dash 2.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (142) hide show
  1. checksums.yaml +7 -0
  2. data/MIT-LICENSE +20 -0
  3. data/README.md +13 -0
  4. data/bin/dash +18 -0
  5. data/bin/kamal +18 -0
  6. data/lib/kamal/cli/accessory.rb +342 -0
  7. data/lib/kamal/cli/alias/command.rb +10 -0
  8. data/lib/kamal/cli/app/assets.rb +24 -0
  9. data/lib/kamal/cli/app/boot.rb +126 -0
  10. data/lib/kamal/cli/app/error_pages.rb +33 -0
  11. data/lib/kamal/cli/app/ssl_certificates.rb +28 -0
  12. data/lib/kamal/cli/app.rb +368 -0
  13. data/lib/kamal/cli/base.rb +324 -0
  14. data/lib/kamal/cli/build/clone.rb +59 -0
  15. data/lib/kamal/cli/build/port_forwarding.rb +66 -0
  16. data/lib/kamal/cli/build.rb +242 -0
  17. data/lib/kamal/cli/healthcheck/barrier.rb +33 -0
  18. data/lib/kamal/cli/healthcheck/error.rb +2 -0
  19. data/lib/kamal/cli/healthcheck/poller.rb +42 -0
  20. data/lib/kamal/cli/lock.rb +34 -0
  21. data/lib/kamal/cli/main.rb +299 -0
  22. data/lib/kamal/cli/proxy.rb +419 -0
  23. data/lib/kamal/cli/prune.rb +34 -0
  24. data/lib/kamal/cli/registry.rb +49 -0
  25. data/lib/kamal/cli/secrets.rb +50 -0
  26. data/lib/kamal/cli/server.rb +70 -0
  27. data/lib/kamal/cli/templates/deploy.yml +102 -0
  28. data/lib/kamal/cli/templates/sample_hooks/docker-setup.sample +3 -0
  29. data/lib/kamal/cli/templates/sample_hooks/post-app-boot.sample +3 -0
  30. data/lib/kamal/cli/templates/sample_hooks/post-deploy.sample +14 -0
  31. data/lib/kamal/cli/templates/sample_hooks/post-proxy-reboot.sample +3 -0
  32. data/lib/kamal/cli/templates/sample_hooks/pre-app-boot.sample +3 -0
  33. data/lib/kamal/cli/templates/sample_hooks/pre-build.sample +51 -0
  34. data/lib/kamal/cli/templates/sample_hooks/pre-connect.sample +47 -0
  35. data/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample +122 -0
  36. data/lib/kamal/cli/templates/sample_hooks/pre-proxy-reboot.sample +3 -0
  37. data/lib/kamal/cli/templates/secrets +22 -0
  38. data/lib/kamal/cli.rb +9 -0
  39. data/lib/kamal/commander/specifics.rb +62 -0
  40. data/lib/kamal/commander.rb +230 -0
  41. data/lib/kamal/commands/accessory/proxy.rb +16 -0
  42. data/lib/kamal/commands/accessory.rb +118 -0
  43. data/lib/kamal/commands/app/assets.rb +51 -0
  44. data/lib/kamal/commands/app/containers.rb +31 -0
  45. data/lib/kamal/commands/app/error_pages.rb +9 -0
  46. data/lib/kamal/commands/app/execution.rb +38 -0
  47. data/lib/kamal/commands/app/images.rb +13 -0
  48. data/lib/kamal/commands/app/logging.rb +28 -0
  49. data/lib/kamal/commands/app/proxy.rb +32 -0
  50. data/lib/kamal/commands/app.rb +125 -0
  51. data/lib/kamal/commands/auditor.rb +39 -0
  52. data/lib/kamal/commands/base.rb +147 -0
  53. data/lib/kamal/commands/builder/base.rb +143 -0
  54. data/lib/kamal/commands/builder/clone.rb +32 -0
  55. data/lib/kamal/commands/builder/cloud.rb +22 -0
  56. data/lib/kamal/commands/builder/hybrid.rb +21 -0
  57. data/lib/kamal/commands/builder/local.rb +20 -0
