kamal 2.7.0 → 2.11.0

data/lib/kamal/configuration/validator.rb

@@ -24,16 +24,22 @@ class Kamal::Configuration::Validator
             example_value = example[key]
 
             if example_value == "..."
-              if key.to_s == "ssl"
-                validate_type! value, TrueClass, FalseClass, Hash
-              elsif key.to_s != "proxy" || !boolean?(value.class)
+              unless key.to_s == "proxy" && boolean?(value.class)
                 validate_type! value, *(Array if key == :servers), Hash
               end
+            elsif key.to_s == "ssl"
+                validate_type! value, TrueClass, FalseClass, Hash
+            elsif key.to_s == "hooks_output"
+                validate_hooks_output!(value)
             elsif key == "hosts"
               validate_servers! value
             elsif example_value.is_a?(Array)
               if key == "arch"
                 validate_array_of_or_type! value, example_value.first.class
+              elsif key.to_s == "config"
+                validate_ssh_config!(value)
+              elsif key.to_s == "files" || key.to_s == "directories"
+                validate_paths!(value)
               else
                 validate_array_of! value, example_value.first.class
               end
@@ -129,6 +135,47 @@ class Kamal::Configuration::Validator
       end
     end
 
+    def validate_ssh_config!(config)
+      if config.is_a?(Array)
+        validate_array_of! config, String
+      elsif boolean?(config.class) || config.is_a?(String)
+        # Booleans and Strings are allowed
+      else
+        type_error(TrueClass, FalseClass, String, Array)
+      end
+    end
+
+    def validate_paths!(paths)
+      validate_type! paths, Array
+
+      paths.each_with_index do |path, index|
+        with_context(index) do
+          validate_type! path, String, Hash
+
+          if path.is_a?(Hash)
+            %w[local remote mode owner options].each do |key|
+              with_context(key) do
+                validate_type! path[key], String if path.key?(key)
+              end
+            end
+          end
+        end
+      end
+    end
+
+    def validate_hooks_output!(value)
+      # hooks_output can be either a symbol/string (global) or a hash (per-hook)
+      if value.is_a?(Hash)
+        value.each do |hook, level|
+          with_context(hook) do
+            validate_type! level, String, Symbol
+          end
+        end
+      else
+        validate_type! value, String, Symbol
+      end
+    end
+
     def validate_type!(value, *types)
       type_error(*types) unless types.any? { |type| valid_type?(value, type) }
     end
@@ -138,7 +185,8 @@ class Kamal::Configuration::Validator
     end
 
     def type_error(*expected_types)
-      error "should be #{expected_types.map { |type| type_description(type) }.join(" or ")}"
+      descriptions = expected_types.map { |type| type_description(type) }.uniq
+      error "should be #{descriptions.join(" or ")}"
     end
 
     def unknown_keys_error(unknown_keys)

data/lib/kamal/configuration/volume.rb

@@ -1,14 +1,21 @@
 class Kamal::Configuration::Volume
-  attr_reader :host_path, :container_path
+  attr_reader :host_path, :container_path, :options
   delegate :argumentize, to: Kamal::Utils
 
-  def initialize(host_path:, container_path:)
+  def initialize(host_path:, container_path:, options: nil)
     @host_path = host_path
     @container_path = container_path
+    @options = options
   end
 
   def docker_args
-    argumentize "--volume", "#{host_path_for_docker_volume}:#{container_path}"
+    argumentize "--volume", docker_args_string
+  end
+
+  def docker_args_string
+    volume_string = "#{host_path_for_docker_volume}:#{container_path}"
+    volume_string += ":#{options}" if options.present?
+    volume_string
   end
 
   private
@@ -16,7 +23,7 @@ class Kamal::Configuration::Volume
       if Pathname.new(host_path).absolute?
         host_path
       else
-        File.join "$(pwd)", host_path
+        "$PWD/#{host_path}"
       end
     end
 end

data/lib/kamal/configuration.rb

@@ -6,7 +6,9 @@ require "erb"
 require "net/ssh/proxy/jump"
 
 class Kamal::Configuration
-  delegate :service, :image, :labels, :hooks_path, to: :raw_config, allow_nil: true
+  HOOKS_OUTPUT_LEVELS = [ :quiet, :verbose ].freeze
+
+  delegate :service, :labels, :hooks_path, to: :raw_config, allow_nil: true
   delegate :argumentize, :optionize, to: Kamal::Utils
 
   attr_reader :destination, :raw_config, :secrets
@@ -18,11 +20,15 @@ class Kamal::Configuration
     def create_from(config_file:, destination: nil, version: nil)
       ENV["KAMAL_DESTINATION"] = destination
 
