kamal 2.6.1 → 2.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2aa9cdc20d3b482b18687564bd8f45383a771d256153b69213923215ba94ebce
-  data.tar.gz: b2b617c75e5b3324916f49f40e1ab1dac43186de0568000bb768eca2d21a38cf
+  metadata.gz: 80ba6d51041312c99d659a1bfaac13bfa0ed7d1e758bde65e5475c0e51d88238
+  data.tar.gz: f0cc94a905da2cfb5dcf4f5d9ead2194df1b0ed46fd3b8671a59bfc333b10fbf
 SHA512:
-  metadata.gz: 9f6a7b11fd418414669e0477c9d3c3a30e9bbd39433ccc68e85df7bba9f97f96361168a1d780740321fdff1211ecd4c13262377759d25f88f37c2964d858789a
-  data.tar.gz: bafc9d379a59dc332f3e3f0a079d76db96a433742b3b17eb72b3b90dd28e37067d9f6d8db6c18af29723020bbc0aa53e49bacb203bdba76f6cee839379f886d2
+  metadata.gz: e33ddb40f46e587364d9121bbd2f2d829beddeb956f4bf1d8399e5ac835285180914f51e1365bee96ec4b82a02c0e88df8ff513a68bf95e44a8dc7e0ce081509
+  data.tar.gz: 8a0b1a90bbacd96d072cbbe5cec3371e5f7fe6d213cfa5dac3203f6d4ef02fadbddd1e3458909f3051adcd9218d69d6edb5b193f86fca6fac28b49b00bd2dd91

data/lib/kamal/cli/accessory.rb

@@ -24,11 +24,11 @@ class Kamal::Cli::Accessory < Kamal::Cli::Base
           directories(name)
           upload(name)
 
-          on(hosts) do
+          on(hosts) do |host|
             execute *KAMAL.auditor.record("Booted #{name} accessory"), verbosity: :debug
             execute *accessory.ensure_env_directory
             upload! accessory.secrets_io, accessory.secrets_path, mode: "0600"
-            execute *accessory.run
+            execute *accessory.run(host: host)
 
             if accessory.running_proxy?
               target = capture_with_info(*accessory.container_id_for(container_name: accessory.service_name, only_running: true)).strip
@@ -77,6 +77,7 @@ class Kamal::Cli::Accessory < Kamal::Cli::Base
         KAMAL.accessory_names.each { |accessory_name| reboot(accessory_name) }
       else
         prepare(name)
+        pull_image(name)
         stop(name)
         remove_container(name)
         boot(name, prepare: false)
@@ -203,6 +204,18 @@ class Kamal::Cli::Accessory < Kamal::Cli::Base
     end
   end
 
+  desc "pull_image [NAME]", "Pull accessory image on host", hide: true
+  def pull_image(name)
+    with_lock do
+      with_accessory(name) do |accessory, hosts|
+        on(hosts) do
+          execute *KAMAL.auditor.record("Pull #{name} accessory image"), verbosity: :debug
+          execute *accessory.pull_image
+        end
+      end
+    end
+  end
+
   desc "remove [NAME]", "Remove accessory container, image and data directory from host (use NAME=all to remove all accessories)"
   option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
   def remove(name)

data/lib/kamal/cli/app/ssl_certificates.rb

@@ -0,0 +1,28 @@
+class Kamal::Cli::App::SslCertificates
+  attr_reader :host, :role, :sshkit
+  delegate :execute, :info, :upload!, to: :sshkit
+
+  def initialize(host, role, sshkit)
+    @host = host
+    @role = role
+    @sshkit = sshkit
+  end
+
+  def run
+    if role.running_proxy? && role.proxy.custom_ssl_certificate?
+      info "Writing SSL certificates for #{role.name} on #{host}"
+      execute *app.create_ssl_directory
+      if cert_content = role.proxy.certificate_pem_content
+        upload!(StringIO.new(cert_content), role.proxy.host_tls_cert, mode: "0644")
+      end
+      if key_content = role.proxy.private_key_pem_content
+        upload!(StringIO.new(key_content), role.proxy.host_tls_key, mode: "0644")
+      end
+    end
+  end
+
+  private
+    def app
+      @app ||= KAMAL.app(role: role, host: host)
+    end
+end