  58. data/lib/kamal/commands/builder/pack.rb +46 -0
  59. data/lib/kamal/commands/builder/remote.rb +75 -0
  60. data/lib/kamal/commands/builder.rb +54 -0
  61. data/lib/kamal/commands/docker.rb +50 -0
  62. data/lib/kamal/commands/hook.rb +20 -0
  63. data/lib/kamal/commands/loadbalancer.rb +130 -0
  64. data/lib/kamal/commands/lock.rb +70 -0
  65. data/lib/kamal/commands/proxy.rb +150 -0
  66. data/lib/kamal/commands/prune.rb +38 -0
  67. data/lib/kamal/commands/registry.rb +38 -0
  68. data/lib/kamal/commands/server.rb +15 -0
  69. data/lib/kamal/commands.rb +2 -0
  70. data/lib/kamal/configuration/accessory.rb +280 -0
  71. data/lib/kamal/configuration/alias.rb +15 -0
  72. data/lib/kamal/configuration/boot.rb +29 -0
  73. data/lib/kamal/configuration/builder.rb +218 -0
  74. data/lib/kamal/configuration/docs/accessory.yml +160 -0
  75. data/lib/kamal/configuration/docs/alias.yml +29 -0
  76. data/lib/kamal/configuration/docs/boot.yml +21 -0
  77. data/lib/kamal/configuration/docs/builder.yml +132 -0
  78. data/lib/kamal/configuration/docs/configuration.yml +228 -0
  79. data/lib/kamal/configuration/docs/env.yml +118 -0
  80. data/lib/kamal/configuration/docs/logging.yml +21 -0
  81. data/lib/kamal/configuration/docs/output.yml +25 -0
  82. data/lib/kamal/configuration/docs/proxy.yml +207 -0
  83. data/lib/kamal/configuration/docs/registry.yml +64 -0
  84. data/lib/kamal/configuration/docs/role.yml +54 -0
  85. data/lib/kamal/configuration/docs/servers.yml +27 -0
  86. data/lib/kamal/configuration/docs/ssh.yml +81 -0
  87. data/lib/kamal/configuration/docs/sshkit.yml +31 -0
  88. data/lib/kamal/configuration/env/tag.rb +13 -0
  89. data/lib/kamal/configuration/env.rb +42 -0
  90. data/lib/kamal/configuration/loadbalancer.rb +34 -0
  91. data/lib/kamal/configuration/logging.rb +33 -0
  92. data/lib/kamal/configuration/output.rb +34 -0
  93. data/lib/kamal/configuration/proxy/boot.rb +124 -0
  94. data/lib/kamal/configuration/proxy/run.rb +152 -0
  95. data/lib/kamal/configuration/proxy.rb +156 -0
  96. data/lib/kamal/configuration/registry.rb +40 -0
  97. data/lib/kamal/configuration/role.rb +247 -0
  98. data/lib/kamal/configuration/servers.rb +25 -0
  99. data/lib/kamal/configuration/ssh.rb +76 -0
  100. data/lib/kamal/configuration/sshkit.rb +26 -0
  101. data/lib/kamal/configuration/validation.rb +27 -0
  102. data/lib/kamal/configuration/validator/accessory.rb +13 -0
  103. data/lib/kamal/configuration/validator/alias.rb +15 -0
  104. data/lib/kamal/configuration/validator/builder.rb +15 -0
  105. data/lib/kamal/configuration/validator/configuration.rb +6 -0
  106. data/lib/kamal/configuration/validator/env.rb +54 -0
  107. data/lib/kamal/configuration/validator/proxy.rb +47 -0
  108. data/lib/kamal/configuration/validator/registry.rb +27 -0
  109. data/lib/kamal/configuration/validator/role.rb +13 -0
  110. data/lib/kamal/configuration/validator/servers.rb +7 -0
