nocoffee-kamal 2.3.0.1

data/lib/kamal/commands/app.rb

@@ -0,0 +1,115 @@
+class Kamal::Commands::App < Kamal::Commands::Base
+  include Assets, Containers, Execution, Images, Logging, Proxy
+
+  ACTIVE_DOCKER_STATUSES = [ :running, :restarting ]
+
+  attr_reader :role, :host
+
+  delegate :container_name, to: :role
+
+  def initialize(config, role: nil, host: nil)
+    super(config)
+    @role = role
+    @host = host
+  end
+
+  def run(hostname: nil)
+    docker :run,
+      "--detach",
+      "--restart unless-stopped",
+      "--name", container_name,
+      "--network", "kamal",
+      *([ "--hostname", hostname ] if hostname),
+      "-e", "KAMAL_CONTAINER_NAME=\"#{container_name}\"",
+      "-e", "KAMAL_VERSION=\"#{config.version}\"",
+      *role.env_args(host),
+      *role.logging_args,
+      *config.volume_args,
+      *role.asset_volume_args,
+      *role.label_args,
+      *role.option_args,
+      config.absolute_image,
+      role.cmd
+  end
+
+  def start
+    docker :start, container_name
+  end
+
+  def status(version:)
+    pipe container_id_for_version(version), xargs(docker(:inspect, "--format", DOCKER_HEALTH_STATUS_FORMAT))
+  end
+
+  def stop(version: nil)
+    pipe \
+      version ? container_id_for_version(version) : current_running_container_id,
+      xargs(docker(:stop, *role.stop_args))
+  end
+
+  def info
+    docker :ps, *filter_args
+  end
+
+
+  def current_running_container_id
+    current_running_container(format: "--quiet")
+  end
+
+  def container_id_for_version(version, only_running: false)
+    container_id_for(container_name: container_name(version), only_running: only_running)
+  end
+
+  def current_running_version
+    pipe \
+      current_running_container(format: "--format '{{.Names}}'"),
+      extract_version_from_name
+  end
+
+  def list_versions(*docker_args, statuses: nil)
+    pipe \
+      docker(:ps, *filter_args(statuses: statuses), *docker_args, "--format", '"{{.Names}}"'),
+      extract_version_from_name
+  end
+
+  def ensure_env_directory
+    make_directory role.env_directory
+  end
+
+  private
+    def latest_image_id
+      docker :image, :ls, *argumentize("--filter", "reference=#{config.latest_image}"), "--format", "'{{.ID}}'"
+    end
+
+    def current_running_container(format:)
+      pipe \
+        shell(chain(latest_image_container(format: format), latest_container(format: format))),
+        [ :head, "-1" ]
+    end
+
+    def latest_image_container(format:)
+      latest_container format: format, filters: [ "ancestor=$(#{latest_image_id.join(" ")})" ]
+    end
+
+    def latest_container(format:, filters: nil)
+      docker :ps, "--latest", *format, *filter_args(statuses: ACTIVE_DOCKER_STATUSES), argumentize("--filter", filters)
+    end
+
+    def filter_args(statuses: nil)
+      argumentize "--filter", filters(statuses: statuses)
+    end
+
+    def extract_version_from_name
+      # Extract SHA from "service-role-dest-SHA"
+      %(while read line; do echo ${line##{role.container_prefix}-}; done)
+    end
+
+    def filters(statuses: nil)
+      [ "label=service=#{config.service}" ].tap do |filters|
+        filters << "label=destination=#{config.destination}" if config.destination
+        filters << "label=role=#{role}" if role
+        statuses&.each do |status|
+          filters << "status=#{status}"
+        end
+      end
+    end
+end

