kamal 2.0.0.alpha → 2.0.0.beta1

data/lib/kamal/commands/app/assets.rb

@@ -3,18 +3,18 @@ module Kamal::Commands::App::Assets
     asset_container = "#{role.container_prefix}-assets"
 
     combine \
-      make_directory(role.asset_extracted_path),
+      make_directory(role.asset_extracted_directory),
       [ *docker(:stop, "-t 1", asset_container, "2> /dev/null"), "|| true" ],
-      docker(:run, "--name", asset_container, "--detach", "--rm", config.absolute_image, "sleep 1000000"),
-      docker(:cp, "-L", "#{asset_container}:#{role.asset_path}/.", role.asset_extracted_path),
+      docker(:run, "--name", asset_container, "--detach", "--rm", "--entrypoint", "sleep", config.absolute_image, "1000000"),
+      docker(:cp, "-L", "#{asset_container}:#{role.asset_path}/.", role.asset_extracted_directory),
       docker(:stop, "-t 1", asset_container),
       by: "&&"
   end
 
   def sync_asset_volumes(old_version: nil)
-    new_extracted_path, new_volume_path = role.asset_extracted_path(config.version), role.asset_volume.host_path
+    new_extracted_path, new_volume_path = role.asset_extracted_directory(config.version), role.asset_volume.host_path
     if old_version.present?
-      old_extracted_path, old_volume_path = role.asset_extracted_path(old_version), role.asset_volume(old_version).host_path
+      old_extracted_path, old_volume_path = role.asset_extracted_directory(old_version), role.asset_volume(old_version).host_path
     end
 
     commands = [ make_directory(new_volume_path), copy_contents(new_extracted_path, new_volume_path) ]
@@ -29,8 +29,8 @@ module Kamal::Commands::App::Assets
 
   def clean_up_assets
     chain \
-      find_and_remove_older_siblings(role.asset_extracted_path),
-      find_and_remove_older_siblings(role.asset_volume_path)
+      find_and_remove_older_siblings(role.asset_extracted_directory),
+      find_and_remove_older_siblings(role.asset_volume_directory)
   end
 
   private
@@ -39,7 +39,7 @@ module Kamal::Commands::App::Assets
         :find,
         Pathname.new(path).dirname.to_s,
         "-maxdepth 1",
-        "-name", "'#{role.container_prefix}-*'",
+        "-name", "'#{role.name}-*'",
         "!", "-name", Pathname.new(path).basename.to_s,
         "-exec rm -rf \"{}\" +"
       ]

data/lib/kamal/commands/app/proxy.rb

@@ -0,0 +1,16 @@
+module Kamal::Commands::App::Proxy
+  delegate :proxy_container_name, to: :config
+
+  def deploy(target:)
+    proxy_exec :deploy, role.container_prefix, *role.proxy.deploy_command_args(target: target)
+  end
+
+  def remove(target:)
+    proxy_exec :remove, role.container_prefix, *role.proxy.remove_command_args(target: target)
+  end
+
+  private
+    def proxy_exec(*command)
+      docker :exec, proxy_container_name, "kamal-proxy", *command
+    end
+end

data/lib/kamal/commands/app.rb

@@ -1,10 +1,12 @@
 class Kamal::Commands::App < Kamal::Commands::Base
-  include Assets, Containers, Cord, Execution, Images, Logging
+  include Assets, Containers, Execution, Images, Logging, Proxy
 
   ACTIVE_DOCKER_STATUSES = [ :running, :restarting ]
 
   attr_reader :role, :host
 
+  delegate :container_name, to: :role
+
   def initialize(config, role: nil, host: nil)
     super(config)
     @role = role
@@ -16,11 +18,11 @@ class Kamal::Commands::App < Kamal::Commands::Base
       "--detach",
       "--restart unless-stopped",
       "--name", container_name,
+      "--network", "kamal",
       *([ "--hostname", hostname ] if hostname),
       "-e", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
       "-e", "KAMAL_VERSION=\"#{config.version}\"",
       *role.env_args(host),
-      *role.health_check_args,
       *role.logging_args,
       *config.volume_args,
       *role.asset_volume_args,
@@ -41,7 +43,7 @@ class Kamal::Commands::App < Kamal::Commands::Base
   def stop(version: nil)
     pipe \
       version ? container_id_for_version(version) : current_running_container_id,
-      xargs(config.stop_wait_time ? docker(:stop, "-t", config.stop_wait_time) : docker(:stop))
+      xargs(docker(:stop, *role.stop_args))
   end
 
   def info
@@ -69,21 +71,11 @@ class Kamal::Commands::App < Kamal::Commands::Base
       extract_version_from_name
   end
 
