mrsk 0.12.1 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '099a4dc2dc59df4e0c5301b85a579970dbc6c46a3c1e2a634f4461c5cff1f241'
-  data.tar.gz: 0a0356837992a9847b7b6bc51956c26a4fb0e8fbb9809753a5bdb373bacd3aee
+  metadata.gz: 6b258a4c44d5b010d6ab4004d0e051f9378dd4511203020a8fed2dc639527d9f
+  data.tar.gz: 702b1c42fc0b095d18c37baa1811186ece2267b3d49067648129b76bef284be1
 SHA512:
-  metadata.gz: 06f1365b5f8a7cc2064f2bd184224dba12b1c0ebf57cc502c9ac423a9d0ae96a601161fe681764f9a660b8a6214f2a86b79d1c4d46d9ff13819c52159db14318
-  data.tar.gz: 7acf9c5d2e26709b391a2c9915300c569fd6cc7d841b55cd3a497122d2d2317b8d2b3df4e634f14c38acd571fbc8aac51096a221f10097f8ce68d6c07dbce038
+  metadata.gz: 60163759e4097ea91df33411e7dc32261c0bc82f609bc1f54308f4111e3f0efe4d9731b234175e293f5c8a6aef9e1a88156be88260fc0a545b4d276ddb4e753b
+  data.tar.gz: 882d09991704e45f3c377dfafa0b15f2c6f1421085e5ca8096855bb03b109c6a91e4e47b7ec9270cdb31f7e43b3a18b23576fb0b2faa6367c82d9b3748550201

data/README.md

@@ -44,24 +44,24 @@ Then edit your `.env` file to add your registry password as `MRSK_REGISTRY_PASSW
 Now you're ready to deploy to the servers:
 
 ```
-mrsk deploy
+mrsk setup
 ```
 
 This will:
 
 1. Connect to the servers over SSH (using root by default, authenticated by your ssh key)
-2. Install Docker on any server that might be missing it (using apt-get): root access is needed via ssh for this.
+2. Install Docker and curl on any server that might be missing it (using apt-get): root access is needed via ssh for this.
 3. Log into the registry both locally and remotely
 4. Build the image using the standard Dockerfile in the root of the application.
 5. Push the image to the registry.
 6. Pull the image from the registry onto the servers.
 7. Ensure Traefik is running and accepting traffic on port 80.
-8. Ensure your app responds with `200 OK` to `GET /up`.
+8. Ensure your app responds with `200 OK` to `GET /up` (you must have curl installed inside your app image!).
 9. Start a new container with the version of the app that matches the current git version hash.
 10. Stop the old container running the previous version of the app.
 11. Prune unused images and stopped containers to ensure servers don't fill up.
 
-Voila! All the servers are now serving the app on port 80. If you're just running a single server, you're ready to go. If you're running multiple servers, you need to put a load balancer in front of them.
+Voila! All the servers are now serving the app on port 80. If you're just running a single server, you're ready to go. If you're running multiple servers, you need to put a load balancer in front of them. For subsequent deploys, or if your servers already have Docker and curl installed, you can just run `mrsk deploy`.
 
 ## Vision
 
@@ -184,6 +184,19 @@ registry:
 
 A reference to secret `DOCKER_REGISTRY_TOKEN` will look for `ENV["DOCKER_REGISTRY_TOKEN"]` on the machine running MRSK.
 
+#### Using AWS ECR as the container registry
+
+AWS ECR's access token is only valid for 12hrs. In order to not have to manually regenerate the token every time, you can use ERB in the `deploy.yml` file to shell out to the `aws` cli command, and obtain the token:
+
+```yaml
+registry:
+  server: <your aws account id>.dkr.ecr.<your aws region id>.amazonaws.com
+  username: AWS
+  password: <%= %x(aws ecr get-login-password) %>
+```
+
+You will need to have the `aws` CLI installed locally for this to work.
+
 ### Using a different SSH user than root
 
 The default SSH user is root, but you can change it using `ssh/user`:
@@ -522,7 +535,7 @@ traefik:
   options:
     publish:
       - 8080:8080
-    volumes:
+    volume:
       - /tmp/example.json:/tmp/example.json
     memory: 512m
 ```
@@ -655,43 +668,6 @@ servers:
 
 This assumes the Cron settings are stored in `config/crontab`.
 
-### Using audit broadcasts
-
-If you'd like to broadcast audits of deploys, rollbacks, etc to a chatroom or elsewhere, you can configure the `audit_broadcast_cmd` setting with the path to a bin file that will be passed the audit line as the first argument:
-
-```yaml
-audit_broadcast_cmd:
-  bin/audit_broadcast
-```
-
-The broadcast command could look something like:
-
-```bash
-#!/usr/bin/env bash
-curl -q -d content="[My App] ${1}" https://3.basecamp.com/XXXXX/integrations/XXXXX/buckets/XXXXX/chats/XXXXX/lines
-```
-
-That'll post a line like follows to a preconfigured chatbot in Basecamp:
-
-```
-[My App] [dhh] Rolled back to version d264c4e92470ad1bd18590f04466787262f605de
-```
-
-`MRSK_*` environment variables are available to the broadcast command for
-fine-grained audit reporting, e.g. for triggering deployment reports or
-firing a JSON webhook. These variables include:
-- `MRSK_RECORDED_AT` - UTC timestamp in ISO 8601 format, e.g. `2023-04-14T17:07:31Z`
-- `MRSK_PERFORMER` - the local user performing the command (from `whoami`)
-- `MRSK_MESSAGE` - the full audit message, e.g. "Deployed app@150b24f"
-- `MRSK_DESTINATION` - optional: destination, e.g. "staging"
-- `MRSK_ROLE` - optional: role targeted, e.g. "web"
-
-Use `mrsk broadcast` to test and troubleshoot your broadcast command:
-
-```bash
-mrsk broadcast -m "test audit message"
-```
-
 ### Healthcheck
 
 MRSK uses Docker healtchecks to check the health of your application during deployment. Traefik uses this same healthcheck status to determine when a container is ready to receive traffic.
@@ -703,6 +679,7 @@ healthcheck:
   path: /healthz
   port: 4000
   max_attempts: 7
+  interval: 20s
 ```
 
