kamal 0.16.0

data/lib/kamal/commands/lock.rb

@@ -0,0 +1,63 @@
+require "active_support/duration"
+require "time"
+
+class Kamal::Commands::Lock < Kamal::Commands::Base
+  def acquire(message, version)
+    combine \
+      [:mkdir, lock_dir],
+      write_lock_details(message, version)
+  end
+
+  def release
+    combine \
+      [:rm, lock_details_file],
+      [:rm, "-r", lock_dir]
+  end
+
+  def status
+    combine \
+      stat_lock_dir,
+      read_lock_details
+  end
+
+  private
+    def write_lock_details(message, version)
+      write \
+        [:echo, "\"#{Base64.encode64(lock_details(message, version))}\""],
+        lock_details_file
+    end
+
+    def read_lock_details
+      pipe \
+        [:cat, lock_details_file],
+        [:base64, "-d"]
+    end
+
+    def stat_lock_dir
+      write \
+        [:stat, lock_dir],
+        "/dev/null"
+    end
+
+    def lock_dir
+      "kamal_lock-#{config.service}"
+    end
+
+    def lock_details_file
+      [lock_dir, :details].join("/")
+    end
+
+    def lock_details(message, version)
+      <<~DETAILS.strip
+        Locked by: #{locked_by} at #{Time.now.utc.iso8601}
+        Version: #{version}
+        Message: #{message}
+      DETAILS
+    end
+
+    def locked_by
+      `git config user.name`.strip
+    rescue Errno::ENOENT
+      "Unknown"
+    end
+end

data/lib/kamal/commands/prune.rb

@@ -0,0 +1,38 @@
+require "active_support/duration"
+require "active_support/core_ext/numeric/time"
+
+class Kamal::Commands::Prune < Kamal::Commands::Base
+  def dangling_images
+    docker :image, :prune, "--force", "--filter", "label=service=#{config.service}", "--filter", "dangling=true"
+  end
+
+  def tagged_images
+    pipe \
+      docker(:image, :ls, *service_filter, "--format", "'{{.ID}} {{.Repository}}:{{.Tag}}'"),
+      "grep -v -w \"#{active_image_list}\"",
+      "while read image tag; do docker rmi $tag; done"
+  end
+
+  def containers(keep_last: 5)
+    pipe \
+      docker(:ps, "-q", "-a", *service_filter, *stopped_containers_filters),
+      "tail -n +#{keep_last + 1}",
+      "while read container_id; do docker rm $container_id; done"
+  end
+
+  private
+    def stopped_containers_filters
+      [ "created", "exited", "dead" ].flat_map { |status| ["--filter", "status=#{status}"] }
+    end
+
+    def active_image_list
+      # Pull the images that are used by any containers
+      # Append repo:latest - to avoid deleting the latest tag
+      # Append repo:<none> - to avoid deleting dangling images that are in use. Unused dangling images are deleted separately
+      "$(docker container ls -a --format '{{.Image}}\\|' --filter label=service=#{config.service} | tr -d '\\n')#{config.latest_image}\\|#{config.repository}:<none>"
+    end
+
+    def service_filter
+      [ "--filter", "label=service=#{config.service}" ]
+    end
+end

data/lib/kamal/commands/registry.rb

@@ -0,0 +1,20 @@
+class Kamal::Commands::Registry < Kamal::Commands::Base
+  delegate :registry, to: :config
+
+  def login
+    docker :login, registry["server"], "-u", sensitive(lookup("username")), "-p", sensitive(lookup("password"))
+  end
+
+  def logout
+    docker :logout, registry["server"]
+  end
+
+  private
+    def lookup(key)
+      if registry[key].is_a?(Array)
+        ENV.fetch(registry[key].first).dup
+      else
+        registry[key]
+      end
+    end
+end

