nocoffee-kamal 2.3.0.1

data/lib/kamal/configuration/docs/ssh.yml

@@ -0,0 +1,70 @@
+# SSH configuration
+#
+# Kamal uses SSH to connect and run commands on your hosts.
+# By default, it will attempt to connect to the root user on port 22.
+#
+# If you are using a non-root user, you may need to bootstrap your servers manually before using them with Kamal. On Ubuntu, you’d do:
+#
+# ```shell
+# sudo apt update
+# sudo apt upgrade -y
+# sudo apt install -y docker.io curl git
+# sudo usermod -a -G docker app
+# ```
+
+# SSH options
+#
+# The options are specified under the ssh key in the configuration file.
+ssh:
+
+  # The SSH user
+  #
+  # Defaults to `root`:
+  user: app
+
+  # The SSH port
+  #
+  # Defaults to 22:
+  port: "2222"
+
+  # Proxy host
+  #
+  # Specified in the form <host> or <user>@<host>:
+  proxy: root@proxy-host
+
+  # Proxy command
+  #
+  # A custom proxy command, required for older versions of SSH:
+  proxy_command: "ssh -W %h:%p user@proxy"
+
+  # Log level
+  #
+  # Defaults to `fatal`. Set this to `debug` if you are having SSH connection issues.
+  log_level: debug
+
+  # Keys only
+  #
+  # Set to `true` to use only private keys from the `keys` and `key_data` parameters,
+  # even if ssh-agent offers more identities. This option is intended for
+  # situations where ssh-agent offers many different identities or you
+  # need to overwrite all identities and force a single one.
+  keys_only: false
+
+  # Keys
+  #
+  # An array of file names of private keys to use for public key
+  # and host-based authentication:
+  keys: [ "~/.ssh/id.pem" ]
+
+  # Key data
+  #
+  # An array of strings, with each element of the array being
+  # a raw private key in PEM format.
+  key_data: [ "-----BEGIN OPENSSH PRIVATE KEY-----" ]
+
+  # Config
+  #
+  # Set to true to load the default OpenSSH config files (~/.ssh/config,
+  # /etc/ssh_config), to false ignore config files, or to a file path
+  # (or array of paths) to load specific configuration. Defaults to true.
+  config: true

data/lib/kamal/configuration/docs/sshkit.yml

@@ -0,0 +1,23 @@
+# SSHKit
+#
+# [SSHKit](https://github.com/capistrano/sshkit) is the SSH toolkit used by Kamal.
+#
+# The default, settings should be sufficient for most use cases, but
+# when connecting to a large number of hosts, you may need to adjust.
+
+# SSHKit options
+#
+# The options are specified under the sshkit key in the configuration file.
+sshkit:
+
+  # Max concurrent starts
+  #
+  # Creating SSH connections concurrently can be an issue when deploying to many servers.
+  # By default, Kamal will limit concurrent connection starts to 30 at a time.
+  max_concurrent_starts: 10
+
+  # Pool idle timeout
+  #
+  # Kamal sets a long idle timeout of 900 seconds on connections to try to avoid
+  # re-connection storms after an idle period, such as building an image or waiting for CI.
+  pool_idle_timeout: 300

data/lib/kamal/configuration/env/tag.rb

@@ -0,0 +1,13 @@
+class Kamal::Configuration::Env::Tag
+  attr_reader :name, :config, :secrets
+
+  def initialize(name, config:, secrets:)
+    @name = name
+    @config = config
+    @secrets = secrets
+  end
+
+  def env
+    Kamal::Configuration::Env.new(config: config, secrets: secrets)
+  end
+end

data/lib/kamal/configuration/env.rb

@@ -0,0 +1,29 @@
+class Kamal::Configuration::Env
+  include Kamal::Configuration::Validation
+
+  attr_reader :context, :secrets
+  attr_reader :clear, :secret_keys
+  delegate :argumentize, to: Kamal::Utils
+
+  def initialize(config:, secrets:, context: "env")
+    @clear = config.fetch("clear", config.key?("secret") || config.key?("tags") ? {} : config)
+    @secrets = secrets
+    @secret_keys = config.fetch("secret", [])
+    @context = context
+    validate! config, context: context, with: Kamal::Configuration::Validator::Env
+  end
+
+  def clear_args
+    argumentize("--env", clear)
+  end
+
+  def secrets_io
+    Kamal::EnvFile.new(secret_keys.to_h { |key| [ key, secrets[key] ] }).to_io
+  end
+
+  def merge(other)
+    self.class.new \
+      config: { "clear" => clear.merge(other.clear), "secret" => secret_keys | other.secret_keys },
+      secrets: secrets
+  end
+end

data/lib/kamal/configuration/logging.rb

@@ -0,0 +1,33 @@
+class Kamal::Configuration::Logging
+  delegate :optionize, :argumentize, to: Kamal::Utils
+
+  include Kamal::Configuration::Validation
+
+  attr_reader :logging_config
+
+  def initialize(logging_config:, context: "logging")
+    @logging_config = logging_config || {}
+    validate! @logging_config, context: context
+  end
+
+  def driver
+    logging_config["driver"]
+  end
+
+  def options
+    logging_config.fetch("options", {})
+  end
+
+  def merge(other)
+    self.class.new logging_config: logging_config.deep_merge(other.logging_config)
+  end
+
+  def args
+    if driver.present? || options.present?
+      optionize({ "log-driver" => driver }.compact) +
+        argumentize("--log-opt", options)
+    else
+      argumentize("--log-opt", { "max-size" => "10m" })
+    end
+  end
+end

