kamal 1.4.0 → 1.5.0

data/lib/kamal/commands/app.rb

@@ -15,7 +15,7 @@ class Kamal::Commands::App < Kamal::Commands::Base
       "--detach",
       "--restart unless-stopped",
       "--name", container_name,
-      *(["--hostname", hostname] if hostname),
+      *([ "--hostname", hostname ] if hostname),
       "-e", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
       "-e", "KAMAL_VERSION=\"#{config.version}\"",
       *role.env_args,
@@ -49,7 +49,7 @@ class Kamal::Commands::App < Kamal::Commands::Base
 
 
   def current_running_container_id
-    docker :ps, "--quiet", *filter_args(statuses: ACTIVE_DOCKER_STATUSES), "--latest"
+    current_running_container(format: "--quiet")
   end
 
   def container_id_for_version(version, only_running: false)
@@ -57,22 +57,24 @@ class Kamal::Commands::App < Kamal::Commands::Base
   end
 
   def current_running_version
-    list_versions("--latest", statuses: ACTIVE_DOCKER_STATUSES)
+    pipe \
+      current_running_container(format: "--format '{{.Names}}'"),
+      extract_version_from_name
   end
 
   def list_versions(*docker_args, statuses: nil)
     pipe \
       docker(:ps, *filter_args(statuses: statuses), *docker_args, "--format", '"{{.Names}}"'),
-      %(while read line; do echo ${line##{role.container_prefix}-}; done) # Extract SHA from "service-role-dest-SHA"
+      extract_version_from_name
   end
 
 
   def make_env_directory
-    make_directory role.host_env_directory
+    make_directory role.env.secrets_directory
   end
 
   def remove_env_file
-    [ :rm, "-f", role.host_env_file_path ]
+    [ :rm, "-f", role.env.secrets_file ]
   end
 
 
@@ -81,12 +83,31 @@ class Kamal::Commands::App < Kamal::Commands::Base
       [ role.container_prefix, version || config.version ].compact.join("-")
     end
 
+    def latest_image_id
+      docker :image, :ls, *argumentize("--filter", "reference=#{config.latest_image}"), "--format", "'{{.ID}}'"
+    end
+
+    def current_running_container(format:)
+      pipe \
+        shell(chain(latest_image_container(format: format), latest_container(format: format))),
+        [ :head, "-1" ]
+    end
+
+    def latest_image_container(format:)
+      latest_container format: format, filters: [ "ancestor=$(#{latest_image_id.join(" ")})" ]
+    end
+
+    def latest_container(format:, filters: nil)
+      docker :ps, "--latest", *format, *filter_args(statuses: ACTIVE_DOCKER_STATUSES), argumentize("--filter", filters)
+    end
+
     def filter_args(statuses: nil)
       argumentize "--filter", filters(statuses: statuses)
     end
 
-    def service_role_dest
-      [ config.service, role, config.destination ].compact.join("-")
+    def extract_version_from_name
+      # Extract SHA from "service-role-dest-SHA"
+      %(while read line; do echo ${line##{role.container_prefix}-}; done)
     end
 
     def filters(statuses: nil)

data/lib/kamal/commands/auditor.rb

@@ -21,7 +21,7 @@ class Kamal::Commands::Auditor < Kamal::Commands::Base
     def audit_log_file
       file = [ config.service, config.destination, "audit.log" ].compact.join("-")
 
-      "#{config.run_directory}/#{file}"
+      File.join(config.run_directory, file)
     end
 
     def audit_tags(**details)

data/lib/kamal/commands/base.rb

@@ -71,13 +71,17 @@ module Kamal::Commands
       end
 
       def shell(command)
-        [ :sh, "-c", "'#{command.flatten.join(" ").gsub("'", "'\\''")}'" ]
+        [ :sh, "-c", "'#{command.flatten.join(" ").gsub("'", "'\\\\''")}'" ]
       end
 
       def docker(*args)
         args.compact.unshift :docker
       end
 
+      def git(*args)
+        args.compact.unshift :git
+      end
+
       def tags(**details)
         Kamal::Tags.from_config(config, **details)
       end

data/lib/kamal/commands/builder/base.rb

@@ -3,7 +3,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
   class BuilderError < StandardError; end
 
   delegate :argumentize, to: Kamal::Utils
-  delegate :args, :secrets, :dockerfile, :local_arch, :local_host, :remote_arch, :remote_host, :cache_from, :cache_to, :ssh, to: :builder_config
+  delegate :args, :secrets, :dockerfile, :local_arch, :local_host, :remote_arch, :remote_host, :cache_from, :cache_to, :ssh, :git_archive?, to: :builder_config
 
   def clean
     docker :image, :rm, "--force", config.absolute_image
@@ -13,6 +13,16 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
     docker :pull, config.absolute_image
   end
 
