bard-new 0.1.0

data/lib/bard/new/provision/logrotation.rb

@@ -0,0 +1,27 @@
+# install log rotation if missing
+
+class Bard::Provision::LogRotation < Bard::Provision
+  def call
+    print "Log Rotation:"
+
+    provision_server.run! <<~SH, quiet: true
+      file=/etc/logrotate.d/#{config.project_name}
+      if [ ! -f $file ]; then
+        sudo tee $file > /dev/null <<EOF
+      $(pwd)/log/*.log {
+        weekly
+        size 100M
+        missingok
+        rotate 52
+        delaycompress
+        notifempty
+        copytruncate
+        create 664 www www
+      }
+      EOF
+      fi
+    SH
+
+    puts " ✓"
+  end
+end

data/lib/bard/new/provision/masterkey.rb

@@ -0,0 +1,17 @@
+require "bard/plugins/ssh/copy"
+
+# copy master key if missing
+
+class Bard::Provision::MasterKey < Bard::Provision
+  def call
+    print "Master Key:"
+    if File.exist?("config/master.key")
+      if !provision_server.run "[ -f config/master.key ]", quiet: true
+        print " Uploading config/master.key,"
+        Bard::Copy.file "config/master.key", from: config[:local], to: provision_server
+      end
+    end
+
+    puts " ✓"
+  end
+end

data/lib/bard/new/provision/mysql.rb

@@ -0,0 +1,21 @@
+# install mysql
+
+class Bard::Provision::MySQL < Bard::Provision
+  def call
+    print "MySQL:"
+    if !mysql_responding?
+      print " Installing,"
+      provision_server.run! [
+        "sudo DEBIAN_FRONTEND=noninteractive apt-get install -y mysql-server",
+        %{sudo mysql -uroot -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '' PASSWORD EXPIRE NEVER; FLUSH PRIVILEGES;"},
+        %{mysql -uroot -e "UPDATE mysql.user SET password_lifetime = NULL WHERE user = 'root' AND host = 'localhost';"},
+      ].join("; "), home: true
+    end
+
+    puts " ✓"
+  end
+
+  def mysql_responding?
+    provision_server.run "sudo systemctl is-active --quiet mysql", home: true, quiet: true
+  end
+end

data/lib/bard/new/provision/nginx.rb

@@ -0,0 +1,31 @@
+# install nginx
+
+class Bard::Provision::Nginx < Bard::Provision
+  def call
+    print "Nginx:"
+    if !http_responding?
+      print " Installing nginx,"
+      provision_server.run! [
+        %(grep -qxF "RAILS_ENV=production" /etc/environment || echo "RAILS_ENV=production" | sudo tee -a /etc/environment),
+        %(grep -qxF "EDITOR=vim" /etc/environment || echo "EDITOR=vim" | sudo tee -a /etc/environment),
+        "sudo apt-get install -y nginx",
+        "sudo rm -f /etc/nginx/sites-enabled/default",
+      ].join("; "), home: true
+    end
+
+    if !app_configured?
+      print " Creating nginx config for app,"
+      provision_server.run! "bard setup"
+    end
+
+    puts " ✓"
+  end
+
+  def http_responding?
+    provision_server.run "nc -zv localhost 80 2>/dev/null", home: true, quiet: true
+  end
+
+  def app_configured?
+    provision_server.run "[ -f /etc/nginx/sites-enabled/#{config.project_name} ]", quiet: true
+  end
+end