-
-  def make_env_directory
-    make_directory role.env(host).secrets_directory
-  end
-
-  def remove_env_file
-    [ :rm, "-f", role.env(host).secrets_file ]
+  def ensure_env_directory
+    make_directory role.env_directory
   end
 
-
   private
-    def container_name(version = nil)
-      [ role.container_prefix, version || config.version ].compact.join("-")
-    end
-
     def latest_image_id
       docker :image, :ls, *argumentize("--filter", "reference=#{config.latest_image}"), "--format", "'{{.ID}}'"
     end

data/lib/kamal/commands/auditor.rb

@@ -8,9 +8,12 @@ class Kamal::Commands::Auditor < Kamal::Commands::Base
 
   # Runs remotely
   def record(line, **details)
-    append \
-      [ :echo, audit_tags(**details).except(:version, :service_version, :service).to_s, line ],
-      audit_log_file
+    combine \
+      [ :mkdir, "-p", config.run_directory ],
+      append(
+        [ :echo, audit_tags(**details).except(:version, :service_version, :service).to_s, line ],
+        audit_log_file
+      )
   end
 
   def reveal

data/lib/kamal/commands/base.rb

@@ -37,6 +37,10 @@ module Kamal::Commands
       [ :rm, "-r", path ]
     end
 
+    def remove_file(path)
+      [ :rm, path ]
+    end
+
     private
       def combine(*commands, by: "&&")
         commands
@@ -81,6 +85,10 @@ module Kamal::Commands
         [ :git, *([ "-C", path ] if path), *args.compact ]
       end
 
+      def grep(*args)
+        args.compact.unshift :grep
+      end
+
       def tags(**details)
         Kamal::Tags.from_config(config, **details)
       end

data/lib/kamal/commands/builder/base.rb

@@ -32,7 +32,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
       docker(:buildx, :ls)
   end
 
-  def buildx_inspect
+  def inspect_builder
     docker :buildx, :inspect, builder_name unless docker_driver?
   end
 
@@ -78,7 +78,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
     end
 
     def build_secrets
-      argumentize "--secret", secrets.collect { |secret| [ "id", secret ] }
+      argumentize "--secret", secrets.keys.collect { |secret| [ "id", secret ] }
     end
 
     def build_dockerfile
@@ -101,10 +101,6 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
       config.builder
     end
 
-    def context_host(builder_name)
-      docker :context, :inspect, builder_name, "--format", ENDPOINT_DOCKER_HOST_INSPECT
-    end
-
     def platform_options(arches)
       argumentize "--platform", arches.map { |arch| "linux/#{arch}" }.join(",") if arches.any?
     end

data/lib/kamal/commands/builder/hybrid.rb

@@ -16,6 +16,6 @@ class Kamal::Commands::Builder::Hybrid < Kamal::Commands::Builder::Remote
     end
 
     def append_remote_buildx
-      docker :buildx, :create, *platform_options(remote_arches), "--append", "--name", builder_name, builder_name
+      docker :buildx, :create, *platform_options(remote_arches), "--append", "--name", builder_name, remote_context_name
     end
 end

data/lib/kamal/commands/builder/remote.rb

@@ -17,21 +17,44 @@ class Kamal::Commands::Builder::Remote < Kamal::Commands::Builder::Base
       docker(:buildx, :ls)
   end
 
+  def inspect_builder
+    combine \
+      combine inspect_buildx, inspect_remote_context,
+      [ "(echo no compatible builder && exit 1)" ],
+      by: "||"
+  end
+
   private
     def builder_name
-      "kamal-remote-#{driver}-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
+      "kamal-remote-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
+    end
+
+    def remote_context_name
+      "#{builder_name}-context"
+    end
+
+    def inspect_buildx
+      pipe \
+        docker(:buildx, :inspect, builder_name),
+        grep("-q", "Endpoint:.*#{remote_context_name}")
+    end
+
+    def inspect_remote_context
+      pipe \
+        docker(:context, :inspect, remote_context_name, "--format", ENDPOINT_DOCKER_HOST_INSPECT),
+        grep("-xq", remote)
     end
 
     def create_remote_context
-      docker :context, :create, builder_name, "--description", "'#{builder_name} host'", "--docker", "'host=#{remote}'"
+      docker :context, :create, remote_context_name, "--description", "'#{builder_name} host'", "--docker", "'host=#{remote}'"
     end
 