 This will ensure your application is configured with a traefik label for the healthcheck against `/healthz` and that the pre-deploy healthcheck that MRSK performs is done against the same path on port 4000.
@@ -888,6 +865,56 @@ When `limit` is specified, containers will be booted on, at most, `limit` hosts
 
 These settings only apply when booting containers (using `mrsk deploy`, or `mrsk app boot`). For other commands, MRSK continues to run commands in parallel across all hosts.
 
+## Hooks
+
+You can run custom scripts at specific points with hooks.
+
+Hooks should be stored in the .mrsk/hooks folder. Running mrsk init will build that folder and add some sample scripts.
+
+You can change their location by setting `hooks_path` in the configuration file.
+
+If the script returns a non-zero exit code the command will be aborted.
+
+`MRSK_*` environment variables are available to the hooks command for
+fine-grained audit reporting, e.g. for triggering deployment reports or
+firing a JSON webhook. These variables include:
+- `MRSK_RECORDED_AT` - UTC timestamp in ISO 8601 format, e.g. `2023-04-14T17:07:31Z`
+- `MRSK_PERFORMER` - the local user performing the command (from `whoami`)
+- `MRSK_SERVICE_VERSION` - an abbreviated service and version for use in messages, e.g. app@150b24f
+- `MRSK_VERSION` - an full version being deployed
+- `MRSK_DESTINATION` - optional: destination, e.g. "staging"
+- `MRSK_HOSTS` - a comma separated list of the hosts targeted by the command
+- `MRSK_ROLE` - optional: role targeted, e.g. "web"
+
+There are three hooks:
+
+1. pre-connect
+Called before taking the deploy lock. For checks that need to run before connecting to remote hosts - e.g. DNS warming.
+
+2. pre-build
+Used for pre-build checks - e.g. there are no uncommitted changes or that CI has passed.
+
+3. post-deploy - run after a deploy, redeploy or rollback
+
+This hook is also passed a `MRSK_RUNTIME` env variable.
+
+This could be used to broadcast a deployment message, or register the new version with an APM.
+
+The command could look something like:
+
+```bash
+#!/usr/bin/env bash
+curl -q -d content="[My App] ${MRSK_PERFORMER} Rolled back to version ${MRSK_VERSION}" https://3.basecamp.com/XXXXX/integrations/XXXXX/buckets/XXXXX/chats/XXXXX/lines
+```
+
+That'll post a line like follows to a preconfigured chatbot in Basecamp:
+
+```
+[My App] [dhh] Rolled back to version d264c4e92470ad1bd18590f04466787262f605de
+```
+
+Set `--skip_hooks` to avoid running the hooks.
+
 ## Stage of development
 
 This is beta software. Commands may still move around. But we're live in production at [37signals](https://37signals.com).

data/bin/mrsk

@@ -8,7 +8,7 @@ require "mrsk"
 begin
   Mrsk::Cli::Main.start(ARGV)
 rescue SSHKit::Runner::ExecuteError => e
-  puts "  \e[31mERROR (#{e.cause.class}): #{e.cause.message}\e[0m"
+  puts "  \e[31mERROR (#{e.cause.class}): #{e.message}\e[0m"
   puts e.cause.backtrace if ENV["VERBOSE"]
   exit 1
 rescue => e

data/lib/mrsk/cli/accessory.rb

@@ -14,8 +14,6 @@ class Mrsk::Cli::Accessory < Mrsk::Cli::Base
             execute *MRSK.auditor.record("Booted #{name} accessory"), verbosity: :debug
             execute *accessory.run
           end
-
-          audit_broadcast "Booted accessory #{name}" unless options[:skip_broadcast]
         end
       end
     end

data/lib/mrsk/cli/app.rb

@@ -2,37 +2,39 @@ class Mrsk::Cli::App < Mrsk::Cli::Base
   desc "boot", "Boot app on servers (or reboot app if already running)"
   def boot
     with_lock do
-      say "Get most recent version available as an image...", :magenta unless options[:version]
-      using_version(version_or_latest) do |version|
-        say "Start container with version #{version} using a #{MRSK.config.readiness_delay}s readiness delay (or reboot if already running)...", :magenta
+      hold_lock_on_error do
+        say "Get most recent version available as an image...", :magenta unless options[:version]
+        using_version(version_or_latest) do |version|
+          say "Start container with version #{version} using a #{MRSK.config.readiness_delay}s readiness delay (or reboot if already running)...", :magenta
+
+          on(MRSK.hosts) do
+            execute *MRSK.auditor.record("Tagging #{MRSK.config.absolute_image} as the latest image"), verbosity: :debug
+            execute *MRSK.app.tag_current_as_latest
+          end
 
