuration.new(@config.merge(**extra_config), version: "123"))

2
test/commands/lock_test.rb
View File

@@ -4,7 +4,7 @@ class CommandsLockTest < ActiveSupport::TestCase
setup do
@config = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ],
traefik: { "args" => { "accesslog.format" => "json", "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
builder: { "arch" => "amd64" }, traefik: { "args" => { "accesslog.format" => "json", "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
}
end

126
test/commands/proxy_test.rb Normal file
View File

@@ -0,0 +1,126 @@
require "test_helper"
class CommandsProxyTest < ActiveSupport::TestCase
setup do
@config = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ], builder: { "arch" => "amd64" }
}
ENV["EXAMPLE_API_KEY"] = "456"
end
teardown do
ENV.delete("EXAMPLE_API_KEY")
end
test "run" do
assert_equal \
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume /var/run/docker.sock:/var/run/docker.sock --volume $(pwd)/.kamal/proxy/config:/root/.config/kamal-proxy --log-opt max-size=\"10m\" #{Kamal::Configuration::Proxy::DEFAULT_IMAGE}",
new_command.run.join(" ")
end
test "run with ports configured" do
assert_equal \
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume /var/run/docker.sock:/var/run/docker.sock --volume $(pwd)/.kamal/proxy/config:/root/.config/kamal-proxy --log-opt max-size=\"10m\" #{Kamal::Configuration::Proxy::DEFAULT_IMAGE}",
new_command.run.join(" ")
end
test "run without configuration" do
@config.delete(:proxy)
assert_equal \
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume /var/run/docker.sock:/var/run/docker.sock --volume $(pwd)/.kamal/proxy/config:/root/.config/kamal-proxy --log-opt max-size=\"10m\" #{Kamal::Configuration::Proxy::DEFAULT_IMAGE}",
new_command.run.join(" ")
end
test "run with logging config" do
@config[:logging] = { "driver" => "local", "options" => { "max-size" => "100m", "max-file" => "3" } }
assert_equal \
"docker run --name kamal-proxy --network kamal --detach --restart unless-stopped --publish 80:80 --publish 443:443 --volume /var/run/docker.sock:/var/run/docker.sock --volume $(pwd)/.kamal/proxy/config:/root/.config/kamal-proxy --log-driver \"local\" --log-opt max-size=\"100m\" --log-opt max-file=\"3\" #{Kamal::Configuration::Proxy::DEFAULT_IMAGE}",
new_command.run.join(" ")
end
test "proxy start" do
assert_equal \
"docker container start kamal-proxy",
new_command.start.join(" ")
end
test "proxy stop" do
assert_equal \
"docker container stop kamal-proxy",
new_command.stop.join(" ")
end
test "proxy info" do
assert_equal \
"docker ps --filter name=^kamal-proxy$",
new_command.info.join(" ")
end
test "proxy logs" do
assert_equal \
"docker logs kamal-proxy --timestamps 2>&1",
new_command.logs.join(" ")
end
test "proxy logs since 2h" do
assert_equal \
"docker logs kamal-proxy --since 2h --timestamps 2>&1",
new_command.logs(since: "2h").join(" ")
end
test "proxy logs last 10 lines" do
assert_equal \
"docker logs kamal-proxy --tail 10 --timestamps 2>&1",
new_command.logs(lines: 10).join(" ")
end
test "proxy logs with grep hello!" do
assert_equal \
"docker logs kamal-proxy --timestamps 2>&1 | grep 'hello!'",
new_command.logs(grep: "hello!").join(" ")
end
test "proxy remove container" do
assert_equal \
"docker container prune --force --filter label=org.opencontainers.image.title=kamal-proxy",
new_command.remove_container.join(" ")
end
test "proxy remove image" do
assert_equal \
"docker image prune --all --force --filter label=org.opencontainers.image.title=kamal-proxy",
new_command.remove_image.join(" ")
end
test "proxy follow logs" do
assert_equal \
"ssh -t root@1.1.1.1 -p 22 'docker logs kamal-proxy --timestamps --tail 10 --follow 2>&1'",
new_command.follow_logs(host: @config[:servers].first)
end
test "proxy follow logs with grep hello!" do
assert_equal \
"ssh -t root@1.1.1.1 -p 22 'docker logs kamal-proxy --timestamps --tail 10 --follow 2>&1 | grep \"hello!\"'",
new_command.follow_logs(host: @config[:servers].first, grep: "hello!")
end
test "deploy" do
assert_equal \
"docker exec kamal-proxy kamal-proxy deploy service --target \"172.1.0.2:80\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\"",
new_command.deploy("service", target: "172.1.0.2").join(" ")
end
test "remove" do
assert_equal \
"docker exec kamal-proxy kamal-proxy remove service --target \"172.1.0.2:80\"",
new_command.remove("service", target: "172.1.0.2").join(" ")
end
private
def new_command
Kamal::Commands::Proxy.new(Kamal::Configuration.new(@config, version: "123"))
end
end

