mrsk 0.10.1 → 0.12.0

data/lib/mrsk/configuration.rb

@@ -87,6 +87,10 @@ class Mrsk::Configuration
     roles.select(&:running_traefik?).flat_map(&:hosts).uniq
   end
 
+  def boot
+    Mrsk::Configuration::Boot.new(config: self)
+  end
+
 
   def repository
     [ raw_config.registry["server"], image ].compact.join("/")
@@ -143,6 +147,8 @@ class Mrsk::Configuration
     if raw_config.ssh.present? && raw_config.ssh["proxy"]
       Net::SSH::Proxy::Jump.new \
         raw_config.ssh["proxy"].include?("@") ? raw_config.ssh["proxy"] : "root@#{raw_config.ssh["proxy"]}"
+    elsif raw_config.ssh.present? && raw_config.ssh["proxy_command"]
+      Net::SSH::Proxy::Command.new(raw_config.ssh["proxy_command"])
     end
   end
 
@@ -156,7 +162,7 @@ class Mrsk::Configuration
   end
 
   def healthcheck
-    { "path" => "/up", "port" => 3000 }.merge(raw_config.healthcheck || {})
+    { "path" => "/up", "port" => 3000, "max_attempts" => 7 }.merge(raw_config.healthcheck || {})
   end
 
   def readiness_delay

data/lib/mrsk/sshkit_with_ext.rb

@@ -2,8 +2,8 @@ require "sshkit"
 require "sshkit/dsl"
 
 class SSHKit::Backend::Abstract
-  def capture_with_info(*args)
-    capture(*args, verbosity: Logger::INFO)
+  def capture_with_info(*args, **kwargs)
+    capture(*args, **kwargs, verbosity: Logger::INFO)
   end
 
   def puts_by_host(host, output, type: "App")

data/lib/mrsk/utils/healthcheck_poller.rb

@@ -0,0 +1,39 @@
+class Mrsk::Utils::HealthcheckPoller
+  TRAEFIK_HEALTHY_DELAY = 2
+
+  class HealthcheckError < StandardError; end
+
+  class << self
+    def wait_for_healthy(pause_after_ready: false, &block)
+      attempt = 1
+      max_attempts = MRSK.config.healthcheck["max_attempts"]
+
+      begin
+        case status = block.call
+        when "healthy"
+          sleep TRAEFIK_HEALTHY_DELAY if pause_after_ready
+        when "running" # No health check configured
+          sleep MRSK.config.readiness_delay if pause_after_ready
+        else
+          raise HealthcheckError, "container not ready (#{status})"
+        end
+      rescue HealthcheckError => e
+        if attempt <= max_attempts
+          info "#{e.message}, retrying in #{attempt}s (attempt #{attempt}/#{max_attempts})..."
+          sleep attempt
+          attempt += 1
+          retry
+        else
+          raise
+        end
+      end
+
+      info "Container is healthy!"
+    end
+
+    private
+      def info(message)
+        SSHKit.config.output.info(message)
+      end
+  end
+end

data/lib/mrsk/utils/sensitive.rb

@@ -0,0 +1,19 @@
+require "active_support/core_ext/module/delegation"
+
+class Mrsk::Utils::Sensitive
+  # So SSHKit knows to redact these values.
+  include SSHKit::Redaction
+
+  attr_reader :unredacted, :redaction
+  delegate :to_s, to: :unredacted
+  delegate :inspect, to: :redaction
+
+  def initialize(value, redaction: "[REDACTED]")
+    @unredacted, @redaction = value, redaction
+  end
+
+  # Sensitive values won't leak into YAML output.
+  def encode_with(coder)
+    coder.represent_scalar nil, redaction
+  end
+end

