kamal 1.5.2 → 1.7.0

data/lib/kamal/commands/traefik.rb

@@ -1,19 +1,6 @@
 class Kamal::Commands::Traefik < Kamal::Commands::Base
   delegate :argumentize, :optionize, to: Kamal::Utils
-
-  DEFAULT_IMAGE = "traefik:v2.10"
-  CONTAINER_PORT = 80
-  DEFAULT_ARGS = {
-    "log.level" => "DEBUG"
-  }
-  DEFAULT_LABELS = {
-    # These ensure we serve a 502 rather than a 404 if no containers are available
-    "traefik.http.routers.catchall.entryPoints" => "http",
-    "traefik.http.routers.catchall.rule" => "PathPrefix(`/`)",
-    "traefik.http.routers.catchall.service" => "unavailable",
-    "traefik.http.routers.catchall.priority" => 1,
-    "traefik.http.services.unavailable.loadbalancer.server.port" => "0"
-  }
+  delegate :port, :publish?, :labels, :env, :image, :options, :args, to: :"config.traefik"
 
   def run
     docker :run, "--name traefik",
@@ -46,16 +33,16 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
     docker :ps, "--filter", "name=^traefik$"
   end
 
-  def logs(since: nil, lines: nil, grep: nil)
+  def logs(since: nil, lines: nil, grep: nil, grep_options: nil)
     pipe \
       docker(:logs, "traefik", (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
-      ("grep '#{grep}'" if grep)
+      ("grep '#{grep}'#{" #{grep_options}" if grep_options}" if grep)
   end
 
-  def follow_logs(host:, grep: nil)
+  def follow_logs(host:, grep: nil, grep_options: nil)
     run_over_ssh pipe(
       docker(:logs, "traefik", "--timestamps", "--tail", "10", "--follow", "2>&1"),
-      (%(grep "#{grep}") if grep)
+      (%(grep "#{grep}"#{" #{grep_options}" if grep_options}) if grep)
     ).join(" "), host: host
   end
 
@@ -67,16 +54,6 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
     docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik"
   end
 
-  def port
-    "#{host_port}:#{CONTAINER_PORT}"
-  end
-
-  def env
-    Kamal::Configuration::Env.from_config \
-      config: config.traefik.fetch("env", {}),
-      secrets_file: File.join(config.host_env_directory, "traefik", "traefik.env")
-  end
-
   def make_env_directory
     make_directory(env.secrets_directory)
   end
@@ -87,7 +64,7 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
 
   private
     def publish_args
-      argumentize "--publish", port unless config.traefik["publish"] == false
+      argumentize "--publish", port if publish?
     end
 
     def label_args
@@ -98,27 +75,11 @@ class Kamal::Commands::Traefik < Kamal::Commands::Base
       env.args
     end
 
-    def labels
-      DEFAULT_LABELS.merge(config.traefik["labels"] || {})
-    end
-
-    def image
-      config.traefik.fetch("image") { DEFAULT_IMAGE }
-    end
-
     def docker_options_args
-      optionize(config.traefik["options"] || {})
+      optionize(options)
     end
 
     def cmd_option_args
-      if args = config.traefik["args"]
-        optionize DEFAULT_ARGS.merge(args), with: "="
-      else
-        optionize DEFAULT_ARGS, with: "="
-      end
-    end
-
-    def host_port
-      config.traefik["host_port"] || CONTAINER_PORT
+      optionize args, with: "="
     end
 end

data/lib/kamal/configuration/accessory.rb

@@ -1,30 +1,39 @@
 class Kamal::Configuration::Accessory
+  include Kamal::Configuration::Validation
+
   delegate :argumentize, :optionize, to: Kamal::Utils
 
