kamal 2.8.1 → 2.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd8b2329effde7405d2a1b8d60f394d1da81faaf5e8bcd6980c83f8bb590f988
-  data.tar.gz: 5543d21fbe88acf86a24fcf1f44dff30e0aaf410b3ead0293b0f005b15fa2cbb
+  metadata.gz: ee017d64694e5a35507b9cfc9693e6a6c5fc876e0cfb731d58f0de7dba281f41
+  data.tar.gz: bcbc84a444f0aa5efb08fd0ab63ea87d5892821f04e9c6ac51d938d78e2547a5
 SHA512:
-  metadata.gz: bdae637114b1ad0630d5b1bbc0e76be5ebb3817d370d1f3f5a4222024f13fa3546a24806ad812e9d6d14735c2be23ed6956702723e75cc27c5ec34ebe87d72f9
-  data.tar.gz: 8db206acbeb707f3a0d3267720b9d248cb2566517d340a61072777e0fdbbf237701d42e203d2d96b21fb7c04596896d6039c4ba9d59eb1515d47de0f85148248
+  metadata.gz: b285597e99a5d2d90a324e9be64332a71afd66269ac27c8550eebf692758cac14535a14164058fd246d0001fd3b371382ed0b4e4bc9a75e19f8d42e40b4d9365
+  data.tar.gz: fca4902b9da04bab86d087b0582ed956e2ee174259e47f1a491a4b68c928dc16a501cb0b137d443daeda25c00fd99bcf0f234ce54bf85da7b61002ce90402de0

data/lib/kamal/cli/build/clone.rb

@@ -1,5 +1,3 @@
-require "uri"
-
 class Kamal::Cli::Build::Clone
   attr_reader :sshkit
   delegate :info, :error, :execute, :capture_with_info, to: :sshkit

data/lib/kamal/cli/build/port_forwarding.rb

@@ -0,0 +1,66 @@
+require "concurrent/atomic/count_down_latch"
+
+class Kamal::Cli::Build::PortForwarding
+  attr_reader :hosts, :port, :ssh_options
+
+  def initialize(hosts, port, **ssh_options)
+    @hosts = hosts
+    @port = port
+    @ssh_options = ssh_options
+  end
+
+  def forward
+    @done = false
+    forward_ports
+
+    yield
+  ensure
+    stop
+  end
+
+  private
+    def stop
+      @done = true
+      @threads.to_a.each(&:join)
+    end
+
+    def forward_ports
+      ready = Concurrent::CountDownLatch.new(hosts.size)
+
+      @threads = hosts.map do |host|
+        Thread.new do
+          begin
+            Net::SSH.start(host, ssh_options[:user], **ssh_options.except(:user)) do |ssh|
+              ssh.forward.remote(port, "localhost", port, "127.0.0.1") do |remote_port, bind_address|
+                if remote_port == :error
+                  raise "Failed to establish port forward on #{host}"
+                else
+                  ready.count_down
+                end
+              end
+
+              ssh.loop(0.1) do
+                if @done
+                  ssh.forward.cancel_remote(port, "127.0.0.1")
+                  break
+                else
+                  true
+                end
+              end
+            end
+          rescue Exception => e
+            error "Error setting up port forwarding to #{host}: #{e.class}: #{e.message}"
+            error e.backtrace.join("\n")
+
+            raise
+          end
+        end
+      end
+
+      raise "Timed out waiting for port forwarding to be established" unless ready.wait(30)
+    end
+
+    def error(message)
+      SSHKit.config.output.error(message)
+    end
+end

data/lib/kamal/cli/build.rb

@@ -1,5 +1,3 @@
-require "uri"
-
 class Kamal::Cli::Build < Kamal::Cli::Base
   class BuildError < StandardError; end
 
@@ -38,29 +36,31 @@ class Kamal::Cli::Build < Kamal::Cli::Base
       say "Building with uncommitted changes:\n #{uncommitted_changes}", :yellow
     end
 