     def remove_remote_context
-      docker :context, :rm, builder_name
+      docker :context, :rm, remote_context_name
     end
 
     def create_buildx
-      docker :buildx, :create, "--name", builder_name, builder_name
+      docker :buildx, :create, "--name", builder_name, remote_context_name
     end
 
     def remove_buildx

data/lib/kamal/commands/builder.rb

@@ -1,7 +1,7 @@
 require "active_support/core_ext/string/filters"
 
 class Kamal::Commands::Builder < Kamal::Commands::Base
-  delegate :create, :remove, :push, :clean, :pull, :info, :buildx_inspect, :validate_image, :first_mirror, to: :target
+  delegate :create, :remove, :push, :clean, :pull, :info, :inspect_builder, :validate_image, :first_mirror, to: :target
   delegate :local?, :remote?, to: "config.builder"
 
   include Clone

data/lib/kamal/commands/docker.rb

@@ -19,6 +19,10 @@ class Kamal::Commands::Docker < Kamal::Commands::Base
     [ '[ "${EUID:-$(id -u)}" -eq 0 ] || command -v sudo >/dev/null || command -v su >/dev/null' ]
   end
 
+  def create_network
+    docker :network, :create, :kamal
+  end
+
   private
     def get_docker
       shell \

data/lib/kamal/commands/hook.rb

@@ -1,6 +1,9 @@
 class Kamal::Commands::Hook < Kamal::Commands::Base
-  def run(hook, **details)
-    [ hook_file(hook), env: tags(**details).env ]
+  def run(hook, secrets: false, **details)
+    env = tags(**details).env
+    env.merge!(config.secrets.to_h) if secrets
+
+    [ hook_file(hook), env: env ]
   end
 
   def hook_exists?(hook)

data/lib/kamal/commands/lock.rb

@@ -44,14 +44,10 @@ class Kamal::Commands::Lock < Kamal::Commands::Base
         "/dev/null"
     end
 
-    def locks_dir
-      File.join(config.run_directory, "locks")
-    end
-
     def lock_dir
-      dir_name = [ config.service, config.destination ].compact.join("-")
+      dir_name = [ "lock", config.service, config.destination ].compact.join("-")
 
-      File.join(locks_dir, dir_name)
+      File.join(config.run_directory, dir_name)
     end
 
     def lock_details_file

data/lib/kamal/commands/proxy.rb

@@ -0,0 +1,77 @@
+class Kamal::Commands::Proxy < Kamal::Commands::Base
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  def run
+    docker :run,
+      "--name", container_name,
+      "--network", "kamal",
+      "--detach",
+      "--restart", "unless-stopped",
+      *config.proxy_publish_args,
+      "--volume", "/var/run/docker.sock:/var/run/docker.sock",
+      *config.proxy_config_volume.docker_args,
+      *config.logging_args,
+      config.proxy_image
+  end
+
+  def start
+    docker :container, :start, container_name
+  end
+
+  def stop(name: container_name)
+    docker :container, :stop, name
+  end
+
+  def start_or_run
+    combine start, run, by: "||"
+  end
+
+  def info
+    docker :ps, "--filter", "name=^#{container_name}$"
+  end
+
+  def version
+    pipe \
+      docker(:inspect, container_name, "--format '{{.Config.Image}}'"),
+      [ :cut, "-d:", "-f2" ]
+  end
+
+  def logs(since: nil, lines: nil, grep: nil, grep_options: nil)
+    pipe \
+      docker(:logs, container_name, (" --since #{since}" if since), (" --tail #{lines}" if lines), "--timestamps", "2>&1"),
+      ("grep '#{grep}'#{" #{grep_options}" if grep_options}" if grep)
+  end
+
+  def follow_logs(host:, grep: nil, grep_options: nil)
+    run_over_ssh pipe(
+      docker(:logs, container_name, "--timestamps", "--tail", "10", "--follow", "2>&1"),
+      (%(grep "#{grep}"#{" #{grep_options}" if grep_options}) if grep)
+    ).join(" "), host: host
+  end
+
+  def remove_container
+    docker :container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=kamal-proxy"
+  end
+
+  def remove_image
+    docker :image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=kamal-proxy"
+  end
+
+  def remove_host_directory
+    remove_directory config.proxy_directory
+  end
+
+  def cleanup_traefik
+    chain \
+      docker(:container, :stop, "traefik"),
+      combine(
+        docker(:container, :prune, "--force", "--filter", "label=org.opencontainers.image.title=Traefik"),
+        docker(:image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik")
+      )
+  end
+
+  private
+    def container_name
+      config.proxy_container_name
+    end
+end

data/lib/kamal/commands/prune.rb

@@ -9,7 +9,7 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
   def tagged_images
     pipe \
       docker(:image, :ls, *service_filter, "--format", "'{{.ID}} {{.Repository}}:{{.Tag}}'"),
-      "grep -v -w \"#{active_image_list}\"",
+      grep("-v -w \"#{active_image_list}\""),
       "while read image tag; do docker rmi $tag; done"
   end
 