-        on(MRSK.hosts) do
-          execute *MRSK.auditor.record("Tagging #{MRSK.config.absolute_image} as the latest image"), verbosity: :debug
-          execute *MRSK.app.tag_current_as_latest
-        end
+          on(MRSK.hosts, **MRSK.boot_strategy) do |host|
+            roles = MRSK.roles_on(host)
 
-        on(MRSK.hosts, **MRSK.boot_strategy) do |host|
-          roles = MRSK.roles_on(host)
+            roles.each do |role|
+              app = MRSK.app(role: role)
+              auditor = MRSK.auditor(role: role)
 
-          roles.each do |role|
-            app = MRSK.app(role: role)
-            auditor = MRSK.auditor(role: role)
-
-            execute *auditor.record("Booted app version #{version}"), verbosity: :debug
+              if capture_with_info(*app.container_id_for_version(version, only_running: true), raise_on_non_zero_exit: false).present?
+                tmp_version = "#{version}_replaced_#{SecureRandom.hex(8)}"
+                info "Renaming container #{version} to #{tmp_version} as already deployed on #{host}"
+                execute *auditor.record("Renaming container #{version} to #{tmp_version}"), verbosity: :debug
+                execute *app.rename_container(version: version, new_version: tmp_version)
+              end
 
-            if capture_with_info(*app.container_id_for_version(version), raise_on_non_zero_exit: false).present?
-              tmp_version = "#{version}_#{SecureRandom.hex(8)}"
-              info "Renaming container #{version} to #{tmp_version} as already deployed on #{host}"
-              execute *auditor.record("Renaming container #{version} to #{tmp_version}"), verbosity: :debug
-              execute *app.rename_container(version: version, new_version: tmp_version)
-            end
+              execute *auditor.record("Booted app version #{version}"), verbosity: :debug
 
-            old_version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
-            execute *app.run
+              old_version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
+              execute *app.start_or_run
 
-            Mrsk::Utils::HealthcheckPoller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
+              Mrsk::Utils::HealthcheckPoller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
 
-            execute *app.stop(version: old_version), raise_on_non_zero_exit: false if old_version.present?
+              execute *app.stop(version: old_version), raise_on_non_zero_exit: false if old_version.present?
+            end
           end
         end
       end

data/lib/mrsk/cli/base.rb

@@ -20,7 +20,7 @@ module Mrsk::Cli
     class_option :config_file, aliases: "-c", default: "config/deploy.yml", desc: "Path to config file"
     class_option :destination, aliases: "-d", desc: "Specify destination to be used for config file (staging -> deploy.staging.yml)"
 
-    class_option :skip_broadcast, aliases: "-B", type: :boolean, default: false, desc: "Skip audit broadcasts"
+    class_option :skip_hooks, aliases: "-H", type: :boolean, default: false, desc: "Don't run hooks"
 
     def initialize(*)
       super
@@ -72,14 +72,12 @@ module Mrsk::Cli
         puts "  Finished all in #{sprintf("%.1f seconds", runtime)}"
       end
 
-      def audit_broadcast(line)
-        run_locally { execute *MRSK.auditor.broadcast(line), verbosity: :debug }
-      end
-
       def with_lock
         if MRSK.holding_lock?
           yield
         else
+          run_hook "pre-connect"
+
           acquire_lock
 
           begin
@@ -99,26 +97,32 @@ module Mrsk::Cli
       end
 
       def acquire_lock
-        say "Acquiring the deploy lock"
-        on(MRSK.primary_host) { execute *MRSK.lock.acquire("Automatic deploy lock", MRSK.config.version) }
+        raise_if_locked do
+          say "Acquiring the deploy lock...", :magenta
+          on(MRSK.primary_host) { execute *MRSK.lock.acquire("Automatic deploy lock", MRSK.config.version), verbosity: :debug }
+        end
 
         MRSK.holding_lock = true
+      end
+
+      def release_lock
+        say "Releasing the deploy lock...", :magenta
+        on(MRSK.primary_host) { execute *MRSK.lock.release, verbosity: :debug }
+
+        MRSK.holding_lock = false
+      end
+
+      def raise_if_locked
+        yield
       rescue SSHKit::Runner::ExecuteError => e
         if e.message =~ /cannot create directory/
-          on(MRSK.primary_host) { execute *MRSK.lock.status }
+          on(MRSK.primary_host) { puts capture_with_debug(*MRSK.lock.status) }
           raise LockError, "Deploy lock found"
         else
           raise e
         end
       end
 