data/lib/bard/new/provision/repo.rb

@@ -0,0 +1,71 @@
+require "bard/plugins/github"
+
+# generate and install ssh public key into deploy keys
+# add repo to known hosts
+# clone repo
+
+class Bard::Provision::Repo < Bard::Provision
+  def call
+    print "Repo:"
+    if !already_cloned?
+      if !can_clone_project?
+        if !ssh_keypair?
+          print " Generating keypair in ~/.ssh,"
+          provision_server.run! "ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa -q -N \"\"", home: true
+        end
+        print " Add public key to GitHub repo deploy keys,"
+        title = "#{target.ssh_uri.user}@#{target.ssh_uri.host}"
+        key = provision_server.run "cat ~/.ssh/id_rsa.pub", home: true
+        Bard::Github.new(config.project_name).add_deploy_key title:, key:
+      end
+      print " Cloning repo,"
+      provision_server.run! "git clone git@github.com:botandrosedesign/#{project_name}", home: true
+    else
+      if !on_latest_master?
+        print " Updating to latest master,"
+        update_to_latest_master!
+      end
+    end
+
+    puts " ✓"
+  end
+
+  private
+
+  def ssh_keypair?
+    provision_server.run "[ -f ~/.ssh/id_rsa.pub ]", home: true, quiet: true
+  end
+
+  def already_cloned?
+    provision_server.run "[ -d ~/#{project_name}/.git ]", home: true, quiet: true
+  end
+
+  def can_clone_project?
+    github_url = "git@github.com:botandrosedesign/#{project_name}"
+    provision_server.run [
+      "needle=$(ssh-keyscan -t ed25519 github.com 2>/dev/null | cut -d \" \" -f 2-3)",
+      "grep -q \"$needle\" ~/.ssh/known_hosts || ssh-keyscan -H github.com >> ~/.ssh/known_hosts 2>/dev/null",
+      "git ls-remote #{github_url}",
+    ].join("; "), home: true, quiet: true
+  end
+
+  def project_name
+    config.project_name
+  end
+
+  def on_latest_master?
+    provision_server.run [
+      "cd ~/#{project_name}",
+      "git fetch origin",
+      "[ $(git rev-parse HEAD) = $(git rev-parse origin/master) ]"
+    ].join(" && "), home: true, quiet: true
+  end
+
+  def update_to_latest_master!
+    provision_server.run! [
+      "cd ~/#{project_name}",
+      "git checkout master",
+      "git reset --hard origin/master"
+    ].join(" && "), home: true
+  end
+end

data/lib/bard/new/provision/rvm.rb

@@ -0,0 +1,20 @@
+# install rvm if missing
+
+class Bard::Provision::RVM < Bard::Provision
+  def call
+    print "RVM:"
+    if !provision_server.run "[ -d ~/.rvm ]", quiet: true
+      print " Installing RVM,"
+      provision_server.run! [
+        %(sed -i "1i[[ -s \\"$HOME/.rvm/scripts/rvm\\" ]] && source \\"$HOME/.rvm/scripts/rvm\\" # Load RVM into a shell session *as a function*" ~/.bashrc),
+        "gpg --keyserver keyserver.ubuntu.com --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB",
+        "curl -sSL https://get.rvm.io | bash -s stable",
+      ].join("; ")
+      version = File.read(".ruby-version").chomp
+      print " Installing Ruby #{version},"
+      provision_server.run! "rvm install #{version}"
+    end
+
+    puts " ✓"
+  end
+end