data/lib/kamal/commands/traefik.rb

@@ -0,0 +1,104 @@
+class Kamal::Commands::Traefik < Kamal::Commands::Base
+  delegate :argumentize, :argumentize_env_with_secrets, :optionize, to: Kamal::Utils
+
+  DEFAULT_IMAGE = "traefik:v2.9"
+  CONTAINER_PORT = 80
+  DEFAULT_ARGS = {
+    'log.level' => 'DEBUG'
+  }
+
+  def run
+    docker :run, "--name traefik",
+      "--detach",
+      "--restart", "unless-stopped",
+      "--publish", port,
+      "--volume", "/var/run/docker.sock:/var/run/docker.sock",
+      *env_args,
+      *config.logging_args,
+      *label_args,
+      *docker_options_args,
+      image,
+      "--providers.docker",
+      *cmd_option_args
+  end
+
+  def start
+    docker :container, :start, "traefik"
+  end
+
+  def stop
+    docker :container, :stop, "traefik"
+  end
+
+  def start_or_run
+    combine start, run, by: "||"
+  end
+
+  def info
+    docker :ps, "--filter", "name=^traefik$"
+  end
+
+  def logs(since: nil, lines: nil, grep: nil)
+    pipe \
+      docker(:logs, "traefik", (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
+      ("grep '#{grep}'" if grep)
+  end
+
+  def follow_logs(host:, grep: nil)
+    run_over_ssh pipe(
+      docker(:logs, "traefik", "--timestamps", "--tail", "10", "--follow", "2>&1"),
+      (%(grep "#{grep}") if grep)
+    ).join(" "), host: host
+  end
+
+  def remove_container
+    docker :container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
+  end
+
+  def remove_image
+    docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
+  end
+
+  def port
+    "#{host_port}:#{CONTAINER_PORT}"
+  end
+
+  private
+    def label_args
+      argumentize "--label", labels
+    end
+
+    def env_args
+      env_config = config.traefik["env"] || {}
+
+      if env_config.present?
+        argumentize_env_with_secrets(env_config)
+      else
+        []
+      end
+    end
+
+    def labels
+      config.traefik["labels"] || []
+    end
+
+    def image
+      config.traefik.fetch("image") { DEFAULT_IMAGE }
+    end
+
+    def docker_options_args
+      optionize(config.traefik["options"] || {})
+    end
+
+    def cmd_option_args
+      if args = config.traefik["args"]
+        optionize DEFAULT_ARGS.merge(args), with: "="
+      else
+        optionize DEFAULT_ARGS, with: "="
+      end
+    end
+
+    def host_port
+      config.traefik["host_port"] || CONTAINER_PORT
+    end
+end

data/lib/kamal/commands.rb

@@ -0,0 +1,2 @@
+module Kamal::Commands
+end

data/lib/kamal/configuration/accessory.rb

@@ -0,0 +1,169 @@
+class Kamal::Configuration::Accessory
+  delegate :argumentize, :argumentize_env_with_secrets, :optionize, to: Kamal::Utils
+
+  attr_accessor :name, :specifics
+
+  def initialize(name, config:)
+    @name, @config, @specifics = name.inquiry, config, config.raw_config["accessories"][name]
+  end
+
+  def service_name
+    "#{config.service}-#{name}"
+  end
+
+  def image
+    specifics["image"]
+  end
+
+  def hosts
+    if (specifics.keys & ["host", "hosts", "roles"]).size != 1
+      raise ArgumentError, "Specify one of `host`, `hosts` or `roles` for accessory `#{name}`"
+    end
+
+    hosts_from_host || hosts_from_hosts || hosts_from_roles
+  end
+
+  def port
+    if port = specifics["port"]&.to_s
+      port.include?(":") ? port : "#{port}:#{port}"
+    end
+  end
+
+  def publish_args
+    argumentize "--publish", port if port
+  end
+
+  def labels
+    default_labels.merge(specifics["labels"] || {})
+  end
+
+  def label_args
+    argumentize "--label", labels
+  end
+
+  def env
+    specifics["env"] || {}
+  end
+
+  def env_args
+    argumentize_env_with_secrets env
+  end
+
+  def files
+    specifics["files"]&.to_h do |local_to_remote_mapping|
+      local_file, remote_file = local_to_remote_mapping.split(":")
+      [ expand_local_file(local_file), expand_remote_file(remote_file) ]
+    end || {}
+  end
+
+  def directories
+    specifics["directories"]&.to_h do |host_to_container_mapping|
+      host_relative_path, container_path = host_to_container_mapping.split(":")
+      [ expand_host_path(host_relative_path), container_path ]
+    end || {}
+  end
+
+  def volumes
+    specific_volumes + remote_files_as_volumes + remote_directories_as_volumes
+  end
+
+  def volume_args
+    argumentize "--volume", volumes
+  end
+
+  def option_args
+    if args = specifics["options"]
+      optionize args
+    else
+      []
+    end
+  end
+
+  def cmd
+    specifics["cmd"]
+  end
+
+  private
+    attr_accessor :config
+
+    def default_labels
+      { "service" => service_name }
+    end
+
+    def expand_local_file(local_file)
+      if local_file.end_with?("erb")
+        with_clear_env_loaded { read_dynamic_file(local_file) }
+      else
+        Pathname.new(File.expand_path(local_file)).to_s
+      end
+    end
+
+    def with_clear_env_loaded
+      (env["clear"] || env).each { |k, v| ENV[k] = v }
+      yield
+    ensure
+      (env["clear"] || env).each { |k, v| ENV.delete(k) }
+    end
+
+    def read_dynamic_file(local_file)
+      StringIO.new(ERB.new(IO.read(local_file)).result)
+    end
+
+    def expand_remote_file(remote_file)
+      service_name + remote_file
+    end
+
+    def specific_volumes
+      specifics["volumes"] || []
+    end
+
+    def remote_files_as_volumes
+      specifics["files"]&.collect do |local_to_remote_mapping|
+        _, remote_file = local_to_remote_mapping.split(":")
+        "#{service_data_directory + remote_file}:#{remote_file}"
+      end || []
+    end
+
+    def remote_directories_as_volumes
+      specifics["directories"]&.collect do |host_to_container_mapping|
+        host_relative_path, container_path = host_to_container_mapping.split(":")
+        [ expand_host_path(host_relative_path), container_path ].join(":")
+      end || []
+    end
+
+    def expand_host_path(host_relative_path)
+      "#{service_data_directory}/#{host_relative_path}"
+    end
+
+    def service_data_directory
+      "$PWD/#{service_name}"
+    end
+
+    def hosts_from_host
+      if specifics.key?("host")
+        host = specifics["host"]
+        if host
+          [host]
+        else
+          raise ArgumentError, "Missing host for accessory `#{name}`"
+        end
+      end
+    end
+
+    def hosts_from_hosts
+      if specifics.key?("hosts")
+        hosts = specifics["hosts"]
+        if hosts.is_a?(Array)
+          hosts
+        else
+          raise ArgumentError, "Hosts should be an Array for accessory `#{name}`"
+        end
+      end
+    end
+
+    def hosts_from_roles
+      if specifics.key?("roles")
+        specifics["roles"].flat_map { |role| config.role(role).hosts }
+      end
+    end
+end

