lux-hammer 0.3.10 → 0.3.13

data/recipes/lib/deploy/manifest.rb

@@ -0,0 +1,169 @@
+require 'yaml'
+require 'socket'
+require 'time'
+
+module LuxDeploy
+  # Snapshot of what is wired up on the host for one app after a successful
+  # deploy. Written to <app_dir>/lux-deploy.yaml mode 0644. Safe to read by
+  # humans, LLMs, monitoring scripts - never contains secrets.
+  module Manifest
+    module_function
+
+    FILENAME ||= 'lux-deploy.yaml'
+
+    # Keys whose values are stripped from the env section. Matched on the
+    # uppercased key name, substring (so SECRET, JWT_SECRET, DB_MAIN, DB_URL,
+    # DATABASE_URL, MY_API_TOKEN, AWS_ACCESS_KEY_ID all redact). As a backstop,
+    # any value carrying URL-embedded credentials (user:pass@) is redacted
+    # regardless of key name - see sensitive_value?.
+    SENSITIVE_KEY_PATTERNS ||= %w[SECRET PASSWORD TOKEN KEY DB_MAIN DB_URL DATABASE_URL CREDENTIAL].freeze
+
+    # Value carrying URL-embedded credentials, e.g. postgres://user:pass@host/db
+    # or password-only forms like redis://:pass@host (empty username).
+    CREDENTIAL_URL ||= %r{://[^/\s:@]*:[^/\s@]+@}
+
+    # Returns the YAML body ready to upload (with a header comment).
+    def render(ctx)
+      header = <<~TXT
+        # Generated by lux-deploy #{LuxDeploy::VERSION} on every successful deploy.
+        # Snapshot of what is currently wired up on this host for this app.
+        # Safe to read; do not edit (next deploy overwrites).
+      TXT
+      header + YAML.dump(stringify(build(ctx)))
+    end
+
+    def build(ctx)
+      # Domains come from yaml `domain:` (the sole source of truth post
+      # .env/.yaml split). env_snapshot is a redacted snapshot of the
+      # rendered .env contents - informational only, never used for
+      # template substitution.
+      domains      = ctx.config.domain.to_s.split(',').map(&:strip).reject(&:empty?)
+      env_snapshot = Template.parse_env(ctx.rendered['.env'])
+
+      {
+        deployed_at:  Time.now.utc.iso8601,
+        app:          ctx.app,
+        domain:       ctx.domain,
+        domains:      domains,
+        url:          "https://#{ctx.domain}",
+        git:          git_info(ctx.branch),
+        deploy: {
+          triggered_by: triggered_by,
+          host:         ctx.host,
+          service_user: ctx.config.service_user,
+          app_dir:      ctx.app_dir,
+          port:         ctx.port,
+          ports:        ctx.ports,
+          ruby:         (ctx.ruby_used? ? ctx.ruby_path : nil)
+        },
+        paths: {
+          release:     "#{ctx.app_dir}/release",
+          old_release: "#{ctx.app_dir}/old-release",
+          shared:      "#{ctx.app_dir}/shared",
+          tmp:         "#{ctx.app_dir}/shared/tmp",
+          log:         "#{ctx.app_dir}/shared/log",
+          env_file:    "#{ctx.app_dir}/.env",
+          manifest:    "#{ctx.app_dir}/#{FILENAME}"
+        },
+        services: services_section(ctx),
+        caddy: {
+          site_link: "#{CADDY_SITES}/#{ctx.app}.caddy",
+          source:    "#{ctx.app_dir}/caddy.config",
+          reload:    'systemctl reload caddy'
+        },
+        hooks:     hooks_section,
+        env:       env_section(env_snapshot),
+        artifacts: ctx.rendered.keys.sort,
+        engine: {
+          lux_deploy_version: LuxDeploy::VERSION,
+          service_prefix:     ctx.config.service_prefix,
+          remote_base:        ctx.config.remote_base
+        }
+      }
+    end
+
+    # One block per discovered service (web + every extra *.service), keyed
+    # by service name. ExecStart is pulled from each rendered unit.
