bard-new 0.1.0

data/features/support/new_server.rb

@@ -0,0 +1,136 @@
+require "fileutils"
+require "open3"
+require "docker-api"
+
+module NewServerWorld
+  class << self
+    attr_accessor :server_available, :image_built
+  end
+
+  class PrerequisiteError < StandardError; end
+
+  def ensure_new_server_available
+    return if NewServerWorld.server_available
+
+    unless system("command -v podman >/dev/null 2>&1")
+      raise PrerequisiteError, "podman is not installed"
+    end
+
+    configure_new_container_socket
+    build_new_test_image
+    FileUtils.chmod(0o600, new_ssh_key_path)
+
+    NewServerWorld.server_available = true
+  end
+
+  def configure_new_container_socket
+    if ENV["DOCKER_HOST"]
+      Docker.url = ENV["DOCKER_HOST"]
+      return
+    end
+
+    socket_path = "/run/user/#{Process.uid}/podman/podman.sock"
+    unless File.exist?(socket_path)
+      system("systemctl --user start podman.socket 2>/dev/null")
+      sleep 2
+    end
+
+    unless File.exist?(socket_path)
+      raise PrerequisiteError, "Podman socket not available"
+    end
+
+    ENV["DOCKER_HOST"] = "unix://#{socket_path}"
+    Docker.url = ENV["DOCKER_HOST"]
+  end
+
+  def build_new_test_image
+    return if NewServerWorld.image_built
+
+    if new_image_exists?("bard-test-new")
+      NewServerWorld.image_built = true
+      return
+    end
+
+    dockerfile = File.join(ROOT, "spec/acceptance/docker/Dockerfile.new")
+    unless system("podman build -t bard-test-new -f #{dockerfile} #{ROOT} 2>&1")
+      raise PrerequisiteError, "Failed to build bard-test-new image"
+    end
+
+    NewServerWorld.image_built = true
+  end
+
+  def new_image_exists?(name)
+    Docker::Image.get(name)
+    true
+  rescue Docker::Error::NotFoundError
+    false
+  end
+
+  def start_new_server
+    ensure_new_server_available
+
+    @new_container = Docker::Container.create(
+      "Image" => "localhost/bard-test-new:latest",
+      "ExposedPorts" => { "22/tcp" => {} },
+      "HostConfig" => {
+        "PortBindings" => { "22/tcp" => [{ "HostPort" => "" }] },
+        "PublishAllPorts" => true
+      }
+    )
+    @new_container.start
+    @new_container.refresh!
+
+    @new_ssh_port = @new_container.info["NetworkSettings"]["Ports"]["22/tcp"].first["HostPort"].to_i
+
+    wait_for_new_ssh
+  end
+
+  def wait_for_new_ssh
+    30.times do
+      return if system(
+        "ssh", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null",
+        "-o", "ConnectTimeout=1", "-p", @new_ssh_port.to_s, "-i", new_ssh_key_path,
+        "deploy@localhost", "true",
+        out: File::NULL, err: File::NULL
+      )
+      sleep 0.5
+    end
+    raise PrerequisiteError, "SSH not ready"
+  end
+
+  def run_new_ssh(command)
+    escaped = command.gsub("'", "'\"'\"'")
+    Open3.capture2e(
+      "ssh", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null",
+      "-p", @new_ssh_port.to_s, "-i", new_ssh_key_path,
+      "deploy@localhost", "bash -lc '#{escaped}'"
+    )
+  end
+
+  def run_bard_remote(command)
+    @stdout, @status = run_new_ssh("mkdir -p /tmp/bardwork/current && cd /tmp/bardwork/current && bard #{command}")
+  end
+
+  def new_ssh_key_path
+    File.join(ROOT, "spec/acceptance/docker/test_key")
+  end
+
+  def stop_new_server
+    return unless @new_container
+    @new_container.stop rescue nil
+    @new_container.delete(force: true) rescue nil
+  ensure
+    @new_container = nil
+    @new_ssh_port = nil
+  end
+end
+
+World(NewServerWorld)
+
+Before("@new") do
+  start_new_server
+end
+
+After("@new") do
+  stop_new_server
+end