data/lib/kamal/cli/app.rb

@@ -12,6 +12,7 @@ class Kamal::Cli::App < Kamal::Cli::Base
 
           KAMAL.roles_on(host).each do |role|
             Kamal::Cli::App::Assets.new(host, role, self).run
+            Kamal::Cli::App::SslCertificates.new(host, role, self).run
           end
         end
 

data/lib/kamal/cli/build.rb

@@ -11,6 +11,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
   desc "push", "Build and push app image to registry"
   option :output, type: :string, default: "registry", banner: "export_type", desc: "Exported type for the build result, and may be any exported type supported by 'buildx --output'."
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def push
     cli = self
 
@@ -19,7 +20,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
     pre_connect_if_required
 
     ensure_docker_installed
-    login_to_registry_locally
+    login_to_registry_locally if KAMAL.builder.login_to_registry_locally?
 
     run_hook "pre-build"
 
@@ -56,10 +57,10 @@ class Kamal::Cli::Build < Kamal::Cli::Base
         end
 
         # Get the command here to ensure the Dir.chdir doesn't interfere with it
-        push = KAMAL.builder.push(cli.options[:output])
+        push = KAMAL.builder.push(cli.options[:output], no_cache: cli.options[:no_cache])
 
         KAMAL.with_verbosity(:debug) do
-          Dir.chdir(KAMAL.config.builder.build_directory) { execute *push }
+          Dir.chdir(KAMAL.config.builder.build_directory) { execute *push, env: KAMAL.builder.push_env }
         end
       end
     end
@@ -67,16 +68,18 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
   desc "pull", "Pull app image from registry onto servers"
   def pull
-    login_to_registry_remotely
-
-    if (first_hosts = mirror_hosts).any?
-      #  Pull on a single host per mirror first to seed them
-      say "Pulling image on #{first_hosts.join(", ")} to seed the #{"mirror".pluralize(first_hosts.count)}...", :magenta
-      pull_on_hosts(first_hosts)
-      say "Pulling image on remaining hosts...", :magenta
-      pull_on_hosts(KAMAL.app_hosts - first_hosts)
-    else
-      pull_on_hosts(KAMAL.app_hosts)
+    login_to_registry_remotely unless KAMAL.registry.local?
+
+    forward_local_registry_port do
+      if (first_hosts = mirror_hosts).any?
+        #  Pull on a single host per mirror first to seed them
+        say "Pulling image on #{first_hosts.join(", ")} to seed the #{"mirror".pluralize(first_hosts.count)}...", :magenta
+        pull_on_hosts(first_hosts)
+        say "Pulling image on remaining hosts...", :magenta
+        pull_on_hosts(KAMAL.app_hosts - first_hosts)
+      else
+        pull_on_hosts(KAMAL.app_hosts)
+      end
     end
   end
 
@@ -119,6 +122,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
   desc "dev", "Build using the working directory, tag it as dirty, and push to local image store."
   option :output, type: :string, default: "docker", banner: "export_type", desc: "Exported type for the build result, and may be any exported type supported by 'buildx --output'."
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def dev
     cli = self
 
@@ -144,7 +148,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
     with_env(KAMAL.config.builder.secrets) do
       run_locally do
-        build = KAMAL.builder.push(cli.options[:output], tag_as_dirty: true)
+        build = KAMAL.builder.push(cli.options[:output], tag_as_dirty: true, no_cache: cli.options[:no_cache])
         KAMAL.with_verbosity(:debug) do
           execute(*build)
         end
@@ -192,7 +196,11 @@ class Kamal::Cli::Build < Kamal::Cli::Base
 
     def login_to_registry_locally
       run_locally do
-        execute *KAMAL.registry.login
+        if KAMAL.registry.local?
+          execute *KAMAL.registry.setup
+        else
+          execute *KAMAL.registry.login
+        end
       end
     end
 