2
test/commands/prune_test.rb
View File

@@ -4,7 +4,7 @@ class CommandsPruneTest < ActiveSupport::TestCase
setup do
@config = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ],
traefik: { "args" => { "accesslog.format" => "json", "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
builder: { "arch" => "amd64" }, traefik: { "args" => { "accesslog.format" => "json", "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
}
end

50
test/commands/registry_test.rb
View File

@@ -8,53 +8,55 @@ class CommandsRegistryTest < ActiveSupport::TestCase
"password" => "secret",
"server" => "hub.docker.com"
},
builder: { "arch" => "amd64" },
servers: [ "1.1.1.1" ]
}
@registry = Kamal::Commands::Registry.new Kamal::Configuration.new(@config)
end
test "registry login" do
assert_equal \
"docker login hub.docker.com -u \"dhh\" -p \"secret\"",
@registry.login.join(" ")
registry.login.join(" ")
end
test "registry login with ENV password" do
ENV["KAMAL_REGISTRY_PASSWORD"] = "more-secret"
@config[:registry]["password"] = [ "KAMAL_REGISTRY_PASSWORD" ]
with_test_secrets("secrets" => "KAMAL_REGISTRY_PASSWORD=more-secret") do
@config[:registry]["password"] = [ "KAMAL_REGISTRY_PASSWORD" ]
assert_equal \
"docker login hub.docker.com -u \"dhh\" -p \"more-secret\"",
@registry.login.join(" ")
ensure
ENV.delete("KAMAL_REGISTRY_PASSWORD")
assert_equal \
"docker login hub.docker.com -u \"dhh\" -p \"more-secret\"",
registry.login.join(" ")
end
end
test "registry login escape password" do
ENV["KAMAL_REGISTRY_PASSWORD"] = "more-secret'\""
@config[:registry]["password"] = [ "KAMAL_REGISTRY_PASSWORD" ]
with_test_secrets("secrets" => "KAMAL_REGISTRY_PASSWORD=more-secret'\"") do
@config[:registry]["password"] = [ "KAMAL_REGISTRY_PASSWORD" ]
assert_equal \
"docker login hub.docker.com -u \"dhh\" -p \"more-secret'\\\"\"",
@registry.login.join(" ")
ensure
ENV.delete("KAMAL_REGISTRY_PASSWORD")
assert_equal \
"docker login hub.docker.com -u \"dhh\" -p \"more-secret'\\\"\"",
registry.login.join(" ")
end
end
test "registry login with ENV username" do
ENV["KAMAL_REGISTRY_USERNAME"] = "also-secret"
@config[:registry]["username"] = [ "KAMAL_REGISTRY_USERNAME" ]
with_test_secrets("secrets" => "KAMAL_REGISTRY_USERNAME=also-secret") do
@config[:registry]["username"] = [ "KAMAL_REGISTRY_USERNAME" ]
assert_equal \
"docker login hub.docker.com -u \"also-secret\" -p \"secret\"",
@registry.login.join(" ")
ensure
ENV.delete("KAMAL_REGISTRY_USERNAME")
assert_equal \
"docker login hub.docker.com -u \"also-secret\" -p \"secret\"",
registry.login.join(" ")
end
end
test "registry logout" do
assert_equal \
"docker logout hub.docker.com",
@registry.logout.join(" ")
registry.logout.join(" ")
end
private
def registry
Kamal::Commands::Registry.new Kamal::Configuration.new(@config)
end
end

