bard-new 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8201fa5a621130b02195491b4639865adcc88eb94ec86bceb3f3c2008cb7ece9
+  data.tar.gz: f4d6efff097acd5ca4e20d54d07be348b4d8616928860a39d09cca688b4ba81a
+SHA512:
+  metadata.gz: 0f1e688442793919d59477e855cf2db2b03ab09b7b8118a6a8a686acb8f412e13609fba9bf793729af83efd6424a2b66000422b9796fa543e56ac6a1ee3d72b9
+  data.tar.gz: 146fa6ba13c75198b1fabda558860a8faf1c3ee3d22732ecc51f43ea0eb2938573ddb1fdbd6f2608e090132b9d08da9c54c043923ecf5bb8b9a009757e862ba7

data/.github/workflows/ci.yml

@@ -0,0 +1,42 @@
+name: CI
+on: [push, pull_request]
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [ "3.3", "3.4", "4.0" ]
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Install Podman
+        run: |
+          sudo apt-get update -y
+          sudo apt-get install -y podman
+          sudo nohup podman system service --time=0 tcp://127.0.0.1:8080 > /tmp/podman-service.log 2>&1 &
+          for i in {1..30}; do
+            if curl --silent --fail http://127.0.0.1:8080/v1.40/version >/dev/null 2>&1; then
+              echo "Podman REST API ready at tcp://127.0.0.1:8080"
+              break
+            fi
+            sleep 1
+          done
+          echo "DOCKER_HOST=tcp://127.0.0.1:8080" >> $GITHUB_ENV
+
+      - name: Build test container images
+        run: |
+          sudo podman pull ubuntu:24.04
+          sudo podman build -t bard-test-provision -f spec/acceptance/docker/Dockerfile.provision spec/acceptance/docker
+          sudo podman build -t bard-test-new -f spec/acceptance/docker/Dockerfile.new .
+
+      - name: Run tests
+        run: bundle exec rake

data/.gitignore

@@ -0,0 +1,4 @@
+/coverage
+/pkg
+.ruby-version
+.ruby-gemset

data/CLAUDE.md

@@ -0,0 +1,55 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## What this gem is
+
+`bard-new` is a plugin for the `bard` CLI gem ([botandrose/bard](https://github.com/botandrose/bard)). It adds two subcommands:
+
+- `bard new <project-name>` — scaffolds a new Rails app using `lib/bard/new/rails_template.rb`, optionally pushes to GitHub and stages a deploy.
+- `bard provision [ssh_url]` — idempotently provisions a fresh Ubuntu 24.04 host into a production target, step by step.
+
+The plugin entry point is `lib/bard/plugins/new.rb`. The parent `bard` gem's plugin loader auto-requires it (by convention); the gemspec depends on `bard`.
+
+## Architecture
+
+### CLI layer (`lib/bard/new/cli/`)
+Reopens `Bard::CLI` (a Thor subclass from the `bard` gem) and adds `new` and `provision` commands. `new.rb` shells out to `env -i bash -lc` + RVM to run `rails new` with the template; `provision.rb` iterates over `PROVISION_STEPS` and dispatches each to a `Bard::Provision::<Step>` class.
+
+### Provision steps (`lib/bard/new/provision/`)
+Each step is a `Struct.new(:config, :ssh_url)` subclass of `Bard::Provision` (see `base.rb`) implementing `#call`. Steps are **idempotent** — they check current state before acting (e.g. `Nginx#http_responding?`, `SSH#password_auth_enabled?`) and print ` ✓` at the end. `provision_server` returns a duped target whose `ssh` points at the raw `ssh_url` being provisioned; `target` is the final production target from `bard.rb`. The order in `PROVISION_STEPS` matters (SSH → User → AuthorizedKeys → ... → Data).