-    with_env(KAMAL.config.builder.secrets) do
-      run_locally do
-        begin
-          execute *KAMAL.builder.inspect_builder
-        rescue SSHKit::Command::Failed => e
-          if e.message =~ /(context not found|no builder|no compatible builder|does not exist)/
-            warn "Missing compatible builder, so creating a new one first"
-            begin
-              cli.remove
-            rescue SSHKit::Command::Failed
-              raise unless e.message =~ /(context not found|no builder|does not exist)/
+    forward_local_registry_port_for_remote_builder do
+      with_env(KAMAL.config.builder.secrets) do
+        run_locally do
+          begin
+            execute *KAMAL.builder.inspect_builder
+          rescue SSHKit::Command::Failed => e
+            if e.message =~ /(context not found|no builder|no compatible builder|does not exist)/
+              warn "Missing compatible builder, so creating a new one first"
+              begin
+                cli.remove
+              rescue SSHKit::Command::Failed
+                raise unless e.message =~ /(context not found|no builder|does not exist)/
+              end
+              cli.create
+            else
+              raise
             end
-            cli.create
-          else
-            raise
           end
-        end
 
-        # Get the command here to ensure the Dir.chdir doesn't interfere with it
-        push = KAMAL.builder.push(cli.options[:output], no_cache: cli.options[:no_cache])
+          # Get the command here to ensure the Dir.chdir doesn't interfere with it
+          push = KAMAL.builder.push(cli.options[:output], no_cache: cli.options[:no_cache])
 
-        KAMAL.with_verbosity(:debug) do
-          Dir.chdir(KAMAL.config.builder.build_directory) { execute *push, env: KAMAL.builder.push_env }
+          KAMAL.with_verbosity(:debug) do
+            Dir.chdir(KAMAL.config.builder.build_directory) { execute *push, env: KAMAL.builder.push_env }
+          end
         end
       end
     end
@@ -70,7 +70,7 @@ class Kamal::Cli::Build < Kamal::Cli::Base
   def pull
     login_to_registry_remotely unless KAMAL.registry.local?
 
-    forward_local_registry_port do
+    forward_local_registry_port(KAMAL.hosts, **KAMAL.config.ssh.options) do
       if (first_hosts = mirror_hosts).any?
         #  Pull on a single host per mirror first to seed them
         say "Pulling image on #{first_hosts.join(", ")} to seed the #{"mirror".pluralize(first_hosts.count)}...", :magenta
@@ -210,13 +210,30 @@ class Kamal::Cli::Build < Kamal::Cli::Base
       end
     end
 
-    def forward_local_registry_port(&block)
+    def forward_local_registry_port_for_remote_builder(&block)
+      if KAMAL.builder.remote?
+        remote_uri = URI(KAMAL.config.builder.remote)
+        forward_local_registry_port([ remote_uri.host ], **remote_builder_ssh_options(remote_uri), &block)
+      else
+        yield
+      end
+    end
+
+    def forward_local_registry_port(hosts, **ssh_options, &block)
       if KAMAL.config.registry.local?
-        Kamal::Cli::PortForwarding.
-          new(KAMAL.hosts, KAMAL.config.registry.local_port).
-          forward(&block)
+        say "Setting up local registry port forwarding to #{hosts.join(', ')}..."
+        PortForwarding.new(hosts, KAMAL.config.registry.local_port, **ssh_options).forward(&block)
       else
         yield
       end
     end
+
+    def remote_builder_ssh_options(remote_uri)
+      { user: remote_uri.user,
+        port: remote_uri.port,
+        keepalive: KAMAL.config.ssh.options[:keepalive],
+        keepalive_interval: KAMAL.config.ssh.options[:keepalive_interval],
+        logger: KAMAL.config.ssh.options[:logger]
+      }.compact
+    end
 end

data/lib/kamal/cli/registry.rb

@@ -24,4 +24,26 @@ class Kamal::Cli::Registry < Kamal::Cli::Base
       on(KAMAL.hosts) { execute *KAMAL.registry.logout } unless options[:skip_remote]
     end
   end
+
+  desc "login", "Log in to remote registry locally and remotely"
+  option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
+  option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
+  def login
+    if KAMAL.registry.local?
+      raise "Cannot use login command with a local registry. Use `kamal registry setup` instead."
+    end
+
+    setup
+  end
+
+  desc "logout", "Log out of remote registry locally and remotely"
+  option :skip_local, aliases: "-L", type: :boolean, default: false, desc: "Skip local login"
+  option :skip_remote, aliases: "-R", type: :boolean, default: false, desc: "Skip remote login"
+  def logout
+    if KAMAL.registry.local?
+      raise "Cannot use logout command with a local registry. Use `kamal registry remove` instead."
+    end
+
+    remove
+  end
 end

data/lib/kamal/commands/builder/base.rb

@@ -127,6 +127,16 @@ class Kamal::Commands::Builder::Base < Kamal::Commands::Base
       config.builder
     end
 
