kamal 2.9.0 → 2.10.0

data/lib/kamal/configuration.rb

@@ -77,6 +77,7 @@ class Kamal::Configuration
     ensure_one_host_for_ssl_roles
     ensure_unique_hosts_for_ssl_roles
     ensure_local_registry_remote_builder_has_ssh_url
+    ensure_no_conflicting_proxy_runs
   end
 
   def version=(version)
@@ -122,6 +123,14 @@ class Kamal::Configuration
     (roles + accessories).flat_map(&:hosts).uniq
   end
 
+  def host_roles(host)
+    roles.select { |role| role.hosts.include?(host) }
+  end
+
+  def host_accessories(host)
+    accessories.select { |accessory| accessory.hosts.include?(host) }
+  end
+
   def app_hosts
     roles.flat_map(&:hosts).uniq
   end
@@ -165,6 +174,11 @@ class Kamal::Configuration
     name
   end
 
+  def proxy_run(host)
+    # We validate that all the config are identical for a host
+    proxy_runs(host.to_s).first
+  end
+
   def repository
     [ registry.server, image ].compact.join("/")
   end
@@ -378,6 +392,19 @@ class Kamal::Configuration
       true
     end
 
+    def ensure_no_conflicting_proxy_runs
+      all_hosts.each do |host|
+        run_configs = proxy_runs(host)
+        if run_configs.uniq.size > 1
+          raise Kamal::ConfigurationError, "Conflicting proxy run configurations for host #{host}"
+        end
+      end
+    end
+
+    def proxy_runs(host)
+      (host_roles(host) + host_accessories(host)).map(&:proxy).compact.map(&:run).compact
+    end
+
     def role_names
       raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
     end

data/lib/kamal/secrets/adapters/test.rb

@@ -5,7 +5,9 @@ class Kamal::Secrets::Adapters::Test < Kamal::Secrets::Adapters::Base
     end
 
     def fetch_secrets(secrets, from:, account:, session:)
-      prefixed_secrets(secrets, from: from).to_h { |secret| [ secret, secret.reverse ] }
+      prefixed_secrets(secrets, from: from).to_h do |secret|
+        [ secret, secret.gsub("LPAREN", "(").gsub("RPAREN", ")").reverse ]
+      end
     end
 
     def check_dependencies!

data/lib/kamal/secrets/dotenv/inline_command_substitution.rb

@@ -1,4 +1,18 @@
 class Kamal::Secrets::Dotenv::InlineCommandSubstitution
+  # Unlike dotenv, this regex does not match escaped
+  # parentheses when looking for command substitutions.
+  INTERPOLATED_SHELL_COMMAND = /
+    (?<backslash>\\)?          # is it escaped with a backslash?
+    \$                         # literal $
+    (?<cmd>                    # collect command content for eval
+      \(                       # require opening paren
+      (?:\\.|[^()\\]|\g<cmd>)+ # allow any number of non-parens or escaped
+                               # parens (by nesting the <cmd> expression
+                               # recursively)
+      \)                       # require closing paren
+    )
+  /x
+
   class << self
     def install!
       ::Dotenv::Parser.substitutions.map! { |sub| sub == ::Dotenv::Substitutions::Command ? self : sub }
@@ -6,7 +20,7 @@ class Kamal::Secrets::Dotenv::InlineCommandSubstitution
 
     def call(value, env, overwrite: false)
       # Process interpolated shell commands
-      value.gsub(Dotenv::Substitutions::Command.singleton_class::INTERPOLATED_SHELL_COMMAND) do |*|
+      value.gsub(INTERPOLATED_SHELL_COMMAND) do |*|
         # Eliminate opening and closing parentheses
         command = $LAST_MATCH_INFO[:cmd][1..-2]
 

data/lib/kamal/secrets.rb

@@ -10,10 +10,7 @@ class Kamal::Secrets
   end
 
   def [](key)
-    # Fetching secrets may ask the user for input, so ensure only one thread does that
-    @mutex.synchronize do
-      secrets.fetch(key)
-    end
+    synchronized_fetch(key)
   rescue KeyError
     if secrets_files.present?
       raise Kamal::ConfigurationError, "Secret '#{key}' not found in #{secrets_files.join(", ")}"
@@ -30,6 +27,12 @@ class Kamal::Secrets
     @secrets_files ||= secrets_filenames.select { |f| File.exist?(f) }
   end
 