@@ -201,4 +209,14 @@ class Kamal::Cli::Build < Kamal::Cli::Base
         execute *KAMAL.registry.login
       end
     end
+
+    def forward_local_registry_port(&block)
+      if KAMAL.config.registry.local?
+        Kamal::Cli::PortForwarding.
+          new(KAMAL.hosts, KAMAL.config.registry.local_port).
+          forward(&block)
+      else
+        yield
+      end
+    end
 end

data/lib/kamal/cli/main.rb

@@ -1,6 +1,7 @@
 class Kamal::Cli::Main < Kamal::Cli::Base
   desc "setup", "Setup all accessories, push the env, and deploy app to servers"
   option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def setup
     print_runtime do
       with_lock do
@@ -16,6 +17,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
 
   desc "deploy", "Deploy app to servers"
   option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def deploy(boot_accessories: false)
     runtime = print_runtime do
       invoke_options = deploy_options
@@ -51,6 +53,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
 
   desc "redeploy", "Deploy app to servers without bootstrapping servers, starting kamal-proxy and pruning"
   option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
+  option :no_cache, type: :boolean, default: false, desc: "Build without using Docker's build cache"
   def redeploy
     runtime = print_runtime do
       invoke_options = deploy_options
@@ -182,7 +185,7 @@ class Kamal::Cli::Main < Kamal::Cli::Base
         invoke "kamal:cli:app:remove", [], options.without(:confirmed)
         invoke "kamal:cli:proxy:remove", [], options.without(:confirmed)
         invoke "kamal:cli:accessory:remove", [ "all" ], options
-        invoke "kamal:cli:registry:logout", [], options.without(:confirmed).merge(skip_local: true)
+        invoke "kamal:cli:registry:remove", [], options.without(:confirmed).merge(skip_local: true)
       end
     end
   end
@@ -272,6 +275,8 @@ class Kamal::Cli::Main < Kamal::Cli::Base
     end
 
     def deploy_options
-      { "version" => KAMAL.config.version }.merge(options.without("skip_push"))
+      base_options = options.without("skip_push")
+      base_options = base_options.except("no_cache") unless base_options["no_cache"]
+      { "version" => KAMAL.config.version }.merge(base_options)
     end
 end

data/lib/kamal/cli/port_forwarding.rb

@@ -0,0 +1,42 @@
+class Kamal::Cli::PortForwarding
+  attr_reader :hosts, :port
+
+  def initialize(hosts, port)
+    @hosts = hosts
+    @port = port
+  end
+
+  def forward
+    @done = false
+    forward_ports
+
+    yield
+  ensure
+    stop
+  end
+
+  private
+
+  def stop
+    @done = true
+    @threads.to_a.each(&:join)
+  end
+
+  def forward_ports
+    @threads = hosts.map do |host|
+      Thread.new do
+        Net::SSH.start(host, KAMAL.config.ssh.user, **{ proxy: KAMAL.config.ssh.proxy }.compact) do |ssh|
+          ssh.forward.remote(port, "localhost", port, "localhost")
+          ssh.loop(0.1) do
+            if @done
+              ssh.forward.cancel_remote(port, "localhost")
+              break
+            else
+              true
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kamal/cli/registry.rb

@@ -1,19 +1,27 @@
 class Kamal::Cli::Registry < Kamal::Cli::Base
-  desc "login", "Log in to registry locally and remotely"
+  desc "setup", "Setup local registry or log in to remote registry locally and remotely"
   option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
   option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
-  def login
+  def setup
     ensure_docker_installed unless options[:skip_local]
 
-    run_locally    { execute *KAMAL.registry.login } unless options[:skip_local]
-    on(KAMAL.hosts) { execute *KAMAL.registry.login } unless options[:skip_remote]
+    if KAMAL.registry.local?
+      run_locally    { execute *KAMAL.registry.setup } unless options[:skip_local]
+    else
+      run_locally    { execute *KAMAL.registry.login } unless options[:skip_local]
+      on(KAMAL.hosts) { execute *KAMAL.registry.login } unless options[:skip_remote]
+    end
   end
 