  111. data/lib/kamal/configuration/validator.rb +251 -0
  112. data/lib/kamal/configuration/volume.rb +29 -0
  113. data/lib/kamal/configuration.rb +465 -0
  114. data/lib/kamal/docker.rb +30 -0
  115. data/lib/kamal/env_file.rb +44 -0
  116. data/lib/kamal/git.rb +37 -0
  117. data/lib/kamal/otel_shipper.rb +176 -0
  118. data/lib/kamal/output/base_logger.rb +29 -0
  119. data/lib/kamal/output/file_logger.rb +51 -0
  120. data/lib/kamal/output/formatter.rb +36 -0
  121. data/lib/kamal/output/otel_logger.rb +70 -0
  122. data/lib/kamal/secrets/adapters/aws_secrets_manager.rb +59 -0
  123. data/lib/kamal/secrets/adapters/base.rb +33 -0
  124. data/lib/kamal/secrets/adapters/bitwarden.rb +81 -0
  125. data/lib/kamal/secrets/adapters/bitwarden_secrets_manager.rb +66 -0
  126. data/lib/kamal/secrets/adapters/doppler.rb +57 -0
  127. data/lib/kamal/secrets/adapters/enpass.rb +71 -0
  128. data/lib/kamal/secrets/adapters/gcp_secret_manager.rb +112 -0
  129. data/lib/kamal/secrets/adapters/last_pass.rb +40 -0
  130. data/lib/kamal/secrets/adapters/one_password.rb +104 -0
  131. data/lib/kamal/secrets/adapters/passbolt.rb +129 -0
  132. data/lib/kamal/secrets/adapters/test.rb +16 -0
  133. data/lib/kamal/secrets/adapters.rb +16 -0
  134. data/lib/kamal/secrets/dotenv/inline_command_substitution.rb +47 -0
  135. data/lib/kamal/secrets.rb +53 -0
  136. data/lib/kamal/sshkit_with_ext.rb +273 -0
  137. data/lib/kamal/tags.rb +40 -0
  138. data/lib/kamal/utils/sensitive.rb +20 -0
  139. data/lib/kamal/utils.rb +110 -0
  140. data/lib/kamal/version.rb +3 -0
  141. data/lib/kamal.rb +15 -0
  142. metadata +388 -0
@@ -0,0 +1,218 @@
1
+ class Kamal::Configuration::Builder
2
+ include Kamal::Configuration::Validation
3
+
4
+ attr_reader :config, :builder_config
5
+ delegate :image, :service, to: :config
6
+ delegate :server, to: :"config.registry"
7
+
8
+ def initialize(config:)
9
+ @config = config
10
+ @builder_config = config.raw_config.builder || {}
11
+ @image = config.image
12
+ @server = config.registry.server
13
+ @service = config.service
14
+
15
+ validate! builder_config, with: Kamal::Configuration::Validator::Builder
16
+ end
17
+
18
+ def to_h
19
+ builder_config
20
+ end
21
+
22
+ def remote
23
+ builder_config["remote"]
24
+ end
25
+
26
+ def arches
27
+ Array(builder_config.fetch("arch", default_arch))
28
+ end
29
+
30
+ def local_arches
31
+ @local_arches ||= if local_disabled?
32
+ []
33
+ elsif remote
34
+ arches & [ Kamal::Utils.docker_arch ]
35
+ else
36
+ arches
37
+ end
38
+ end
39
+
40
+ def remote_arches
41
+ @remote_arches ||= if remote
42
+ arches - local_arches
43
+ else
44
+ []
45
+ end
46
+ end
47
+
48
+ def remote?
49
+ remote_arches.any?
50
+ end
51
+
52
+ def local?
53
+ !local_disabled? && (arches.empty? || local_arches.any?)
54
+ end
55
+
56
+ def cloud?
57
+ driver.start_with? "cloud"
58
+ end
59
+
60
+ def cached?
61
+ !!builder_config["cache"]
62
+ end
63
+
64
+ def pack?