data/lib/mrsk/utils.rb

@@ -1,12 +1,15 @@
 module Mrsk::Utils
   extend self
 
+  DOLLAR_SIGN_WITHOUT_SHELL_EXPANSION_REGEX = /\$(?!{[^\}]*\})/
+
   # Return a list of escaped shell arguments using the same named argument against the passed attributes (hash or array).
-  def argumentize(argument, attributes, redacted: false)
+  def argumentize(argument, attributes, sensitive: false)
     Array(attributes).flat_map do |key, value|
       if value.present?
-        escaped_pair = [ key, escape_shell_value(value) ].join("=")
-        [ argument, redacted ? redact(escaped_pair) : escaped_pair ]
+        attr = "#{key}=#{escape_shell_value(value)}"
+        attr = self.sensitive(attr, redaction: "#{key}=[REDACTED]") if sensitive
+        [ argument, attr]
       else
         [ argument, key ]
       end
@@ -17,7 +20,7 @@ module Mrsk::Utils
   # but redacts and expands secrets.
   def argumentize_env_with_secrets(env)
     if (secrets = env["secret"]).present?
-      argumentize("-e", secrets.to_h { |key| [ key, ENV.fetch(key) ] }, redacted: true) + argumentize("-e", env["clear"])
+      argumentize("-e", secrets.to_h { |key| [ key, ENV.fetch(key) ] }, sensitive: true) + argumentize("-e", env["clear"])
     else
       argumentize "-e", env.fetch("clear", env)
     end
@@ -39,14 +42,44 @@ module Mrsk::Utils
     args.flat_map { |key, value| value.try(:map) { |entry| [key, entry] } || [ [ key, value ] ] }
   end
 
-  # Copied from SSHKit::Backend::Abstract#redact to be available inside Commands classes
-  def redact(arg) # Used in execute_command to hide redact() args a user passes in
-    arg.to_s.extend(SSHKit::Redaction) # to_s due to our inability to extend Integer, etc
+  # Marks sensitive values for redaction in logs and human-visible output.
+  # Pass `redaction:` to change the default `"[REDACTED]"` redaction, e.g.
+  # `sensitive "#{arg}=#{secret}", redaction: "#{arg}=xxxx"
+  def sensitive(...)
+    Mrsk::Utils::Sensitive.new(...)
+  end
+
+  def redacted(value)
+    case
+    when value.respond_to?(:redaction)
+      value.redaction
+    when value.respond_to?(:transform_values)
+      value.transform_values { |value| redacted value }
+    when value.respond_to?(:map)
+      value.map { |element| redacted element }
+    else
+      value
+    end
+  end
+
+  def unredacted(value)
+    case
+    when value.respond_to?(:unredacted)
+      value.unredacted
+    when value.respond_to?(:transform_values)
+      value.transform_values { |value| unredacted value }
+    when value.respond_to?(:map)
+      value.map { |element| unredacted element }
+    else
+      value
+    end
   end
 
   # Escape a value to make it safe for shell use.
   def escape_shell_value(value)
-    value.to_s.dump.gsub(/`/, '\\\\`')
+    value.to_s.dump
+      .gsub(/`/, '\\\\`')
+      .gsub(DOLLAR_SIGN_WITHOUT_SHELL_EXPANSION_REGEX, '\$')
   end
 
   # Abbreviate a git revhash for concise display

data/lib/mrsk/version.rb

@@ -1,3 +1,3 @@
 module Mrsk
-  VERSION = "0.10.1"
+  VERSION = "0.12.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mrsk
 version: !ruby/object:Gem::Version
-  version: 0.10.1
+  version: 0.12.0
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-29 00:00:00.000000000 Z
+date: 2023-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.21'
+- !ruby/object:Gem::Dependency
+  name: net-ssh
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -187,6 +201,7 @@ files:
 - lib/mrsk/commands/builder/multiarch/remote.rb
 - lib/mrsk/commands/builder/native.rb
 - lib/mrsk/commands/builder/native/remote.rb
+- lib/mrsk/commands/docker.rb
 - lib/mrsk/commands/healthcheck.rb
 - lib/mrsk/commands/lock.rb
 - lib/mrsk/commands/prune.rb
@@ -194,9 +209,12 @@ files:
 - lib/mrsk/commands/traefik.rb
 - lib/mrsk/configuration.rb
 - lib/mrsk/configuration/accessory.rb
+- lib/mrsk/configuration/boot.rb
 - lib/mrsk/configuration/role.rb
 - lib/mrsk/sshkit_with_ext.rb
 - lib/mrsk/utils.rb
+- lib/mrsk/utils/healthcheck_poller.rb
+- lib/mrsk/utils/sensitive.rb
 - lib/mrsk/version.rb
 homepage: https://github.com/rails/mrsk
 licenses:
@@ -217,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.8
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Deploy web apps in containers to servers running Docker with zero downtime.