+  def key?(key)
+    synchronized_fetch(key).present?
+  rescue KeyError
+    false
+  end
+
   private
     def secrets
       @secrets ||= secrets_files.inject({}) do |secrets, secrets_file|
@@ -40,4 +43,11 @@ class Kamal::Secrets
     def secrets_filenames
       [ "#{@secrets_path}-common", "#{@secrets_path}#{(".#{@destination}" if @destination)}" ]
     end
+
+    def synchronized_fetch(key)
+      # Fetching secrets may ask the user for input, so ensure only one thread does that
+      @mutex.synchronize do
+        secrets.fetch(key)
+      end
+    end
 end

data/lib/kamal/sshkit_with_ext.rb

@@ -210,3 +210,58 @@ module NetSshForwardingNoPuts
 end
 
 Net::SSH::Service::Forward.prepend NetSshForwardingNoPuts
+
+module SSHKitDslRoles
+  # Execute on hosts grouped by role.
+  #
+  # Unlike `on()` which deduplicates hosts, this allows the same host to have
+  # multiple concurrent connections when it appears in multiple roles.
+  #
+  # Options:
+  #   hosts: The hosts to run on (required)
+  #   parallel: When true, each role runs in its own thread with separate
+  #             connections. When false, hosts run in parallel but roles on each
+  #             host run sequentially (default: true)
+  #
+  # Example:
+  #   on_roles(roles) do |host, role|
+  #     # deploy role to host
+  #   end
+  def on_roles(roles, hosts:, parallel: true, &block)
+    if parallel
+      threads = roles.filter_map do |role|
+        if (role_hosts = role.hosts & hosts).any?
+          Thread.new do
+            on(role_hosts) { |host| instance_exec(host, role, &block) }
+          rescue StandardError => e
+            raise SSHKit::Runner::ExecuteError.new(e), "Exception while executing on #{role}: #{e.message}"
+          end
+        end
+      end
+
+      exceptions = []
+      threads.each do |t|
+        begin
+          t.join
+        rescue SSHKit::Runner::ExecuteError => e
+          exceptions << e
+        end
+      end
+
+      if exceptions.one?
+        raise exceptions.first
+      elsif exceptions.many?
+        raise exceptions.first, [ "Exceptions on #{exceptions.count} roles:", exceptions.map(&:message) ].join("\n")
+      end
+    else
+      # Host-first iteration: hosts run in parallel, roles on each host run sequentially
+      on(hosts) do |host|
+        roles.each do |role|
+          instance_exec(host, role, &block) if role.hosts.include?(host.to_s)
+        end
+      end
+    end
+  end
+end
+
+SSHKit::DSL.prepend SSHKitDslRoles

data/lib/kamal/utils.rb

@@ -21,11 +21,11 @@ module Kamal::Utils
   end
 
   # Returns a list of shell-dashed option arguments. If the value is true, it's treated like a value-less option.
-  def optionize(args, with: nil)
+  def optionize(args, with: nil, escape: true)
     options = if with
-      flatten_args(args).collect { |(key, value)| value == true ? "--#{key}" : "--#{key}#{with}#{escape_shell_value(value)}" }
+      flatten_args(args).collect { |(key, value)| value == true ? "--#{key}" : "--#{key}#{with}#{escape ? escape_shell_value(value) : value}" }
     else
-      flatten_args(args).collect { |(key, value)| [ "--#{key}", value == true ? nil : escape_shell_value(value) ] }
+      flatten_args(args).collect { |(key, value)| [ "--#{key}", value == true ? nil : escape ? escape_shell_value(value) : value ] }
     end
 
     options.flatten.compact

data/lib/kamal/version.rb

@@ -1,3 +1,3 @@
 module Kamal
-  VERSION = "2.9.0"
+  VERSION = "2.10.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kamal
 version: !ruby/object:Gem::Version
-  version: 2.9.0
+  version: 2.10.0
 platform: ruby
 authors:
 - David Heinemeier Hansson
@@ -299,6 +299,7 @@ files:
 - lib/kamal/configuration/logging.rb
 - lib/kamal/configuration/proxy.rb
 - lib/kamal/configuration/proxy/boot.rb
+- lib/kamal/configuration/proxy/run.rb
 - lib/kamal/configuration/registry.rb
 - lib/kamal/configuration/role.rb
 - lib/kamal/configuration/servers.rb