65
+ !!builder_config["pack"]
66
+ end
67
+
68
+ def args
69
+ builder_config["args"] || {}
70
+ end
71
+
72
+ def secrets
73
+ (builder_config["secrets"] || []).to_h { |key| [ key, config.secrets[key] ] }
74
+ end
75
+
76
+ def dockerfile
77
+ builder_config["dockerfile"] || "Dockerfile"
78
+ end
79
+
80
+ def target
81
+ builder_config["target"]
82
+ end
83
+
84
+ def context
85
+ builder_config["context"] || "."
86
+ end
87
+
88
+ def driver
89
+ builder_config.fetch("driver", "docker-container")
90
+ end
91
+
92
+ def pack_builder
93
+ builder_config["pack"]["builder"] if pack?
94
+ end
95
+
96
+ def pack_buildpacks
97
+ builder_config["pack"]["buildpacks"] if pack?
98
+ end
99
+
100
+ def local_disabled?
101
+ builder_config["local"] == false
102
+ end
103
+
104
+ def cache_from
105
+ if cached?
106
+ case builder_config["cache"]["type"]
107
+ when "gha"
108
+ cache_from_config_for_gha
109
+ when "registry"
110
+ cache_from_config_for_registry
111
+ end
112
+ end
113
+ end
114
+
115
+ def cache_to
116
+ if cached?
117
+ case builder_config["cache"]["type"]
118
+ when "gha"
119
+ cache_to_config_for_gha
120
+ when "registry"
121
+ cache_to_config_for_registry
122
+ end
123
+ end
124
+ end
125
+
126
+ def ssh
127
+ builder_config["ssh"]
128
+ end
129
+
130
+ def provenance
131
+ builder_config["provenance"]
132
+ end
133
+
134
+ def sbom
135
+ builder_config["sbom"]
136
+ end
137
+
138
+ def git_clone?
139
+ Kamal::Git.used? && builder_config["context"].nil?
140
+ end
141
+
142
+ def clone_directory
143
+ @clone_directory ||= File.join Dir.tmpdir, "kamal-clones", [ service, pwd_sha ].compact.join("-")
144
+ end
145
+
146
+ def build_directory
147
+ @build_directory ||=
148
+ if git_clone?
149
+ File.join clone_directory, repo_basename, repo_relative_pwd
150
+ else
151
+ "."
152
+ end
153
+ end
154
+
155
+ def docker_driver?
156
+ driver == "docker"
157
+ end
158
+
159
+ private
160
+ def valid?
161
+ if docker_driver?
162
+ raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support remote builders" if remote
163
+ raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support caching" if cached?
164
+ raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support multiple arches" if arches.many?
165
+ end
166
+
167
+ if @options["cache"] && @options["cache"]["type"]
168
+ raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
169
+ end
170
+ end
171
+
172
+ def cache_image
173
+ builder_config["cache"]&.fetch("image", nil) || "#{image}-build-cache"
174
+ end
175
+
176
+ def cache_image_ref
177
+ [ server, cache_image ].compact.join("/")
178
+ end
179
+
180
+ def cache_options
181
+ builder_config["cache"]&.fetch("options", nil)
182
+ end
183
+
184
+ def cache_from_config_for_gha
185
+ individual_options = cache_options&.split(",") || []
186
+ allowed_options = individual_options.select { |option| option =~ /^(url|url_v2|token|scope|timeout)=/ }
187
+
188
+ [ "type=gha", *allowed_options ].compact.join(",")
189
+ end
190
+
191
+ def cache_from_config_for_registry
192
+ [ "type=registry", "ref=#{cache_image_ref}" ].compact.join(",")
193
+ end
194
+
195
+ def cache_to_config_for_gha
196
+ [ "type=gha", cache_options ].compact.join(",")
197
+ end
198
+
199
+ def cache_to_config_for_registry
200
+ [ "type=registry", "ref=#{cache_image_ref}", cache_options ].compact.join(",")
201
+ end
202
+
203
+ def repo_basename
204
+ File.basename(Kamal::Git.root)
205
+ end
206
+
207
+ def repo_relative_pwd
208
+ Dir.pwd.delete_prefix(Kamal::Git.root)
209
+ end
210
+
211
+ def pwd_sha
212
+ Digest::SHA256.hexdigest(Dir.pwd)[0..12]
213
+ end
214
+
215
+ def default_arch
216
+ docker_driver? ? [] : [ "amd64", "arm64" ]
217
+ end
218
+ end
@@ -0,0 +1,160 @@
1
+ # Accessories
2
+ #
3
+ # Accessories can be booted on a single host, a list of hosts, or on specific roles.