-      def release_lock
-        say "Releasing the deploy lock"
-        on(MRSK.primary_host) { execute *MRSK.lock.release }
-
-        MRSK.holding_lock = false
-      end
-
       def hold_lock_on_error
         if MRSK.hold_lock_on_error?
           yield
@@ -128,5 +132,16 @@ module Mrsk::Cli
           MRSK.hold_lock_on_error = false
         end
       end
+
+      def run_hook(hook, **details)
+        if !options[:skip_hooks] && MRSK.hook.hook_exists?(hook)
+          say "Running the #{hook} hook...", :magenta
+          run_locally do
+            MRSK.with_verbosity(:debug) { execute *MRSK.hook.run(hook, **details, hosts: MRSK.hosts.join(",")) }
+          rescue SSHKit::Command::Failed
+            raise HookError.new("Hook `#{hook}` failed")
+          end
+        end
+      end
   end
 end

data/lib/mrsk/cli/build.rb

@@ -14,11 +14,12 @@ class Mrsk::Cli::Build < Mrsk::Cli::Base
     with_lock do
       cli = self
 
+      verify_local_dependencies
+      run_hook "pre-build"
+
       run_locally do
         begin
-          if cli.verify_local_dependencies
-            MRSK.with_verbosity(:debug) { execute *MRSK.builder.push }
-          end
+          MRSK.with_verbosity(:debug) { execute *MRSK.builder.push }
         rescue SSHKit::Command::Failed => e
           if e.message =~ /(no builder)|(no such file or directory)/
             error "Missing compatible builder, so creating a new one first"
@@ -82,21 +83,18 @@ class Mrsk::Cli::Build < Mrsk::Cli::Base
     end
   end
 
+  private
+    def verify_local_dependencies
+      run_locally do
+        begin
+          execute *MRSK.builder.ensure_local_dependencies_installed
+        rescue SSHKit::Command::Failed => e
+          build_error = e.message =~ /command not found/ ?
+            "Docker is not installed locally" :
+            "Docker buildx plugin is not installed locally"
 
-  desc "", "" # Really a private method, but needed to be invoked from #push
-  def verify_local_dependencies
-    run_locally do
-      begin
-        execute *MRSK.builder.ensure_local_dependencies_installed
-      rescue SSHKit::Command::Failed => e
-        build_error = e.message =~ /command not found/ ?
-          "Docker is not installed locally" :
-          "Docker buildx plugin is not installed locally"
-
-        raise BuildError, build_error
+          raise BuildError, build_error
+        end
       end
     end
-
-    true
-  end
 end

data/lib/mrsk/cli/lock.rb

@@ -2,7 +2,7 @@ class Mrsk::Cli::Lock < Mrsk::Cli::Base
   desc "status", "Report lock status"
   def status
     handle_missing_lock do
-      on(MRSK.primary_host) { puts capture_with_info(*MRSK.lock.status) }
+      on(MRSK.primary_host) { puts capture_with_debug(*MRSK.lock.status) }
     end
   end
 
@@ -10,8 +10,8 @@ class Mrsk::Cli::Lock < Mrsk::Cli::Base
   option :message, aliases: "-m", type: :string, desc: "A lock mesasge", required: true
   def acquire
     message = options[:message]
-    handle_missing_lock do
-      on(MRSK.primary_host) { execute *MRSK.lock.acquire(message, MRSK.config.version) }
+    raise_if_locked do
+      on(MRSK.primary_host) { execute *MRSK.lock.acquire(message, MRSK.config.version), verbosity: :debug }
       say "Acquired the deploy lock"
     end
   end
@@ -19,7 +19,7 @@ class Mrsk::Cli::Lock < Mrsk::Cli::Base
   desc "release", "Release the deploy lock"
   def release
     handle_missing_lock do
-      on(MRSK.primary_host) { execute *MRSK.lock.release }
+      on(MRSK.primary_host) { execute *MRSK.lock.release, verbosity: :debug }
       say "Released the deploy lock"
     end
   end

data/lib/mrsk/cli/main.rb

@@ -1,8 +1,8 @@
 class Mrsk::Cli::Main < Mrsk::Cli::Base
   desc "setup", "Setup all accessories and deploy app to servers"
   def setup
-    with_lock do
-      print_runtime do
+    print_runtime do
+      with_lock do
         invoke "mrsk:cli:server:bootstrap"
         invoke "mrsk:cli:accessory:boot", [ "all" ]
         deploy
@@ -13,10 +13,10 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
   desc "deploy", "Deploy app to servers"
   option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
   def deploy
-    with_lock do
-      invoke_options = deploy_options
+    runtime = print_runtime do
+      with_lock do
+        invoke_options = deploy_options
 
-      runtime = print_runtime do
         say "Log into image registry...", :magenta
         invoke "mrsk:cli:registry:login", [], invoke_options
 
@@ -37,25 +37,23 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
         say "Detect stale containers...", :magenta
         invoke "mrsk:cli:app:stale_containers", [], invoke_options
 
-        hold_lock_on_error do
-          invoke "mrsk:cli:app:boot", [], invoke_options
-        end
+        invoke "mrsk:cli:app:boot", [], invoke_options
 
         say "Prune old containers and images...", :magenta
         invoke "mrsk:cli:prune:all", [], invoke_options
       end
-
-      audit_broadcast "Deployed #{service_version} in #{runtime.round} seconds" unless options[:skip_broadcast]
     end
+
+    run_hook "post-deploy", runtime: runtime.round
   end
 
   desc "redeploy", "Deploy app to servers without bootstrapping servers, starting Traefik, pruning, and registry login"
   option :skip_push, aliases: "-P", type: :boolean, default: false, desc: "Skip image build and push"
   def redeploy
-    with_lock do
-      invoke_options = deploy_options
+    runtime = print_runtime do
+      with_lock do
+        invoke_options = deploy_options
 