+    def services_section(ctx)
+      ctx.services.each_with_object({}) do |s, out|
+        out[s.name] = {
+          unit:         "#{s.unit}.service",
+          systemd_link: "#{SYSTEMD_DIR}/#{s.unit}.service",
+          source:       "#{ctx.app_dir}/#{s.artifact}",
+          exec_start:   extract_directive(ctx.rendered[s.artifact], 'ExecStart'),
+          restart:      "systemctl restart #{s.unit}",
+          logs:         "journalctl -u #{s.unit} -n 200 -f"
+        }
+      end
+    end
+
+    # Lifecycle hook presence. Reflects what was on the local repo at
+    # deploy time - local_* hooks run on your machine, remote_* ride along
+    # with the rsync and run on the server.
+    def hooks_section
+      {
+        local_before:  File.exist?(Commands::LOCAL_BEFORE_HOOK)  ? Commands::LOCAL_BEFORE_HOOK  : nil,
+        remote_before: File.exist?(Commands::REMOTE_BEFORE_HOOK) ? Commands::REMOTE_BEFORE_HOOK : nil,
+        remote_after:  File.exist?(Commands::REMOTE_AFTER_HOOK)  ? Commands::REMOTE_AFTER_HOOK  : nil,
+        local_after:   File.exist?(Commands::LOCAL_AFTER_HOOK)   ? Commands::LOCAL_AFTER_HOOK   : nil
+      }
+    end
+
+    # Non-secret env values; secret keys (see SENSITIVE_KEY_PATTERNS) keep
+    # the key but the value is replaced with '<redacted>' so the LLM still
+    # sees the variable exists.
+    def env_section(env)
+      env.each_with_object({}) do |(k, v), h|
+        h[k] = (sensitive?(k) || sensitive_value?(v)) ? '<redacted>' : v
+      end
+    end
+
+    def sensitive?(key)
+      up = key.to_s.upcase
+      SENSITIVE_KEY_PATTERNS.any? { |pat| up.include?(pat) }
+    end
+
+    def sensitive_value?(value)
+      value.to_s.match?(CREDENTIAL_URL)
+    end
+
+    def git_info(branch)
+      {
+        branch:         branch,
+        commit:         capture('git rev-parse HEAD'),
+        commit_short:   capture('git rev-parse --short HEAD'),
+        commit_subject: capture('git log -1 --pretty=%s'),
+        author:         capture("git log -1 --pretty='%an <%ae>'"),
+        committed_at:   capture('git log -1 --pretty=%cI')
+      }
+    end
+
+    # Pull a single `Key=value` line out of a rendered systemd unit. Returns
+    # nil when the directive isn't present, so the LLM can tell skip vs blank.
+    def extract_directive(unit_text, key)
+      return nil unless unit_text
+      line = unit_text.lines.find { |l| l =~ /\A#{Regexp.escape(key)}=/ }
+      line&.chomp&.sub(/\A#{Regexp.escape(key)}=/, '')
+    end
+
+    def triggered_by
+      user = ENV['USER'] || ENV['LOGNAME'] || 'unknown'
+      host = (Socket.gethostname rescue 'unknown')
+      "#{user}@#{host}"
+    end
+
+    def capture(cmd)
+      out = `#{cmd} 2>/dev/null`.strip
+      out.empty? ? nil : out
+    end
+
+    # YAML.dump prefers string keys for portability + readability.
+    def stringify(obj)
+      case obj
+      when Hash  then obj.each_with_object({}) { |(k, v), h| h[k.to_s] = stringify(v) }
+      when Array then obj.map { |v| stringify(v) }
+      else obj
+      end
+    end
+  end
+end

data/recipes/lib/deploy/ssh.rb

@@ -0,0 +1,129 @@
+require 'open3'
+require 'shellwords'
+
+module LuxDeploy
+  # Always connects as root. To run as the service user pass `as: :service`
+  # which wraps the command in `sudo -iu <service_user> bash -lc <quoted>`
+  # so the login shell activates mise (PATH for ruby/bundler).
