kamal 1.4.0 → 1.5.1

data/lib/kamal/configuration/env.rb

@@ -0,0 +1,40 @@
+class Kamal::Configuration::Env
+  attr_reader :secrets_keys, :clear, :secrets_file
+  delegate :argumentize, to: Kamal::Utils
+
+  def self.from_config(config:, secrets_file: nil)
+    secrets_keys = config.fetch("secret", [])
+    clear = config.fetch("clear", config.key?("secret") ? {} : config)
+
+    new clear: clear, secrets_keys: secrets_keys, secrets_file: secrets_file
+  end
+
+  def initialize(clear:, secrets_keys:, secrets_file:)
+    @clear = clear
+    @secrets_keys = secrets_keys
+    @secrets_file = secrets_file
+  end
+
+  def args
+    [ "--env-file", secrets_file, *argumentize("--env", clear) ]
+  end
+
+  def secrets_io
+    StringIO.new(Kamal::EnvFile.new(secrets).to_s)
+  end
+
+  def secrets
+    @secrets ||= secrets_keys.to_h { |key| [ key, ENV.fetch(key) ] }
+  end
+
+  def secrets_directory
+    File.dirname(secrets_file)
+  end
+
+  def merge(other)
+    self.class.new \
+      clear: @clear.merge(other.clear),
+      secrets_keys: @secrets_keys | other.secrets_keys,
+      secrets_file: secrets_file
+  end
+end

data/lib/kamal/configuration/role.rb

@@ -51,27 +51,11 @@ class Kamal::Configuration::Role
 
 
   def env
-    if config.env && config.env["secret"]
-      merged_env_with_secrets
-    else
-      merged_env
-    end
-  end
-
-  def env_file
-    Kamal::EnvFile.new(env)
-  end
-
-  def host_env_directory
-    File.join config.host_env_directory, "roles"
-  end
-
-  def host_env_file_path
-    File.join host_env_directory, "#{[config.service, name, config.destination].compact.join("-")}.env"
+    @env ||= base_env.merge(specialized_env)
   end
 
   def env_args
-    argumentize "--env-file", host_env_file_path
+    env.args
   end
 
   def asset_volume_args
@@ -123,13 +107,13 @@ class Kamal::Configuration::Role
   end
 
   def cord_host_directory
-    File.join config.run_directory_as_docker_volume, "cords", [container_prefix, config.run_id].join("-")
+    File.join config.run_directory_as_docker_volume, "cords", [ container_prefix, config.run_id ].join("-")
   end
 
   def cord_volume
     if (cord = health_check_options["cord"])
       @cord_volume ||= Kamal::Configuration::Volume.new \
-        host_path: File.join(config.run_directory, "cords", [container_prefix, config.run_id].join("-")),
+        host_path: File.join(config.run_directory, "cords", [ container_prefix, config.run_id ].join("-")),
         container_path: cord
     end
   end
@@ -192,11 +176,7 @@ class Kamal::Configuration::Role
     end
 
     def default_labels
-      if config.destination
-        { "service" => config.service, "role" => name, "destination" => config.destination }
-      else
-        { "service" => config.service, "role" => name }
-      end
+      { "service" => config.service, "role" => name, "destination" => config.destination }
     end
 
     def traefik_labels
@@ -217,7 +197,7 @@ class Kamal::Configuration::Role
     end
 
     def traefik_service
-      [ config.service, name, config.destination ].compact.join("-")
+      container_prefix
     end
 
     def custom_labels
@@ -229,31 +209,21 @@ class Kamal::Configuration::Role
 
     def specializations
       if config.servers.is_a?(Array) || config.servers[name].is_a?(Array)
-        { }
+        {}
       else
         config.servers[name].except("hosts")
       end
     end
 
     def specialized_env
-      specializations["env"] || {}
-    end
-
-    def merged_env
-      config.env&.merge(specialized_env) || {}
+      Kamal::Configuration::Env.from_config config: specializations.fetch("env", {})
     end
 