data/lib/kamal/configuration/boot.rb

@@ -0,0 +1,20 @@
+class Kamal::Configuration::Boot
+  def initialize(config:)
+    @options = config.raw_config.boot || {}
+    @host_count = config.all_hosts.count
+  end
+
+  def limit
+    limit = @options["limit"]
+
+    if limit.to_s.end_with?("%")
+      @host_count * limit.to_i / 100
+    else
+      limit
+    end
+  end
+
+  def wait
+    @options["wait"]
+  end
+end

data/lib/kamal/configuration/builder.rb

@@ -0,0 +1,114 @@
+class Kamal::Configuration::Builder
+  def initialize(config:)
+    @options = config.raw_config.builder || {}
+    @image = config.image
+    @server = config.registry["server"]
+
+    valid?
+  end
+
+  def to_h
+    @options
+  end
+
+  def multiarch?
+    @options["multiarch"] != false
+  end
+
+  def local?
+    !!@options["local"]
+  end
+
+  def remote?
+    !!@options["remote"]
+  end
+
+  def cached?
+    !!@options["cache"]
+  end
+
+  def args
+    @options["args"] || {}
+  end
+
+  def secrets
+    @options["secrets"] || []
+  end
+
+  def dockerfile
+    @options["dockerfile"] || "Dockerfile"
+  end
+
+  def context
+    @options["context"] || "."
+  end
+
+  def local_arch
+    @options["local"]["arch"] if local?
+  end
+
+  def local_host
+    @options["local"]["host"] if local?
+  end
+
+  def remote_arch
+    @options["remote"]["arch"] if remote?
+  end
+
+  def remote_host
+    @options["remote"]["host"] if remote?
+  end
+
+  def cache_from
+    if cached?
+      case @options["cache"]["type"]
+      when "gha"
+        cache_from_config_for_gha
+      when "registry"
+        cache_from_config_for_registry
+      end
+    end
+  end
+
+  def cache_to
+    if cached?
+      case @options["cache"]["type"]
+      when "gha"
+        cache_to_config_for_gha
+      when "registry"
+        cache_to_config_for_registry
+      end
+    end
+  end
+
+  private
+    def valid?
+      if @options["cache"] && @options["cache"]["type"]
+        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless ["gha", "registry"].include?(@options["cache"]["type"])
+      end
+    end
+
+    def cache_image
+      @options["cache"]&.fetch("image", nil) || "#{@image}-build-cache"
+    end
+
+    def cache_image_ref
+      [ @server, cache_image ].compact.join("/")
+    end
+
+    def cache_from_config_for_gha
+      "type=gha"
+    end
+
+    def cache_from_config_for_registry
+      [ "type=registry", "ref=#{cache_image_ref}" ].compact.join(",")
+    end
+
+    def cache_to_config_for_gha
+      [ "type=gha", @options["cache"]&.fetch("options", nil)].compact.join(",")
+    end
+
+    def cache_to_config_for_registry
+      [ "type=registry", @options["cache"]&.fetch("options", nil), "ref=#{cache_image_ref}" ].compact.join(",")
+    end
+end