-  attr_accessor :name, :specifics
+  attr_reader :name, :accessory_config, :env
 
   def initialize(name, config:)
-    @name, @config, @specifics = name.inquiry, config, config.raw_config["accessories"][name]
+    @name, @config, @accessory_config = name.inquiry, config, config.raw_config["accessories"][name]
+
+    validate! \
+      accessory_config,
+      example: validation_yml["accessories"]["mysql"],
+      context: "accessories/#{name}",
+      with: Kamal::Configuration::Validator::Accessory
+
+    @env = Kamal::Configuration::Env.new \
+      config: accessory_config.fetch("env", {}),
+      secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env"),
+      context: "accessories/#{name}/env"
   end
 
   def service_name
-    specifics["service"] || "#{config.service}-#{name}"
+    accessory_config["service"] || "#{config.service}-#{name}"
   end
 
   def image
-    specifics["image"]
+    accessory_config["image"]
   end
 
   def hosts
-    if (specifics.keys & [ "host", "hosts", "roles" ]).size != 1
-      raise ArgumentError, "Specify one of `host`, `hosts` or `roles` for accessory `#{name}`"
-    end
-
     hosts_from_host || hosts_from_hosts || hosts_from_roles
   end
 
   def port
-    if port = specifics["port"]&.to_s
+    if port = accessory_config["port"]&.to_s
       port.include?(":") ? port : "#{port}:#{port}"
     end
   end
@@ -34,32 +43,26 @@ class Kamal::Configuration::Accessory
   end
 
   def labels
-    default_labels.merge(specifics["labels"] || {})
+    default_labels.merge(accessory_config["labels"] || {})
   end
 
   def label_args
     argumentize "--label", labels
   end
 
-  def env
-    Kamal::Configuration::Env.from_config \
-      config: specifics.fetch("env", {}),
-      secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env")
-  end
-
   def env_args
     env.args
   end
 
   def files
-    specifics["files"]&.to_h do |local_to_remote_mapping|
+    accessory_config["files"]&.to_h do |local_to_remote_mapping|
       local_file, remote_file = local_to_remote_mapping.split(":")
       [ expand_local_file(local_file), expand_remote_file(remote_file) ]
     end || {}
   end
 
   def directories
-    specifics["directories"]&.to_h do |host_to_container_mapping|
+    accessory_config["directories"]&.to_h do |host_to_container_mapping|
       host_path, container_path = host_to_container_mapping.split(":")
       [ expand_host_path(host_path), container_path ]
     end || {}
@@ -74,7 +77,7 @@ class Kamal::Configuration::Accessory
   end
 
   def option_args
-    if args = specifics["options"]
+    if args = accessory_config["options"]
       optionize args
     else
       []
@@ -82,7 +85,7 @@ class Kamal::Configuration::Accessory
   end
 
   def cmd
-    specifics["cmd"]
+    accessory_config["cmd"]
   end
 
   private
@@ -116,18 +119,18 @@ class Kamal::Configuration::Accessory
     end
 
     def specific_volumes
-      specifics["volumes"] || []
+      accessory_config["volumes"] || []
     end
 
     def remote_files_as_volumes
-      specifics["files"]&.collect do |local_to_remote_mapping|
+      accessory_config["files"]&.collect do |local_to_remote_mapping|
         _, remote_file = local_to_remote_mapping.split(":")
         "#{service_data_directory + remote_file}:#{remote_file}"
       end || []
     end
 
     def remote_directories_as_volumes
-      specifics["directories"]&.collect do |host_to_container_mapping|
+      accessory_config["directories"]&.collect do |host_to_container_mapping|
         host_path, container_path = host_to_container_mapping.split(":")
         [ expand_host_path(host_path), container_path ].join(":")
       end || []
@@ -146,30 +149,16 @@ class Kamal::Configuration::Accessory
     end
 
     def hosts_from_host
-      if specifics.key?("host")
-        host = specifics["host"]
-        if host
-          [ host ]
-        else
-          raise ArgumentError, "Missing host for accessory `#{name}`"
-        end
-      end
+      [ accessory_config["host"] ] if accessory_config.key?("host")
     end
 
     def hosts_from_hosts
-      if specifics.key?("hosts")
-        hosts = specifics["hosts"]
-        if hosts.is_a?(Array)
-          hosts
-        else
-          raise ArgumentError, "Hosts should be an Array for accessory `#{name}`"
-        end
-      end
+      accessory_config["hosts"] if accessory_config.key?("hosts")
     end
 