6
test/commands/server_test.rb
View File

@@ -4,7 +4,7 @@ class CommandsServerTest < ActiveSupport::TestCase
setup do
@config = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ],
traefik: { "args" => { "accesslog.format" => "json", "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
builder: { "arch" => "amd64" }, traefik: { "args" => { "accesslog.format" => "json", "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
}
end
@@ -12,10 +12,6 @@ class CommandsServerTest < ActiveSupport::TestCase
assert_equal "mkdir -p .kamal", new_command.ensure_run_directory.join(" ")
end
test "ensure non default run directory" do
assert_equal "mkdir -p /var/run/kamal", new_command(run_directory: "/var/run/kamal").ensure_run_directory.join(" ")
end
private
def new_command(extra_config = {})
Kamal::Commands::Server.new(Kamal::Configuration.new(@config.merge(extra_config)))

24
test/commands/traefik_test.rb
View File

@@ -5,15 +5,15 @@ class CommandsTraefikTest < ActiveSupport::TestCase
@image = "traefik:test"
@config = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ],
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" }, servers: [ "1.1.1.1" ], builder: { "arch" => "amd64" },
traefik: { "image" => @image, "args" => { "accesslog.format" => "json", "api.insecure" => true, "metrics.prometheus.buckets" => "0.1,0.3,1.2,5.0" } }
}
ENV["EXAMPLE_API_KEY"] = "456"
setup_test_secrets("secrets" => "EXAMPLE_API_KEY=456")
end
teardown do
ENV.delete("EXAMPLE_API_KEY")
teardown_test_secrets
end
test "run" do
@@ -81,9 +81,9 @@ class CommandsTraefikTest < ActiveSupport::TestCase
"docker run --name traefik --detach --restart unless-stopped --publish 80:80 --volume /var/run/docker.sock:/var/run/docker.sock --env-file .kamal/env/traefik/traefik.env --log-opt max-size=\"10m\" --label traefik.http.routers.catchall.entryPoints=\"http\" --label traefik.http.routers.catchall.rule=\"PathPrefix(\\`/\\`)\" --label traefik.http.routers.catchall.service=\"unavailable\" --label traefik.http.routers.catchall.priority=\"1\" --label traefik.http.services.unavailable.loadbalancer.server.port=\"0\" #{@image} --providers.docker --log.level=\"DEBUG\" --accesslog.format=\"json\" --api.insecure --metrics.prometheus.buckets=\"0.1,0.3,1.2,5.0\"",
new_command.run.join(" ")
@config[:traefik]["env"] = { "secret" => %w[EXAMPLE_API_KEY] }
@config[:traefik]["env"] = { "EXAMPLE_API_KEY" => "456" }
assert_equal \
"docker run --name traefik --detach --restart unless-stopped --publish 80:80 --volume /var/run/docker.sock:/var/run/docker.sock --env-file .kamal/env/traefik/traefik.env --log-opt max-size=\"10m\" --label traefik.http.routers.catchall.entryPoints=\"http\" --label traefik.http.routers.catchall.rule=\"PathPrefix(\\`/\\`)\" --label traefik.http.routers.catchall.service=\"unavailable\" --label traefik.http.routers.catchall.priority=\"1\" --label traefik.http.services.unavailable.loadbalancer.server.port=\"0\" #{@image} --providers.docker --log.level=\"DEBUG\" --accesslog.format=\"json\" --api.insecure --metrics.prometheus.buckets=\"0.1,0.3,1.2,5.0\"",
"docker run --name traefik --detach --restart unless-stopped --publish 80:80 --volume /var/run/docker.sock:/var/run/docker.sock --env EXAMPLE_API_KEY=\"456\" --env-file .kamal/env/traefik/traefik.env --log-opt max-size=\"10m\" --label traefik.http.routers.catchall.entryPoints=\"http\" --label traefik.http.routers.catchall.rule=\"PathPrefix(\\`/\\`)\" --label traefik.http.routers.catchall.service=\"unavailable\" --label traefik.http.routers.catchall.priority=\"1\" --label traefik.http.services.unavailable.loadbalancer.server.port=\"0\" #{@image} --providers.docker --log.level=\"DEBUG\" --accesslog.format=\"json\" --api.insecure --metrics.prometheus.buckets=\"0.1,0.3,1.2,5.0\"",
new_command.run.join(" ")
end
@@ -188,20 +188,6 @@ class CommandsTraefikTest < ActiveSupport::TestCase
new_command.follow_logs(host: @config[:servers].first, grep: "hello!")
end
test "secrets io" do
@config[:traefik]["env"] = { "secret" => %w[EXAMPLE_API_KEY] }
assert_equal "EXAMPLE_API_KEY=456\n", new_command.env.secrets_io.string
end
test "make_env_directory" do
assert_equal "mkdir -p .kamal/env/traefik", new_command.make_env_directory.join(" ")
end
test "remove_env_file" do
assert_equal "rm -f .kamal/env/traefik/traefik.env", new_command.remove_env_file.join(" ")
end
private
def new_command
Kamal::Commands::Traefik.new(Kamal::Configuration.new(@config, version: "123"))