+  class SSH
+    attr_reader :host, :dry_run, :service_user
+
+    def initialize(host, service_user: 'deployer', dry_run: false)
+      raise Error.new('config/deploy/.yaml server: is empty') if host.to_s.strip.empty?
+      @host = host.to_s.strip.sub(/^.*@/, '')
+      @service_user = service_user
+      @dry_run = dry_run
+    end
+
+    # Run a command. Returns stdout (always captured).
+    # On non-zero exit raises unless allow_fail: true (then returns whatever was captured).
+    def run(cmd, as: :root, allow_fail: false)
+      remote = wrap(cmd, as)
+      argv = ssh_argv + [remote]
+      log argv, cmd
+      return '' if dry_run
+      out, status = Open3.capture2e(*argv)
+      if !status.success? && !allow_fail
+        raise Error.new("ssh failed (exit #{status.exitstatus})\n--- remote stderr+stdout ---\n#{out}")
+      end
+      out
+    end
+
+    # Streamed run (stdout/stderr pass through). Use for long-running steps
+    # the user wants to watch (bundle install, verification hooks).
+    def stream(cmd, as: :root, allow_fail: false)
+      remote = wrap(cmd, as)
+      argv = ssh_argv + [remote]
+      log argv, cmd
+      return true if dry_run
+      ok = system(*argv)
+      raise Error.new("ssh failed: #{cmd}") if !ok && !allow_fail
+      ok
+    end
+
+    # rsync local dir to remote path; runs receiver as service user via sudo.
+    def rsync(src, dest_path, excludes: [])
+      argv = [
+        'rsync', '-az', '--delete',
+        *excludes.flat_map { |e| ['--exclude', e] },
+        "--rsync-path=sudo -u #{service_user} rsync",
+        src, "root@#{host}:#{dest_path}"
+      ]
+      log argv, "rsync #{src} -> #{dest_path}"
+      return if dry_run
+      system(*argv) or raise Error.new('rsync failed')
+    end
+
+    # Interactive ssh that allocates a TTY and replaces the current process
+    # (via Process.exec). Use for shells, REPLs, psql - anything that needs
+    # job control. Does not return on success.
+    def exec(cmd, as: :root)
+      remote = wrap(cmd, as, interactive: true)
+      argv = ssh_argv(interactive: true) + [remote]
+      log argv, cmd
+      return if dry_run
+      Process.exec(*argv)
+    end
+
+    # scp a file from the remote (as root) to a local path.
+    def scp_from(remote_path, local_path)
+      argv = ['scp', '-o', 'StrictHostKeyChecking=accept-new',
+              "root@#{host}:#{remote_path}", local_path]
+      log argv, "scp #{remote_path} -> #{local_path}"
+      return if dry_run
+      system(*argv) or raise Error.new("scp failed: #{remote_path}")
+    end
+
+    # scp a local file up to the remote (as root). Default umask leaves
+    # the file 0644 so the service user can read it from /tmp.
+    def scp_to(local_path, remote_path)
+      argv = ['scp', '-o', 'StrictHostKeyChecking=accept-new',
+              local_path, "root@#{host}:#{remote_path}"]
+      log argv, "scp #{local_path} -> #{remote_path}"
+      return if dry_run
+      system(*argv) or raise Error.new("scp failed: #{local_path}")
+    end
+
+    private
+
+    def ssh_argv(interactive: false)
+      [
+        'ssh',
+        *(interactive ? ['-tt'] : ['-o', 'BatchMode=yes']),
+        '-o', 'StrictHostKeyChecking=accept-new',
+        '-o', 'ConnectTimeout=10',
+        "root@#{host}"
+      ]
+    end
+
+    def wrap(cmd, as, interactive: false)
+      case as
+      when :root then cmd
+      when :service, :deployer
+        if interactive
+          # Interactive shells need a TTY on stdin, so we can't use the
+          # base64-pipe transport (it leaves bash reading from a closed pipe
+          # and the inner `exec bash -li` exits immediately). Single-line
+          # commands don't need the b64 dance anyway - just shell-escape.