data/lib/kamal/commands/auditor.rb

@@ -0,0 +1,33 @@
+class Kamal::Commands::Auditor < Kamal::Commands::Base
+  attr_reader :details
+
+  def initialize(config, **details)
+    super(config)
+    @details = details
+  end
+
+  # Runs remotely
+  def record(line, **details)
+    combine \
+      [ :mkdir, "-p", config.run_directory ],
+      append(
+        [ :echo, audit_tags(**details).except(:version, :service_version, :service).to_s, line ],
+        audit_log_file
+      )
+  end
+
+  def reveal
+    [ :tail, "-n", 50, audit_log_file ]
+  end
+
+  private
+    def audit_log_file
+      file = [ config.service, config.destination, "audit.log" ].compact.join("-")
+
+      File.join(config.run_directory, file)
+    end
+
+    def audit_tags(**details)
+      tags(**self.details, **details)
+    end
+end

data/lib/kamal/commands/base.rb

@@ -0,0 +1,98 @@
+module Kamal::Commands
+  class Base
+    delegate :sensitive, :argumentize, to: Kamal::Utils
+
+    DOCKER_HEALTH_STATUS_FORMAT = "'{{if .State.Health}}{{.State.Health.Status}}{{else}}{{.State.Status}}{{end}}'"
+
+    attr_accessor :config
+
+    def initialize(config)
+      @config = config
+    end
+
+    def run_over_ssh(*command, host:)
+      "ssh#{ssh_proxy_args} -t #{config.ssh.user}@#{host} -p #{config.ssh.port} '#{command.join(" ").gsub("'", "'\\\\''")}'"
+    end
+
+    def container_id_for(container_name:, only_running: false)
+      docker :container, :ls, *("--all" unless only_running), "--filter", "name=^#{container_name}$", "--quiet"
+    end
+
+    def make_directory_for(remote_file)
+      make_directory Pathname.new(remote_file).dirname.to_s
+    end
+
+    def make_directory(path)
+      [ :mkdir, "-p", path ]
+    end
+
+    def remove_directory(path)
+      [ :rm, "-r", path ]
+    end
+
+    def remove_file(path)
+      [ :rm, path ]
+    end
+
+    private
+      def combine(*commands, by: "&&")
+        commands
+          .compact
+          .collect { |command| Array(command) + [ by ] }.flatten # Join commands
+          .tap     { |commands| commands.pop } # Remove trailing combiner
+      end
+
+      def chain(*commands)
+        combine *commands, by: ";"
+      end
+
+      def pipe(*commands)
+        combine *commands, by: "|"
+      end
+
+      def append(*commands)
+        combine *commands, by: ">>"
+      end
+
+      def write(*commands)
+        combine *commands, by: ">"
+      end
+
+      def any(*commands)
+        combine *commands, by: "||"
+      end
+
+      def xargs(command)
+        [ :xargs, command ].flatten
+      end
+
+      def shell(command)
+        [ :sh, "-c", "'#{command.flatten.join(" ").gsub("'", "'\\\\''")}'" ]
+      end
+
+      def docker(*args)
+        args.compact.unshift :docker
+      end
+
+      def git(*args, path: nil)
+        [ :git, *([ "-C", path ] if path), *args.compact ]
+      end
+
+      def grep(*args)
+        args.compact.unshift :grep
+      end
+
+      def tags(**details)
+        Kamal::Tags.from_config(config, **details)
+      end
+
+      def ssh_proxy_args
+        case config.ssh.proxy
+        when Net::SSH::Proxy::Jump
+          " -J #{config.ssh.proxy.jump_proxies}"
+        when Net::SSH::Proxy::Command
+          " -o ProxyCommand='#{config.ssh.proxy.command_line_template}'"
+        end
+      end
+  end
+end