26
test/configuration/accessory_test.rb
View File

@@ -8,6 +8,7 @@ class ConfigurationAccessoryTest < ActiveSupport::TestCase
"web" => [ "1.1.1.1", "1.1.1.2" ],
"workers" => [ "1.1.1.3", "1.1.1.4" ]
},
builder: { "arch" => "amd64" },
env: { "REDIS_URL" => "redis://x/y" },
accessories: {
"mysql" => {
@@ -115,25 +116,14 @@ class ConfigurationAccessoryTest < ActiveSupport::TestCase
end
test "env args" do
assert_equal [ "--env-file", ".kamal/env/accessories/app-mysql.env", "--env", "MYSQL_ROOT_HOST=\"%\"" ], @config.accessory(:mysql).env_args
assert_equal [ "--env-file", ".kamal/env/accessories/app-redis.env", "--env", "SOMETHING=\"else\"" ], @config.accessory(:redis).env_args
end
with_test_secrets("secrets" => "MYSQL_ROOT_PASSWORD=secret123") do
config = Kamal::Configuration.new(@deploy)
test "env with secrets" do
ENV["MYSQL_ROOT_PASSWORD"] = "secret123"
expected_secrets_file = <<~ENV
MYSQL_ROOT_PASSWORD=secret123
ENV
assert_equal expected_secrets_file, @config.accessory(:mysql).env.secrets_io.string
assert_equal [ "--env-file", ".kamal/env/accessories/app-mysql.env", "--env", "MYSQL_ROOT_HOST=\"%\"" ], @config.accessory(:mysql).env_args
ensure
ENV["MYSQL_ROOT_PASSWORD"] = nil
end
test "env secrets path" do
assert_equal ".kamal/env/accessories/app-mysql.env", @config.accessory(:mysql).env.secrets_file
assert_equal [ "--env", "MYSQL_ROOT_HOST=\"%\"", "--env-file", ".kamal/env/accessories/app-mysql.env" ], config.accessory(:mysql).env_args.map(&:to_s)
assert_equal "MYSQL_ROOT_PASSWORD=secret123\n", config.accessory(:mysql).secrets_io.string
assert_equal [ "--env", "SOMETHING=\"else\"", "--env-file", ".kamal/env/accessories/app-redis.env" ], @config.accessory(:redis).env_args
assert_equal "\n", config.accessory(:redis).secrets_io.string
end
end
test "volume args" do