data/features/support/provision_server.rb

@@ -0,0 +1,282 @@
+require "fileutils"
+require "open3"
+require "tmpdir"
+require "docker-api"
+
+module ProvisionServerWorld
+  class << self
+    attr_accessor :server_available, :image_built
+  end
+
+  class PrerequisiteError < StandardError; end
+
+  def ensure_provision_server_available
+    return if ProvisionServerWorld.server_available
+
+    unless system("command -v podman >/dev/null 2>&1")
+      raise PrerequisiteError, "podman is not installed"
+    end
+
+    configure_provision_socket
+    build_provision_image
+    FileUtils.chmod(0o600, provision_ssh_key_path)
+
+    ProvisionServerWorld.server_available = true
+  end
+
+  def configure_provision_socket
+    if ENV["DOCKER_HOST"]
+      Docker.url = ENV["DOCKER_HOST"]
+      return
+    end
+
+    socket_path = "/run/user/#{Process.uid}/podman/podman.sock"
+    unless File.exist?(socket_path)
+      system("systemctl --user start podman.socket 2>/dev/null")
+      sleep 2
+    end
+
+    unless File.exist?(socket_path)
+      raise PrerequisiteError, "Podman socket not available"
+    end
+
+    ENV["DOCKER_HOST"] = "unix://#{socket_path}"
+    Docker.url = ENV["DOCKER_HOST"]
+  end
+
+  def build_provision_image
+    return if ProvisionServerWorld.image_built
+
+    if provision_image_exists?("bard-test-provision")
+      ProvisionServerWorld.image_built = true
+      return
+    end
+
+    docker_dir = File.join(ROOT, "spec/acceptance/docker")
+    unless system("podman build -t bard-test-provision -f #{docker_dir}/Dockerfile.provision #{docker_dir} 2>&1")
+      raise PrerequisiteError, "Failed to build provision test image"
+    end
+
+    ProvisionServerWorld.image_built = true
+  end
+
+  def provision_image_exists?(name)
+    Docker::Image.get(name)
+    true
+  rescue Docker::Error::NotFoundError
+    false
+  end
+
+  def start_provision_server
+    ensure_provision_server_available
+
+    @container = Docker::Container.create(
+      "Image" => "localhost/bard-test-provision:latest",
+      "ExposedPorts" => { "22/tcp" => {}, "80/tcp" => {} },
+      "HostConfig" => {
+        "PortBindings" => {
+          "22/tcp" => [{ "HostPort" => "" }],
+          "80/tcp" => [{ "HostPort" => "" }],
+        },
+        "PublishAllPorts" => true,
+        "Privileged" => true,
+      }
+    )
+    @container.start
+    @container.refresh!
+
+    @ssh_port = @container.info["NetworkSettings"]["Ports"]["22/tcp"].first["HostPort"].to_i
+    @http_port = @container.info["NetworkSettings"]["Ports"]["80/tcp"].first["HostPort"].to_i
+    @container_ip = "127.0.0.1"
+
+    wait_for_systemd
+    setup_local_test_directory
+  end
+
+  def wait_for_systemd
+    last_output = ""
+    60.times do
+      stdout, status = Open3.capture2e(
+        "ssh", "-4", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null",
+        "-o", "ConnectTimeout=2", "-p", @ssh_port.to_s, "-i", provision_ssh_key_path,
+        "root@#{@container_ip}", "systemctl is-system-running 2>/dev/null || true"
+      )
+      last_output = stdout.strip.split("\n").last.to_s
+      if last_output =~ /running|degraded/
+        # Remove nologin so non-root users can SSH (systemd-user-sessions may not run in container)
+        Open3.capture2e(
+          "ssh", "-4", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null",
+          "-p", @ssh_port.to_s, "-i", provision_ssh_key_path,
+          "root@#{@container_ip}", "rm -f /run/nologin"
+        )
+        return
+      end
+      sleep 1
+    end
+    raise PrerequisiteError, "systemd not ready after 60s, last output: #{last_output}"
+  end
+
+  def setup_local_test_directory
+    @test_parent = Dir.mktmpdir("bard_provision")
+    @test_dir = File.join(@test_parent, "testproject")
+    FileUtils.mkdir_p(@test_dir)
+
+    Dir.chdir(@test_dir) do
+      system("git init", out: File::NULL, err: File::NULL)
+      system("git config user.email 'test@example.com'", out: File::NULL, err: File::NULL)
+      system("git config user.name 'Test User'", out: File::NULL, err: File::NULL)
+
+      File.write("bard.rb", <<~RUBY)
+        target :production do
+          ssh "www@#{@container_ip}:#{@ssh_port}",
+            path: "testproject",
+            ssh_key: "#{provision_ssh_key_path}"
+          url "http://testproject.localhost"