data/lib/kamal/commands/builder/base.rb

@@ -0,0 +1,111 @@
+class Kamal::Commands::Builder::Base < Kamal::Commands::Base
+  class BuilderError < StandardError; end
+
+  ENDPOINT_DOCKER_HOST_INSPECT = "'{{.Endpoints.docker.Host}}'"
+
+  delegate :argumentize, to: Kamal::Utils
+  delegate \
+    :args, :secrets, :dockerfile, :target, :arches, :local_arches, :remote_arches, :remote,
+    :cache_from, :cache_to, :ssh, :provenance, :driver, :docker_driver?,
+    to: :builder_config
+
+  def clean
+    docker :image, :rm, "--force", config.absolute_image
+  end
+
+  def push
+    docker :buildx, :build,
+      "--push",
+      *platform_options(arches),
+      *([ "--builder", builder_name ] unless docker_driver?),
+      *build_options,
+      build_context
+  end
+
+  def pull
+    docker :pull, config.absolute_image
+  end
+
+  def info
+    combine \
+      docker(:context, :ls),
+      docker(:buildx, :ls)
+  end
+
+  def inspect_builder
+    docker :buildx, :inspect, builder_name unless docker_driver?
+  end
+
+  def build_options
+    [ *build_tags, *build_cache, *build_labels, *build_args, *build_secrets, *build_dockerfile, *build_target, *build_ssh, *builder_provenance ]
+  end
+
+  def build_context
+    config.builder.context
+  end
+
+  def validate_image
+    pipe \
+      docker(:inspect, "-f", "'{{ .Config.Labels.service }}'", config.absolute_image),
+      any(
+        [ :grep, "-x", config.service ],
+        "(echo \"Image #{config.absolute_image} is missing the 'service' label\" && exit 1)"
+      )
+  end
+
+  def first_mirror
+    docker(:info, "--format '{{index .RegistryConfig.Mirrors 0}}'")
+  end
+
+  private
+    def build_tags
+      [ "-t", config.absolute_image, "-t", config.latest_image ]
+    end
+
+    def build_cache
+      if cache_to && cache_from
+        [ "--cache-to", cache_to,
+          "--cache-from", cache_from ]
+      end
+    end
+
+    def build_labels
+      argumentize "--label", { service: config.service }
+    end
+
+    def build_args
+      argumentize "--build-arg", args, sensitive: true
+    end
+
+    def build_secrets
+      argumentize "--secret", secrets.keys.collect { |secret| [ "id", secret ] }
+    end
+
+    def build_dockerfile
+      if Pathname.new(File.expand_path(dockerfile)).exist?
+        argumentize "--file", dockerfile
+      else
+        raise BuilderError, "Missing #{dockerfile}"
+      end
+    end
+
+    def build_target
+      argumentize "--target", target if target.present?
+    end
+
+    def build_ssh
+      argumentize "--ssh", ssh if ssh.present?
+    end
+
+    def builder_provenance
+      argumentize "--provenance", provenance unless provenance.nil?
+    end
+
+    def builder_config
+      config.builder
+    end
+
+    def platform_options(arches)
+      argumentize "--platform", arches.map { |arch| "linux/#{arch}" }.join(",") if arches.any?
+    end
+end

data/lib/kamal/commands/builder/clone.rb

@@ -0,0 +1,31 @@
+module Kamal::Commands::Builder::Clone
+  def clone
+    git :clone, escaped_root, "--recurse-submodules", path: config.builder.clone_directory.shellescape
+  end
+
+  def clone_reset_steps
+    [
+      git(:remote, "set-url", :origin, escaped_root, path: escaped_build_directory),
+      git(:fetch, :origin, path: escaped_build_directory),
+      git(:reset, "--hard", Kamal::Git.revision, path: escaped_build_directory),
+      git(:clean, "-fdx", path: escaped_build_directory),
+      git(:submodule, :update, "--init", path: escaped_build_directory)
+    ]
+  end
+
+  def clone_status
+    git :status, "--porcelain", path: escaped_build_directory
+  end
+
+  def clone_revision
+    git :"rev-parse", :HEAD, path: escaped_build_directory
+  end
+
+  def escaped_root
+    Kamal::Git.root.shellescape
+  end
+
+  def escaped_build_directory
+    config.builder.build_directory.shellescape
+  end
+end