data/lib/bard/new/provision/ssh.rb

@@ -0,0 +1,79 @@
+# move ssh port
+# add to known hosts
+
+class Bard::Provision::SSH < Bard::Provision
+  def call
+    print "SSH:"
+
+    if password_auth_enabled?
+      print " Disabling password authentication,"
+      disable_password_auth!
+    end
+
+    if !ssh_available?(provision_server.ssh_uri, port: target_port)
+      if !ssh_available?(provision_server.ssh_uri)
+        raise "can't find SSH on port #{target_port} or #{provision_server.ssh_uri.port || 22}"
+      end
+      if !ssh_known_host?(provision_server.ssh_uri)
+        print " Adding known host,"
+        add_ssh_known_host!(provision_server.ssh_uri)
+      end
+      print " Reconfiguring port to #{target_port},"
+      provision_server.run! %(echo "Port #{target_port}" | sudo tee /etc/ssh/sshd_config.d/port_#{target_port}.conf && sudo service ssh restart), home: true
+      5.times do
+        sleep 1
+        break if ssh_available?(provision_server.ssh_uri, port: target_port)
+      end
+      if !ssh_available?(provision_server.ssh_uri, port: target_port)
+        raise "reconfigured SSH to port #{target_port} but it's not responding — check firewall and sshd_config Include directive"
+      end
+    end
+
+    if !ssh_known_host?(provision_server.ssh_uri)
+      print " Adding known host,"
+      add_ssh_known_host!(provision_server.ssh_uri)
+    end
+
+    # provision with new target port from now on
+    ssh_url.gsub!(/:\d+$/, "")
+    ssh_url << ":#{target_port}"
+    puts " ✓"
+  end
+
+  private
+
+  def target_port
+    target.ssh_uri.port || 22
+  end
+
+  def ssh_available? ssh_uri, port: nil
+    port ||= ssh_uri.port || 22
+    system "nc -zv #{ssh_uri.host} #{port} 2>/dev/null"
+  end
+
+  def ssh_known_host? ssh_uri
+    port ||= ssh_uri.port || 22
+    system "grep -q \"$(ssh-keyscan -t ed25519 -p#{port} #{ssh_uri.host} 2>/dev/null | cut -d ' ' -f 2-3)\" ~/.ssh/known_hosts"
+  end
+
+  def add_ssh_known_host! ssh_uri
+    port ||= ssh_uri.port || 22
+    system "ssh-keyscan -p#{port} -H #{ssh_uri.host} >> ~/.ssh/known_hosts 2>/dev/null"
+  end
+
+  def password_auth_enabled?
+    result = provision_server.run!(
+      %q{grep -E '^\s*PasswordAuthentication\s+yes' /etc/ssh/sshd_config /etc/ssh/sshd_config.d/*.conf 2>/dev/null || true},
+      home: true,
+      capture: true
+    )
+    !!(result && !result.strip.empty?)
+  end
+
+  def disable_password_auth!
+    provision_server.run!(
+      %q{echo "PasswordAuthentication no" | sudo tee /etc/ssh/sshd_config.d/disable_password_auth.conf && sudo service ssh restart},
+      home: true
+    )
+  end
+end

data/lib/bard/new/provision/swapfile.rb

@@ -0,0 +1,21 @@
+# setup swapfile
+
+class Bard::Provision::Swapfile < Bard::Provision
+  def call
+    print "Swapfile:"
+
+    provision_server.run! <<~SH, home: true
+      if [ ! -f /swapfile ]; then
+        sudo fallocate -l $(grep MemTotal /proc/meminfo | awk '{print $2}')K /swapfile
+      fi
+      sudo chmod 600 /swapfile
+      sudo swapon --show | grep -q '/swapfile' || sudo mkswap /swapfile
+      sudo swapon --show | grep -q '/swapfile' || sudo swapon /swapfile
+      grep -q '/swapfile none swap sw 0 0' /etc/fstab || echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
+    SH
+
+    provision_server.run! "sudo swapon --show | grep -q /swapfile", home: true
+
+    puts " ✓"
+  end
+end

data/lib/bard/new/provision/user.rb

@@ -0,0 +1,43 @@
+# rename user
+
+class Bard::Provision::User < Bard::Provision
+  def call
+    print "User:"
+
+    if !ssh_with_user?(provision_server.ssh_uri, user: new_user)
+      if !ssh_with_user?(provision_server.ssh_uri)
+        raise "can't ssh in with user #{new_user} or #{old_user}"
+      end
+      print " Adding user #{new_user},"
+      provision_server.run! [
+        "sudo useradd -m -s /bin/bash #{new_user}",
+        "sudo usermod -aG sudo #{new_user}",
+        "echo \"#{new_user} ALL=(ALL) NOPASSWD:ALL\" | sudo tee -a /etc/sudoers",
+        "sudo mkdir -p ~#{new_user}/.ssh",
+        "sudo cp ~/.ssh/authorized_keys ~#{new_user}/.ssh/authorized_keys",
+        "sudo chown -R #{new_user}:#{new_user} ~#{new_user}/.ssh",
+        "sudo chmod +rx ~#{new_user}", # so nginx can read it
+      ].join("; "), home: true
+    end
+
+    # provision with new user from now on
+    ssh_url.gsub!("#{old_user}@", "#{new_user}@")
+    puts " ✓"
+  end
+
+  private
+
+  def new_user
+    target.ssh_uri.user
+  end
+
+  def old_user
+    provision_server.ssh_uri.user
+  end
+
+  def ssh_with_user? ssh_uri, user: ssh_uri.user
+    ssh_opts = "-o ConnectTimeout=2 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o BatchMode=yes"
+    ssh_opts += " -i #{provision_server.ssh_key}" if provision_server.respond_to?(:ssh_key) && provision_server.ssh_key
+    system "ssh #{ssh_opts} -p#{ssh_uri.port || 22} #{user}@#{ssh_uri.host} : >/dev/null 2>&1"
+  end
+end