-  desc "logout", "Log out of registry locally and remotely"
+  desc "remove", "Remove local registry or log out of remote registry locally and remotely"
   option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
   option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
-  def logout
-    run_locally    { execute *KAMAL.registry.logout } unless options[:skip_local]
-    on(KAMAL.hosts) { execute *KAMAL.registry.logout } unless options[:skip_remote]
+  def remove
+    if KAMAL.registry.local?
+      run_locally    { execute *KAMAL.registry.remove, raise_on_non_zero_exit: false } unless options[:skip_local]
+    else
+      run_locally    { execute *KAMAL.registry.logout } unless options[:skip_local]
+      on(KAMAL.hosts) { execute *KAMAL.registry.logout } unless options[:skip_remote]
+    end
   end
 end

data/lib/kamal/cli/templates/deploy.yml

@@ -25,13 +25,14 @@ proxy:
 
 # Credentials for your image host.
 registry:
+  server: localhost:5555
   # Specify the registry server, if you're not using Docker Hub
   # server: registry.digitalocean.com / ghcr.io / ...
-  username: my-user
+  # username: my-user
 
   # Always use an access token rather than real password (pulled from .kamal/secrets).
-  password:
-    - KAMAL_REGISTRY_PASSWORD
+  # password:
+  #   - KAMAL_REGISTRY_PASSWORD
 
 # Configure builder setup.
 builder:

data/lib/kamal/cli/templates/sample_hooks/pre-deploy.sample

@@ -43,7 +43,7 @@ class GithubStatusChecks
   attr_reader :remote_url, :git_sha, :github_client, :combined_status
 
   def initialize
-    @remote_url = `git config --get remote.origin.url`.strip.delete_prefix("https://github.com/")
+    @remote_url = github_repo_from_remote_url
     @git_sha = `git rev-parse HEAD`.strip
     @github_client = Octokit::Client.new(access_token: ENV["GITHUB_TOKEN"])
     refresh!
@@ -77,6 +77,18 @@ class GithubStatusChecks
       "Build not started..."
     end
   end
+
+  private
+    def github_repo_from_remote_url
+      url = `git config --get remote.origin.url`.strip.delete_suffix(".git")
+      if url.start_with?("https://github.com/")
+        url.delete_prefix("https://github.com/")
+      elsif url.start_with?("git@github.com:")
+        url.delete_prefix("git@github.com:")
+      else
+        url
+      end
+    end
 end
 
 

data/lib/kamal/cli/templates/secrets

@@ -3,7 +3,7 @@
 # password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git.
 
 # Option 1: Read secrets from the environment
-KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
+# KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
 
 # Option 2: Read secrets via a command
 # RAILS_MASTER_KEY=$(cat config/master.key)

data/lib/kamal/commander.rb

@@ -21,7 +21,7 @@ class Kamal::Commander
   end
 
   def config
-    @config ||= Kamal::Configuration.create_from(**@config_kwargs).tap do |config|
+    @config ||= Kamal::Configuration.create_from(**@config_kwargs.to_h).tap do |config|
       @config_kwargs = nil
       configure_sshkit_with(config)
     end

data/lib/kamal/commands/accessory.rb

@@ -12,7 +12,7 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
     @accessory_config = config.accessory(name)
   end
 
-  def run
+  def run(host: nil)
     docker :run,
       "--name", service_name,
       "--detach",
@@ -20,6 +20,7 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
       *network_args,
       *config.logging_args,
       *publish_args,
+      *([ "--env", "KAMAL_HOST=\"#{host}\"" ] if host),
       *env_args,
       *volume_args,
       *label_args,
@@ -55,14 +56,14 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
 
   def execute_in_existing_container(*command, interactive: false)
     docker :exec,
-      ("-it" if interactive),
+      (docker_interactive_args if interactive),
       service_name,
       *command
   end
 
   def execute_in_new_container(*command, interactive: false)
     docker :run,
-      ("-it" if interactive),
+      (docker_interactive_args if interactive),
       "--rm",
       *network_args,
       *env_args,
@@ -89,6 +90,10 @@ class Kamal::Commands::Accessory < Kamal::Commands::Base
     end
   end
 