data/lib/kamal/configuration/role.rb

@@ -0,0 +1,155 @@
+class Kamal::Configuration::Role
+  delegate :argumentize, :argumentize_env_with_secrets, :optionize, to: Kamal::Utils
+
+  attr_accessor :name
+
+  def initialize(name, config:)
+   @name, @config = name.inquiry, config
+  end
+
+  def primary_host
+    hosts.first
+  end
+
+  def hosts
+    @hosts ||= extract_hosts_from_config
+  end
+
+  def labels
+    default_labels.merge(traefik_labels).merge(custom_labels)
+  end
+
+  def label_args
+    argumentize "--label", labels
+  end
+
+  def env
+    if config.env && config.env["secret"]
+      merged_env_with_secrets
+    else
+      merged_env
+    end
+  end
+
+  def env_args
+    argumentize_env_with_secrets env
+  end
+
+  def health_check_args
+    if health_check_cmd.present?
+      optionize({ "health-cmd" => health_check_cmd, "health-interval" => health_check_interval })
+    else
+      []
+    end
+  end
+
+  def health_check_cmd
+    options = specializations["healthcheck"] || {}
+    options = config.healthcheck.merge(options) if running_traefik?
+
+    options["cmd"] || http_health_check(port: options["port"], path: options["path"])
+  end
+
+  def health_check_interval
+    options = specializations["healthcheck"] || {}
+    options = config.healthcheck.merge(options) if running_traefik?
+
+    options["interval"] || "1s"
+  end
+
+  def cmd
+    specializations["cmd"]
+  end
+
+  def option_args
+    if args = specializations["options"]
+      optionize args
+    else
+      []
+    end
+  end
+
+  def running_traefik?
+    name.web? || specializations["traefik"]
+  end
+
+  private
+    attr_accessor :config
+
+    def extract_hosts_from_config
+      if config.servers.is_a?(Array)
+        config.servers
+      else
+        servers = config.servers[name]
+        servers.is_a?(Array) ? servers : Array(servers["hosts"])
+      end
+    end
+
+    def default_labels
+      if config.destination
+        { "service" => config.service, "role" => name, "destination" => config.destination }
+      else
+        { "service" => config.service, "role" => name }
+      end
+    end
+
+    def traefik_labels
+      if running_traefik?
+        {
+          # Setting a service property ensures that the generated service name will be consistent between versions
+          "traefik.http.services.#{traefik_service}.loadbalancer.server.scheme" => "http",
+
+          "traefik.http.routers.#{traefik_service}.rule" => "PathPrefix(`/`)",
+          "traefik.http.middlewares.#{traefik_service}-retry.retry.attempts" => "5",
+          "traefik.http.middlewares.#{traefik_service}-retry.retry.initialinterval" => "500ms",
+          "traefik.http.routers.#{traefik_service}.middlewares" => "#{traefik_service}-retry@docker"
+        }
+      else
+        {}
+      end
+    end
+
+    def traefik_service
+      [ config.service, name, config.destination ].compact.join("-")
+    end
+
+    def custom_labels
+      Hash.new.tap do |labels|
+        labels.merge!(config.labels) if config.labels.present?
+        labels.merge!(specializations["labels"]) if specializations["labels"].present?
+      end
+    end
+
+    def specializations
+      if config.servers.is_a?(Array) || config.servers[name].is_a?(Array)
+        { }
+      else
+        config.servers[name].except("hosts")
+      end
+    end
+
+    def specialized_env
+      specializations["env"] || {}
+    end
+
+    def merged_env
+      config.env&.merge(specialized_env) || {}
+    end
+
+    # Secrets are stored in an array, which won't merge by default, so have to do it by hand.
+    def merged_env_with_secrets
+      merged_env.tap do |new_env|
+        new_env["secret"] = Array(config.env["secret"]) + Array(specialized_env["secret"])
+
+        # If there's no secret/clear split, everything is clear
+        clear_app_env  = config.env["secret"] ? Array(config.env["clear"]) : Array(config.env["clear"] || config.env)
+        clear_role_env = specialized_env["secret"] ? Array(specialized_env["clear"]) : Array(specialized_env["clear"] || specialized_env)
+
+        new_env["clear"] = (clear_app_env + clear_role_env).uniq
+      end
+    end
+
+    def http_health_check(port:, path:)
+      "curl -f #{URI.join("http://localhost:#{port}", path)} || exit 1" if path.present? || port.present?
+    end
+end