-      raw_config = load_config_files(config_file, *destination_config_file(config_file, destination))
+      raw_config = load_raw_config(config_file: config_file, destination: destination)
 
       new raw_config, destination: destination, version: version
     end
 
+    def load_raw_config(config_file:, destination: nil)
+      load_config_files(config_file, *destination_config_file(config_file, destination))
+    end
+
     private
       def load_config_files(*files)
         files.inject({}) { |config, file| config.deep_merge! load_config_file(file) }
@@ -32,7 +38,9 @@ class Kamal::Configuration
         if file.exist?
           # Newer Psych doesn't load aliases by default
           load_method = YAML.respond_to?(:unsafe_load) ? :unsafe_load : :load
-          YAML.send(load_method, ERB.new(File.read(file)).result).symbolize_keys
+          template = File.read(file)
+          rendered = ERB.new(template, trim_mode: "-").result
+          YAML.send(load_method, rendered).symbolize_keys
         else
           raise "Configuration file not found in #{file}"
         end
@@ -50,7 +58,7 @@ class Kamal::Configuration
 
     validate! raw_config, example: validation_yml.symbolize_keys, context: "", with: Kamal::Configuration::Validator::Configuration
 
-    @secrets = Kamal::Secrets.new(destination: destination)
+    @secrets = Kamal::Secrets.new(destination: destination, secrets_path: secrets_path)
 
     # Eager load config to validate it, these are first as they have dependencies later on
     @servers = Servers.new(config: self)
@@ -76,6 +84,9 @@ class Kamal::Configuration
     ensure_no_traefik_reboot_hooks
     ensure_one_host_for_ssl_roles
     ensure_unique_hosts_for_ssl_roles
+    ensure_local_registry_remote_builder_has_ssh_url
+    ensure_no_conflicting_proxy_runs
+    ensure_valid_hooks_output!
   end
 
   def version=(version)
@@ -121,6 +132,14 @@ class Kamal::Configuration
     (roles + accessories).flat_map(&:hosts).uniq
   end
 
+  def host_roles(host)
+    roles.select { |role| role.hosts.include?(host) }
+  end
+
+  def host_accessories(host)
+    accessories.select { |accessory| accessory.hosts.include?(host) }
+  end
+
   def app_hosts
     roles.flat_map(&:hosts).uniq
   end
@@ -157,6 +176,18 @@ class Kamal::Configuration
     (proxy_roles.flat_map(&:hosts) + proxy_accessories.flat_map(&:hosts)).uniq
   end
 
+  def image
+    name = raw_config&.image.presence
+    name ||= raw_config&.service if registry.local?
+
+    name
+  end
+
+  def proxy_run(host)
+    # We validate that all the config are identical for a host
+    proxy_runs(host.to_s).first
+  end
+
   def repository
     [ registry.server, image ].compact.join("/")
   end
@@ -233,6 +264,10 @@ class Kamal::Configuration
     raw_config.hooks_path || ".kamal/hooks"
   end
 
+  def secrets_path
+    raw_config.secrets_path || ".kamal/secrets"
+  end
+
   def asset_path
     raw_config.asset_path
   end
@@ -253,6 +288,15 @@ class Kamal::Configuration
     env_tags.detect { |t| t.name == name.to_s }
   end
 
+  def hooks_output_for(hook)
+    case raw_config.hooks_output
+    when Symbol, String
+      raw_config.hooks_output.to_sym
+    when Hash
+      raw_config.hooks_output[hook]&.to_sym
+    end
+  end
+
   def to_h
     {
       roles: role_names,
@@ -282,10 +326,12 @@ class Kamal::Configuration
     end
 
     def ensure_required_keys_present
-      %i[ service image registry ].each do |key|
+      %i[ service registry ].each do |key|
         raise Kamal::ConfigurationError, "Missing required configuration for #{key}" unless raw_config[key].present?
       end
 