     def hosts_from_roles
-      if specifics.key?("roles")
-        specifics["roles"].flat_map { |role| config.role(role).hosts }
+      if accessory_config.key?("roles")
+        accessory_config["roles"].flat_map { |role| config.role(role).hosts }
       end
     end
 end

data/lib/kamal/configuration/boot.rb

@@ -1,20 +1,25 @@
 class Kamal::Configuration::Boot
+  include Kamal::Configuration::Validation
+
+  attr_reader :boot_config, :host_count
+
   def initialize(config:)
-    @options = config.raw_config.boot || {}
+    @boot_config = config.raw_config.boot || {}
     @host_count = config.all_hosts.count
+    validate! boot_config
   end
 
   def limit
-    limit = @options["limit"]
+    limit = boot_config["limit"]
 
     if limit.to_s.end_with?("%")
-      [ @host_count * limit.to_i / 100, 1 ].max
+      [ host_count * limit.to_i / 100, 1 ].max
     else
       limit
     end
   end
 
   def wait
-    @options["wait"]
+    boot_config["wait"]
   end
 end

data/lib/kamal/configuration/builder.rb

@@ -1,67 +1,79 @@
 class Kamal::Configuration::Builder
+  include Kamal::Configuration::Validation
+
+  attr_reader :config, :builder_config
+  delegate :image, :service, to: :config
+  delegate :server, to: :"config.registry"
+
   def initialize(config:)
-    @options = config.raw_config.builder || {}
+    @config = config
+    @builder_config = config.raw_config.builder || {}
     @image = config.image
-    @server = config.registry["server"]
+    @server = config.registry.server
+    @service = config.service
 
-    valid?
+    validate! builder_config, with: Kamal::Configuration::Validator::Builder
   end
 
   def to_h
-    @options
+    builder_config
   end
 
   def multiarch?
-    @options["multiarch"] != false
+    builder_config["multiarch"] != false
   end
 
   def local?
-    !!@options["local"]
+    !!builder_config["local"]
   end
 
   def remote?
-    !!@options["remote"]
+    !!builder_config["remote"]
   end
 
   def cached?
-    !!@options["cache"]
+    !!builder_config["cache"]
   end
 
   def args
-    @options["args"] || {}
+    builder_config["args"] || {}
   end
 
   def secrets
-    @options["secrets"] || []
+    builder_config["secrets"] || []
   end
 
   def dockerfile
-    @options["dockerfile"] || "Dockerfile"
+    builder_config["dockerfile"] || "Dockerfile"
+  end
+
+  def target
+    builder_config["target"]
   end
 
   def context
-    @options["context"] || (git_archive? ? "-" : ".")
+    builder_config["context"] || "."
   end
 
   def local_arch
-    @options["local"]["arch"] if local?
+    builder_config["local"]["arch"] if local?
   end
 
   def local_host
-    @options["local"]["host"] if local?
+    builder_config["local"]["host"] if local?
   end
 
   def remote_arch
-    @options["remote"]["arch"] if remote?
+    builder_config["remote"]["arch"] if remote?
   end
 
   def remote_host
-    @options["remote"]["host"] if remote?
+    builder_config["remote"]["host"] if remote?
   end
 
   def cache_from
     if cached?
-      case @options["cache"]["type"]
+      case builder_config["cache"]["type"]
       when "gha"
         cache_from_config_for_gha
       when "registry"
@@ -72,7 +84,7 @@ class Kamal::Configuration::Builder
 
   def cache_to
     if cached?
-      case @options["cache"]["type"]
+      case builder_config["cache"]["type"]
       when "gha"
         cache_to_config_for_gha
       when "registry"
@@ -82,26 +94,33 @@ class Kamal::Configuration::Builder
   end
 
   def ssh
-    @options["ssh"]
+    builder_config["ssh"]
   end
 
-  def git_archive?
-    Kamal::Git.used? && @options["context"].nil?
+  def git_clone?
+    Kamal::Git.used? && builder_config["context"].nil?
   end
 