-      runtime = print_runtime do
         if options[:skip_push]
           say "Pull app image...", :magenta
           invoke "mrsk:cli:build:pull", [], invoke_options
@@ -70,55 +68,33 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
         say "Detect stale containers...", :magenta
         invoke "mrsk:cli:app:stale_containers", [], invoke_options
 
-        hold_lock_on_error do
-          invoke "mrsk:cli:app:boot", [], invoke_options
-        end
+        invoke "mrsk:cli:app:boot", [], invoke_options
       end
-
-      audit_broadcast "Redeployed #{service_version} in #{runtime.round} seconds" unless options[:skip_broadcast]
     end
+
+    run_hook "post-deploy", runtime: runtime.round
   end
 
   desc "rollback [VERSION]", "Rollback app to VERSION"
   def rollback(version)
-    with_lock do
-      invoke_options = deploy_options
+    rolled_back = false
+    runtime = print_runtime do
+      with_lock do
+        invoke_options = deploy_options
 
-      hold_lock_on_error do
         MRSK.config.version = version
         old_version = nil
 
         if container_available?(version)
-          say "Start version #{version}, then wait #{MRSK.config.readiness_delay}s for app to boot before stopping the old version...", :magenta
-
-          on(MRSK.hosts) do
-            execute *MRSK.auditor.record("Tagging #{MRSK.config.absolute_image} as the latest image"), verbosity: :debug
-            execute *MRSK.app.tag_current_as_latest
-          end
-
-          on(MRSK.hosts) do |host|
-            roles = MRSK.roles_on(host)
-
-            roles.each do |role|
-              app = MRSK.app(role: role)
-              old_version = capture_with_info(*app.current_running_version).strip.presence
-
-              execute *app.start
-
-              if old_version
-                sleep MRSK.config.readiness_delay
-
-                execute *app.stop(version: old_version), raise_on_non_zero_exit: false
-              end
-            end
-          end
-
-          audit_broadcast "Rolled back #{service_version(Mrsk::Utils.abbreviate_version(old_version))} to #{service_version}" unless options[:skip_broadcast]
+          invoke "mrsk:cli:app:boot", [], invoke_options.merge(version: version)
+          rolled_back = true
         else
           say "The app version '#{version}' is not available as a container (use 'mrsk app containers' for available versions)", :red
         end
       end
     end
+
+    run_hook "post-deploy", runtime: runtime.round if rolled_back
   end
 
   desc "details", "Show details about all containers"
@@ -160,6 +136,14 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
       puts "Created .env file"
     end
 
+    unless (hooks_dir = Pathname.new(File.expand_path(".mrsk/hooks"))).exist?
+      hooks_dir.mkpath
+      Pathname.new(File.expand_path("templates/sample_hooks", __dir__)).each_child do |sample_hook|
+        FileUtils.cp sample_hook, hooks_dir, preserve: true
+      end
+      puts "Created sample hooks in .mrsk/hooks"
+    end
+
     if options[:bundle]
       if (binstub = Pathname.new(File.expand_path("bin/mrsk"))).exist?
         puts "Binstub already exists in bin/mrsk (remove first to create a new one)"
@@ -200,13 +184,6 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
     end
   end
 
-  desc "broadcast", "Broadcast an audit message"
-  option :message, aliases: "-m", type: :string, desc: "Audit mesasge", required: true
-  def broadcast
-    say "Broadcast: #{options[:message]}", :magenta
-    audit_broadcast options[:message]
-  end
-
   desc "version", "Show MRSK version"
   def version
     puts Mrsk::VERSION
@@ -224,6 +201,9 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
   desc "healthcheck", "Healthcheck application"
   subcommand "healthcheck", Mrsk::Cli::Healthcheck
 
+  desc "lock", "Manage the deploy lock"
+  subcommand "lock", Mrsk::Cli::Lock
+
   desc "prune", "Prune old application images and containers"
   subcommand "prune", Mrsk::Cli::Prune
 
@@ -236,9 +216,6 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
   desc "traefik", "Manage Traefik load balancer"
   subcommand "traefik", Mrsk::Cli::Traefik
 
-  desc "lock", "Manage the deploy lock"
-  subcommand "lock", Mrsk::Cli::Lock
-
   private
     def container_available?(version)
       begin
@@ -263,8 +240,4 @@ class Mrsk::Cli::Main < Mrsk::Cli::Base
     def deploy_options
       { "version" => MRSK.config.version }.merge(options.without("skip_push"))
     end
-
-    def service_version(version = MRSK.config.abbreviated_version)
-      [ MRSK.config.service, version ].compact.join("@")
-    end
 end

data/lib/mrsk/cli/templates/deploy.yml

@@ -25,10 +25,6 @@ registry:
 #   secret:
 #     - RAILS_MASTER_KEY
 
-# Call a broadcast command on deploys.
-# audit_broadcast_cmd:
-#   bin/broadcast_to_bc
-
 # Use a different ssh user than root
 # ssh:
 #   user: app