data/lib/kamal/commands/builder/hybrid.rb

@@ -0,0 +1,21 @@
+class Kamal::Commands::Builder::Hybrid < Kamal::Commands::Builder::Remote
+  def create
+    combine \
+      create_local_buildx,
+      create_remote_context,
+      append_remote_buildx
+  end
+
+  private
+    def builder_name
+      "kamal-hybrid-#{driver}-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
+    end
+
+    def create_local_buildx
+      docker :buildx, :create, *platform_options(local_arches), "--name", builder_name, "--driver=#{driver}"
+    end
+
+    def append_remote_buildx
+      docker :buildx, :create, *platform_options(remote_arches), "--append", "--name", builder_name, remote_context_name
+    end
+end

data/lib/kamal/commands/builder/local.rb

@@ -0,0 +1,14 @@
+class Kamal::Commands::Builder::Local < Kamal::Commands::Builder::Base
+  def create
+    docker :buildx, :create, "--name", builder_name, "--driver=#{driver}" unless docker_driver?
+  end
+
+  def remove
+    docker :buildx, :rm, builder_name unless docker_driver?
+  end
+
+  private
+    def builder_name
+      "kamal-local-#{driver}"
+    end
+end

data/lib/kamal/commands/builder/remote.rb

@@ -0,0 +1,63 @@
+class Kamal::Commands::Builder::Remote < Kamal::Commands::Builder::Base
+  def create
+    chain \
+      create_remote_context,
+      create_buildx
+  end
+
+  def remove
+    chain \
+      remove_remote_context,
+      remove_buildx
+  end
+
+  def info
+    chain \
+      docker(:context, :ls),
+      docker(:buildx, :ls)
+  end
+
+  def inspect_builder
+    combine \
+      combine inspect_buildx, inspect_remote_context,
+      [ "(echo no compatible builder && exit 1)" ],
+      by: "||"
+  end
+
+  private
+    def builder_name
+      "kamal-remote-#{remote.gsub(/[^a-z0-9_-]/, "-")}"
+    end
+
+    def remote_context_name
+      "#{builder_name}-context"
+    end
+
+    def inspect_buildx
+      pipe \
+        docker(:buildx, :inspect, builder_name),
+        grep("-q", "Endpoint:.*#{remote_context_name}")
+    end
+
+    def inspect_remote_context
+      pipe \
+        docker(:context, :inspect, remote_context_name, "--format", ENDPOINT_DOCKER_HOST_INSPECT),
+        grep("-xq", remote)
+    end
+
+    def create_remote_context
+      docker :context, :create, remote_context_name, "--description", "'#{builder_name} host'", "--docker", "'host=#{remote}'"
+    end
+
+    def remove_remote_context
+      docker :context, :rm, remote_context_name
+    end
+
+    def create_buildx
+      docker :buildx, :create, "--name", builder_name, remote_context_name
+    end
+
+    def remove_buildx
+      docker :buildx, :rm, builder_name
+    end
+end

data/lib/kamal/commands/builder.rb

@@ -0,0 +1,56 @@
+require "active_support/core_ext/string/filters"
+
+class Kamal::Commands::Builder < Kamal::Commands::Base
+  delegate :create, :remove, :push, :clean, :pull, :info, :inspect_builder, :validate_image, :first_mirror, to: :target
+  delegate :local?, :remote?, to: "config.builder"
+
+  include Clone
+
+  def name
+    target.class.to_s.remove("Kamal::Commands::Builder::").underscore.inquiry
+  end
+
+  def target
+    if remote?
+      if local?
+        hybrid
+      else
+        remote
+      end
+    else
+      local
+    end
+  end
+
+  def remote
+    @remote ||= Kamal::Commands::Builder::Remote.new(config)
+  end
+
+  def local
+    @local ||= Kamal::Commands::Builder::Local.new(config)
+  end
+
+  def hybrid
+    @hybrid ||= Kamal::Commands::Builder::Hybrid.new(config)
+  end
+
+
+  def ensure_local_dependencies_installed
+    if name.native?
+      ensure_local_docker_installed
+    else
+      combine \
+        ensure_local_docker_installed,
+        ensure_local_buildx_installed
+    end
+  end
+
+  private
+    def ensure_local_docker_installed
+      docker "--version"
+    end
+
+    def ensure_local_buildx_installed
+      docker :buildx, "version"
+    end
+end