@@ -20,10 +20,6 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
       "while read container_id; do docker rm $container_id; done"
   end
 
-  def healthcheck_containers
-    docker :container, :prune, "--force", *healthcheck_service_filter
-  end
-
   private
     def stopped_containers_filters
       [ "created", "exited", "dead" ].flat_map { |status| [ "--filter", "status=#{status}" ] }
@@ -39,8 +35,4 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
     def service_filter
       [ "--filter", "label=service=#{config.service}" ]
     end
-
-    def healthcheck_service_filter
-      [ "--filter", "label=service=#{config.healthcheck_service}" ]
-    end
 end

data/lib/kamal/commands/server.rb

@@ -1,5 +1,15 @@
 class Kamal::Commands::Server < Kamal::Commands::Base
   def ensure_run_directory
-    [ :mkdir, "-p", config.run_directory ]
+    make_directory config.run_directory
+  end
+
+  def remove_app_directory
+    remove_directory config.app_directory
+  end
+
+  def app_directory_count
+    pipe \
+      [ :ls, config.apps_directory ],
+      [ :wc, "-l" ]
   end
 end

data/lib/kamal/configuration/accessory.rb

@@ -16,7 +16,7 @@ class Kamal::Configuration::Accessory
 
     @env = Kamal::Configuration::Env.new \
       config: accessory_config.fetch("env", {}),
-      secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env"),
+      secrets: config.secrets,
       context: "accessories/#{name}/env"
   end
 
@@ -51,7 +51,19 @@ class Kamal::Configuration::Accessory
   end
 
   def env_args
-    env.args
+    [ *env.clear_args, *argumentize("--env-file", secrets_path) ]
+  end
+
+  def env_directory
+    File.join(config.env_directory, "accessories")
+  end
+
+  def secrets_io
+    env.secrets_io
+  end
+
+  def secrets_path
+    File.join(config.env_directory, "accessories", "#{name}.env")
   end
 
   def files

data/lib/kamal/configuration/builder.rb

@@ -28,7 +28,9 @@ class Kamal::Configuration::Builder
   end
 
   def local_arches
-    @local_arches ||= if remote
+    @local_arches ||= if local_disabled?
+      []
+    elsif remote
       arches & [ Kamal::Utils.docker_arch ]
     else
       arches
@@ -48,7 +50,7 @@ class Kamal::Configuration::Builder
   end
 
   def local?
-    arches.empty? || local_arches.any?
+    !local_disabled? && (arches.empty? || local_arches.any?)
   end
 
   def cached?
@@ -60,7 +62,7 @@ class Kamal::Configuration::Builder
   end
 
   def secrets
-    builder_config["secrets"] || []
+    (builder_config["secrets"] || []).to_h { |key| [ key, config.secrets[key] ] }
   end
 
   def dockerfile
@@ -79,6 +81,10 @@ class Kamal::Configuration::Builder
     builder_config.fetch("driver", "docker-container")
   end
 
+  def local_disabled?
+    builder_config["local"] == false
+  end
+
   def cache_from
     if cached?
       case builder_config["cache"]["type"]

data/lib/kamal/configuration/docs/builder.yml

@@ -12,24 +12,29 @@
 #
 # Options go under the builder key in the root configuration.
 builder:
-  # Driver
-  #
-  # The build driver to use, defaults to `docker-container`
-  driver: docker
 
   # Arch
   #
-  # The architectures to build for, defaults to `[ amd64, arm64 ]`
-  # Unless you are using the docker driver, when it defaults to the local architecture
-  # You can set an array or just a single value
+  # The architectures to build for - you can set an array or just a single value.
+  #
+  # Allowed values are `amd64` and `arm64`
   arch:
     - amd64
 
-  # Remote configuration
+  # Remote
   #
-  # If you have a remote builder, you can configure it here
+  # The connection string for a remote builder. If supplied Kamal will use this
+  # for builds that do not match the local architecture of the deployment host.
   remote: ssh://docker@docker-builder
 