+          ping false
+        end
+      RUBY
+
+      FileUtils.mkdir_p("config")
+      File.write("config/master.key", "fake_master_key_for_testing")
+
+      File.write(".ruby-version", "ruby-3.3.4")
+
+      system("git add -A && git commit -m 'initial'", out: File::NULL, err: File::NULL)
+    end
+  end
+
+  def setup_test_project
+    # Create test project
+    run_provision_ssh_as("www", <<~'SH')
+      mkdir -p ~/testproject/bin ~/testproject/db ~/testproject/public ~/testproject/config ~/testproject/log
+    SH
+
+    run_provision_ssh_as("www", <<~SH)
+      cat > ~/testproject/Gemfile << 'GEMFILE'
+source "https://rubygems.org"
+gem "bard", github: "botandrose/bard", branch: "v2.0"
+gem "foreman-export-systemd_user"
+GEMFILE
+    SH
+
+    run_provision_ssh_as("www", <<~SH)
+      cat > ~/testproject/Procfile << 'PROCFILE'
+web: python3 -m http.server 3000 -d public
+PROCFILE
+    SH
+
+    run_provision_ssh_as("www", <<~SH)
+      cat > ~/testproject/bin/setup << 'SCRIPT'
+#!/bin/bash
+bundle install --quiet
+bin/rake bootstrap
+SCRIPT
+      chmod +x ~/testproject/bin/setup
+    SH
+
+    run_provision_ssh_as("www", <<~SH)
+      cat > ~/testproject/bin/rake << 'SCRIPT'
+#!/bin/bash
+case "$1" in
+  bootstrap)
+    if [ "$RAILS_ENV" = "production" ]; then
+      app=$(basename $(pwd))
+      bundle exec foreman export systemd-user --app $app
+      systemctl --user restart $app.target
+    fi
+    ;;
+  db:dump)
+    echo "test data" | gzip > db/data.sql.gz
+    ;;
+  db:load)
+    gunzip -c db/data.sql.gz > /dev/null
+    echo "Data loaded"
+    ;;
+esac
+SCRIPT
+      chmod +x ~/testproject/bin/rake
+    SH
+
+    run_provision_ssh_as("www", <<~SH)
+      cat > ~/testproject/bard.rb << 'BARDCONFIG'
+target :production do
+  ssh "www@#{@container_ip}:#{@ssh_port}",
+    path: "testproject"
+  url "http://testproject.localhost"
+  ping false
+end
+BARDCONFIG
+    SH
+
+    run_provision_ssh_as("www", "echo 'ruby-3.3.4' > ~/testproject/.ruby-version")
+
+    run_provision_ssh_as("www", "echo 'hello from testproject' > ~/testproject/public/index.html")
+
+    # Initialize git repo
+    run_provision_ssh_as("www", <<~SH)
+      cd ~/testproject && \
+      git config --global user.email "test@example.com" && \
+      git config --global user.name "Test User" && \
+      git config --global init.defaultBranch master && \
+      git init && git add -A && git commit -m "Initial commit"
+    SH
+
+    # Set up a bare remote so Repo step's on_latest_master? works (fetch origin)
+    run_provision_ssh_as("www", <<~SH)
+      git clone --bare ~/testproject ~/repos/testproject.git && \
+      cd ~/testproject && git remote add origin ~/repos/testproject.git
+    SH
+  end
+
+  def run_provision_phase1
+    Dir.chdir(@test_dir) do
+      bard_coverage = File.join(ROOT, "features/support/bard-coverage")
+      @stdout, @status = Open3.capture2e("#{bard_coverage} provision root@#{@container_ip}:#{@ssh_port} --steps=SSH User AuthorizedKeys Apt")
+    end
+  end
+
+  def run_provision_phase2
+    Dir.chdir(@test_dir) do
+      bard_coverage = File.join(ROOT, "features/support/bard-coverage")
+      @stdout, @status = Open3.capture2e("#{bard_coverage} provision www@#{@container_ip}:#{@ssh_port} --steps=Repo MasterKey RVM App Nginx Deploy HTTP LogRotation")
+    end
+  end
+
+  def run_provision_ssh_as(user, command)
+    stdout, status = Open3.capture2e(
+      "ssh", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null",
+      "-p", @ssh_port.to_s, "-i", provision_ssh_key_path,
+      "#{user}@#{@container_ip}", command
+    )
+    unless status.success?
+      raise PrerequisiteError, "SSH command failed (#{user}): #{command}\nOutput: #{stdout}"
+    end
+    stdout
+  end
+
+  def provision_ssh_key_path
+    File.join(ROOT, "spec/acceptance/docker/test_key")
+  end
+
+  def stop_provision_server
+    return unless @container
+    @container.stop rescue nil
+    @container.delete(force: true) rescue nil
+  ensure
+    @container = nil
+    @ssh_port = nil
+    FileUtils.rm_rf(@test_parent) if @test_parent
+    @test_dir = nil
+    @test_parent = nil
+  end
+end
+
+World(ProvisionServerWorld)
+
+Before("@provision") do
+  start_provision_server
+end
+
+After("@provision") do
+  stop_provision_server
+end