+      raise Kamal::ConfigurationError, "Missing required configuration for image" if image.blank?
+
       if raw_config.servers.nil?
         raise Kamal::ConfigurationError, "No servers or accessories specified" unless raw_config.accessories.present?
       else
@@ -354,10 +400,48 @@ class Kamal::Configuration
       true
     end
 
+    def ensure_local_registry_remote_builder_has_ssh_url
+      if registry.local? && builder.remote?
+        unless URI(builder.remote).scheme == "ssh"
+          raise Kamal::ConfigurationError, "Local registry with remote builder requires an SSH URL (e.g., ssh://user@host)"
+        end
+      end
+
+      true
+    end
+
+    def ensure_no_conflicting_proxy_runs
+      all_hosts.each do |host|
+        run_configs = proxy_runs(host)
+        if run_configs.uniq.size > 1
+          raise Kamal::ConfigurationError, "Conflicting proxy run configurations for host #{host}"
+        end
+      end
+    end
+
+    def proxy_runs(host)
+      (host_roles(host) + host_accessories(host)).map(&:proxy).compact.map(&:run).compact
+    end
+
     def role_names
       raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
     end
 
+    def ensure_valid_hooks_output!
+      case raw_config.hooks_output
+      when Symbol, String
+        validate_hooks_output_level!(raw_config.hooks_output.to_sym)
+      when Hash
+        raw_config.hooks_output.each { |hook, level| validate_hooks_output_level!(level.to_sym, hook) }
+      end
+    end
+
+    def validate_hooks_output_level!(level, hook = nil)
+      return if HOOKS_OUTPUT_LEVELS.include?(level)
+      context = hook ? " for hook '#{hook}'" : ""
+      raise Kamal::ConfigurationError, "Invalid hooks_output '#{level}'#{context}, must be one of: #{HOOKS_OUTPUT_LEVELS.join(', ')}"
+    end
+
     def git_version
       @git_version ||=
         if Kamal::Git.used?

data/lib/kamal/secrets/adapters/one_password.rb

@@ -17,7 +17,7 @@ class Kamal::Secrets::Adapters::OnePassword < Kamal::Secrets::Adapters::Base
 
     def fetch_secrets(secrets, from:, account:, session:)
       if secrets.blank?
-        fetch_all_secrets(from: from, account: account, session: session) if secrets.blank?
+        fetch_all_secrets(from: from, account: account, session: session)
       else
         fetch_specified_secrets(secrets, from: from, account: account, session: session)
       end

data/lib/kamal/secrets/adapters/passbolt.rb

@@ -47,9 +47,8 @@ class Kamal::Secrets::Adapters::Passbolt < Kamal::Secrets::Adapters::Base
       end
 
       filter_condition = filter_conditions.any? ? "--filter '#{filter_conditions.join(" || ")}'" : ""
-      items = `passbolt list resources #{filter_condition} #{folders.map { |item| "--folder #{item["id"]}" }.join(" ")} --json`
+      items = `passbolt list resources #{filter_condition} #{folders.map { |item| "--folder #{item["id"].to_s.shellescape}" }.join(" ")} --json`
       raise RuntimeError, "Could not read #{secrets} from Passbolt" unless $?.success?
-
       items = JSON.parse(items)
       found_names = items.map { |item| item["name"] }
       missing_secrets = secret_names - found_names

data/lib/kamal/secrets/adapters/test.rb

@@ -5,7 +5,9 @@ class Kamal::Secrets::Adapters::Test < Kamal::Secrets::Adapters::Base
     end
 
     def fetch_secrets(secrets, from:, account:, session:)
-      prefixed_secrets(secrets, from: from).to_h { |secret| [ secret, secret.reverse ] }
+      prefixed_secrets(secrets, from: from).to_h do |secret|
+        [ secret, secret.gsub("LPAREN", "(").gsub("RPAREN", ")").reverse ]
+      end
     end
 
     def check_dependencies!