+  # Local
+  #
+  # If set to false, Kamal will always use the remote builder even when building
+  # the local architecture.
+  #
+  # Defaults to true
+  local: true
+
   # Builder cache
   #
   # The type must be either 'gha' or 'registry'
@@ -73,7 +78,7 @@ builder:
 
   # Build secrets
   #
-  # Values are read from the environment.
+  # Values are read from the .kamal/secrets.
   #
   secrets:
     - SECRET1
@@ -98,3 +103,8 @@ builder:
   #
   # SSH agent socket or keys to expose to the build
   ssh: default=$SSH_AUTH_SOCK
+
+  # Driver
+  #
+  # The build driver to use, defaults to `docker-container`
+  driver: docker

data/lib/kamal/configuration/docs/configuration.yml

@@ -70,7 +70,7 @@ env:
 # volume containing both sets of files.
 # This requires that file names change when the contents change
 # (e.g. by including a hash of the contents in the name).
-
+#
 # To configure this, set the path to the assets:
 asset_path: /path/to/assets
 
@@ -93,11 +93,6 @@ primary_role: workers
 # Whether roles with no servers are allowed. Defaults to `false`.
 allow_empty_roles: false
 
-# Stop wait time
-#
-# How long we wait for a container to stop before killing it, defaults to 30 seconds
-stop_wait_time: 60
-
 # Retain containers
 #
 # How many old containers and images we retain, defaults to 5
@@ -111,9 +106,20 @@ minimum_version: 1.3.0
 # Readiness delay
 #
 # Seconds to wait for a container to boot after is running, default 7
-# This only applies to containers that do not specify a healthcheck
+#
+# This only applies to containers that do not run a proxy or specify a healthcheck
 readiness_delay: 4
 
+# Deploy timeout
+#
+# How long to wait for a container to become ready, default 30
+deploy_timeout: 10
+
+# Drain timeout
+#
+# How long to wait for a containers to drain, default 30
+drain_timeout: 10
+
 # Run directory
 #
 # Directory to store kamal runtime files in on the host, default `.kamal`
@@ -137,10 +143,10 @@ builder:
 accessories:
   ...
 
-# Traefik
+# Proxy
 #
-# The Traefik proxy is used for zero-downtime deployments, see kamal docs traefik
-traefik:
+# Configuration for kamal-proxy, see kamal docs proxy
+proxy:
   ...
 
 # SSHKit
@@ -155,12 +161,6 @@ sshkit:
 boot:
   ...
 
-# Healthcheck
-#
-# Configuring healthcheck commands, intervals and timeouts, see kamal docs healthcheck
-healthcheck:
-  ...
-
 # Logging
 #
 # Docker logging configuration, see kamal docs logging

data/lib/kamal/configuration/docs/env.yml

@@ -1,7 +1,7 @@
 # Environment variables
 #
-# Environment variables can be set directory in the Kamal configuration or
-# for loaded from a .env file, for secrets that should not be checked into Git.
+# Environment variables can be set directly in the Kamal configuration or
+# read from .kamal/secrets.
 
 # Reading environment variables from the configuration
 #
@@ -12,26 +12,25 @@ env:
   DATABASE_HOST: mysql-db1
   DATABASE_PORT: 3306
 
-# Using .env file to load required environment variables
+# Using .kamal/secrets file to load required environment variables
 #
-# Kamal uses dotenv to automatically load environment variables set in the .env file present
-# in the application root.
+# Kamal uses dotenv to automatically load environment variables set in the .kamal/secrets file.
 #
 # This file can be used to set variables like KAMAL_REGISTRY_PASSWORD or database passwords.
-# But for this reason you must ensure that .env files are not checked into Git or included
-# in your Dockerfile! The format is just key-value like:
+# You can use variable or command substitution in the secrets file.
+#
 # ```
-# KAMAL_REGISTRY_PASSWORD=pw
-# DB_PASSWORD=secret123
+# KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
+# RAILS_MASTER_KEY=$(cat config/master.key)
 # ```
-# See https://kamal-deploy.org/docs/commands/envify/ for how to use generated .env files.
+#
+# If you store secrets directly in .kamal/secrets, ensure that it is not checked into version control.
 #
 # To pass the secrets you should list them under the `secret` key. When you do this the
 # other variables need to be moved under the `clear` key.
 #
 # Unlike clear values, secrets are not passed directly to the container,
 # but are stored in an env file on the host
-# The file is not updated when deploying, only when running `kamal envify` or `kamal env push`.
 env:
   clear:
     DB_USER: app