data/lib/mrsk/cli/templates/sample_hooks/post-deploy.sample

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# A sample post-deploy hook
+#
+# These environment variables are available:
+# MRSK_RECORDED_AT
+# MRSK_PERFORMER
+# MRSK_VERSION
+# MRSK_HOSTS
+# MRSK_ROLE (if set)
+# MRSK_DESTINATION (if set)
+# MRSK_RUNTIME
+
+echo "$MRSK_PERFORMER deployed $MRSK_VERSION to $MRSK_DESTINATION in $MRSK_RUNTIME seconds"

data/lib/mrsk/cli/templates/sample_hooks/pre-build.sample

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# A sample pre-build hook
+#
+# Checks:
+# 1. We have a clean checkout
+# 2. A remote is configured
+# 3. The branch has been pushed to the remote
+# 4. The version we are deploying matches the remote
+#
+# These environment variables are available:
+# MRSK_RECORDED_AT
+# MRSK_PERFORMER
+# MRSK_VERSION
+# MRSK_HOSTS
+# MRSK_ROLE (if set)
+# MRSK_DESTINATION (if set)
+
+if [ -n "$(git status --porcelain)" ]; then
+  echo "Git checkout is not clean, aborting..." >&2
+  git status --porcelain >&2
+  exit 1
+fi
+
+first_remote=$(git remote)
+
+if [ -z "$first_remote" ]; then
+  echo "No git remote set, aborting..." >&2
+  exit 1
+fi
+
+current_branch=$(git branch --show-current)
+
+if [ -z "$current_branch" ]; then
+  echo "No git remote set, aborting..." >&2
+  exit 1
+fi
+
+remote_head=$(git ls-remote $first_remote --tags $current_branch | cut -f1)
+
+if [ -z "$remote_head" ]; then
+  echo "Branch not pushed to remote, aborting..." >&2
+  exit 1
+fi
+
+if [ "$MRSK_VERSION" != "$remote_head" ]; then
+  echo "Version ($MRSK_VERSION) does not match remote HEAD ($remote_head), aborting..." >&2
+  exit 1
+fi
+
+exit 0

data/lib/mrsk/cli/templates/sample_hooks/pre-connect.sample

@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+
+# A sample pre-connect check
+#
+# Warms DNS before connecting to hosts in parallel
+#
+# These environment variables are available:
+# MRSK_RECORDED_AT
+# MRSK_PERFORMER
+# MRSK_VERSION
+# MRSK_HOSTS
+# MRSK_ROLE (if set)
+# MRSK_DESTINATION (if set)
+# MRSK_RUNTIME
+
+hosts = ENV["MRSK_HOSTS"].split(",")
+results = nil
+max = 3
+
+elapsed = Benchmark.realtime do
+  results = hosts.map do |host|
+    Thread.new do
+      tries = 1
+
+      begin
+        Socket.getaddrinfo(host, 0, Socket::AF_UNSPEC, Socket::SOCK_STREAM, nil, Socket::AI_CANONNAME)
+      rescue SocketError
+        if tries < max
+          puts "Retrying DNS warmup: #{host}"
+          tries += 1
+          sleep rand
+          retry
+        else
+          puts "DNS warmup failed: #{host}"
+          host
+        end
+      end
+
+      tries
+    end
+  end.map(&:value)
+end
+
+retries = results.sum - hosts.size
+nopes = results.count { |r| r == max }
+
+puts "Prewarmed %d DNS lookups in %.2f sec: %d retries, %d failures" % [ hosts.size, elapsed, retries, nopes ]

data/lib/mrsk/cli.rb

@@ -1,5 +1,6 @@
 module Mrsk::Cli
   class LockError < StandardError; end
+  class HookError < StandardError; end
 end
 
 # SSHKit uses instance eval, so we need a global const for ergonomics

data/lib/mrsk/commander.rb

@@ -100,6 +100,14 @@ class Mrsk::Commander
     @healthcheck ||= Mrsk::Commands::Healthcheck.new(config)
   end
 
+  def hook
+    @hook ||= Mrsk::Commands::Hook.new(config)
+  end
+
+  def lock
+    @lock ||= Mrsk::Commands::Lock.new(config)
+  end
+
   def prune
     @prune ||= Mrsk::Commands::Prune.new(config)
   end
@@ -112,10 +120,6 @@ class Mrsk::Commander
     @traefik ||= Mrsk::Commands::Traefik.new(config)
   end
 
-  def lock
-    @lock ||= Mrsk::Commands::Lock.new(config)
-  end
-
   def with_verbosity(level)
     old_level = self.verbosity
 

data/lib/mrsk/commands/app.rb

@@ -6,6 +6,10 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
     @role = role
   end
 
+  def start_or_run
+    combine start, run, by: "||"
+  end
+
   def run
     role = config.role(self.role)
 
@@ -91,8 +95,8 @@ class Mrsk::Commands::App < Mrsk::Commands::Base
     docker :ps, "--quiet", *filter_args(status: :running), "--latest"
   end
 
-  def container_id_for_version(version)
-    container_id_for(container_name: container_name(version))
+  def container_id_for_version(version, only_running: false)
+    container_id_for(container_name: container_name(version), only_running: only_running)
   end
 
   def current_running_version

data/lib/mrsk/commands/auditor.rb

@@ -1,27 +1,18 @@
-require "time"
-
 class Mrsk::Commands::Auditor < Mrsk::Commands::Base
   attr_reader :details
 
   def initialize(config, **details)
     super(config)
-    @details = default_details.merge(details)
+    @details = details
   end
 