data/lib/kamal/commands/docker.rb

@@ -0,0 +1,34 @@
+class Kamal::Commands::Docker < Kamal::Commands::Base
+  # Install Docker using the https://github.com/docker/docker-install convenience script.
+  def install
+    pipe get_docker, :sh
+  end
+
+  # Checks the Docker client version. Fails if Docker is not installed.
+  def installed?
+    docker "-v"
+  end
+
+  # Checks the Docker server version. Fails if Docker is not running.
+  def running?
+    docker :version
+  end
+
+  # Do we have superuser access to install Docker and start system services?
+  def superuser?
+    [ '[ "${EUID:-$(id -u)}" -eq 0 ] || command -v sudo >/dev/null || command -v su >/dev/null' ]
+  end
+
+  def create_network
+    docker :network, :create, :kamal
+  end
+
+  private
+    def get_docker
+      shell \
+        any \
+          [ :curl, "-fsSL", "https://get.docker.com" ],
+          [ :wget, "-O -", "https://get.docker.com" ],
+          [ :echo, "\"exit 1\"" ]
+    end
+end

data/lib/kamal/commands/hook.rb

@@ -0,0 +1,20 @@
+class Kamal::Commands::Hook < Kamal::Commands::Base
+  def run(hook)
+    [ hook_file(hook) ]
+  end
+
+  def env(secrets: false, **details)
+    tags(**details).env.tap do |env|
+      env.merge!(config.secrets.to_h) if secrets
+    end
+  end
+
+  def hook_exists?(hook)
+    Pathname.new(hook_file(hook)).exist?
+  end
+
+  private
+    def hook_file(hook)
+      File.join(config.hooks_path, hook)
+    end
+end

data/lib/kamal/commands/lock.rb

@@ -0,0 +1,70 @@
+require "active_support/duration"
+require "time"
+require "base64"
+
+class Kamal::Commands::Lock < Kamal::Commands::Base
+  def acquire(message, version)
+    combine \
+      [ :mkdir, lock_dir ],
+      write_lock_details(message, version)
+  end
+
+  def release
+    combine \
+      [ :rm, lock_details_file ],
+      [ :rm, "-r", lock_dir ]
+  end
+
+  def status
+    combine \
+      stat_lock_dir,
+      read_lock_details
+  end
+
+  def ensure_locks_directory
+    [ :mkdir, "-p", locks_dir ]
+  end
+
+  private
+    def write_lock_details(message, version)
+      write \
+        [ :echo, "\"#{Base64.encode64(lock_details(message, version))}\"" ],
+        lock_details_file
+    end
+
+    def read_lock_details
+      pipe \
+        [ :cat, lock_details_file ],
+        [ :base64, "-d" ]
+    end
+
+    def stat_lock_dir
+      write \
+        [ :stat, lock_dir ],
+        "/dev/null"
+    end
+
+    def lock_dir
+      dir_name = [ "lock", config.service, config.destination ].compact.join("-")
+
+      File.join(config.run_directory, dir_name)
+    end
+
+    def lock_details_file
+      File.join(lock_dir, "details")
+    end
+
+    def lock_details(message, version)
+      <<~DETAILS.strip
+        Locked by: #{locked_by} at #{Time.now.utc.iso8601}
+        Version: #{version}
+        Message: #{message}
+      DETAILS
+    end
+
+    def locked_by
+      Kamal::Git.user_name
+    rescue Errno::ENOENT
+      "Unknown"
+    end
+end