+
+### Rails template (`lib/bard/new/rails_template.rb`)
+Drives `rails new -m` — generates Gemfile (bard-rails, solid_*, sprockets+dartsass, importmap/turbo/stimulus, exception_notification, puma), writes `Procfile`, adds a `bootstrap` rake task that does `db:prepare` + (in production) `assets:precompile` + `foreman export systemd-user` + `systemctl --user restart`, and runs `bard install && bin/setup && bard setup` after bundle. Reads `ruby_version` and `project_name` from the current `rvm current name`.
+
+### Test infrastructure
+Both cucumber features spin up a real **Podman** container (via `docker-api` against the podman socket) using `spec/acceptance/docker/Dockerfile.{new,provision}`, then SSH in with `spec/acceptance/docker/test_key`. The `@new` tag gives a deploy-ready Ubuntu + RVM + pre-installed bard/bard-new gems for exercising `bard new` — `Dockerfile.new` clones `bard` from GitHub (branch `v2.0`) during the build and `COPY`s the bard-new working tree in (build context is the repo root). The `@provision` tag gives a raw-ish Ubuntu + systemd for exercising the provision steps end-to-end (build context is just `spec/acceptance/docker/`).
+
+Coverage is written by both cucumber (`features/support/env.rb`) and rspec (`spec/spec_helper.rb`) via SimpleCov — the cucumber runs shell out through `features/support/bard-coverage`, a wrapper that starts SimpleCov before exec'ing the `bard` binary so the subprocess's line coverage is merged in.
+
+## Commands
+
+```bash
+# Full suite (default rake task runs both)
+bundle exec rake
+
+# Unit specs only
+bundle exec rspec
+bundle exec rspec spec/bard/new/provision/nginx_spec.rb  # single file
+
+# Cucumber — tags select which container gets built/started
+bundle exec cucumber features/new.feature          # @new tag
+bundle exec cucumber features/provision.feature    # @provision tag
+```
+
+Cucumber runs are slow (they build and boot containers). Per global rules: **always** pipe cucumber output to a uniquely-named file in `/tmp/` and grep it, and never run the full cucumber suite speculatively.
+
+Podman must be installed and `systemctl --user start podman.socket` must succeed — the test harness auto-starts it and sets `DOCKER_HOST` to the user socket.
+
+## Conventions specific to this repo
+
+- Provision step output format is `print "Name:"` → one `print " action,"` per side effect → `puts " ✓"`. Preserve this when adding/editing steps.
+- Provision steps MUST be idempotent and check state before acting — they are re-run against already-provisioned servers.
+- `provision_server` (raw `ssh_url`) vs `target` (configured production target) is a load-bearing distinction; the SSH step rewrites `ssh_url` to the target port mid-flight so later steps connect to the reconfigured port.
+- New provision steps: add the class name to `PROVISION_STEPS` in `lib/bard/new/cli/provision.rb` in the correct order, create `lib/bard/new/provision/<name>.rb` with a `Bard::Provision::<Name>` class, and add `spec/bard/new/provision/<name>_spec.rb`.
+- The rails template's Ruby version is hardcoded to `ruby-4.0.2` in `cli/new.rb#new_ruby_version`.