   # Runs remotely
   def record(line, **details)
     append \
-      [ :echo, *audit_tags(**details), line ],
+      [ :echo, audit_tags(**details).except(:version, :service_version).to_s, line ],
       audit_log_file
   end
 
-  # Runs locally
-  def broadcast(line, **details)
-    if broadcast_cmd = config.audit_broadcast_cmd
-      [ broadcast_cmd, *broadcast_args(line, **details), env: env_for(event: line, **details) ]
-    end
-  end
-
   def reveal
     [ :tail, "-n", 50, audit_log_file ]
   end
@@ -31,29 +22,7 @@ class Mrsk::Commands::Auditor < Mrsk::Commands::Base
       [ "mrsk", config.service, config.destination, "audit.log" ].compact.join("-")
     end
 
-    def default_details
-      { recorded_at: Time.now.utc.iso8601,
-        performer: `whoami`.chomp,
-        destination: config.destination }
-    end
-
     def audit_tags(**details)
-      tags_for **self.details.merge(details)
-    end
-
-    def broadcast_args(line, **details)
-      "'#{broadcast_tags(**details).join(" ")} #{line}'"
-    end
-
-    def broadcast_tags(**details)
-      tags_for **self.details.merge(details).except(:recorded_at)
-    end
-
-    def tags_for(**details)
-      details.compact.values.map { |value| "[#{value}]" }
-    end
-
-    def env_for(**details)
-      self.details.merge(details).compact.transform_keys { |detail| "MRSK_#{detail.upcase}" }
+      tags(**self.details, **details)
     end
 end

data/lib/mrsk/commands/base.rb

@@ -18,8 +18,8 @@ module Mrsk::Commands
       end
     end
 
-    def container_id_for(container_name:)
-      docker :container, :ls, "--all", "--filter", "name=^#{container_name}$", "--quiet"
+    def container_id_for(container_name:, only_running: false)
+      docker :container, :ls, *("--all" unless only_running), "--filter", "name=^#{container_name}$", "--quiet"
     end
 
     private
@@ -53,5 +53,9 @@ module Mrsk::Commands
       def docker(*args)
         args.compact.unshift :docker
       end
+
+      def tags(**details)
+        Mrsk::Tags.from_config(config, **details)
+      end
   end
 end

data/lib/mrsk/commands/hook.rb

@@ -0,0 +1,14 @@
+class Mrsk::Commands::Hook < Mrsk::Commands::Base
+  def run(hook, **details)
+    [ hook_file(hook), env: tags(**details).env ]
+  end
+
+  def hook_exists?(hook)
+    Pathname.new(hook_file(hook)).exist?
+  end
+
+  private
+    def hook_file(hook)
+      "#{config.hooks_path}/#{hook}"
+    end
+end

data/lib/mrsk/commands/traefik.rb

@@ -1,5 +1,5 @@
 class Mrsk::Commands::Traefik < Mrsk::Commands::Base
-  delegate :argumentize, :optionize, to: Mrsk::Utils
+  delegate :argumentize, :argumentize_env_with_secrets, :optionize, to: Mrsk::Utils
 
   DEFAULT_IMAGE = "traefik:v2.9"
   CONTAINER_PORT = 80
@@ -10,6 +10,7 @@ class Mrsk::Commands::Traefik < Mrsk::Commands::Base
       "--restart", "unless-stopped",
       "--publish", port,
       "--volume", "/var/run/docker.sock:/var/run/docker.sock",
+      *env_args,
       *config.logging_args,
       *label_args,
       *docker_options_args,
@@ -61,6 +62,16 @@ class Mrsk::Commands::Traefik < Mrsk::Commands::Base
       argumentize "--label", labels
     end
 
+    def env_args
+      env_config = config.traefik["env"] || {}
+
+      if env_config.present?
+        argumentize_env_with_secrets(env_config)
+      else
+        []
+      end
+    end
+
     def labels
       config.traefik["labels"] || []
     end

data/lib/mrsk/configuration/role.rb

@@ -37,7 +37,7 @@ class Mrsk::Configuration::Role
 
   def health_check_args
     if health_check_cmd.present?
-      optionize({ "health-cmd" => health_check_cmd, "health-interval" => "1s" })
+      optionize({ "health-cmd" => health_check_cmd, "health-interval" => health_check_interval })
     else
       []
     end
@@ -50,6 +50,13 @@ class Mrsk::Configuration::Role
     options["cmd"] || http_health_check(port: options["port"], path: options["path"])
   end
 
