kamal-insecure 2.7.0

data/lib/kamal/cli/build.rb

@@ -0,0 +1,204 @@
+require "uri"
+
+class Kamal::Cli::Build < Kamal::Cli::Base
+  class BuildError < StandardError; end
+
+  desc "deliver", "Build app and push app image to registry then pull image on servers"
+  def deliver
+    invoke :push
+    invoke :pull
+  end
+
+  desc "push", "Build and push app image to registry"
+  option :output, type: :string, default: "registry", banner: "export_type", desc: "Exported type for the build result, and may be any exported type supported by 'buildx --output'."
+  def push
+    cli = self
+
+    # Ensure pre-connect hooks run before the build, they may needed for a remote builder
+    # or the pre-build hooks.
+    pre_connect_if_required
+
+    ensure_docker_installed
+    login_to_registry_locally
+
+    run_hook "pre-build"
+
+    uncommitted_changes = Kamal::Git.uncommitted_changes
+
+    if KAMAL.config.builder.git_clone?
+      if uncommitted_changes.present?
+        say "Building from a local git clone, so ignoring these uncommitted changes:\n #{uncommitted_changes}", :yellow
+      end
+
+      run_locally do
+        Clone.new(self).prepare
+      end
+    elsif uncommitted_changes.present?
+      say "Building with uncommitted changes:\n #{uncommitted_changes}", :yellow
+    end
+
+    with_env(KAMAL.config.builder.secrets) do
+      run_locally do
+        begin
+          execute *KAMAL.builder.inspect_builder
+        rescue SSHKit::Command::Failed => e
+          if e.message =~ /(context not found|no builder|no compatible builder|does not exist)/
+            warn "Missing compatible builder, so creating a new one first"
+            begin
+              cli.remove
+            rescue SSHKit::Command::Failed
+              raise unless e.message =~ /(context not found|no builder|does not exist)/
+            end
+            cli.create
+          else
+            raise
+          end
+        end
+
+        # Get the command here to ensure the Dir.chdir doesn't interfere with it
+        push = KAMAL.builder.push(cli.options[:output])
+
+        KAMAL.with_verbosity(:debug) do
+          Dir.chdir(KAMAL.config.builder.build_directory) { execute *push }
+        end
+      end
+    end
+  end
+
+  desc "pull", "Pull app image from registry onto servers"
+  def pull
+    login_to_registry_remotely
+
+    if (first_hosts = mirror_hosts).any?
+      #  Pull on a single host per mirror first to seed them
+      say "Pulling image on #{first_hosts.join(", ")} to seed the #{"mirror".pluralize(first_hosts.count)}...", :magenta
+      pull_on_hosts(first_hosts)
+      say "Pulling image on remaining hosts...", :magenta
+      pull_on_hosts(KAMAL.app_hosts - first_hosts)
+    else
+      pull_on_hosts(KAMAL.app_hosts)
+    end
+  end
+
+  desc "create", "Create a build setup"
+  def create
+    if (remote_host = KAMAL.config.builder.remote)
+      connect_to_remote_host(remote_host)
+    end
+
+    run_locally do
+      begin
+        debug "Using builder: #{KAMAL.builder.name}"
+        execute *KAMAL.builder.create
+      rescue SSHKit::Command::Failed => e
+        if e.message =~ /stderr=(.*)/
+          error "Couldn't create remote builder: #{$1}"
+          false
+        else
+          raise
+        end