data/lib/bard/new/cli/new.rb

@@ -0,0 +1,102 @@
+require "bard/plugins/github"
+
+class Bard::CLI
+  NEW_RAILS_REQUIREMENT = "~> 8.1.0"
+
+  desc "new <project-name>", "creates new bard app named <project-name>"
+  method_option :skip_github, type: :boolean, default: false
+  method_option :skip_stage, type: :boolean, default: false
+  def new(project_name)
+    @new_project_name = project_name
+    new_validate
+    new_create_project
+    new_push_to_github unless options[:skip_github]
+    new_stage unless options[:skip_stage]
+    puts green("Project #{@new_project_name} created!")
+    puts "Please cd ../#{@new_project_name}"
+  end
+
+  no_commands do
+    def new_validate
+      if @new_project_name !~ /^[a-z][a-z0-9]*\Z/
+        puts red("!!! ") + "Invalid project name: #{yellow(@new_project_name)}."
+        puts "The first character must be a lowercase letter, and all following characters must be a lowercase letter or number."
+        exit 1
+      end
+    end
+
+    def new_create_project
+      run! new_build_create_project_script
+    end
+
+    def new_build_create_project_script
+      new_build_bash_env do
+        new_build_rvm_setup +
+        new_build_gem_install("rails", NEW_RAILS_REQUIREMENT) +
+        new_build_rails_new
+      end
+    end
+
+    def new_build_bash_env
+      script = yield
+      <<~SH
+        env -i bash -lc '
+          export HOME=~
+          source ~/.rvm/scripts/rvm
+          #{script}
+        '
+      SH
+    end
+
+    def new_build_rvm_setup
+      <<~SH
+        cd ..
+        rvm use --create #{new_ruby_version}@#{@new_project_name}
+      SH
+    end
+
+    def new_build_gem_install(gem_name, version_requirement)
+      <<~SH
+        gem install #{gem_name} -v "#{version_requirement}" --no-document || exit 1
+        GEM_VERSION=$(gem list #{gem_name} --exact -v "#{version_requirement}" | grep -oP "#{gem_name} \\(\\K[0-9.]+" | head -1)
+      SH
+    end
+
+    def new_build_rails_new
+      <<~SH
+        rails _${GEM_VERSION}_ new #{@new_project_name} --skip-git --skip-kamal --skip-test -m #{new_template_path}
+      SH
+    end
+
+    def new_push_to_github
+      api = Bard::Github.new(@new_project_name)
+      api.create_repo
+      run! <<~SH
+        cd ../#{@new_project_name}
+        git init -b master
+        git add -A
+        git commit -m"initial commit."
+        git remote add origin git@github.com:botandrosedesign/#{@new_project_name}
+        git push -u origin master
+      SH
+      api.add_master_key File.read("../#{@new_project_name}/config/master.key")
+      api.add_master_branch_protection
+      api.patch(nil, allow_auto_merge: true)
+    end
+
+    def new_stage
+      run! <<~SH
+        cd ../#{@new_project_name}
+        bard deploy --clone
+      SH
+    end
+
+    def new_ruby_version
+      "ruby-4.0.2"
+    end
+
+    def new_template_path
+      File.expand_path("../rails_template.rb", __dir__)
+    end
+  end
+end