+  def push
+    if git_archive?
+      pipe \
+        git(:archive, "--format=tar", :HEAD),
+        build_and_push
+    else
+      build_and_push
+    end
+  end
+
   def build_options
     [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_ssh ]
   end
@@ -25,7 +35,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
     pipe \
       docker(:inspect, "-f", "'{{ .Config.Labels.service }}'", config.absolute_image),
       any(
-        [:grep, "-x", config.service],
+        [ :grep, "-x", config.service ],
         "(echo \"Image #{config.absolute_image} is missing the 'service' label\" && exit 1)"
       )
   end
@@ -38,8 +48,8 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
 
     def build_cache
       if cache_to && cache_from
-        ["--cache-to", cache_to,
-          "--cache-from", cache_from]
+        [ "--cache-to", cache_to,
+          "--cache-from", cache_from ]
       end
     end
 

data/lib/kamal/commands/builder/multiarch.rb

@@ -7,15 +7,6 @@ class Kamal::Commands::Builder::Multiarch < Kamal::Commands::Builder::Base
     docker :buildx, :rm, builder_name
   end
 
-  def push
-    docker :buildx, :build,
-      "--push",
-      "--platform", platform_names,
-      "--builder", builder_name,
-      *build_options,
-      build_context
-  end
-
   def info
     combine \
       docker(:context, :ls),
@@ -34,4 +25,13 @@ class Kamal::Commands::Builder::Multiarch < Kamal::Commands::Builder::Base
         "linux/amd64,linux/arm64"
       end
     end
+
+    def build_and_push
+      docker :buildx, :build,
+        "--push",
+        "--platform", platform_names,
+        "--builder", builder_name,
+        *build_options,
+        build_context
+    end
 end

data/lib/kamal/commands/builder/native/cached.rb

@@ -7,10 +7,11 @@ class Kamal::Commands::Builder::Native::Cached < Kamal::Commands::Builder::Nativ
     docker :buildx, :rm, builder_name
   end
 
-  def push
-    docker :buildx, :build,
-      "--push",
-      *build_options,
-      build_context
-  end
+  private
+    def build_and_push
+      docker :buildx, :build,
+        "--push",
+        *build_options,
+        build_context
+    end
 end

data/lib/kamal/commands/builder/native/remote.rb

@@ -11,15 +11,6 @@ class Kamal::Commands::Builder::Native::Remote < Kamal::Commands::Builder::Nativ
       remove_buildx
   end
 
-  def push
-    docker :buildx, :build,
-      "--push",
-      "--platform", platform,
-      "--builder", builder_name,
-      *build_options,
-      build_context
-  end
-
   def info
     chain \
       docker(:context, :ls),
@@ -56,4 +47,13 @@ class Kamal::Commands::Builder::Native::Remote < Kamal::Commands::Builder::Nativ
     def remove_buildx
       docker :buildx, :rm, builder_name
     end
+
+    def build_and_push
+      docker :buildx, :build,
+      "--push",
+      "--platform", platform,
+      "--builder", builder_name,
+      *build_options,
+      build_context
+    end
 end

data/lib/kamal/commands/builder/native.rb

@@ -7,14 +7,15 @@ class Kamal::Commands::Builder::Native < Kamal::Commands::Builder::Base
     # No-op on native without cache
   end
 