+      end
+    end
+  end
+
+  desc "remove", "Remove build setup"
+  def remove
+    run_locally do
+      debug "Using builder: #{KAMAL.builder.name}"
+      execute *KAMAL.builder.remove
+    end
+  end
+
+  desc "details", "Show build setup"
+  def details
+    run_locally do
+      puts "Builder: #{KAMAL.builder.name}"
+      puts capture(*KAMAL.builder.info)
+    end
+  end
+
+  desc "dev", "Build using the working directory, tag it as dirty, and push to local image store."
+  option :output, type: :string, default: "docker", banner: "export_type", desc: "Exported type for the build result, and may be any exported type supported by 'buildx --output'."
+  def dev
+    cli = self
+
+    ensure_docker_installed
+
+    docker_included_files = Set.new(Kamal::Docker.included_files)
+    git_uncommitted_files = Set.new(Kamal::Git.uncommitted_files)
+    git_untracked_files = Set.new(Kamal::Git.untracked_files)
+
+    docker_uncommitted_files = docker_included_files & git_uncommitted_files
+    if docker_uncommitted_files.any?
+      say "WARNING: Files with uncommitted changes will be present in the dev container:", :yellow
+      docker_uncommitted_files.sort.each { |f| say "  #{f}", :yellow }
+      say
+    end
+
+    docker_untracked_files = docker_included_files & git_untracked_files
+    if docker_untracked_files.any?
+      say "WARNING: Untracked files will be present in the dev container:", :yellow
+      docker_untracked_files.sort.each { |f| say "  #{f}", :yellow }
+      say
+    end
+
+    with_env(KAMAL.config.builder.secrets) do
+      run_locally do
+        build = KAMAL.builder.push(cli.options[:output], tag_as_dirty: true)
+        KAMAL.with_verbosity(:debug) do
+          execute(*build)
+        end
+      end
+    end
+  end
+
+  private
+    def connect_to_remote_host(remote_host)
+      remote_uri = URI.parse(remote_host)
+      if remote_uri.scheme == "ssh"
+        host = SSHKit::Host.new(
+          hostname: remote_uri.host,
+          ssh_options: { user: remote_uri.user, port: remote_uri.port }.compact
+        )
+        on(host, options) do
+          execute "true"
+        end
+      end
+    end
+
+    def mirror_hosts
+      if KAMAL.app_hosts.many?
+        mirror_hosts = Concurrent::Hash.new
+        on(KAMAL.app_hosts) do |host|
+          first_mirror = capture_with_info(*KAMAL.builder.first_mirror).strip.presence
+          mirror_hosts[first_mirror] ||= host.to_s if first_mirror
+        rescue SSHKit::Command::Failed => e
+          raise unless e.message =~ /error calling index: reflect: slice index out of range/
+        end
+        mirror_hosts.values
+      else
+        []
+      end
+    end
+
+    def pull_on_hosts(hosts)
+      on(hosts) do
+        execute *KAMAL.auditor.record("Pulled image with version #{KAMAL.config.version}"), verbosity: :debug
+        execute *KAMAL.builder.clean, raise_on_non_zero_exit: false
+        execute *KAMAL.builder.pull
+        execute *KAMAL.builder.validate_image
+      end
+    end
+
+    def login_to_registry_locally
+      run_locally do
+        execute *KAMAL.registry.login
+      end
+    end
+
+    def login_to_registry_remotely
+      on(KAMAL.app_hosts) do
+        execute *KAMAL.registry.login
+      end
+    end
+end