data/lib/kamal/secrets/dotenv/inline_command_substitution.rb

@@ -1,4 +1,18 @@
 class Kamal::Secrets::Dotenv::InlineCommandSubstitution
+  # Unlike dotenv, this regex does not match escaped
+  # parentheses when looking for command substitutions.
+  INTERPOLATED_SHELL_COMMAND = /
+    (?<backslash>\\)?          # is it escaped with a backslash?
+    \$                         # literal $
+    (?<cmd>                    # collect command content for eval
+      \(                       # require opening paren
+      (?:\\.|[^()\\]|\g<cmd>)+ # allow any number of non-parens or escaped
+                               # parens (by nesting the <cmd> expression
+                               # recursively)
+      \)                       # require closing paren
+    )
+  /x
+
   class << self
     def install!
       ::Dotenv::Parser.substitutions.map! { |sub| sub == ::Dotenv::Substitutions::Command ? self : sub }
@@ -6,7 +20,7 @@ class Kamal::Secrets::Dotenv::InlineCommandSubstitution
 
     def call(value, env, overwrite: false)
       # Process interpolated shell commands
-      value.gsub(Dotenv::Substitutions::Command.singleton_class::INTERPOLATED_SHELL_COMMAND) do |*|
+      value.gsub(INTERPOLATED_SHELL_COMMAND) do |*|
         # Eliminate opening and closing parentheses
         command = $LAST_MATCH_INFO[:cmd][1..-2]
 

data/lib/kamal/secrets.rb

@@ -3,16 +3,14 @@ require "dotenv"
 class Kamal::Secrets
   Kamal::Secrets::Dotenv::InlineCommandSubstitution.install!
 
-  def initialize(destination: nil)
+  def initialize(destination: nil, secrets_path:)
     @destination = destination
+    @secrets_path = secrets_path
     @mutex = Mutex.new
   end
 
   def [](key)
-    # Fetching secrets may ask the user for input, so ensure only one thread does that
-    @mutex.synchronize do
-      secrets.fetch(key)
-    end
+    synchronized_fetch(key)
   rescue KeyError
     if secrets_files.present?
       raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_files.join(", ")}"
@@ -29,6 +27,12 @@ class Kamal::Secrets
     @secrets_files ||= secrets_filenames.select { |f| File.exist?(f) }
   end
 
+  def key?(key)
+    synchronized_fetch(key).present?
+  rescue KeyError
+    false
+  end
+
   private
     def secrets
       @secrets ||= secrets_files.inject({}) do |secrets, secrets_file|
@@ -37,6 +41,13 @@ class Kamal::Secrets
     end
 
     def secrets_filenames
-      [ ".kamal/secrets-common", ".kamal/secrets#{(".#{@destination}" if @destination)}" ]
+      [ "#{@secrets_path}-common", "#{@secrets_path}#{(".#{@destination}" if @destination)}" ]
+    end
+
+    def synchronized_fetch(key)
+      # Fetching secrets may ask the user for input, so ensure only one thread does that
+      @mutex.synchronize do
+        secrets.fetch(key)
+      end
     end
 end

data/lib/kamal/sshkit_with_ext.rb

@@ -3,6 +3,7 @@ require "sshkit/dsl"
 require "net/scp"
 require "active_support/core_ext/hash/deep_merge"
 require "json"
+require "resolv"
 require "concurrent/atomic/semaphore"
 
 class SSHKit::Backend::Abstract
@@ -18,8 +19,11 @@ class SSHKit::Backend::Abstract
     JSON.pretty_generate(JSON.parse(capture(*args, **kwargs)))
   end
 
-  def puts_by_host(host, output, type: "App")
-    puts "#{type} Host: #{host}\n#{output}\n\n"
+  def puts_by_host(host, output, type: "App", quiet: false)
+    unless quiet
+      puts "#{type} Host: #{host}"
+    end
+    puts "#{output}\n\n"
   end
 