4
+ # The hosts do not need to be defined in the Kamal servers configuration.
5
+ #
6
+ # Accessories are managed separately from the main service — they are not updated
7
+ # when you deploy, and they do not have zero-downtime deployments.
8
+ #
9
+ # Run `kamal accessory boot <accessory>` to boot an accessory.
10
+ # See `kamal accessory --help` for more information.
11
+
12
+ # Configuring accessories
13
+ #
14
+ # First, define the accessory in the `accessories`:
15
+ accessories:
16
+ mysql:
17
+
18
+ # Service name
19
+ #
20
+ # This is used in the service label and defaults to `<service>-<accessory>`,
21
+ # where `<service>` is the main service name from the root configuration:
22
+ service: mysql
23
+
24
+ # Image
25
+ #
26
+ # The Docker image to use.
27
+ # Prefix it with its server when using root level registry different from Docker Hub.
28
+ # Define registry directly or via anchors when it differs from root level registry.
29
+ image: mysql:8.0
30
+
31
+ # Registry
32
+ #
33
+ # By default accessories use Docker Hub registry.
34
+ # You can specify different registry per accessory with this option.
35
+ # Don't prefix image with this registry server.
36
+ # Use anchors if you need to set the same specific registry for several accessories.
37
+ #
38
+ # ```yml
39
+ # registry:
40
+ # <<: *specific-registry
41
+ # ```
42
+ #
43
+ # See kamal docs registry for more information:
44
+ registry:
45
+ ...
46
+
47
+ # Accessory hosts
48
+ #
49
+ # Specify one of `host`, `hosts`, `role`, `roles`, `tag` or `tags`:
50
+ host: mysql-db1
51
+ hosts:
52
+ - mysql-db1
53
+ - mysql-db2
54
+ role: mysql
55
+ roles:
56
+ - mysql
57
+ tag: writer
58
+ tags:
59
+ - writer
60
+ - reader
61
+
62
+ # Custom command
63
+ #
64
+ # You can set a custom command to run in the container if you do not want to use the default:
65
+ cmd: "bin/mysqld"
66
+
67
+ # Port mappings
68
+ #
69
+ # See [https://docs.docker.com/network/](https://docs.docker.com/network/), and
70
+ # especially note the warning about the security implications of exposing ports publicly.
71
+ port: "127.0.0.1:3306:3306"
72
+
73
+ # Labels
74
+ labels:
75
+ app: myapp
76
+
77
+ # Options
78
+ #
79
+ # These are passed to the Docker run command in the form `--<name> <value>`:
80
+ options:
81
+ restart: always
82
+ cpus: 2
83
+
84
+ # Environment variables
85
+ #
86
+ # See kamal docs env for more information:
87
+ env:
88
+ ...
89
+
90
+ # Copying files
91
+ #
92
+ # You can specify files to mount into the container.
93
+ #
94
+ # They will be uploaded from the local repo to the host and then mounted.
95
+ # ERB files will be evaluated before being copied.
96
+ #
97
+ # You can use the string format: `local:remote` or `local:remote:options`
98
+ # where the options can be `ro` for read-only or `z`/`Z` for SELinux labels
99
+ files:
100
+ - config/my.cnf.erb:/etc/mysql/my.cnf
101
+ - config/myoptions.cnf:/etc/mysql/myoptions.cnf:ro
102
+ - config/certs:/etc/mysql/certs:ro,Z
103
+ #
104
+ # Or you can use the hash format for custom mode and ownership.