data/lib/kamal/cli/healthcheck/barrier.rb

@@ -0,0 +1,33 @@
+require "concurrent/ivar"
+
+class Kamal::Cli::Healthcheck::Barrier
+  def initialize
+    @ivar = Concurrent::IVar.new
+  end
+
+  def close
+    set(false)
+  end
+
+  def open
+    set(true)
+  end
+
+  def wait
+    unless opened?
+      raise Kamal::Cli::Healthcheck::Error.new("Halted at barrier")
+    end
+  end
+
+  private
+    def opened?
+      @ivar.value
+    end
+
+    def set(value)
+      @ivar.set(value)
+      true
+    rescue Concurrent::MultipleAssignmentError
+      false
+    end
+end

data/lib/kamal/cli/healthcheck/error.rb

@@ -0,0 +1,2 @@
+class Kamal::Cli::Healthcheck::Error < StandardError
+end

data/lib/kamal/cli/healthcheck/poller.rb

@@ -0,0 +1,42 @@
+module Kamal::Cli::Healthcheck::Poller
+  extend self
+
+  def wait_for_healthy(role, &block)
+    attempt = 1
+    timeout_at = Time.now + KAMAL.config.deploy_timeout
+    readiness_delay = KAMAL.config.readiness_delay
+
+    begin
+      status = block.call
+
+      if status == "running"
+        # Wait for the readiness delay and confirm it is still running
+        if readiness_delay > 0
+          info "Container is running, waiting for readiness delay of #{readiness_delay} seconds"
+          sleep readiness_delay
+          status = block.call
+        end
+      end
+
+      unless %w[ running healthy ].include?(status)
+        raise Kamal::Cli::Healthcheck::Error, "container not ready after #{KAMAL.config.deploy_timeout} seconds (#{status})"
+      end
+    rescue Kamal::Cli::Healthcheck::Error => e
+      time_left = timeout_at - Time.now
+      if time_left > 0
+        sleep [ attempt, time_left ].min
+        attempt += 1
+        retry
+      else
+        raise
+      end
+    end
+
+    info "Container is healthy!"
+  end
+
+  private
+    def info(message)
+      SSHKit.config.output.info(message)
+    end
+end

data/lib/kamal/cli/lock.rb

@@ -0,0 +1,45 @@
+class Kamal::Cli::Lock < Kamal::Cli::Base
+  desc "status", "Report lock status"
+  def status
+    handle_missing_lock do
+      on(KAMAL.primary_host) do
+        puts capture_with_debug(*KAMAL.lock.status)
+      end
+    end
+  end
+
+  desc "acquire", "Acquire the deploy lock"
+  option :message, aliases: "-m", type: :string, desc: "A lock message", required: true
+  def acquire
+    message = options[:message]
+    ensure_run_directory
+
+    raise_if_locked do
+      on(KAMAL.primary_host) do
+        execute *KAMAL.lock.acquire(message, KAMAL.config.version), verbosity: :debug
+      end
+      say "Acquired the deploy lock"
+    end
+  end
+
+  desc "release", "Release the deploy lock"
+  def release
+    handle_missing_lock do
+      on(KAMAL.primary_host) do
+        execute *KAMAL.lock.release, verbosity: :debug
+      end
+      say "Released the deploy lock"
+    end
+  end
+
+  private
+    def handle_missing_lock
+      yield
+    rescue SSHKit::Runner::ExecuteError => e
+      if e.message =~ /No such file or directory/
+        say "There is no deploy lock"
+      else
+        raise
+      end
+    end
+end