data/lib/bard/new/rails_template.rb

@@ -0,0 +1,213 @@
+ruby_version, project_name = (`rvm current name`.chomp).split("@")
+rails_version = Gem.loaded_specs["railties"].version
+
+file ".ruby-version", ruby_version
+file ".ruby-gemset", project_name
+file ".gitignore", <<~GITIGNORE
+  # See https://help.github.com/articles/ignoring-files for more about ignoring files.
+  #
+  # If you find yourself ignoring temporary files generated by your text editor
+  # or operating system, you probably want to add a global ignore instead:
+  #   git config --global core.excludesfile '~/.gitignore_global'
+
+  # Ignore bundler config.
+  /.bundle
+
+  # Ignore all logfiles and tempfiles.
+  /log/*
+  /tmp/*
+  !/log/.keep
+  !/tmp/.keep
+
+  # Ignore master key for decrypting credentials and more.
+  /config/master.key
+
+  # ignore coverage reports
+  /coverage
+
+  # Ignore database dumps
+  /db/data.*
+
+  # Ignore storage (uploaded files in development and any SQLite databases).
+  /storage/*
+
+  # Ignore Syncthing
+  .stfolder/
+
+  # Thank Apple!
+  .DS_Store
+GITIGNORE
+
+file "Gemfile", <<~RUBY
+  source "https://rubygems.org"
+
+  gem "bootsnap", require: false
+  gem "rails", "~> #{rails_version}"
+  gem "solid_cache"
+  gem "solid_queue"
+  gem "solid_cable"
+  gem "bard", github: "botandrose/bard", branch: "v2.0"
+  gem "bard-rails"
+  gem "sqlite3"
+  gem "image_processing"
+  gem "puma"
+  gem "exception_notification"
+
+  # css
+  gem "sprockets-rails"
+  gem "dartsass-sprockets"
+  gem "bard-sass"
+
+  # js
+  gem "importmap-rails"
+  gem "turbo-rails"
+  gem "stimulus-rails"
+
+  group :development do
+    gem "web-console"
+  end
+
+  group :development, :test do
+    gem "debug", require: "debug/prelude"
+    gem "parallel_tests", "~>3.9.0" # 3.10 pegs CPU
+    gem "brakeman", require: false
+    gem "rubocop-rails-omakase", require: false
+  end
+
+  group :test do
+    gem "cucumber-rails", require: false
+    gem "cuprite-downloads"
+    gem "capybara-screenshot"
+    gem "database_cleaner"
+    gem "chop"
+    gem "email_spec"
+    gem "timecop"
+    gem "rspec-rails"
+  end
+
+  group :production do
+    gem "foreman-export-systemd_user"
+  end
+RUBY
+
+file "config/initializers/exception_notification.rb", <<~RUBY
+  require "exception_notification/rails"
+
+  ExceptionNotification.configure do |config|
+    config.ignored_exceptions = []
+
+    # Adds a condition to decide when an exception must be ignored or not.
+    # The ignore_if method can be invoked multiple times to add extra conditions.
+    config.ignore_if do |exception, options|
+      not Rails.env.production?
+    end
+
+    config.ignore_if do |exception, options|
+      %w[
+        ActiveRecord::RecordNotFound
+        AbstractController::ActionNotFound
+        ActionController::RoutingError
+        ActionController::InvalidAuthenticityToken
+        ActionView::MissingTemplate
+        ActionController::BadRequest
+        ActionDispatch::Http::Parameters::ParseError
+        ActionDispatch::Http::MimeNegotiation::InvalidType