+  def pull_image
+    docker :image, :pull, image
+  end
+
   def remove_service_directory
     [ :rm, "-rf", service_name ]
   end

data/lib/kamal/commands/app/execution.rb

@@ -1,7 +1,7 @@
 module Kamal::Commands::App::Execution
   def execute_in_existing_container(*command, interactive: false, env:)
     docker :exec,
-      ("-it" if interactive),
+      (docker_interactive_args if interactive),
       *argumentize("--env", env),
       container_name,
       *command
@@ -9,7 +9,7 @@ module Kamal::Commands::App::Execution
 
   def execute_in_new_container(*command, interactive: false, detach: false, env:)
     docker :run,
-      ("-it" if interactive),
+      (docker_interactive_args if interactive),
       ("--detach" if detach),
       ("--rm" unless detach),
       "--network", "kamal",

data/lib/kamal/commands/app/proxy.rb

@@ -21,6 +21,10 @@ module Kamal::Commands::App::Proxy
     remove_directory config.proxy_boot.app_directory
   end
 
+  def create_ssl_directory
+    make_directory(File.join(config.proxy_boot.tls_directory, role.name))
+  end
+
   private
     def proxy_exec(*command)
       docker :exec, proxy_container_name, "kamal-proxy", *command

data/lib/kamal/commands/app.rb

@@ -20,8 +20,10 @@ class Kamal::Commands::App < Kamal::Commands::Base
       "--name", container_name,
       "--network", "kamal",
       *([ "--hostname", hostname ] if hostname),
-      "-e", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
-      "-e", "KAMAL_VERSION=\"#{config.version}\"",
+      "--env", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
+      "--env", "KAMAL_VERSION=\"#{config.version}\"",
+      "--env", "KAMAL_HOST=\"#{host}\"",
+      "--env", "KAMAL_DESTINATION=\"#{config.destination}\"",
       *role.env_args(host),
       *role.logging_args,
       *config.volume_args,

data/lib/kamal/commands/base.rb

@@ -84,6 +84,10 @@ module Kamal::Commands
         args.compact.unshift :docker
       end
 
+      def pack(*args)
+        args.compact.unshift :pack
+      end
+
       def git(*args, path: nil)
         [ :git, *([ "-C", path ] if path), *args.compact ]
       end
@@ -122,5 +126,9 @@ module Kamal::Commands
       def ensure_local_buildx_installed
         docker :buildx, "version"
       end
+
+      def docker_interactive_args
+        STDIN.isatty ? "-it" : "-i"
+      end
   end
 end

data/lib/kamal/commands/builder/base.rb

@@ -6,6 +6,7 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
   delegate :argumentize, to: Kamal::Utils
   delegate \
     :args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
+    :pack?, :pack_builder, :pack_buildpacks,
     :cache_from, :cache_to, :ssh, :provenance, :sbom, :driver, :docker_driver?,
     to: :builder_config
 
@@ -13,13 +14,14 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
     docker :image, :rm, "--force", config.absolute_image
   end
 
-  def push(export_action = "registry", tag_as_dirty: false)
+  def push(export_action = "registry", tag_as_dirty: false, no_cache: false)
     docker :buildx, :build,
       "--output=type=#{export_action}",
       *platform_options(arches),
       *([ "--builder", builder_name ] unless docker_driver?),
       *build_tag_options(tag_as_dirty: tag_as_dirty),
       *build_options,
+      *([ "--no-cache" ] if no_cache),
       build_context,
       "2>&1"
   end
@@ -59,6 +61,14 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
     docker(:info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
   end
 
+  def login_to_registry_locally?
+    true
+  end
+
+  def push_env
+    {}
+  end
+
   private
     def build_tag_names(tag_as_dirty: false)
       tag_names = [ config.absolute_image, config.latest_image ]

data/lib/kamal/commands/builder/local.rb

@@ -1,6 +1,15 @@
 class Kamal::Commands::Builder::Local < Kamal::Commands::Builder::Base
   def create
-    docker :buildx, :create, "--name", builder_name, "--driver=#{driver}" unless docker_driver?
+    return if docker_driver?
+
+    options =
+      if KAMAL.registry.local?
+        "--driver=#{driver} --driver-opt network=host"
+      else
+        "--driver=#{driver}"
+      end
+
+    docker :buildx, :create, "--name", builder_name, options
   end
 