105
+ #
106
+ # Note: Setting `owner` requires root access:
107
+ files:
108
+ - local: config/secret.key
109
+ remote: /etc/mysql/secret.key
110
+ mode: "0600"
111
+ owner: "mysql:mysql"
112
+ - local: config/ca-cert.pem
113
+ remote: /etc/mysql/certs/ca-cert.pem
114
+ mode: "0644"
115
+ owner: "1000:1000"
116
+ options: "Z"
117
+
118
+ # Directories
119
+ #
120
+ # You can specify directories to mount into the container. They will be created on the host
121
+ # before being mounted.
122
+ #
123
+ # You can use the string format: `local:remote` or `local:remote:options`
124
+ # where the options can be `ro` for read-only or `z`/`Z` for SELinux labels
125
+ directories:
126
+ - mysql-logs:/var/log/mysql
127
+ - mysql-data:/var/lib/mysql:z
128
+ #
129
+ # Or you can use the hash format for custom mode and ownership.
130
+ #
131
+ # Note: Setting `owner` requires root access:
132
+ directories:
133
+ - local: mysql-data
134
+ remote: /var/lib/mysql
135
+ mode: "0750"
136
+ owner: "mysql:mysql"
137
+ - local: mysql-logs
138
+ remote: /var/log/mysql
139
+ mode: "0755"
140
+ options: "z"
141
+
142
+ # Volumes
143
+ #
144
+ # Any other volumes to mount, in addition to the files and directories.
145
+ # They are not created or copied before mounting:
146
+ volumes:
147
+ - /path/to/mysql-logs:/var/log/mysql
148
+
149
+ # Network
150
+ #
151
+ # The network the accessory will be attached to.
152
+ #
153
+ # Defaults to kamal:
154
+ network: custom
155
+
156
+ # Proxy
157
+ #
158
+ # You can run your accessory behind the Kamal proxy. See kamal docs proxy for more information
159
+ proxy:
160
+ ...
@@ -0,0 +1,29 @@
1
+ # Aliases
2
+ #
3
+ # Aliases are shortcuts for Kamal commands.
4
+ #
5
+ # For example, for a Rails app, you might open a console with:
6
+ #
7
+ # ```shell
8
+ # kamal app exec -i --reuse "bin/rails console"
9
+ # ```
10
+ #
11
+ # By defining an alias, like this:
12
+ aliases:
13
+ console: app exec -i --reuse "bin/rails console"
14
+ # You can now open the console with:
15
+ #
16
+ # ```shell
17
+ # kamal console
18
+ # ```
19
+
20
+ # Configuring aliases
21
+ #
22
+ # Aliases are defined in the root config under the alias key.
23
+ #
24
+ # Each alias is named and can only contain lowercase letters, numbers, dashes, and underscores:
25
+ aliases:
26
+ uname: app exec -p -q -r web "uname -a"
27
+ #
28
+ # Aliases can include a destination with the `-d` flag:
29
+ staging_deploy: deploy -d staging
@@ -0,0 +1,21 @@
1
+ # Booting
2
+ #
3
+ # When deploying to large numbers of hosts, you might prefer not to restart your services on every host at the same time.
4
+ #
5
+ # Kamal’s default is to boot new containers on all hosts in parallel. However, you can control this with the boot configuration.
6
+
7
+ boot:
8
+
9
+ # The number or percentage of hosts to boot at a time.
10
+ # This can be an integer (e.g., 3) or a percentage string (e.g., 25%).
11
+ limit: 25%
12
+
13
+ # The number of seconds to wait between booting each group of hosts.
14
+ wait: 10
15
+
16
+ # Whether to boot roles in parallel on a host.
17
+ #
18
+ # If a host has multiple roles, control whether they are booted in parallel or sequentially on that host.
19
+ #
20
+ # Defaults to false.
21
+ parallel_roles: true
@@ -0,0 +1,132 @@
1
+ # Builder
2
+ #
3
+ # The builder configuration controls how the application is built with `docker build`.
4
+ #
5
+ # See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information.
6
+
7
+ # Builder options
8
+ #
9
+ # Options go under the builder key in the root configuration.
10
+ builder:
11
+
12
+ # Arch
13
+ #
14
+ # The architectures to build for — you can set an array or just a single value.