120
test/configuration/builder_test.rb
View File

@@ -4,56 +4,33 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
setup do
@deploy = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
servers: [ "1.1.1.1" ]
builder: { "arch" => "amd64" }, servers: [ "1.1.1.1" ]
}
@deploy_with_builder_option = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
servers: [ "1.1.1.1" ],
builder: {}
}
end
test "multiarch?" do
assert_equal true, config.builder.multiarch?
end
test "setting multiarch to false" do
@deploy_with_builder_option[:builder] = { "multiarch" => false }
assert_equal false, config_with_builder_option.builder.multiarch?
end
test "local?" do
assert_equal false, config.builder.local?
assert_equal true, config.builder.local?
end
test "remote?" do
assert_equal false, config.builder.remote?
end
test "remote_arch" do
assert_nil config.builder.remote_arch
end
test "remote_host" do
assert_nil config.builder.remote_host
test "remote" do
assert_nil config.builder.remote
end
test "setting both local and remote configs" do
@deploy_with_builder_option[:builder] = {
"local" => { "arch" => "arm64", "host" => "unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock" },
"remote" => { "arch" => "amd64", "host" => "ssh://root@192.168.0.1" }
@deploy[:builder] = {
"arch" => [ "amd64", "arm64" ],
"remote" => "ssh://root@192.168.0.1"
}
assert_equal true, config_with_builder_option.builder.local?
assert_equal true, config_with_builder_option.builder.remote?
assert_equal true, config.builder.local?
assert_equal true, config.builder.remote?
assert_equal "amd64", config_with_builder_option.builder.remote_arch
assert_equal "ssh://root@192.168.0.1", config_with_builder_option.builder.remote_host
assert_equal "arm64", config_with_builder_option.builder.local_arch
assert_equal "unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock", config_with_builder_option.builder.local_host
assert_equal [ "amd64", "arm64" ], config.builder.arches
assert_equal "ssh://root@192.168.0.1", config.builder.remote
end
test "cached?" do
@@ -61,10 +38,10 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
end
test "invalid cache type specified" do
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "invalid" } }
@deploy[:builder]["cache"] = { "type" => "invalid" }
assert_raises(Kamal::ConfigurationError) do
config_with_builder_option.builder
config.builder
end
end
@@ -77,32 +54,32 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
end
test "setting gha cache" do
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "gha", "options" => "mode=max" } }
@deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "gha", "options" => "mode=max" } }
assert_equal "type=gha", config_with_builder_option.builder.cache_from
assert_equal "type=gha,mode=max", config_with_builder_option.builder.cache_to
assert_equal "type=gha", config.builder.cache_from
assert_equal "type=gha,mode=max", config.builder.cache_to
end
test "setting registry cache" do
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } }
@deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } }
assert_equal "type=registry,ref=dhh/app-build-cache", config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=dhh/app-build-cache", config_with_builder_option.builder.cache_to
assert_equal "type=registry,ref=dhh/app-build-cache", config.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=dhh/app-build-cache", config.builder.cache_to
end
test "setting registry cache when using a custom registry" do
@deploy_with_builder_option[:registry]["server"] = "registry.example.com"
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } }
@deploy[:registry]["server"] = "registry.example.com"
@deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } }
assert_equal "type=registry,ref=registry.example.com/dhh/app-build-cache", config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=registry.example.com/dhh/app-build-cache", config_with_builder_option.builder.cache_to
assert_equal "type=registry,ref=registry.example.com/dhh/app-build-cache", config.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=registry.example.com/dhh/app-build-cache", config.builder.cache_to
end
test "setting registry cache with image" do
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "registry", "image" => "kamal", "options" => "mode=max" } }
@deploy[:builder] = { "arch" => "amd64", "cache" => { "type" => "registry", "image" => "kamal", "options" => "mode=max" } }
assert_equal "type=registry,ref=kamal", config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,ref=kamal", config_with_builder_option.builder.cache_to
assert_equal "type=registry,ref=kamal", config.builder.cache_from
assert_equal "type=registry,mode=max,ref=kamal", config.builder.cache_to
end
test "args" do
@@ -110,19 +87,21 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
end
test "setting args" do
@deploy_with_builder_option[:builder] = { "args" => { "key" => "value" } }
@deploy[:builder]["args"] = { "key" => "value" }
assert_equal({ "key" => "value" }, config_with_builder_option.builder.args)
assert_equal({ "key" => "value" }, config.builder.args)
end
test "secrets" do
assert_equal [], config.builder.secrets
assert_equal({}, config.builder.secrets)
end
test "setting secrets" do
@deploy_with_builder_option[:builder] = { "secrets" => [ "GITHUB_TOKEN" ] }
with_test_secrets("secrets" => "GITHUB_TOKEN=secret123") do
@deploy[:builder]["secrets"] = [ "GITHUB_TOKEN" ]
assert_equal [ "GITHUB_TOKEN" ], config_with_builder_option.builder.secrets
assert_equal({ "GITHUB_TOKEN" => "secret123" }, config.builder.secrets)
end
end
test "dockerfile" do
@@ -130,9 +109,9 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
end
test "setting dockerfile" do
@deploy_with_builder_option[:builder] = { "dockerfile" => "Dockerfile.dev" }
@deploy[:builder]["dockerfile"] = "Dockerfile.dev"
assert_equal "Dockerfile.dev", config_with_builder_option.builder.dockerfile
assert_equal "Dockerfile.dev", config.builder.dockerfile
end
test "context" do
@@ -140,9 +119,9 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
end
test "setting context" do
@deploy_with_builder_option[:builder] = { "context" => ".." }
@deploy[:builder]["context"] = ".."
assert_equal "..", config_with_builder_option.builder.context
assert_equal "..", config.builder.context
end
test "ssh" do
@@ -150,17 +129,30 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
end
test "setting ssh params" do
@deploy_with_builder_option[:builder] = { "ssh" => "default=$SSH_AUTH_SOCK" }
@deploy[:builder]["ssh"] = "default=$SSH_AUTH_SOCK"
assert_equal "default=$SSH_AUTH_SOCK", config_with_builder_option.builder.ssh
assert_equal "default=$SSH_AUTH_SOCK", config.builder.ssh
end
test "local disabled but no remote set" do
@deploy[:builder]["local"] = false
assert_raises(Kamal::ConfigurationError) do
config.builder
end
end
test "local disabled all arches are remote" do
@deploy[:builder]["local"] = false
@deploy[:builder]["remote"] = "ssh://root@192.168.0.1"
@deploy[:builder]["arch"] = [ "amd64", "arm64" ]
assert_equal [], config.builder.local_arches
assert_equal [ "amd64", "arm64" ], config.builder.remote_arches
end
private
def config
Kamal::Configuration.new(@deploy)
end
def config_with_builder_option
Kamal::Configuration.new(@deploy_with_builder_option)
end
end