     # Secrets are stored in an array, which won't merge by default, so have to do it by hand.
-    def merged_env_with_secrets
-      merged_env.tap do |new_env|
-        new_env["secret"] = Array(config.env["secret"]) + Array(specialized_env["secret"])
-
-        # If there's no secret/clear split, everything is clear
-        clear_app_env  = config.env["secret"] ? Array(config.env["clear"]) : Array(config.env["clear"] || config.env)
-        clear_role_env = specialized_env["secret"] ? Array(specialized_env["clear"]) : Array(specialized_env["clear"] || specialized_env)
-
-        new_env["clear"] = clear_app_env.to_h.merge(clear_role_env.to_h)
-      end
+    def base_env
+      Kamal::Configuration::Env.from_config \
+        config: config.env,
+        secrets_file: File.join(config.host_env_directory, "roles", "#{container_prefix}.env")
     end
 
     def http_health_check(port:, path:)

data/lib/kamal/configuration.rb

@@ -6,7 +6,7 @@ require "erb"
 require "net/ssh/proxy/jump"
 
 class Kamal::Configuration
-  delegate :service, :image, :servers, :env, :labels, :registry, :stop_wait_time, :hooks_path, :logging, to: :raw_config, allow_nil: true
+  delegate :service, :image, :servers, :labels, :registry, :stop_wait_time, :hooks_path, :logging, to: :raw_config, allow_nil: true
   delegate :argumentize, :optionize, to: Kamal::Utils
 
   attr_reader :destination, :raw_config
@@ -88,7 +88,7 @@ class Kamal::Configuration
 
 
   def all_hosts
-    roles.flat_map(&:hosts).uniq
+    (roles + accessories).flat_map(&:hosts).uniq
   end
 
   def primary_host
@@ -128,7 +128,11 @@ class Kamal::Configuration
   end
 
   def latest_image
-    "#{repository}:latest"
+    "#{repository}:#{latest_tag}"
+  end
+
+  def latest_tag
+    [ "latest", *destination ].join("-")
   end
 
   def service_with_version
@@ -216,12 +220,17 @@ class Kamal::Configuration
     raw_config.hooks_path || ".kamal/hooks"
   end
 
+  def asset_path
+    raw_config.asset_path
+  end
+
+
   def host_env_directory
-    "#{run_directory}/env"
+    File.join(run_directory, "env")
   end
 
-  def asset_path
-    raw_config.asset_path
+  def env
+    raw_config.env || {}
   end
 
 
@@ -292,7 +301,7 @@ class Kamal::Configuration
     end
 
     def ensure_valid_service_name
-      raise ArgumentError, "Service name can only include alphanumeric characters, hyphens, and underscores" unless raw_config[:service] =~ /^[a-z0-9_-]+$/
+      raise ArgumentError, "Service name can only include alphanumeric characters, hyphens, and underscores" unless raw_config[:service] =~ /^[a-z0-9_-]+$/i
 
       true
     end
@@ -319,7 +328,10 @@ class Kamal::Configuration
     def git_version
       @git_version ||=
         if Kamal::Git.used?
-          [ Kamal::Git.revision, Kamal::Git.uncommitted_changes.present? ? "_uncommitted_#{SecureRandom.hex(8)}" : "" ].join
+          if Kamal::Git.uncommitted_changes.present? && !builder.git_archive?
+            uncommitted_suffix = "_uncommitted_#{SecureRandom.hex(8)}"
+          end
+          [ Kamal::Git.revision, uncommitted_suffix ].compact.join
         else
           raise "Can't use commit hash as version, no git repository found in #{Dir.pwd}"
         end

data/lib/kamal/env_file.rb

@@ -3,21 +3,11 @@ class Kamal::EnvFile
   def initialize(env)
     @env = env
   end
-  
+
   def to_s
     env_file = StringIO.new.tap do |contents|
-      if (secrets = @env["secret"]).present?
-        @env.fetch("secret", @env)&.each do |key|
-          contents << docker_env_file_line(key, ENV.fetch(key))
-        end
-
-        @env["clear"]&.each do |key, value|
-          contents << docker_env_file_line(key, value)
-        end
-      else
-        @env.fetch("clear", @env)&.each do |key, value|
-          contents << docker_env_file_line(key, value)
-        end
+      @env.each do |key, value|
+        contents << docker_env_file_line(key, value)
       end
     end.string
 
@@ -26,14 +16,21 @@ class Kamal::EnvFile
   end
 
   alias to_str to_s
-  
+
   private
     def docker_env_file_line(key, value)
-      "#{key.to_s}=#{escape_docker_env_file_value(value)}\n"
+      "#{key}=#{escape_docker_env_file_value(value)}\n"
     end
 