   def remove
@@ -9,6 +18,10 @@ class Kamal::Commands::Builder::Local < Kamal::Commands::Builder::Base
 
   private
     def builder_name
-      "kamal-local-#{driver}"
+      if KAMAL.registry.local?
+        "kamal-local-registry-#{driver}"
+      else
+        "kamal-local-#{driver}"
+      end
     end
 end

data/lib/kamal/commands/builder/pack.rb

@@ -0,0 +1,46 @@
+class Kamal::Commands::Builder::Pack < Kamal::Commands::Builder::Base
+  def push(export_action = "registry", tag_as_dirty: false, no_cache: false)
+    combine \
+      build(tag_as_dirty: tag_as_dirty, no_cache: no_cache),
+      export(export_action)
+  end
+
+  def remove;end
+
+  def info
+    pack :builder, :inspect, pack_builder
+  end
+  alias_method :inspect_builder, :info
+
+  private
+    def build(tag_as_dirty: false, no_cache: false)
+      pack(:build,
+        config.repository,
+        "--platform", platform,
+        "--creation-time", "now",
+        "--builder", pack_builder,
+        buildpacks,
+        *build_tag_options(tag_as_dirty: tag_as_dirty),
+        *([ "--clear-cache" ] if no_cache),
+        "--env", "BP_IMAGE_LABELS=service=#{config.service}",
+        *argumentize("--env", args),
+        *argumentize("--env", secrets, sensitive: true),
+        "--path", build_context)
+    end
+
+    def export(export_action)
+      return unless export_action == "registry"
+
+      combine \
+        docker(:push, config.absolute_image),
+        docker(:push, config.latest_image)
+    end
+
+    def platform
+      "linux/#{local_arches.first}"
+    end
+
+    def buildpacks
+      (pack_buildpacks << "paketo-buildpacks/image-labels").map { |buildpack| [ "--buildpack", buildpack ] }
+    end
+end

data/lib/kamal/commands/builder/remote.rb

@@ -19,11 +19,19 @@ class Kamal::Commands::Builder::Remote < Kamal::Commands::Builder::Base
 
   def inspect_builder
     combine \
-      combine inspect_buildx, inspect_remote_context,
+      combine(inspect_buildx, inspect_remote_context),
       [ "(echo no compatible builder && exit 1)" ],
       by: "||"
   end
 
+  def login_to_registry_locally?
+    false
+  end
+
+  def push_env
+    { "BUILDKIT_NO_CLIENT_TOKEN" => "1" }
+  end
+
   private
     def builder_name
       "kamal-remote-#{remote.gsub(/[^a-z0-9_-]/, "-")}"

data/lib/kamal/commands/builder.rb

@@ -1,8 +1,14 @@
 require "active_support/core_ext/string/filters"
 
 class Kamal::Commands::Builder < Kamal::Commands::Base
-  delegate :create, :remove, :dev, :push, :clean, :pull, :info, :inspect_builder, :validate_image, :first_mirror, to: :target
-  delegate :local?, :remote?, :cloud?, to: "config.builder"
+  delegate \
+    :create, :remove, :dev, :push, :clean, :pull, :info, :inspect_builder,
+    :validate_image, :first_mirror, :login_to_registry_locally?, :push_env,
+    to: :target
+
+  delegate \
+    :local?, :remote?, :pack?, :cloud?,
+    to: "config.builder"
 
   include Clone
 
@@ -17,6 +23,8 @@ class Kamal::Commands::Builder < Kamal::Commands::Base
       else
         remote
       end
+    elsif pack?
+      pack
     elsif cloud?
       cloud
     else
@@ -36,6 +44,10 @@ class Kamal::Commands::Builder < Kamal::Commands::Base
     @hybrid ||= Kamal::Commands::Builder::Hybrid.new(config)
   end
 
+  def pack
+    @pack ||= Kamal::Commands::Builder::Pack.new(config)
+  end
+
   def cloud
     @cloud ||= Kamal::Commands::Builder::Cloud.new(config)
   end