data/lib/bard/new/cli/provision.rb

@@ -0,0 +1,32 @@
+require "bard/new/provision/base"
+require "bard/plugins/ssh"
+
+class Bard::CLI
+  PROVISION_STEPS = %w[
+    SSH
+    User
+    AuthorizedKeys
+    Swapfile
+    Apt
+    MySQL
+    Repo
+    MasterKey
+    RVM
+    App
+    Nginx
+    Deploy
+    HTTP
+    LogRotation
+    Data
+  ]
+
+  desc "provision [ssh_url] --steps=all", "takes an optional ssh url to a raw ubuntu 24.04 install, and readies it in the shape of :production"
+  option :steps, type: :array, default: PROVISION_STEPS
+  def provision(ssh_url = config[:production].ssh&.to_s)
+    ssh_url = ssh_url.dup
+    options[:steps].each do |step|
+      require "bard/new/provision/#{step.downcase}"
+      Bard::Provision.const_get(step).call(config, ssh_url)
+    end
+  end
+end

data/lib/bard/new/provision/app.rb

@@ -0,0 +1,9 @@
+# run bin/setup
+
+class Bard::Provision::App < Bard::Provision
+  def call
+    print "App:"
+    provision_server.run! "bin/setup"
+    puts " ✓"
+  end
+end

data/lib/bard/new/provision/apt.rb

@@ -0,0 +1,15 @@
+# apt sanity
+
+class Bard::Provision::Apt < Bard::Provision
+  def call
+    print "Apt:"
+    provision_server.run! [
+      %(echo "\\$nrconf{restart} = \\"a\\";" | sudo tee /etc/needrestart/conf.d/90-autorestart.conf),
+      "sudo apt-get update -y",
+      "sudo apt-get upgrade -y",
+      "sudo apt-get install -y curl build-essential libsodium-dev",
+    ].join("; "), home: true
+
+    puts " ✓"
+  end
+end