+  def health_check_interval
+    options = specializations["healthcheck"] || {}
+    options = config.healthcheck.merge(options) if running_traefik?
+
+    options["interval"] || "1s"
+  end
+
   def cmd
     specializations["cmd"]
   end

data/lib/mrsk/configuration.rb

@@ -6,7 +6,7 @@ require "erb"
 require "net/ssh/proxy/jump"
 
 class Mrsk::Configuration
-  delegate :service, :image, :servers, :env, :labels, :registry, :builder, :stop_wait_time, to: :raw_config, allow_nil: true
+  delegate :service, :image, :servers, :env, :labels, :registry, :builder, :stop_wait_time, :hooks_path, to: :raw_config, allow_nil: true
   delegate :argumentize, :argumentize_env_with_secrets, :optionize, to: Mrsk::Utils
 
   attr_accessor :destination
@@ -50,7 +50,7 @@ class Mrsk::Configuration
   end
 
   def version
-    @declared_version.presence || ENV["VERSION"] || current_commit_hash
+    @declared_version.presence || ENV["VERSION"] || git_version
   end
 
   def abbreviated_version
@@ -157,10 +157,6 @@ class Mrsk::Configuration
   end
 
 
-  def audit_broadcast_cmd
-    raw_config.audit_broadcast_cmd
-  end
-
   def healthcheck
     { "path" => "/up", "port" => 3000, "max_attempts" => 7 }.merge(raw_config.healthcheck || {})
   end
@@ -197,6 +193,10 @@ class Mrsk::Configuration
     raw_config.traefik || {}
   end
 
+  def hooks_path
+    raw_config.hooks_path || ".mrsk/hooks"
+  end
+
   private
     # Will raise ArgumentError if any required config keys are missing
     def ensure_required_keys_present
@@ -233,10 +233,12 @@ class Mrsk::Configuration
       raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
     end
 
-    def current_commit_hash
-      @current_commit_hash ||=
+    def git_version
+      @git_version ||=
         if system("git rev-parse")
-          `git rev-parse HEAD`.strip
+          uncommitted_suffix = `git status --porcelain`.strip.present? ? "_uncommitted_#{SecureRandom.hex(8)}" : ""
+
+          "#{`git rev-parse HEAD`.strip}#{uncommitted_suffix}"
         else
           raise "Can't use commit hash as version, no git repository found in #{Dir.pwd}"
         end

data/lib/mrsk/sshkit_with_ext.rb

@@ -8,6 +8,10 @@ class SSHKit::Backend::Abstract
     capture(*args, **kwargs, verbosity: Logger::INFO)
   end
 
+  def capture_with_debug(*args, **kwargs)
+    capture(*args, **kwargs, verbosity: Logger::DEBUG)
+  end
+
   def capture_with_pretty_json(*args, **kwargs)
     JSON.pretty_generate(JSON.parse(capture(*args, **kwargs)))
   end

data/lib/mrsk/tags.rb

@@ -0,0 +1,39 @@
+require "time"
+
+class Mrsk::Tags
+  attr_reader :config, :tags
+
+  class << self
+    def from_config(config, **extra)
+      new(**default_tags(config), **extra)
+    end
+
+    def default_tags(config)
+      { recorded_at: Time.now.utc.iso8601,
+        performer: `whoami`.chomp,
+        destination: config.destination,
+        version: config.version,
+        service_version: service_version(config) }
+    end
+
+    def service_version(config)
+      [ config.service, config.abbreviated_version ].compact.join("@")
+    end
+  end
+
+  def initialize(**tags)
+    @tags = tags.compact
+  end
+
+  def env
+    tags.transform_keys { |detail| "MRSK_#{detail.upcase}" }
+  end
+
+  def to_s
+    tags.values.map { |value| "[#{value}]" }.join(" ")
+  end
+
+  def except(*tags)
+    self.class.new(**self.tags.except(*tags))
+  end
+end

data/lib/mrsk/utils.rb

@@ -84,6 +84,13 @@ module Mrsk::Utils
 
   # Abbreviate a git revhash for concise display
   def abbreviate_version(version)
-    version[0...7] if version
+    if version
+      # Don't abbreviate <sha>_uncommitted_<etc>
+      if version.include?("_")
+        version
+      else
+        version[0...7]
+      end
+    end
   end
 end

data/lib/mrsk/version.rb

@@ -1,3 +1,3 @@
 module Mrsk
-  VERSION = "0.12.1"
+  VERSION = "0.13.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mrsk
 version: !ruby/object:Gem::Version
-  version: 0.12.1
+  version: 0.13.0
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-05 00:00:00.000000000 Z
+date: 2023-05-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -187,6 +187,9 @@ files:
 - lib/mrsk/cli/registry.rb
 - lib/mrsk/cli/server.rb
 - lib/mrsk/cli/templates/deploy.yml
+- lib/mrsk/cli/templates/sample_hooks/post-deploy.sample
+- lib/mrsk/cli/templates/sample_hooks/pre-build.sample
+- lib/mrsk/cli/templates/sample_hooks/pre-connect.sample
 - lib/mrsk/cli/templates/template.env
 - lib/mrsk/cli/traefik.rb
 - lib/mrsk/commander.rb
@@ -203,6 +206,7 @@ files:
 - lib/mrsk/commands/builder/native/remote.rb
 - lib/mrsk/commands/docker.rb
 - lib/mrsk/commands/healthcheck.rb
+- lib/mrsk/commands/hook.rb
 - lib/mrsk/commands/lock.rb
 - lib/mrsk/commands/prune.rb
 - lib/mrsk/commands/registry.rb
@@ -212,6 +216,7 @@ files:
 - lib/mrsk/configuration/boot.rb
 - lib/mrsk/configuration/role.rb
 - lib/mrsk/sshkit_with_ext.rb
+- lib/mrsk/tags.rb
 - lib/mrsk/utils.rb
 - lib/mrsk/utils/healthcheck_poller.rb
 - lib/mrsk/utils/sensitive.rb