   # Our execution pattern is for the CLI execute args lists returned
@@ -58,10 +62,50 @@ class SSHKit::Backend::Abstract
 end
 
 class SSHKit::Backend::Netssh::Configuration
-  attr_accessor :max_concurrent_starts
+  attr_accessor :max_concurrent_starts, :dns_retries
 end
 
 class SSHKit::Backend::Netssh
+  module DnsRetriable
+    DNS_RETRY_BASE = 0.1
+    DNS_RETRY_MAX = 2.0
+    DNS_RETRY_JITTER = 0.1
+    DNS_ERROR_MESSAGE = /getaddrinfo|Temporary failure in name resolution|Name or service not known|nodename nor servname provided|No address associated|failed to look up|resolve/i
+
+    def with_dns_retry(hostname, retries: config.dns_retries, base: DNS_RETRY_BASE, max_sleep: DNS_RETRY_MAX, jitter: DNS_RETRY_JITTER)
+      attempts = 0
+      begin
+        attempts += 1
+        yield
+      rescue => error
+        raise unless retryable_dns_error?(error) && attempts <= retries
+
+        delay = dns_retry_sleep(attempts, base: base, jitter: jitter, max_sleep: max_sleep)
+        SSHKit.config.output.warn("Retrying DNS for #{hostname} (attempt #{attempts}/#{retries}) in #{format("%0.2f", delay)}s: #{error.message}")
+        sleep delay
+        retry
+      end
+    end
+
+    private
+      def retryable_dns_error?(error)
+        case error
+        when Resolv::ResolvError, Resolv::ResolvTimeout
+          true
+        when SocketError
+          error.message =~ DNS_ERROR_MESSAGE
+        else
+          error.cause && retryable_dns_error?(error.cause)
+        end
+      end
+
+      def dns_retry_sleep(attempt, base:, jitter:, max_sleep:)
+        sleep_for = [ base * (2 ** (attempt - 1)), max_sleep ].min
+        sleep_for += Kernel.rand * jitter
+        sleep_for
+      end
+  end
+
   module LimitConcurrentStartsClass
     attr_reader :start_semaphore
 
@@ -76,14 +120,31 @@ class SSHKit::Backend::Netssh
 
   class << self
     prepend LimitConcurrentStartsClass
+    prepend DnsRetriable
   end
 
+  module ConnectSsh
+    private
+      def connect_ssh(...)
+        Net::SSH.start(...)
+      end
+  end
+  include ConnectSsh
+
+  module DnsRetriableConnection
+    private
+      def connect_ssh(...)
+        self.class.with_dns_retry(host.hostname) { super }
+      end
+  end
+  prepend DnsRetriableConnection
+
   module LimitConcurrentStartsInstance
     private
       def with_ssh(&block)
         host.ssh_options = self.class.config.ssh_options.merge(host.ssh_options || {})
         self.class.pool.with(
-          method(:start_with_concurrency_limit),
+          method(:connect_ssh),
           String(host.hostname),
           host.username,
           host.netssh_options,
@@ -91,17 +152,18 @@ class SSHKit::Backend::Netssh
         )
       end
 
-      def start_with_concurrency_limit(*args)
+      def connect_ssh(...)
+        with_concurrency_limit { super }
+      end
+
+      def with_concurrency_limit(&block)
         if self.class.start_semaphore
-          self.class.start_semaphore.acquire do
-            Net::SSH.start(*args)
-          end
+          self.class.start_semaphore.acquire(&block)
         else
-          Net::SSH.start(*args)
+          yield
         end
       end
   end
-
   prepend LimitConcurrentStartsInstance
 end
 