+      ].include?(exception.class.to_s)
+    end
+
+    config.add_notifier :email, {
+      email_prefix: "[\#{File.basename(Dir.pwd)}] ",
+      exception_recipients: "micah@botandrose.com",
+      smtp_settings: Rails.application.credentials.exception_notification_smtp_settings,
+    }
+  end
+
+  if defined?(Rake::Application)
+    Rake::Application.prepend Module.new {
+      def display_error_message error
+        ExceptionNotifier.notify_exception(error)
+        super
+      end
+
+      def invoke_task task_name
+        super
+      rescue RuntimeError => exception
+        if exception.message.starts_with?("Don't know how to build task")
+          ExceptionNotifier.notify_exception(exception)
+        end
+        raise exception
+      end
+    }
+  end
+
+  ActionController::Live.prepend Module.new {
+    def log_error exception
+      ExceptionNotifier.notify_exception exception, env: request.env
+      super
+    end
+  }
+RUBY
+
+file "app/assets/config/manifest.js", <<~RUBY
+  //= link_tree ../images
+  //= link_directory ../stylesheets .css
+  //= link_tree ../../javascript .js
+RUBY
+
+run "rm -f app/assets/stylesheets/application.css"
+
+file "app/assets/stylesheets/application.sass", <<~SASS
+  body
+    border: 10px solid red
+SASS
+
+gsub_file "app/views/layouts/application.html.erb", "    <%# Includes all stylesheet files in app/assets/stylesheets %>\n", ''
+gsub_file "app/views/layouts/application.html.erb", 'stylesheet_link_tag :app,', 'stylesheet_link_tag :application,'
+
+file "app/views/static/index.html.slim", <<~SLIM
+  h1 #{project_name}
+SLIM
+
+insert_into_file "config/database.yml", <<~YAML, after: "database: storage/test.sqlite3"
+
+  staging:
+    <<: *default
+    database: storage/staging.sqlite3
+YAML
+
+insert_into_file "config/database.yml", <<-YAML, after: "# database: path/to/persistent/storage/production.sqlite3"
+
+  cable:
+    <<: *default
+    # database: path/to/persistent/storage/production_cable.sqlite3
+    migrations_paths: db/cable_migrate
+  queue:
+    <<: *default
+    # database: path/to/persistent/storage/production_queue.sqlite3
+    migrations_paths: db/queue_migrate
+YAML
+
+gsub_file "config/database.yml", "path/to/persistent/", ""
+
+gsub_file "config/environments/production.rb", /  (config\.logger.+STDOUT.*)$/, '  # \1'
+
+file "Procfile", "web: bundle exec puma -p 3000\n"
+
+append_to_file "Rakefile", <<~'RUBY'
+
+  task bootstrap: :environment do
+    system "bin/rails db:prepare"
+    if Rails.env.production?
+      system "bin/rails assets:precompile"
+      app = File.basename(Dir.pwd)
+      system "bundle exec foreman export systemd-user --app #{app}"
+      system "systemctl --user restart #{app}.target"
+    end
+  end
+RUBY
+
+after_bundle do
+  run "bundle exec bard install"
+  run "bin/setup"
+  run "bundle exec bard setup"
+end

data/lib/bard/new/version.rb

@@ -0,0 +1,5 @@
+module Bard
+  module New
+    VERSION = "0.1.0"
+  end
+end

data/lib/bard/plugins/new.rb

@@ -0,0 +1,2 @@
+require "bard/new/cli/new"
+require "bard/new/cli/provision"