-  def push
-    combine \
-      docker(:build, *build_options, build_context),
-      docker(:push, config.absolute_image),
-      docker(:push, config.latest_image)
-  end
-
   def info
     # No-op on native
   end
+
+  private
+    def build_and_push
+      combine \
+        docker(:build, *build_options, build_context),
+        docker(:push, config.absolute_image),
+        docker(:push, config.latest_image)
+    end
 end

data/lib/kamal/commands/healthcheck.rb

@@ -1,5 +1,4 @@
 class Kamal::Commands::Healthcheck < Kamal::Commands::Base
-
   def run
     primary = config.role(config.primary_role)
 

data/lib/kamal/commands/hook.rb

@@ -9,6 +9,6 @@ class Kamal::Commands::Hook < Kamal::Commands::Base
 
   private
     def hook_file(hook)
-      "#{config.hooks_path}/#{hook}"
+      File.join(config.hooks_path, hook)
     end
 end

data/lib/kamal/commands/lock.rb

@@ -5,14 +5,14 @@ require "base64"
 class Kamal::Commands::Lock < Kamal::Commands::Base
   def acquire(message, version)
     combine \
-      [:mkdir, lock_dir],
+      [ :mkdir, lock_dir ],
       write_lock_details(message, version)
   end
 
   def release
     combine \
-      [:rm, lock_details_file],
-      [:rm, "-r", lock_dir]
+      [ :rm, lock_details_file ],
+      [ :rm, "-r", lock_dir ]
   end
 
   def status
@@ -21,31 +21,41 @@ class Kamal::Commands::Lock < Kamal::Commands::Base
       read_lock_details
   end
 
+  def ensure_locks_directory
+    [ :mkdir, "-p", locks_dir ]
+  end
+
   private
     def write_lock_details(message, version)
       write \
-        [:echo, "\"#{Base64.encode64(lock_details(message, version))}\""],
+        [ :echo, "\"#{Base64.encode64(lock_details(message, version))}\"" ],
         lock_details_file
     end
 
     def read_lock_details
       pipe \
-        [:cat, lock_details_file],
-        [:base64, "-d"]
+        [ :cat, lock_details_file ],
+        [ :base64, "-d" ]
     end
 
     def stat_lock_dir
       write \
-        [:stat, lock_dir],
+        [ :stat, lock_dir ],
         "/dev/null"
     end
 
+    def locks_dir
+      File.join(config.run_directory, "locks")
+    end
+
     def lock_dir
-      "#{config.run_directory}/lock-#{config.service}"
+      dir_name = [ config.service, config.destination ].compact.join("-")
+
+      File.join(locks_dir, dir_name)
     end
 
     def lock_details_file
-      [lock_dir, :details].join("/")
+      File.join(lock_dir, "details")
     end
 
     def lock_details(message, version)

data/lib/kamal/commands/prune.rb

@@ -26,7 +26,7 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
 
   private
     def stopped_containers_filters
-      [ "created", "exited", "dead" ].flat_map { |status| ["--filter", "status=#{status}"] }
+      [ "created", "exited", "dead" ].flat_map { |status| [ "--filter", "status=#{status}" ] }
     end
 
     def active_image_list
@@ -43,4 +43,4 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
     def healthcheck_service_filter
       [ "--filter", "label=service=#{config.healthcheck_service}" ]
     end
-  end
+end

data/lib/kamal/commands/server.rb

@@ -1,5 +1,5 @@
 class Kamal::Commands::Server < Kamal::Commands::Base
   def ensure_run_directory
-    [:mkdir, "-p", config.run_directory]
+    [ :mkdir, "-p", config.run_directory ]
   end
 end

data/lib/kamal/commands/traefik.rb

@@ -4,7 +4,7 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
   DEFAULT_IMAGE = "traefik:v2.10"
   CONTAINER_PORT = 80
   DEFAULT_ARGS = {
-    'log.level' => 'DEBUG'
+    "log.level" => "DEBUG"
   }
   DEFAULT_LABELS = {
     # These ensure we serve a 502 rather than a 404 if no containers are available
@@ -71,20 +71,18 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
     "#{host_port}:#{CONTAINER_PORT}"
   end
 
-  def env_file
-    Kamal::EnvFile.new(config.traefik.fetch("env", {}))
-  end
-
-  def host_env_file_path
-    File.join host_env_directory, "traefik.env"
+  def env
+    Kamal::Configuration::Env.from_config \
+      config: config.traefik.fetch("env", {}),
+      secrets_file: File.join(config.host_env_directory, "traefik", "traefik.env")
   end
 
   def make_env_directory
-    make_directory(host_env_directory)
+    make_directory(env.secrets_directory)
   end
 
   def remove_env_file
-    [:rm, "-f", host_env_file_path]
+    [ :rm, "-f", env.secrets_file ]
   end
 