     # Escape a value to make it safe to dump in a docker file.
     def escape_docker_env_file_value(value)
+      # keep non-ascii(UTF-8) characters as it is
+      value.to_s.scan(/[\x00-\x7F]+|[^\x00-\x7F]+/).map do |part|
+        part.ascii_only? ? escape_docker_env_file_ascii_value(part) : part
+      end.join
+    end
+
+    def escape_docker_env_file_ascii_value(value)
       # Doublequotes are treated literally in docker env files
       # so remove leading and trailing ones and unescape any others
       value.to_s.dump[1..-2].gsub(/\\"/, "\"")

data/lib/kamal/utils.rb

@@ -9,7 +9,7 @@ module Kamal::Utils
       if value.present?
         attr = "#{key}=#{escape_shell_value(value)}"
         attr = self.sensitive(attr, redaction: "#{key}=[REDACTED]") if sensitive
-        [ argument, attr]
+        [ argument, attr ]
       else
         [ argument, key ]
       end
@@ -29,7 +29,7 @@ module Kamal::Utils
 
   # Flattens a one-to-many structure into an array of two-element arrays each containing a key-value pair
   def flatten_args(args)
-    args.flat_map { |key, value| value.try(:map) { |entry| [key, entry] } || [ [ key, value ] ] }
+    args.flat_map { |key, value| value.try(:map) { |entry| [ key, entry ] } || [ [ key, value ] ] }
   end
 
   # Marks sensitive values for redaction in logs and human-visible output.
@@ -66,12 +66,15 @@ module Kamal::Utils
     Array(filters).select do |filter|
       matches += Array(items).select do |item|
         # Only allow * for a wildcard
-        pattern = Regexp.escape(filter).gsub('\*', '.*')
         # items are roles or hosts
-        (item.respond_to?(:name) ? item.name : item).match(/^#{pattern}$/)
+        File.fnmatch(filter, item.to_s, File::FNM_EXTGLOB)
       end
     end
 
-    matches
+    matches.uniq
+  end
+
+  def stable_sort!(elements, &block)
+    elements.sort_by!.with_index { |element, index| [ block.call(element), index ] }
   end
 end

data/lib/kamal/version.rb

@@ -1,3 +1,3 @@
 module Kamal
-  VERSION = "1.4.0"
+  VERSION = "1.5.1"
 end

data/lib/kamal.rb

@@ -5,6 +5,6 @@ require "active_support"
 require "zeitwerk"
 
 loader = Zeitwerk::Loader.for_gem
-loader.ignore("#{__dir__}/kamal/sshkit_with_ext.rb")
+loader.ignore(File.join(__dir__, "kamal", "sshkit_with_ext.rb"))
 loader.setup
 loader.eager_load # We need all commands loaded.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kamal
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-20 00:00:00.000000000 Z
+date: 2024-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -206,6 +206,8 @@ files:
 - lib/kamal/cli.rb
 - lib/kamal/cli/accessory.rb
 - lib/kamal/cli/app.rb
+- lib/kamal/cli/app/boot.rb
+- lib/kamal/cli/app/prepare_assets.rb
 - lib/kamal/cli/base.rb
 - lib/kamal/cli/build.rb
 - lib/kamal/cli/env.rb
@@ -227,9 +229,11 @@ files:
 - lib/kamal/cli/templates/template.env
 - lib/kamal/cli/traefik.rb
 - lib/kamal/commander.rb
+- lib/kamal/commander/specifics.rb
 - lib/kamal/commands.rb
 - lib/kamal/commands/accessory.rb
 - lib/kamal/commands/app.rb
+- lib/kamal/commands/app.rb.orig
 - lib/kamal/commands/app/assets.rb
 - lib/kamal/commands/app/containers.rb
 - lib/kamal/commands/app/cord.rb
@@ -257,6 +261,7 @@ files:
 - lib/kamal/configuration/accessory.rb
 - lib/kamal/configuration/boot.rb
 - lib/kamal/configuration/builder.rb
+- lib/kamal/configuration/env.rb
 - lib/kamal/configuration/role.rb
 - lib/kamal/configuration/ssh.rb
 - lib/kamal/configuration/sshkit.rb