data/lib/bard/new/provision/authorizedkeys.rb

@@ -0,0 +1,23 @@
+# install public keys if missing
+
+class Bard::Provision::AuthorizedKeys < Bard::Provision
+  def call
+    print "Authorized Keys:"
+
+    KEYS.each do |search_text, full_key|
+      file = "~/.ssh/authorized_keys"
+      provision_server.run! <<~SH, home: true
+        if ! grep -F -q "#{search_text}" #{file}; then
+          echo "#{full_key}" >> #{file}
+        fi
+      SH
+    end
+
+    puts " ✓"
+  end
+
+  KEYS = {
+    "micah@haku" => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAH235mtpxPQucd0bIgdufo1bR3By2+a+NPHiZS1P7SpI73evN9+hY7ri+gLscPLRWeoy1ig/TbyfN1AqJmfqIaskZdYOdcEQdOum4AwDMY5L6OAq2o5NER047RqDxE6Pjm2nfRVVw2Dz38eeco+ouchCI+sY5pJL/wEZItrCpPjKvwo56uln1rL6Smd4Kh98ZBKTGL8xKs95rNmFdBCCq4eUE28JDgkJAiLDZ/4u2LNrgEr7/brkUieZjaZ4BacBi8EQvyvMWmZ0g2MoG+Ptxn/3K2nd1QqdhfINqHBVCi8UbkP08B0Msif/7Dycuxd7DU9cVZ3RgnhLtbIsQ8HaYVj5yCKB6CuX3lv3H4YKBghBC/TnJD5Nq5xcSYTW0BKKrusCb/OoOk5AUV+BGM1+R70fno8reVEBUlZDkWapHxmqgNnf1byL7Aol/L5SWgyfSLT6b5FjI6g/U+dhaecYY9T9g/GWo+JiwZktc094O0ujlQHoibMY2M0csVfvO9Oc= micah@haku",
+    "gubs@Theia.local" => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApJh0E8ZlaLbMUWGvryAhEBRnnI519ZKz586vdQTuIPlDb9xhe5m3Ys8Fk9LKqJUQNxBV6qCGOXNgNdWySkk2ChmmgDnPfr7/31ZuOAASFbUY0PtaDXUsMVvs1Uu2VhtRU9gSduGonEHG7iBpAuBI23CxU4yPS6o3pv7L9xwnmULes5F9S4/nDvPig15h9byInyHOLDV0XjHFS+2OlSWO/xC8uqH5CdlxXFAmPQ0R69qmILl0rcTPyNMLJGcJGUzb/LMRJX/RDyTpZeJPjH4V+zksQ/4YQ3LWvLrlZL6QLuM285ve4mQa3vBY4WMqNlp4Ig3ZCFOpMKmpvTn7pFUmKw== gubs@Theia.local",
+  }
+end

data/lib/bard/new/provision/base.rb

@@ -0,0 +1,17 @@
+module Bard
+  class Provision < Struct.new(:config, :ssh_url)
+    def self.call(...) = new(...).call
+
+    private
+
+    def target
+      config[:production]
+    end
+
+    def provision_server
+      options = {}
+      options[:ssh_key] = target.ssh.ssh_key if target.ssh&.ssh_key
+      target.dup.tap { |t| t.ssh(ssh_url, **options) }
+    end
+  end
+end

data/lib/bard/new/provision/data.rb

@@ -0,0 +1,23 @@
+# copy data from production
+
+class Bard::Provision::Data < Bard::Provision
+  def call
+    print "Data:"
+
+    print " Dumping #{target.key} database to file"
+    target.run! "bin/rake db:dump"
+
+    print " Transfering file from #{target.key},"
+    target.copy_file "db/data.sql.gz", to: provision_server, verbose: false
+
+    print " Loading file into database,"
+    provision_server.run! "bin/rake db:load"
+
+    config.data.each do |path|
+      print " Synchronizing files in #{path},"
+      target.copy_dir path, to: provision_server, verbose: false
+    end
+
+    puts " ✓"
+  end
+end

data/lib/bard/new/provision/deploy.rb

@@ -0,0 +1,9 @@
+# run bard deploy
+
+class Bard::Provision::Deploy < Bard::Provision
+  def call
+    print "Deploy:"
+    provision_server.run! "bin/setup"
+    puts " ✓"
+  end
+end

data/lib/bard/new/provision/http.rb

@@ -0,0 +1,15 @@
+require "uri"
+
+# test for existence
+
+class Bard::Provision::HTTP < Bard::Provision
+  def call
+    print "HTTP:"
+    target_host = URI.parse(target.url).host
+    if system "curl -sf --resolve #{target_host}:80:#{provision_server.ssh_uri.host} http://#{target_host} -o /dev/null"
+      puts " ✓"
+    else
+      puts " !!! not serving a rails app from #{provision_server.ssh_uri.host}"
+    end
+  end
+end