-  private
-    def valid?
-      if @options["cache"] && @options["cache"]["type"]
-        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
+  def clone_directory
+    @clone_directory ||= File.join Dir.tmpdir, "kamal-clones", [ service, pwd_sha ].compact.join("-")
+  end
+
+  def build_directory
+    @build_directory ||=
+      if git_clone?
+        File.join clone_directory, repo_basename, repo_relative_pwd
+      else
+        "."
       end
-    end
+  end
 
+  private
     def cache_image
-      @options["cache"]&.fetch("image", nil) || "#{@image}-build-cache"
+      builder_config["cache"]&.fetch("image", nil) || "#{image}-build-cache"
     end
 
     def cache_image_ref
-      [ @server, cache_image ].compact.join("/")
+      [ server, cache_image ].compact.join("/")
     end
 
     def cache_from_config_for_gha
@@ -113,10 +132,22 @@ class Kamal::Configuration::Builder
     end
 
     def cache_to_config_for_gha
-      [ "type=gha", @options["cache"]&.fetch("options", nil) ].compact.join(",")
+      [ "type=gha", builder_config["cache"]&.fetch("options", nil) ].compact.join(",")
     end
 
     def cache_to_config_for_registry
-      [ "type=registry", @options["cache"]&.fetch("options", nil), "ref=#{cache_image_ref}" ].compact.join(",")
+      [ "type=registry", builder_config["cache"]&.fetch("options", nil), "ref=#{cache_image_ref}" ].compact.join(",")
+    end
+
+    def repo_basename
+      File.basename(Kamal::Git.root)
+    end
+
+    def repo_relative_pwd
+      Dir.pwd.delete_prefix(Kamal::Git.root)
+    end
+
+    def pwd_sha
+      Digest::SHA256.hexdigest(Dir.pwd)[0..12]
     end
 end

data/lib/kamal/configuration/docs/accessory.yml

@@ -0,0 +1,90 @@
+# Accessories
+#
+# Accessories can be booted on a single host, a list of hosts, or on specific roles.
+# The hosts do not need to be defined in the Kamal servers configuration.
+#
+# Accessories are managed separately from the main service - they are not updated
+# when you deploy and they do not have zero-downtime deployments.
+#
+# Run `kamal accessory boot <accessory>` to boot an accessory.
+# See `kamal accessory --help` for more information.
+
+# Configuring accessories
+#
+# First define the accessory in the `accessories`
+accessories:
+  mysql:
+
+    # Service name
+    #
+    # This is used in the service label and defaults to `<service>-<accessory>`
+    # where `<service>` is the main service name from the root configuration
+    service: mysql
+
+    # Image
+    #
+    # The Docker image to use, prefix with a registry if not using Docker hub
+    image: mysql:8.0
+
+    # Accessory hosts
+    #
+    # Specify one  of `host`, `hosts` or `roles`
+    host: mysql-db1
+    hosts:
+      - mysql-db1
+      - mysql-db2
+    roles:
+      - mysql
+
+    # Custom command
+    #
+    # You can set a custom command to run in the container, if you do not want to use the default
+    cmd: "bin/mysqld"
+
+    # Port mappings
+    #
+    # See https://docs.docker.com/network/, especially note the warning about the security
+    # implications of exposing ports publicly.
+    port: "127.0.0.1:3306:3306"
+
+    # Labels
+    labels:
+      app: myapp
+
+    # Options
+    # These are passed to the Docker run command in the form `--<name> <value>`
+    options:
+      restart: always
+      cpus: 2
+
+    # Environment variables
+    # See kamal docs env for more information
+    env:
+      ...
+
+    # Copying files
+    #
+    # You can specify files to mount into the container.
+    # The format is `local:remote` where `local` is the path to the file on the local machine
+    # and `remote` is the path to the file in the container.
+    #
+    # They will be uploaded from the local repo to the host and then mounted.
+    #
+    # ERB files will be evaluated before being copied.
+    files:
+      - config/my.cnf.erb:/etc/mysql/my.cnf
+      - config/myoptions.cnf:/etc/mysql/myoptions.cnf
+
+    # Directories
+    #
+    # You can specify directories to mount into the container. They will be created on the host
+    # before being mounted
+    directories:
+      - mysql-logs:/var/log/mysql
+
+    # Volumes
+    #
+    # Any other volumes to mount, in addition to the files and directories.
+    # They are not created or copied before mounting
+    volumes:
+      - /path/to/mysql-logs:/var/log/mysql