data/spec/acceptance/docker/Dockerfile.new

@@ -0,0 +1,68 @@
+FROM ubuntu:24.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install system dependencies
+RUN apt-get update && \
+    apt-get install -y \
+    openssh-server \
+    nginx \
+    git \
+    sudo \
+    curl \
+    build-essential \
+    libsqlite3-dev \
+    libsodium-dev \
+    gawk \
+    tzdata \
+    && rm -rf /var/lib/apt/lists/*
+
+# Remove default nginx site
+RUN rm -f /etc/nginx/sites-enabled/default
+
+# Create deploy user with passwordless sudo
+RUN useradd -m -s /bin/bash deploy && \
+    echo 'deploy:password' | chpasswd && \
+    echo 'deploy ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+
+# Setup SSH
+RUN mkdir -p /var/run/sshd && \
+    mkdir -p /home/deploy/.ssh && \
+    chmod 700 /home/deploy/.ssh
+
+# Copy SSH authorized key
+COPY spec/acceptance/docker/test_key.pub /home/deploy/.ssh/authorized_keys
+RUN chown -R deploy:deploy /home/deploy/.ssh && \
+    chmod 600 /home/deploy/.ssh/authorized_keys
+
+# Allow SSH login with keys
+RUN sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config && \
+    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
+
+# Install RVM and Ruby as deploy user
+USER deploy
+RUN curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
+    curl -sSL https://rvm.io/pkuczynski.asc | gpg --import - && \
+    curl -sSL https://get.rvm.io | bash -s stable
+
+RUN bash -lc "rvm install ruby-4.0.2 && rvm use ruby-4.0.2 --default"
+
+# Install bard and bard-new gems from source
+RUN bash -lc "git clone --depth 1 --branch v2.0 https://github.com/botandrose/bard.git /home/deploy/bard-src && cd /home/deploy/bard-src && gem build bard.gemspec && gem install bard-*.gem"
+COPY --chown=deploy:deploy . /home/deploy/bard-new-src/
+RUN bash -lc "cd /home/deploy/bard-new-src && gem build bard-new.gemspec && gem install bard-new-*.gem"
+
+# Configure git
+RUN git config --global user.email "test@example.com" && \
+    git config --global user.name "Test User" && \
+    git config --global init.defaultBranch master
+
+USER root
+
+# Start both sshd and nginx
+COPY spec/acceptance/docker/entrypoint-new.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+EXPOSE 22
+
+CMD ["/entrypoint.sh"]

data/spec/acceptance/docker/Dockerfile.provision

@@ -0,0 +1,41 @@
+FROM ubuntu:24.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Minimal packages: systemd + SSH + git
+RUN apt-get update && \
+    apt-get install -y \
+    systemd systemd-sysv \
+    openssh-server \
+    git \
+    sudo \
+    && rm -rf /var/lib/apt/lists/*
+
+# Enable SSH via systemd
+RUN systemctl enable ssh
+
+# Root SSH setup (password auth left enabled so SSH step can disable it)
+RUN mkdir -p /root/.ssh
+COPY test_key.pub /root/.ssh/authorized_keys
+RUN chmod 700 /root/.ssh && \
+    chmod 600 /root/.ssh/authorized_keys
+
+RUN sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+
+# Prevent interactive prompts during apt-get install via SSH
+RUN echo 'DEBIAN_FRONTEND=noninteractive' >> /etc/environment
+
+# Systemd cleanup for container use, then re-enable SSH
+RUN (cd /lib/systemd/system/sysinit.target.wants/; \
+    for i in *; do [ $i != systemd-tmpfiles-setup.service ] && rm -f $i; done); \
+    rm -f /lib/systemd/system/multi-user.target.wants/*; \
+    rm -f /etc/systemd/system/*.wants/*; \
+    rm -f /lib/systemd/system/local-fs.target.wants/*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+    rm -f /lib/systemd/system/basic.target.wants/*
+RUN systemctl enable ssh
+
+EXPOSE 22
+
+CMD ["/sbin/init"]

data/spec/acceptance/docker/entrypoint-new.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+nginx
+exec /usr/sbin/sshd -D