28
test/configuration/env/tags_test.rb vendored
View File

@@ -5,6 +5,7 @@ class ConfigurationEnvTagsTest < ActiveSupport::TestCase
@deploy = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
servers: [ { "1.1.1.1" => "odd" }, { "1.1.1.2" => "even" }, { "1.1.1.3" => [ "odd", "three" ] } ],
builder: { "arch" => "amd64" },
env: {
"clear" => { "REDIS_URL" => "redis://x/y", "THREE" => "false" },
"tags" => {
@@ -64,6 +65,7 @@ class ConfigurationEnvTagsTest < ActiveSupport::TestCase
deploy = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
servers: [ { "1.1.1.1" => [ "first", "second" ] } ],
builder: { "arch" => "amd64" },
env: {
"tags" => {
"first" => { "TYPE" => "first" },
@@ -77,28 +79,28 @@ class ConfigurationEnvTagsTest < ActiveSupport::TestCase
end
test "tag secret env" do
ENV["PASSWORD"] = "hello"
deploy = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
servers: [ { "1.1.1.1" => "secrets" } ],
env: {
"tags" => {
"secrets" => { "secret" => [ "PASSWORD" ] }
with_test_secrets("secrets" => "PASSWORD=hello") do
deploy = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
servers: [ { "1.1.1.1" => "secrets" } ],
builder: { "arch" => "amd64" },
env: {
"tags" => {
"secrets" => { "secret" => [ "PASSWORD" ] }
}
}
}
}
config = Kamal::Configuration.new(deploy)
assert_equal "hello", config.role("web").env("1.1.1.1").secrets["PASSWORD"]
ensure
ENV.delete "PASSWORD"
config = Kamal::Configuration.new(deploy)
assert_equal "hello", config.role("web").env("1.1.1.1").secrets["PASSWORD"]
end
end
test "tag clear env" do
deploy = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
servers: [ { "1.1.1.1" => "clearly" } ],
builder: { "arch" => "amd64" },
env: {
"tags" => {
"clearly" => { "clear" => { "FOO" => "bar" } }