data/Gemfile

@@ -0,0 +1,10 @@
+source "http://rubygems.org"
+
+gemspec
+
+gem "bard", github: "botandrose/bard", branch: "v2.0"
+
+group :test do
+  gem "simplecov", require: false
+  gem "webmock", require: false
+end

data/Gemfile.lock

@@ -0,0 +1,179 @@
+GIT
+  remote: https://github.com/botandrose/bard.git
+  revision: eed2de978df9a6e26bd98c2ca1e02da5586e22a0
+  branch: v2.0
+  specs:
+    bard (2.0.0)
+      base64
+      rbnacl
+      rvm
+      term-ansicolor (>= 1.0.3)
+      thor (>= 0.19.0)
+
+PATH
+  remote: .
+  specs:
+    bard-new (0.1.0)
+      bard
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.8.9)
+      public_suffix (>= 2.0.2, < 8.0)
+    base64 (0.3.0)
+    bigdecimal (4.1.0)
+    builder (3.3.0)
+    crack (1.0.1)
+      bigdecimal
+      rexml
+    cucumber (10.2.0)
+      base64 (~> 0.2)
+      builder (~> 3.2)
+      cucumber-ci-environment (> 9, < 12)
+      cucumber-core (> 15, < 17)
+      cucumber-cucumber-expressions (> 17, < 20)
+      cucumber-html-formatter (> 21, < 23)
+      diff-lcs (~> 1.5)
+      logger (~> 1.6)
+      mini_mime (~> 1.1)
+      multi_test (~> 1.1)
+      sys-uname (~> 1.3)
+    cucumber-ci-environment (11.0.0)
+    cucumber-core (16.2.0)
+      cucumber-gherkin (> 36, < 40)
+      cucumber-messages (> 31, < 33)
+      cucumber-tag-expressions (> 6, < 9)
+    cucumber-cucumber-expressions (19.0.0)
+      bigdecimal
+    cucumber-gherkin (39.0.0)
+      cucumber-messages (>= 31, < 33)
+    cucumber-html-formatter (22.3.0)
+      cucumber-messages (> 23, < 33)
+    cucumber-messages (32.2.0)
+    cucumber-tag-expressions (8.1.0)
+    date (3.5.1)
+    debug (1.11.1)
+      irb (~> 1.10)
+      reline (>= 0.3.8)
+    diff-lcs (1.6.2)
+    docile (1.4.1)
+    docker-api (2.4.0)
+      excon (>= 0.64.0)
+      multi_json
+    erb (6.0.2)
+    excon (1.4.2)
+      logger
+    ffi (1.17.4)
+    ffi (1.17.4-aarch64-linux-gnu)
+    ffi (1.17.4-aarch64-linux-musl)
+    ffi (1.17.4-arm-linux-gnu)
+    ffi (1.17.4-arm-linux-musl)
+    ffi (1.17.4-arm64-darwin)
+    ffi (1.17.4-x86-linux-gnu)
+    ffi (1.17.4-x86-linux-musl)
+    ffi (1.17.4-x86_64-darwin)
+    ffi (1.17.4-x86_64-linux-gnu)
+    ffi (1.17.4-x86_64-linux-musl)
+    hashdiff (1.2.1)
+    io-console (0.8.2)
+    irb (1.17.0)
+      pp (>= 0.6.0)
+      prism (>= 1.3.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    logger (1.7.0)
+    memoist3 (1.0.0)
+    mini_mime (1.1.5)
+    mize (0.6.1)
+    multi_json (1.19.1)
+    multi_test (1.1.0)
+    pp (0.6.3)
+      prettyprint
+    prettyprint (0.2.0)
+    prism (1.9.0)
+    psych (5.3.1)
+      date
+      stringio
+    public_suffix (7.0.5)
+    rake (13.3.1)
+    rbnacl (7.1.2)
+      ffi (~> 1)
+    rdoc (7.2.0)
+      erb
+      psych (>= 4.0.0)
+      tsort
+    readline (0.0.4)
+      reline
+    reline (0.6.3)
+      io-console (~> 0.5)
+    rexml (3.4.4)
+    rspec (3.13.2)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.6)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.8)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.7)
+    rvm (1.11.3.9)
+    simplecov (0.22.0)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.13.2)
+    simplecov_json_formatter (0.1.4)
+    stringio (3.2.0)
+    sync (0.5.0)
+    sys-uname (1.5.1)
+      ffi (~> 1.1)
+      memoist3 (~> 1.0.0)
+    term-ansicolor (1.11.3)
+      tins (~> 1)
+    testcontainers (0.2.0)
+      testcontainers-core (= 0.2.0)
+    testcontainers-core (0.2.0)
+      docker-api (~> 2.2)
+    thor (1.5.0)
+    tins (1.52.0)
+      bigdecimal
+      mize (~> 0.6)
+      readline
+      sync
+    tsort (0.2.0)
+    webmock (3.26.2)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
+
+PLATFORMS
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  arm-linux-gnu
+  arm-linux-musl
+  arm64-darwin
+  ruby
+  x86-linux-gnu
+  x86-linux-musl
+  x86_64-darwin
+  x86_64-linux-gnu
+  x86_64-linux-musl
+
+DEPENDENCIES
+  bard!
+  bard-new!
+  cucumber
+  debug
+  rake
+  rspec
+  simplecov
+  testcontainers
+  webmock
+
+BUNDLED WITH
+   2.7.2