   private
@@ -97,11 +95,7 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
     end
 
     def env_args
-      argumentize "--env-file", host_env_file_path
-    end
-
-    def host_env_directory
-      File.join config.host_env_directory, "traefik"
+      env.args
     end
 
     def labels

data/lib/kamal/configuration/accessory.rb

@@ -16,7 +16,7 @@ class Kamal::Configuration::Accessory
   end
 
   def hosts
-    if (specifics.keys & ["host", "hosts", "roles"]).size != 1
+    if (specifics.keys & [ "host", "hosts", "roles" ]).size != 1
       raise ArgumentError, "Specify one of `host`, `hosts` or `roles` for accessory `#{name}`"
     end
 
@@ -42,23 +42,13 @@ class Kamal::Configuration::Accessory
   end
 
   def env
-    specifics["env"] || {}
-  end
-
-  def env_file
-    Kamal::EnvFile.new(env)
-  end
-
-  def host_env_directory
-    File.join config.host_env_directory, "accessories"
-  end
-
-  def host_env_file_path
-    File.join host_env_directory, "#{service_name}.env"
+    Kamal::Configuration::Env.from_config \
+      config: specifics.fetch("env", {}),
+      secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env")
   end
 
   def env_args
-    argumentize "--env-file", host_env_file_path
+    env.args
   end
 
   def files
@@ -111,10 +101,10 @@ class Kamal::Configuration::Accessory
     end
 
     def with_clear_env_loaded
-      (env["clear"] || env).each { |k, v| ENV[k] = v }
+      env.clear.each { |k, v| ENV[k] = v }
       yield
     ensure
-      (env["clear"] || env).each { |k, v| ENV.delete(k) }
+      env.clear.each { |k, v| ENV.delete(k) }
     end
 
     def read_dynamic_file(local_file)
@@ -144,7 +134,7 @@ class Kamal::Configuration::Accessory
     end
 
     def expand_host_path(host_path)
-      absolute_path?(host_path) ? host_path : "#{service_data_directory}/#{host_path}"
+      absolute_path?(host_path) ? host_path : File.join(service_data_directory, host_path)
     end
 
     def absolute_path?(path)
@@ -159,7 +149,7 @@ class Kamal::Configuration::Accessory
       if specifics.key?("host")
         host = specifics["host"]
         if host
-          [host]
+          [ host ]
         else
           raise ArgumentError, "Missing host for accessory `#{name}`"
         end

data/lib/kamal/configuration/boot.rb

@@ -8,7 +8,7 @@ class Kamal::Configuration::Boot
     limit = @options["limit"]
 
     if limit.to_s.end_with?("%")
-      [@host_count * limit.to_i / 100, 1].max
+      [ @host_count * limit.to_i / 100, 1 ].max
     else
       limit
     end

data/lib/kamal/configuration/builder.rb

@@ -40,7 +40,7 @@ class Kamal::Configuration::Builder
   end
 
   def context
-    @options["context"] || "."
+    @options["context"] || (git_archive? ? "-" : ".")
   end
 
   def local_arch
@@ -85,10 +85,14 @@ class Kamal::Configuration::Builder
     @options["ssh"]
   end
 
+  def git_archive?
+    Kamal::Git.used? && @options["context"].nil?
+  end
+
   private
     def valid?
       if @options["cache"] && @options["cache"]["type"]
-        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless ["gha", "registry"].include?(@options["cache"]["type"])
+        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
       end
     end
 
@@ -109,7 +113,7 @@ class Kamal::Configuration::Builder
     end
 
     def cache_to_config_for_gha
-      [ "type=gha", @options["cache"]&.fetch("options", nil)].compact.join(",")
+      [ "type=gha", @options["cache"]&.fetch("options", nil) ].compact.join(",")
     end
 