+          "sudo -iu #{service_user} -- bash -lc #{Shellwords.escape(cmd)}"
+        else
+          # sudo -i backslash-escapes every shell metachar including newlines, so
+          # multi-line scripts get collapsed by the target shell (\<nl> = line
+          # continuation). Transport the script base64-encoded so no metachars
+          # survive into the service user's shell re-parse.
+          b64 = [cmd].pack('m0')
+          inner = "echo #{b64} | base64 -d | bash -l"
+          "sudo -iu #{service_user} bash -lc #{Shellwords.escape(inner)}"
+        end
+      else raise "unknown ssh user: #{as}"
+      end
+    end
+
+    def log(_argv, summary)
+      prefix = dry_run ? '  [dry] ' : '  $ '
+      head = summary.lines.first.to_s.chomp
+      head += ' …' if summary.lines.count > 1
+      $stderr.puts "\e[2m#{prefix}#{head}\e[0m"
+    end
+  end
+end

data/recipes/lib/deploy/template.rb

@@ -0,0 +1,39 @@
+module LuxDeploy
+  # Stupid {{VAR}} substitution. No conditionals, no loops, no escaping.
+  # Missing variables raise so we never silently ship a template with
+  # an un-rendered placeholder.
+  module Template
+    module_function
+
+    PLACEHOLDER = /\{\{([A-Z][A-Z0-9_]*)\}\}/
+
+    def render(str, vars)
+      norm = vars.transform_keys(&:to_s)
+      str.gsub(PLACEHOLDER) do
+        key = ::Regexp.last_match(1)
+        norm.key?(key) ? norm[key].to_s : raise(Error.new("missing var {{#{key}}}"))
+      end
+    end
+
+    # Parse a rendered .env file into a symbol-keyed hash. Comments and
+    # blank lines are ignored; surrounding single/double quotes are stripped.
+    def parse_env(rendered)
+      rendered.lines.each_with_object({}) do |line, h|
+        next if line.match?(/\A\s*(#|$)/)
+        k, v = line.strip.split('=', 2)
+        next unless k && v
+        h[k.to_sym] = v.gsub(/\A["']|["']\z/, '')
+      end
+    end
+
+    # Git-derived placeholders, computed locally before any rendering.
+    def git_vars
+      branch = `git rev-parse --abbrev-ref HEAD 2>/dev/null`.strip
+      raise Error.new('not in a git repo (no current branch)') if branch.empty?
+      {
+        GIT_BRANCH:            branch,
+        GIT_BRANCH_UNDERSCORE: branch.gsub(/[^A-Za-z0-9]+/, '_')
+      }
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lux-hammer
 version: !ruby/object:Gem::Version
-  version: 0.3.10
+  version: 0.3.13
 platform: ruby
 authors:
 - Dino Reic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-05-27 00:00:00.000000000 Z
+date: 2026-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -47,7 +47,17 @@ files:
 - "./lib/hammer/recipe.rb"
 - "./lib/hammer/shell.rb"
 - "./lib/lux-hammer.rb"
+- "./recipes/deploy.rb"
 - "./recipes/git-helper.rb"
+- "./recipes/lib/deploy/boot.rb"
+- "./recipes/lib/deploy/commands.rb"
+- "./recipes/lib/deploy/config.rb"
+- "./recipes/lib/deploy/context.rb"
+- "./recipes/lib/deploy/doctor.rb"
+- "./recipes/lib/deploy/hammer.rb"
+- "./recipes/lib/deploy/manifest.rb"
+- "./recipes/lib/deploy/ssh.rb"
+- "./recipes/lib/deploy/template.rb"
 - "./recipes/llm.rb"
 - "./recipes/srt.rb"
 - bin/hammer