data/README.md

@@ -0,0 +1,107 @@
+# bard-new
+
+A plugin for the [bard](https://github.com/botandrose/bard) CLI that scaffolds new Rails projects and provisions Ubuntu servers into Bot & Rose production targets.
+
+Adds two subcommands:
+
+- `bard new <project-name>` — scaffold a new Rails app, push it to GitHub, and stage a deploy.
+- `bard provision [ssh_url]` — idempotently provision a fresh Ubuntu 24.04 host into a production target.
+
+## Installation
+
+```bash
+gem install bard-new
+```
+
+The parent `bard` gem auto-requires installed plugins by convention, so the new commands appear under `bard --help` once the gem is installed.
+
+## `bard new`
+
+```bash
+bard new my_project
+```
+
+Steps:
+
+1. Validates the project name (lowercase letters and digits only, must start with a letter).
+2. Creates an RVM gemset (`ruby-4.0.2@<project-name>`) and installs Rails (`~> 8.1.0`).
+3. Runs `rails new` against [`lib/bard/new/rails_template.rb`](lib/bard/new/rails_template.rb), which:
+   - writes a Gemfile with `bard-rails`, `solid_*`, sprockets + dartsass, importmap/turbo/stimulus, `exception_notification`, and `puma`
+   - writes a `Procfile`
+   - adds a `bootstrap` rake task (runs `db:prepare`, and in production runs `assets:precompile`, exports systemd-user units via `foreman`, and restarts the service)
+   - runs `bard install && bin/setup && bard setup`
+4. Creates a private GitHub repo, pushes the initial commit, uploads `config/master.key` as an Actions secret, and enables branch protection on `master`.
+5. Stages the new project (`bard deploy --clone`).
+
+Options:
+
+- `--skip-github` — skip GitHub repo creation and push.
+- `--skip-stage` — skip the staging deploy.
+
+## `bard provision`
+
+```bash
+bard provision deploy@new-server.example.com:22
+```
+
+If `ssh_url` is omitted, the `:production` target's SSH URL from `bard.rb` is used.
+
+The command iterates through the provisioning steps in order and dispatches each to a class under `Bard::Provision`. Every step is **idempotent** — it inspects current state and skips work that's already done — so re-running against a partially or fully provisioned host is safe.
+
+| Step             | What it does                                                                 |
+|------------------|------------------------------------------------------------------------------|
+| `SSH`            | Hardens sshd, switches to the port configured on the production target.     |
+| `User`           | Creates the deploy user.                                                    |
+| `AuthorizedKeys` | Installs SSH keys.                                                          |
+| `Swapfile`       | Allocates a swapfile.                                                       |
+| `Apt`            | Installs base system packages.                                              |
+| `MySQL`          | Installs and configures MySQL, creates the app database and user.           |
+| `Repo`           | Clones the application repo into the deploy path.                           |
+| `MasterKey`      | Installs `config/master.key`.                                               |
+| `RVM`            | Installs RVM and the project's Ruby version.                                |
+| `App`            | Runs `bin/setup` / app bootstrap.                                           |
+| `Nginx`          | Installs and configures nginx + TLS.                                        |
+| `Deploy`         | Performs the initial deploy.                                                |
+| `HTTP`           | Verifies the site responds.                                                 |
+| `LogRotation`    | Configures logrotate.                                                       |
+| `Data`           | Syncs initial data.                                                         |
+
+Options:
+
+- `--steps step1 step2 …` — run only a subset of steps (names match the table above).
+
+## Development
+
+The test suite uses real Podman containers to exercise both commands end-to-end. You need:
+
+- Podman with the user socket enabled: `systemctl --user start podman.socket`
+
+```bash
+bundle install
+
+# Full suite (rspec + cucumber)
+bundle exec rake
+
+# Unit specs
+bundle exec rspec
+bundle exec rspec spec/bard/new/provision/nginx_spec.rb
+
+# Cucumber — tags select which container image gets built
+bundle exec cucumber features/new.feature        # @new
+bundle exec cucumber features/provision.feature  # @provision
+```
+
+Cucumber runs are slow because they build and boot containers; run individual features rather than the full suite.
+
+## Adding a provision step
+
+1. Add the class name to `PROVISION_STEPS` in [`lib/bard/new/cli/provision.rb`](lib/bard/new/cli/provision.rb) at the correct position — ordering matters (e.g. `SSH` must run before `User`, which must run before `AuthorizedKeys`).
+2. Create `lib/bard/new/provision/<name>.rb` defining `Bard::Provision::<Name>` as a subclass of `Bard::Provision` (a `Struct.new(:config, :ssh_url)`) with a `#call` method.
+3. Make `#call` idempotent — check current state before making changes.
+4. Follow the output convention: `print "Name:"`, then one `print " action,"` per side effect, then `puts " ✓"`.
+5. Use `provision_server` to SSH to the host being provisioned (raw `ssh_url`) and `target` for the final production target from `bard.rb`. The `SSH` step rewrites `ssh_url` to the configured port mid-flight, so later steps connect to the reconfigured host.
+6. Add `spec/bard/new/provision/<name>_spec.rb`.
+
+## License
+
+MIT. Copyright (c) Micah Geisel.

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+require "cucumber/rake/task"
+
+RSpec::Core::RakeTask.new(:spec)
+Cucumber::Rake::Task.new(:cucumber)
+
+task :default => [:spec, :cucumber]

data/bard-new.gemspec

@@ -0,0 +1,25 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "bard/new/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "bard-new"
+  spec.version       = Bard::New::VERSION
+  spec.authors       = ["Micah Geisel"]
+  spec.email         = ["micah@botandrose.com"]
+  spec.summary       = "Project creation and server provisioning for bard."
+  spec.homepage      = "http://github.com/botandrose/bard-new"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "bard"
+
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "debug"
+  spec.add_development_dependency "cucumber"
+  spec.add_development_dependency "testcontainers"
+end