     def cache_to_config_for_registry

data/lib/kamal/configuration/env.rb

@@ -0,0 +1,40 @@
+class Kamal::Configuration::Env
+  attr_reader :secrets_keys, :clear, :secrets_file
+  delegate :argumentize, to: Kamal::Utils
+
+  def self.from_config(config:, secrets_file: nil)
+    secrets_keys = config.fetch("secret", [])
+    clear = config.fetch("clear", config.key?("secret") ? {} : config)
+
+    new clear: clear, secrets_keys: secrets_keys, secrets_file: secrets_file
+  end
+
+  def initialize(clear:, secrets_keys:, secrets_file:)
+    @clear = clear
+    @secrets_keys = secrets_keys
+    @secrets_file = secrets_file
+  end
+
+  def args
+    [ "--env-file", secrets_file, *argumentize("--env", clear) ]
+  end
+
+  def secrets_io
+    StringIO.new(Kamal::EnvFile.new(secrets).to_s)
+  end
+
+  def secrets
+    @secrets ||= secrets_keys.to_h { |key| [ key, ENV.fetch(key) ] }
+  end
+
+  def secrets_directory
+    File.dirname(secrets_file)
+  end
+
+  def merge(other)
+    self.class.new \
+      clear: @clear.merge(other.clear),
+      secrets_keys: @secrets_keys | other.secrets_keys,
+      secrets_file: secrets_file
+  end
+end

data/lib/kamal/configuration/role.rb

@@ -51,27 +51,11 @@ class Kamal::Configuration::Role
 
 
   def env
-    if config.env && config.env["secret"]
-      merged_env_with_secrets
-    else
-      merged_env
-    end
-  end
-
-  def env_file
-    Kamal::EnvFile.new(env)
-  end
-
-  def host_env_directory
-    File.join config.host_env_directory, "roles"
-  end
-
-  def host_env_file_path
-    File.join host_env_directory, "#{[config.service, name, config.destination].compact.join("-")}.env"
+    @env ||= base_env.merge(specialized_env)
   end
 
   def env_args
-    argumentize "--env-file", host_env_file_path
+    env.args
   end
 
   def asset_volume_args
@@ -123,13 +107,13 @@ class Kamal::Configuration::Role
   end
 
   def cord_host_directory
-    File.join config.run_directory_as_docker_volume, "cords", [container_prefix, config.run_id].join("-")
+    File.join config.run_directory_as_docker_volume, "cords", [ container_prefix, config.run_id ].join("-")
   end
 
   def cord_volume
     if (cord = health_check_options["cord"])
       @cord_volume ||= Kamal::Configuration::Volume.new \
-        host_path: File.join(config.run_directory, "cords", [container_prefix, config.run_id].join("-")),
+        host_path: File.join(config.run_directory, "cords", [ container_prefix, config.run_id ].join("-")),
         container_path: cord
     end
   end
@@ -192,11 +176,7 @@ class Kamal::Configuration::Role
     end
 
     def default_labels
-      if config.destination
-        { "service" => config.service, "role" => name, "destination" => config.destination }
-      else
-        { "service" => config.service, "role" => name }
-      end
+      { "service" => config.service, "role" => name, "destination" => config.destination }
     end
 
     def traefik_labels
@@ -217,7 +197,7 @@ class Kamal::Configuration::Role
     end
 
     def traefik_service
-      [ config.service, name, config.destination ].compact.join("-")
+      container_prefix
     end
 
     def custom_labels
@@ -229,31 +209,21 @@ class Kamal::Configuration::Role
 
     def specializations
       if config.servers.is_a?(Array) || config.servers[name].is_a?(Array)
-        { }
+        {}
       else
         config.servers[name].except("hosts")
       end
     end
 
     def specialized_env
-      specializations["env"] || {}
-    end
-
-    def merged_env
-      config.env&.merge(specialized_env) || {}
+      Kamal::Configuration::Env.from_config config: specializations.fetch("env", {})
     end
 
     # Secrets are stored in an array, which won't merge by default, so have to do it by hand.
-    def merged_env_with_secrets
-      merged_env.tap do |new_env|
-        new_env["secret"] = Array(config.env["secret"]) + Array(specialized_env["secret"])
-
-        # If there's no secret/clear split, everything is clear
-        clear_app_env  = config.env["secret"] ? Array(config.env["clear"]) : Array(config.env["clear"] || config.env)
-        clear_role_env = specialized_env["secret"] ? Array(specialized_env["clear"]) : Array(specialized_env["clear"] || specialized_env)
-
-        new_env["clear"] = clear_app_env.to_h.merge(clear_role_env.to_h)
-      end
+    def base_env
+      Kamal::Configuration::Env.from_config \
+        config: config.env,
+        secrets_file: File.join(config.host_env_directory, "roles", "#{container_prefix}.env")
     end
 
     def http_health_check(port:, path:)