15
+ #
16
+ # Allowed values are `amd64` and `arm64`:
17
+ arch:
18
+ - amd64
19
+
20
+ # Remote
21
+ #
22
+ # The connection string for a remote builder. If supplied, Kamal will use this
23
+ # for builds that do not match the local architecture of the deployment host.
24
+ remote: ssh://docker@docker-builder
25
+
26
+ # Local
27
+ #
28
+ # If set to false, Kamal will always use the remote builder even when building
29
+ # the local architecture.
30
+ #
31
+ # Defaults to true:
32
+ local: true
33
+
34
+ # Buildpack configuration
35
+ #
36
+ # The build configuration for using pack to build a Cloud Native Buildpack image.
37
+ #
38
+ # For additional buildpack customization options you can create a project descriptor
39
+ # file(project.toml) that the Pack CLI will automatically use.
40
+ # See https://buildpacks.io/docs/for-app-developers/how-to/build-inputs/use-project-toml/ for more information.
41
+ pack:
42
+ builder: heroku/builder:24
43
+ buildpacks:
44
+ - heroku/ruby
45
+ - heroku/procfile
46
+
47
+ # Builder cache
48
+ #
49
+ # The type must be either 'gha' or 'registry'.
50
+ #
51
+ # The image is only used for registry cache and is not compatible with the Docker driver:
52
+ cache:
53
+ type: registry
54
+ options: mode=max
55
+ image: kamal-app-build-cache
56
+
57
+ # Build context
58
+ #
59
+ # If this is not set, then a local Git clone of the repo is used.
60
+ # This ensures a clean build with no uncommitted changes.
61
+ #
62
+ # To use the local checkout instead, you can set the context to `.`, or a path to another directory.
63
+ context: .
64
+
65
+ # Dockerfile
66
+ #
67
+ # The Dockerfile to use for building, defaults to `Dockerfile`:
68
+ dockerfile: Dockerfile.production
69
+
70
+ # Build target
71
+ #
72
+ # If not set, then the default target is used:
73
+ target: production
74
+
75
+ # Build arguments
76
+ #
77
+ # Any additional build arguments, passed to `docker build` with `--build-arg <key>=<value>`:
78
+ args:
79
+ ENVIRONMENT: production
80
+
81
+ # Referencing build arguments
82
+ #
83
+ # ```shell
84
+ # ARG RUBY_VERSION
85
+ # FROM ruby:$RUBY_VERSION-slim as base
86
+ # ```
87
+
88
+ # Build secrets
89
+ #
90
+ # Values are read from `.kamal/secrets`:
91
+ secrets:
92
+ - SECRET1
93
+ - SECRET2
94
+
95
+ # Referencing build secrets
96
+ #
97
+ # ```shell
98
+ # # Copy Gemfiles
99
+ # COPY Gemfile Gemfile.lock ./
100
+ #
101
+ # # Install dependencies, including private repositories via access token
102
+ # # Then remove bundle cache with exposed GITHUB_TOKEN
103
+ # RUN --mount=type=secret,id=GITHUB_TOKEN \
104
+ # BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
105
+ # bundle install && \
106
+ # rm -rf /usr/local/bundle/cache
107
+ # ```
108
+
109
+ # SSH
110
+ #
111
+ # SSH agent socket or keys to expose to the build:
112
+ ssh: default=$SSH_AUTH_SOCK
113
+
114
+ # Driver
115
+ #
116
+ # The build driver to use, defaults to `docker-container`:
117
+ driver: docker
118
+ #
119
+ # If you want to use Docker Build Cloud (https://www.docker.com/products/build-cloud/), you can set the driver to:
120
+ driver: cloud org-name/builder-name
121
+
122
+ # Provenance
123
+ #
124
+ # It is used to configure provenance attestations for the build result.
125
+ # The value can also be a boolean to enable or disable provenance attestations.
126
+ provenance: mode=max
127
+
128
+ # SBOM (Software Bill of Materials)
129
+ #
130
+ # It is used to configure SBOM generation for the build result.
131
+ # The value can also be a boolean to enable or disable SBOM generation.
132
+ sbom: true