+    def registry_config
+      config.registry
+    end
+
+    def driver_options
+      if registry_config.local?
+        [ "--driver-opt", "network=host" ]
+      end
+    end
+
     def platform_options(arches)
       argumentize "--platform", arches.map { |arch| "linux/#{arch}" }.join(",") if arches.any?
     end

data/lib/kamal/commands/builder/hybrid.rb

@@ -8,14 +8,14 @@ class Kamal::Commands::Builder::Hybrid < Kamal::Commands::Builder::Remote
 
   private
     def builder_name
-      "kamal-hybrid-#{driver}-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
+      "kamal-hybrid-#{driver}-#{remote_builder_name_suffix}"
     end
 
     def create_local_buildx
-      docker :buildx, :create, *platform_options(local_arches), "--name", builder_name, "--driver=#{driver}"
+      docker :buildx, :create, *platform_options(local_arches), "--name", builder_name, "--driver=#{driver}", *driver_options
     end
 
     def append_remote_buildx
-      docker :buildx, :create, *platform_options(remote_arches), "--append", "--name", builder_name, remote_context_name
+      docker :buildx, :create, *platform_options(remote_arches), "--append", "--name", builder_name, *driver_options, remote_context_name
     end
 end

data/lib/kamal/commands/builder/local.rb

@@ -2,14 +2,7 @@ class Kamal::Commands::Builder::Local < Kamal::Commands::Builder::Base
   def create
     return if docker_driver?
 
-    options =
-      if KAMAL.registry.local?
-        "--driver=#{driver} --driver-opt network=host"
-      else
-        "--driver=#{driver}"
-      end
-
-    docker :buildx, :create, "--name", builder_name, options
+    docker :buildx, :create, "--name", builder_name, "--driver=#{driver}", *driver_options
   end
 
   def remove
@@ -18,7 +11,7 @@ class Kamal::Commands::Builder::Local < Kamal::Commands::Builder::Base
 
   private
     def builder_name
-      if KAMAL.registry.local?
+      if registry_config.local?
         "kamal-local-registry-#{driver}"
       else
         "kamal-local-#{driver}"

data/lib/kamal/commands/builder/remote.rb

@@ -34,13 +34,17 @@ class Kamal::Commands::Builder::Remote < Kamal::Commands::Builder::Base
 
   private
     def builder_name
-      "kamal-remote-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
+      "kamal-remote-#{remote_builder_name_suffix}"
     end
 
     def remote_context_name
       "#{builder_name}-context"
     end
 
+    def remote_builder_name_suffix
+      "#{remote.gsub(/[^a-z0-9_-]/, "-")}#{registry_config.local? ? "-local-registry" : "" }"
+    end
+
     def inspect_buildx
       pipe \
         docker(:buildx, :inspect, builder_name),
@@ -62,7 +66,7 @@ class Kamal::Commands::Builder::Remote < Kamal::Commands::Builder::Base
     end
 
     def create_buildx
-      docker :buildx, :create, "--name", builder_name, remote_context_name
+      docker :buildx, :create, "--name", builder_name, *driver_options, remote_context_name
     end
 
     def remove_buildx

data/lib/kamal/configuration/docs/registry.yml

@@ -1,19 +1,27 @@
 # Registry
 #
 # The default registry is Docker Hub, but you can change it using `registry/server`.
+
+# Using a local container registry
+#
+# If the registry server starts with `localhost`, Kamal will start a local Docker registry
+# on that port and push the app image to it.
+registry:
+  server: localhost:5555
+
+# Using Docker Hub as the container registry
 #
 # By default, Docker Hub creates public repositories. To avoid making your images public,
 # set up a private repository before deploying, or change the default repository privacy
 # settings to private in your [Docker Hub settings](https://hub.docker.com/repository-settings/default-privacy).
 #
-# A reference to a secret (in this case, `DOCKER_REGISTRY_TOKEN`) will look up the secret
+# A reference to a secret (in this case, `KAMAL_REGISTRY_PASSWORD`) will look up the secret
 # in the local environment:
 registry:
-  server: registry.digitalocean.com
   username:
-    - DOCKER_REGISTRY_TOKEN
+    - <your docker hub username>
   password:
-    - DOCKER_REGISTRY_TOKEN
+    - KAMAL_REGISTRY_PASSWORD
 