data/lib/kamal/configuration/docs/boot.yml

@@ -0,0 +1,19 @@
+# Booting
+#
+# When deploying to large numbers of hosts, you might prefer not to restart your services on every host at the same time.
+#
+# Kamal’s default is to boot new containers on all hosts in parallel. But you can control this with the boot configuration.
+
+# Fixed group sizes
+#
+# Here we boot 2 hosts at a time with a 10 second gap between each group.
+boot:
+  limit: 2
+  wait: 10
+
+# Percentage of hosts
+#
+# Here we boot 25% of the hosts at a time with a 2 second gap between each group.
+boot:
+  limit: 25%
+  wait: 2

data/lib/kamal/configuration/docs/builder.yml

@@ -0,0 +1,107 @@
+# Builder
+#
+# The builder configuration controls how the application is built with `docker build` or `docker buildx build`
+#
+# If no configuration is specified, Kamal will:
+# 1. Create a buildx context called `kamal-<service>-multiarch`
+# 2. Use `docker buildx build` to build a multiarch image for linux/amd64,linux/arm64 with that context
+#
+# See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information
+
+# Builder options
+#
+# Options go under the builder key in the root configuration.
+builder:
+
+  # Multiarch
+  #
+  # Enables multiarch builds, defaults to `true`
+  multiarch: false
+
+  # Local configuration
+  #
+  # The build configuration for local builds, only used if multiarch is enabled (the default)
+  #
+  # If there is no remote configuration, by default we build for amd64 and arm64.
+  # If you only want to build for one architecture, you can specify it here.
+  # The docker socket is optional and uses the default docker host socket when not specified
+  local:
+    arch: amd64
+    host: /var/run/docker.sock
+
+  # Remote configuration
+  #
+  # The build configuration for remote builds, also only used if multiarch is enabled.
+  # The arch is required and can be either amd64 or arm64.
+  remote:
+    arch: arm64
+    host: ssh://docker@docker-builder
+
+  # Builder cache
+  #
+  # The type must be either 'gha' or 'registry'
+  #
+  # The image is only used for registry cache
+  cache:
+    type: registry
+    options: mode=max
+    image: kamal-app-build-cache
+
+  # Build context
+  #
+  # If this is not set, then a local git clone of the repo is used.
+  # This ensures a clean build with no uncommitted changes.
+  #
+  # To use the local checkout instead you can set the context to `.`, or a path to another directory.
+  context: .
+
+  # Dockerfile
+  #
+  # The Dockerfile to use for building, defaults to `Dockerfile`
+  dockerfile: Dockerfile.production
+
+  # Build target
+  #
+  # If not set, then the default target is used
+  target: production
+
+  # Build Arguments
+  #
+  # Any additional build arguments, passed to `docker build` with `--build-arg <key>=<value>`
+  args:
+    ENVIRONMENT: production
+
+  # Referencing build arguments
+  #
+  # ```shell
+  # ARG RUBY_VERSION
+  # FROM ruby:$RUBY_VERSION-slim as base
+  # ```
+
+  # Build secrets
+  #
+  # Values are read from the environment.
+  #
+  secrets:
+    - SECRET1
+    - SECRET2
+
+  # Referencing Build Secrets
+  #
+  # ```shell
+  # # Copy Gemfiles
+  # COPY Gemfile Gemfile.lock ./
+  #
+  # # Install dependencies, including private repositories via access token
+  # # Then remove bundle cache with exposed GITHUB_TOKEN)
+  # RUN --mount=type=secret,id=GITHUB_TOKEN \
+  #   BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \
+  #   bundle install && \
+  #   rm -rf /usr/local/bundle/cache
+  # ```
+
+
+  # SSH
+  #
+  # SSH agent socket or keys to expose to the build
+  ssh: default=$SSH_AUTH_SOCK