@@ -140,3 +202,66 @@ class SSHKit::Runner::Parallel
 
   prepend CompleteAll
 end
+
+# Avoid net-ssh debug, until https://github.com/net-ssh/net-ssh/pull/953 is merged
+module NetSshForwardingNoPuts
+  def puts(*)
+  end
+end
+
+Net::SSH::Service::Forward.prepend NetSshForwardingNoPuts
+
+module SSHKitDslRoles
+  # Execute on hosts grouped by role.
+  #
+  # Unlike `on()` which deduplicates hosts, this allows the same host to have
+  # multiple concurrent connections when it appears in multiple roles.
+  #
+  # Options:
+  #   hosts: The hosts to run on (required)
+  #   parallel: When true, each role runs in its own thread with separate
+  #             connections. When false, hosts run in parallel but roles on each
+  #             host run sequentially (default: true)
+  #
+  # Example:
+  #   on_roles(roles) do |host, role|
+  #     # deploy role to host
+  #   end
+  def on_roles(roles, hosts:, parallel: true, &block)
+    if parallel
+      threads = roles.filter_map do |role|
+        if (role_hosts = role.hosts & hosts).any?
+          Thread.new do
+            on(role_hosts) { |host| instance_exec(host, role, &block) }
+          rescue StandardError => e
+            raise SSHKit::Runner::ExecuteError.new(e), "Exception while executing on #{role}: #{e.message}"
+          end
+        end
+      end
+
+      exceptions = []
+      threads.each do |t|
+        begin
+          t.join
+        rescue SSHKit::Runner::ExecuteError => e
+          exceptions << e
+        end
+      end
+
+      if exceptions.one?
+        raise exceptions.first
+      elsif exceptions.many?
+        raise exceptions.first, [ "Exceptions on #{exceptions.count} roles:", exceptions.map(&:message) ].join("\n")
+      end
+    else
+      # Host-first iteration: hosts run in parallel, roles on each host run sequentially
+      on(hosts) do |host|
+        roles.each do |role|
+          instance_exec(host, role, &block) if role.hosts.include?(host.to_s)
+        end
+      end
+    end
+  end
+end
+
+SSHKit::DSL.prepend SSHKitDslRoles

data/lib/kamal/utils.rb

@@ -21,11 +21,11 @@ module Kamal::Utils
   end
 
   # Returns a list of shell-dashed option arguments. If the value is true, it's treated like a value-less option.
-  def optionize(args, with: nil)
+  def optionize(args, with: nil, escape: true)
     options = if with
-      flatten_args(args).collect { |(key, value)| value == true ? "--#{key}" : "--#{key}#{with}#{escape_shell_value(value)}" }
+      flatten_args(args).collect { |(key, value)| value == true ? "--#{key}" : "--#{key}#{with}#{escape ? escape_shell_value(value) : value}" }
     else
-      flatten_args(args).collect { |(key, value)| [ "--#{key}", value == true ? nil : escape_shell_value(value) ] }
+      flatten_args(args).collect { |(key, value)| [ "--#{key}", value == true ? nil : escape ? escape_shell_value(value) : value ] }
     end
 
     options.flatten.compact

data/lib/kamal/version.rb

@@ -1,3 +1,3 @@
 module Kamal
-  VERSION = "2.7.0"
+  VERSION = "2.11.0"
 end

data/lib/kamal.rb

@@ -7,6 +7,7 @@ require "zeitwerk"
 require "yaml"
 require "tmpdir"
 require "pathname"
+require "uri"
 
 loader = Zeitwerk::Loader.for_gem
 loader.ignore(File.join(__dir__, "kamal", "sshkit_with_ext.rb"))

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kamal
 version: !ruby/object:Gem::Version
-  version: 2.7.0
+  version: 2.11.0
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -175,6 +175,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
@@ -224,6 +238,7 @@ files:
 - lib/kamal/cli/base.rb
 - lib/kamal/cli/build.rb
 - lib/kamal/cli/build/clone.rb
+- lib/kamal/cli/build/port_forwarding.rb
 - lib/kamal/cli/healthcheck/barrier.rb
 - lib/kamal/cli/healthcheck/error.rb
 - lib/kamal/cli/healthcheck/poller.rb
@@ -298,6 +313,7 @@ files:
 - lib/kamal/configuration/logging.rb
 - lib/kamal/configuration/proxy.rb
 - lib/kamal/configuration/proxy/boot.rb
+- lib/kamal/configuration/proxy/run.rb
 - lib/kamal/configuration/registry.rb
 - lib/kamal/configuration/role.rb
 - lib/kamal/configuration/servers.rb
@@ -355,7 +371,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Deploy web apps in containers to servers running Docker with zero downtime.
 test_files: []