data/lib/kamal/cli/main.rb

@@ -0,0 +1,277 @@
+class Kamal::Cli::Main < Kamal::Cli::Base
+  desc "setup", "Setup all accessories, push the env, and deploy app to servers"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  def setup
+    print_runtime do
+      with_lock do
+        invoke_options = deploy_options
+
+        say "Ensure Docker is installed...", :magenta
+        invoke "kamal:cli:server:bootstrap", [], invoke_options
+
+        deploy(boot_accessories: true)
+      end
+    end
+  end
+
+  desc "deploy", "Deploy app to servers"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  def deploy(boot_accessories: false)
+    runtime = print_runtime do
+      invoke_options = deploy_options
+
+      if options[:skip_push]
+        say "Pull app image...", :magenta
+        invoke "kamal:cli:build:pull", [], invoke_options
+      else
+        say "Build and push app image...", :magenta
+        invoke "kamal:cli:build:deliver", [], invoke_options
+      end
+
+      with_lock do
+        run_hook "pre-deploy", secrets: true
+
+        say "Ensure kamal-proxy is running...", :magenta
+        invoke "kamal:cli:proxy:boot", [], invoke_options
+
+        invoke "kamal:cli:accessory:boot", [ "all" ], invoke_options if boot_accessories
+
+        say "Detect stale containers...", :magenta
+        invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
+
+        invoke "kamal:cli:app:boot", [], invoke_options
+
+        say "Prune old containers and images...", :magenta
+        invoke "kamal:cli:prune:all", [], invoke_options
+      end
+    end
+
+    run_hook "post-deploy", secrets: true, runtime: runtime.round.to_s
+  end
+
+  desc "redeploy", "Deploy app to servers without bootstrapping servers, starting kamal-proxy and pruning"
+  option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  def redeploy
+    runtime = print_runtime do
+      invoke_options = deploy_options
+
+      if options[:skip_push]
+        say "Pull app image...", :magenta
+        invoke "kamal:cli:build:pull", [], invoke_options
+      else
+        say "Build and push app image...", :magenta
+        invoke "kamal:cli:build:deliver", [], invoke_options
+      end
+
+      with_lock do
+        run_hook "pre-deploy", secrets: true
+
+        say "Detect stale containers...", :magenta
+        invoke "kamal:cli:app:stale_containers", [], invoke_options.merge(stop: true)
+
+        invoke "kamal:cli:app:boot", [], invoke_options
+      end
+    end
+
+    run_hook "post-deploy", secrets: true, runtime: runtime.round.to_s
+  end
+
+  desc "rollback [VERSION]", "Rollback app to VERSION"
+  def rollback(version)
+    rolled_back = false
+    runtime = print_runtime do
+      with_lock do
+        invoke_options = deploy_options
+
+        KAMAL.config.version = version
+        old_version = nil
+
+        if container_available?(version)
+          run_hook "pre-deploy", secrets: true
+
+          invoke "kamal:cli:app:boot", [], invoke_options.merge(version: version)
+          rolled_back = true
+        else
+          say "The app version '#{version}' is not available as a container (use 'kamal app containers' for available versions)", :red
+        end
+      end
+    end
+
+    run_hook "post-deploy", secrets: true, runtime: runtime.round.to_s if rolled_back
+  end
+
+  desc "details", "Show details about all containers"
+  def details
+    invoke "kamal:cli:proxy:details"
+    invoke "kamal:cli:app:details"
+    invoke "kamal:cli:accessory:details", [ "all" ]
+  end
+
+  desc "audit", "Show audit log from servers"
+  def audit
+    on(KAMAL.hosts) do |host|
+      puts_by_host host, capture_with_info(*KAMAL.auditor.reveal)
+    end
+  end
+
+  desc "config", "Show combined config (including secrets!)"
+  def config
+    run_locally do
+      puts Kamal::Utils.redacted(KAMAL.config.to_h).to_yaml
+    end
+  end
+
+  desc "docs [SECTION]", "Show Kamal configuration documentation"
+  def docs(section = nil)
+    case section
+    when NilClass
+      puts Kamal::Configuration.validation_doc
+    else
+      puts Kamal::Configuration.const_get(section.titlecase.to_sym).validation_doc
+    end
+  rescue NameError
+    puts "No documentation found for #{section}"
+  end
+
+  desc "init", "Create config stub in config/deploy.yml and secrets stub in .kamal"
+  option :bundle, type: :boolean, default: false, desc: "Add Kamal to the Gemfile and create a bin/kamal binstub"
+  def init
+    require "fileutils"
+
+    if (deploy_file = Pathname.new(File.expand_path("config/deploy.yml"))).exist?
+      puts "Config file already exists in config/deploy.yml (remove first to create a new one)"
+    else
+      FileUtils.mkdir_p deploy_file.dirname
+      FileUtils.cp_r Pathname.new(File.expand_path("templates/deploy.yml", __dir__)), deploy_file