67
test/configuration/env_test.rb
View File

@@ -6,27 +6,21 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
test "simple" do
assert_config \
config: { "foo" => "bar", "baz" => "haz" },
clear: { "foo" => "bar", "baz" => "haz" },
secrets: {}
clear: { "foo" => "bar", "baz" => "haz" }
end
test "clear" do
assert_config \
config: { "clear" => { "foo" => "bar", "baz" => "haz" } },
clear: { "foo" => "bar", "baz" => "haz" },
secrets: {}
clear: { "foo" => "bar", "baz" => "haz" }
end
test "secret" do
ENV["PASSWORD"] = "hello"
env = Kamal::Configuration::Env.new config: { "secret" => [ "PASSWORD" ] }
assert_config \
config: { "secret" => [ "PASSWORD" ] },
clear: {},
secrets: { "PASSWORD" => "hello" }
ensure
ENV.delete "PASSWORD"
with_test_secrets("secrets" => "PASSWORD=hello") do
assert_config \
config: { "secret" => [ "PASSWORD" ] },
secrets: { "PASSWORD" => "hello" }
end
end
test "missing secret" do
@@ -34,41 +28,32 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
"secret" => [ "PASSWORD" ]
}
assert_raises(KeyError) { Kamal::Configuration::Env.new(config: { "secret" => [ "PASSWORD" ] }).secrets }
assert_raises(Kamal::ConfigurationError) { Kamal::Configuration::Env.new(config: { "secret" => [ "PASSWORD" ] }, secrets: Kamal::Secrets.new).secrets_io }
end
test "secret and clear" do
ENV["PASSWORD"] = "hello"
config = {
"secret" => [ "PASSWORD" ],
"clear" => {
"foo" => "bar",
"baz" => "haz"
with_test_secrets("secrets" => "PASSWORD=hello") do
config = {
"secret" => [ "PASSWORD" ],
"clear" => {
"foo" => "bar",
"baz" => "haz"
}
}
}
assert_config \
config: config,
clear: { "foo" => "bar", "baz" => "haz" },
secrets: { "PASSWORD" => "hello" }
ensure
ENV.delete "PASSWORD"
end
test "stringIO conversion" do
env = {
"foo" => "bar",
"baz" => "haz"
}
assert_equal "foo=bar\nbaz=haz\n", \
StringIO.new(Kamal::EnvFile.new(env)).read
assert_config \
config: config,
clear: { "foo" => "bar", "baz" => "haz" },
secrets: { "PASSWORD" => "hello" }
end
end
private
def assert_config(config:, clear:, secrets:)
env = Kamal::Configuration::Env.new config: config, secrets_file: "secrets.env"
assert_equal clear, env.clear
assert_equal secrets, env.secrets
def assert_config(config:, clear: {}, secrets: {})
env = Kamal::Configuration::Env.new config: config, secrets: Kamal::Secrets.new
expected_clear_args = clear.to_a.flat_map { |key, value| [ "--env", "#{key}=\"#{value}\"" ] }
assert_equal expected_clear_args, env.clear_args.map(&:to_s) #  to_s removes the redactions
expected_secrets = secrets.to_a.flat_map { |key, value| "#{key}=#{value}" }.join("\n") + "\n"
assert_equal expected_secrets, env.secrets_io.string
end
end

Some files were not shown because too many files have changed in this diff Show More