 # Using AWS ECR as the container registry
 #

data/lib/kamal/configuration.rb

@@ -76,6 +76,7 @@ class Kamal::Configuration
     ensure_no_traefik_reboot_hooks
     ensure_one_host_for_ssl_roles
     ensure_unique_hosts_for_ssl_roles
+    ensure_local_registry_remote_builder_has_ssh_url
   end
 
   def version=(version)
@@ -363,6 +364,16 @@ class Kamal::Configuration
       true
     end
 
+    def ensure_local_registry_remote_builder_has_ssh_url
+      if registry.local? && builder.remote?
+        unless URI(builder.remote).scheme == "ssh"
+          raise Kamal::ConfigurationError, "Local registry with remote builder requires an SSH URL (e.g., ssh://user@host)"
+        end
+      end
+
+      true
+    end
+
     def role_names
       raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
     end

data/lib/kamal/version.rb

@@ -1,3 +1,3 @@
 module Kamal
-  VERSION = "2.8.1"
+  VERSION = "2.8.2"
 end

data/lib/kamal.rb

@@ -7,6 +7,7 @@ require "zeitwerk"
 require "yaml"
 require "tmpdir"
 require "pathname"
+require "uri"
 
 loader = Zeitwerk::Loader.for_gem
 loader.ignore(File.join(__dir__, "kamal", "sshkit_with_ext.rb"))

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kamal
 version: !ruby/object:Gem::Version
-  version: 2.8.1
+  version: 2.8.2
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -224,12 +224,12 @@ files:
 - lib/kamal/cli/base.rb
 - lib/kamal/cli/build.rb
 - lib/kamal/cli/build/clone.rb
+- lib/kamal/cli/build/port_forwarding.rb
 - lib/kamal/cli/healthcheck/barrier.rb
 - lib/kamal/cli/healthcheck/error.rb
 - lib/kamal/cli/healthcheck/poller.rb
 - lib/kamal/cli/lock.rb
 - lib/kamal/cli/main.rb
-- lib/kamal/cli/port_forwarding.rb
 - lib/kamal/cli/proxy.rb
 - lib/kamal/cli/prune.rb
 - lib/kamal/cli/registry.rb

data/lib/kamal/cli/port_forwarding.rb

@@ -1,55 +0,0 @@
-require "concurrent/atomic/count_down_latch"
-
-class Kamal::Cli::PortForwarding
-  attr_reader :hosts, :port
-
-  def initialize(hosts, port)
-    @hosts = hosts
-    @port = port
-  end
-
-  def forward
-    @done = false
-    forward_ports
-
-    yield
-  ensure
-    stop
-  end
-
-  private
-
-  def stop
-    @done = true
-    @threads.to_a.each(&:join)
-  end
-
-  def forward_ports
-    ready = Concurrent::CountDownLatch.new(hosts.size)
-
-    @threads = hosts.map do |host|
-      Thread.new do
-        Net::SSH.start(host, KAMAL.config.ssh.user, **{ proxy: KAMAL.config.ssh.proxy }.compact) do |ssh|
-          ssh.forward.remote(port, "localhost", port, "127.0.0.1") do |remote_port, bind_address|
-            if remote_port == :error
-              raise "Failed to establish port forward on #{host}"
-            else
-              ready.count_down
-            end
-          end
-
-          ssh.loop(0.1) do
-            if @done
-              ssh.forward.cancel_remote(port, "127.0.0.1")
-              break
-            else
-              true
-            end
-          end
-        end
-      end
-    end
-
-    raise "Timed out waiting for port forwarding to be established" unless ready.wait(10)
-  end
-end