+      puts "Created configuration file in config/deploy.yml"
+    end
+
+    unless (secrets_file = Pathname.new(File.expand_path(".kamal/secrets"))).exist?
+      FileUtils.mkdir_p secrets_file.dirname
+      FileUtils.cp_r Pathname.new(File.expand_path("templates/secrets", __dir__)), secrets_file
+      puts "Created .kamal/secrets file"
+    end
+
+    unless (hooks_dir = Pathname.new(File.expand_path(".kamal/hooks"))).exist?
+      hooks_dir.mkpath
+      Pathname.new(File.expand_path("templates/sample_hooks", __dir__)).each_child do |sample_hook|
+        FileUtils.cp sample_hook, hooks_dir, preserve: true
+      end
+      puts "Created sample hooks in .kamal/hooks"
+    end
+
+    if options[:bundle]
+      if (binstub = Pathname.new(File.expand_path("bin/kamal"))).exist?
+        puts "Binstub already exists in bin/kamal (remove first to create a new one)"
+      else
+        puts "Adding Kamal to Gemfile and bundle..."
+        run_locally do
+          execute :bundle, :add, :kamal
+          execute :bundle, :binstubs, :kamal
+        end
+        puts "Created binstub file in bin/kamal"
+      end
+    end
+  end
+
+  desc "remove", "Remove kamal-proxy, app, accessories, and registry session from servers"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  def remove
+    confirming "This will remove all containers and images. Are you sure?" do
+      with_lock do
+        invoke "kamal:cli:app:remove", [], options.without(:confirmed)
+        invoke "kamal:cli:proxy:remove", [], options.without(:confirmed)
+        invoke "kamal:cli:accessory:remove", [ "all" ], options
+        invoke "kamal:cli:registry:logout", [], options.without(:confirmed).merge(skip_local: true)
+      end
+    end
+  end
+
+  desc "upgrade", "Upgrade from Kamal 1.x to 2.0"
+  option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
+  option :rolling, type: :boolean, default: false, desc: "Upgrade one host at a time"
+  def upgrade
+    confirming "This will replace Traefik with kamal-proxy and restart all accessories" do
+      with_lock do
+        if options[:rolling]
+          KAMAL.hosts.each do |host|
+            KAMAL.with_specific_hosts(host) do
+              say "Upgrading #{host}...", :magenta
+              if KAMAL.app_hosts.include?(host)
+                invoke "kamal:cli:proxy:upgrade", [], options.merge(confirmed: true, rolling: false)
+                reset_invocation(Kamal::Cli::Proxy)
+              end
+              if KAMAL.accessory_hosts.include?(host)
+                invoke "kamal:cli:accessory:upgrade", [ "all" ], options.merge(confirmed: true, rolling: false)
+                reset_invocation(Kamal::Cli::Accessory)
+              end
+              say "Upgraded #{host}", :magenta
+            end
+          end
+        else
+          say "Upgrading all hosts...", :magenta
+          invoke "kamal:cli:proxy:upgrade", [], options.merge(confirmed: true)
+          invoke "kamal:cli:accessory:upgrade", [ "all" ], options.merge(confirmed: true)
+          say "Upgraded all hosts", :magenta
+        end
+      end
+    end
+  end
+
+  desc "version", "Show Kamal version"
+  def version
+    puts Kamal::VERSION
+  end
+
+  desc "accessory", "Manage accessories (db/redis/search)"
+  subcommand "accessory", Kamal::Cli::Accessory
+
+  desc "app", "Manage application"
+  subcommand "app", Kamal::Cli::App
+
+  desc "build", "Build application image"
+  subcommand "build", Kamal::Cli::Build
+
+  desc "lock", "Manage the deploy lock"
+  subcommand "lock", Kamal::Cli::Lock
+
+  desc "proxy", "Manage kamal-proxy"
+  subcommand "proxy", Kamal::Cli::Proxy
+
+  desc "prune", "Prune old application images and containers"
+  subcommand "prune", Kamal::Cli::Prune
+
+  desc "registry", "Login and -out of the image registry"
+  subcommand "registry", Kamal::Cli::Registry
+
+  desc "secrets", "Helpers for extracting secrets"
+  subcommand "secrets", Kamal::Cli::Secrets
+
+  desc "server", "Bootstrap servers with curl and Docker"
+  subcommand "server", Kamal::Cli::Server
+
+  private
+    def container_available?(version)
+      begin
+        on(KAMAL.app_hosts) do
+          KAMAL.roles_on(host).each do |role|
+            container_id = capture_with_info(*KAMAL.app(role: role, host: host).container_id_for_version(version))
+            raise "Container not found" unless container_id.present?
+          end
+        end
+      rescue SSHKit::Runner::ExecuteError, SSHKit::Runner::MultipleExecuteError => e
+        if e.message =~ /Container not found/
+          say "Error looking for container version #{version}: #{e.message}"
+          return false
+        else
+          raise
+        end
+      end
+
+      true
+    end
+
+    def deploy_options
+      { "version" => KAMAL.config.version }.merge(options.without("skip_push"))
+    end
+end