data/features/new.feature

@@ -0,0 +1,12 @@
+@new
+Feature: bard new
+  Create a new bard-managed Rails project.
+
+  Background:
+    Given a bard new server is running
+
+  Scenario: creates a new Rails project
+    When I run bard new "testproject"
+    Then the output should contain "Project testproject created!"
+    And the project "testproject" should run successfully
+    And the project "testproject" should respond to http://testproject.localhost

data/features/provision.feature

@@ -0,0 +1,10 @@
+@provision
+Feature: bard provision
+  Background:
+    Given a provision server is running
+
+  Scenario: provisions a server with nginx reverse proxy
+    When I provision the system
+    And I set up the test project
+    And I provision the app
+    Then the site should be running

data/features/step_definitions/bard_new_steps.rb

@@ -0,0 +1,64 @@
+Then /^the output should contain "([^\"]+)"$/ do |expected|
+  expect(@stdout).to include(expected)
+end
+
+# bard new steps
+Given /^a bard new server is running$/ do
+  raise "New server failed to start" unless @new_container && @new_ssh_port
+end
+
+When /^I run bard new "([^"]+)"$/ do |project_name|
+  run_bard_remote("new #{project_name} --skip-github --skip-stage")
+  unless @status.success?
+    raise "bard new failed with status: #{@status}\nOutput: #{@stdout}"
+  end
+end
+
+Then /^the project "([^"]+)" should run successfully$/ do |project_name|
+  stdout, status = run_new_ssh("cd /tmp/bardwork/#{project_name} && bin/rails runner 'puts :bard_test_ok'")
+  expect(status).to be_success, "rails runner failed:\n#{stdout}"
+  expect(stdout).to include("bard_test_ok")
+end
+
+Then /^the project "([^"]+)" should respond to http:\/\/(.+)$/ do |project_name, hostname|
+  Open3.capture2e(
+    "timeout", "3",
+    "ssh", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null",
+    "-p", @new_ssh_port.to_s, "-i", new_ssh_key_path,
+    "deploy@localhost",
+    "bash -lc 'cd /tmp/bardwork/#{project_name} && setsid -f bundle exec puma -p 3000 </dev/null >/tmp/puma.log 2>&1'"
+  )
+  sleep 5
+  stdout, status = run_new_ssh("curl -sf -H 'Host: #{hostname}' http://localhost/")
+  expect(status).to be_success, "HTTP request to #{hostname} failed:\n#{stdout}"
+  expect(stdout).to include(project_name)
+end
+
+# bard provision steps
+Given /^a provision server is running$/ do
+  raise "Provision server failed to start" unless @container && @ssh_port
+end
+
+When /^I provision the system$/ do
+  run_provision_phase1
+  unless @status.success?
+    raise "Provision phase 1 failed:\n#{@stdout}"
+  end
+end
+
+When /^I set up the test project$/ do
+  setup_test_project
+end
+
+When /^I provision the app$/ do
+  run_provision_phase2
+  unless @status.success?
+    raise "Provision phase 2 failed:\n#{@stdout}"
+  end
+end
+
+Then /^the site should be running$/ do
+  stdout, status = Open3.capture2e("curl -sf http://127.0.0.1:#{@http_port}/")
+  expect(status).to be_success, "Site not responding on port #{@http_port}"
+  expect(stdout).to include("hello from testproject")
+end

data/features/support/bard-coverage

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+root = File.expand_path("../../..", __FILE__)
+
+require "simplecov"
+SimpleCov.root(root)
+SimpleCov.start do
+  command_name "Cucumber (subprocess #{$$})"
+  track_files "lib/**/*.rb"
+  add_filter "spec/"
+  add_filter "features/"
+  coverage_dir "#{root}/coverage"
+end
+
+$LOAD_PATH.unshift("#{root}/lib")
+require "bard/cli"
+Bard::CLI.start ARGV

data/features/support/env.rb

@@ -0,0 +1,22 @@
+require "simplecov"
+SimpleCov.start do
+  command_name "Cucumber"
+  track_files "lib/**/*.rb"
+  add_filter "spec/"
+  add_filter "features/"
+end
+
+$LOAD_PATH.unshift(File.dirname(__FILE__) + '/../../lib')
+require "bard/cli"
+require 'rspec/expectations'
+require 'fileutils'
+
+ENV["PATH"] = "#{File.dirname(File.expand_path(__FILE__))}:#{ENV['PATH']}"
+ENV["GIT_DIR"] = nil
+ENV["GIT_WORK_TREE"] = nil
+ENV["GIT_INDEX_FILE"] = nil
+
+ROOT = File.expand_path(File.dirname(__FILE__) + '/../..')
+
+# Ensure tmp directory exists
+FileUtils.mkdir_p(File.join(ROOT, "tmp"))