data/lib/kamal/configuration/proxy.rb

@@ -0,0 +1,63 @@
+class Kamal::Configuration::Proxy
+  include Kamal::Configuration::Validation
+
+  DEFAULT_LOG_REQUEST_HEADERS = [ "Cache-Control", "Last-Modified", "User-Agent" ]
+  CONTAINER_NAME = "kamal-proxy"
+
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  attr_reader :config, :proxy_config
+
+  def initialize(config:, proxy_config:, context: "proxy")
+    @config = config
+    @proxy_config = proxy_config
+    validate! @proxy_config, with: Kamal::Configuration::Validator::Proxy, context: context
+  end
+
+  def app_port
+    proxy_config.fetch("app_port", 80)
+  end
+
+  def ssl?
+    proxy_config.fetch("ssl", false)
+  end
+
+  def hosts
+    proxy_config["hosts"] || proxy_config["host"]&.split(",") || []
+  end
+
+  def deploy_options
+    {
+      host: hosts,
+      tls: proxy_config["ssl"].presence,
+      "tls-on-demand-url": proxy_config["tls_on_demand_url"],
+      "deploy-timeout": seconds_duration(config.deploy_timeout),
+      "drain-timeout": seconds_duration(config.drain_timeout),
+      "health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")),
+      "health-check-timeout": seconds_duration(proxy_config.dig("healthcheck", "timeout")),
+      "health-check-path": proxy_config.dig("healthcheck", "path"),
+      "target-timeout": seconds_duration(proxy_config["response_timeout"]),
+      "buffer-requests": proxy_config.fetch("buffering", { "requests": true }).fetch("requests", true),
+      "buffer-responses": proxy_config.fetch("buffering", { "responses": true }).fetch("responses", true),
+      "buffer-memory": proxy_config.dig("buffering", "memory"),
+      "max-request-body": proxy_config.dig("buffering", "max_request_body"),
+      "max-response-body": proxy_config.dig("buffering", "max_response_body"),
+      "forward-headers": proxy_config.dig("forward_headers"),
+      "log-request-header": proxy_config.dig("logging", "request_headers") || DEFAULT_LOG_REQUEST_HEADERS,
+      "log-response-header": proxy_config.dig("logging", "response_headers")
+    }.compact
+  end
+
+  def deploy_command_args(target:)
+    optionize ({ target: "#{target}:#{app_port}" }).merge(deploy_options), with: "="
+  end
+
+  def merge(other)
+    self.class.new config: config, proxy_config: proxy_config.deep_merge(other.proxy_config)
+  end
+
+  private
+    def seconds_duration(value)
+      value ? "#{value}s" : nil
+    end
+end

data/lib/kamal/configuration/registry.rb

@@ -0,0 +1,32 @@
+class Kamal::Configuration::Registry
+  include Kamal::Configuration::Validation
+
+  attr_reader :registry_config, :secrets
+
+  def initialize(config:)
+    @registry_config = config.raw_config.registry || {}
+    @secrets = config.secrets
+    validate! registry_config, with: Kamal::Configuration::Validator::Registry
+  end
+
+  def server
+    registry_config["server"]
+  end
+
+  def username
+    lookup("username")
+  end
+
+  def password
+    lookup("password")
+  end
+
+  private
+    def lookup(key)
+      if registry_config[key].is_a?(Array)
+        secrets[registry_config[key].first]
+      else
+        registry_config[key]
+      end
+    end
+end

data/lib/kamal/configuration/role.rb

@@ -0,0 +1,220 @@
+class Kamal::Configuration::Role
+  include Kamal::Configuration::Validation
+
+  delegate :argumentize, :optionize, to: Kamal::Utils
+
+  attr_reader :name, :config, :specialized_env, :specialized_logging, :specialized_proxy
+
+  alias to_s name
+
+  def initialize(name, config:)
+    @name, @config = name.inquiry, config
+    validate! \
+      specializations,
+      example: validation_yml["servers"]["workers"],
+      context: "servers/#{name}",
+      with: Kamal::Configuration::Validator::Role
+
+    @specialized_env = Kamal::Configuration::Env.new \
+      config: specializations.fetch("env", {}),
+      secrets: config.secrets,
+      context: "servers/#{name}/env"
+
+    @specialized_logging = Kamal::Configuration::Logging.new \
+      logging_config: specializations.fetch("logging", {}),
+      context: "servers/#{name}/logging"
+
+    initialize_specialized_proxy
+  end
+
+  def primary_host
+    hosts.first
+  end
+
+  def hosts
+    tagged_hosts.keys
+  end
+
+  def env_tags(host)
+    tagged_hosts.fetch(host).collect { |tag| config.env_tag(tag) }
+  end
+
+  def cmd
+    specializations["cmd"]
+  end
+
+  def option_args
+    if args = specializations["options"]
+      optionize args
+    else
+      []
+    end
+  end
+
+  def labels
+    default_labels.merge(custom_labels)
+  end
+
+  def label_args
+    argumentize "--label", labels
+  end
+
+  def logging_args
+    logging.args
+  end
+
+  def logging
+    @logging ||= config.logging.merge(specialized_logging)
+  end
+
+  def proxy
+    @proxy ||= config.proxy.merge(specialized_proxy) if running_proxy?
+  end
+
+  def running_proxy?
+    @running_proxy
+  end
+
+  def ssl?
+    running_proxy? && proxy.ssl?
+  end
+
+  def stop_args
+    # When deploying with the proxy, kamal-proxy will drain request before returning so we don't need to wait.
+    timeout = running_proxy? ? nil : config.drain_timeout
+
+    [ *argumentize("-t", timeout) ]
+  end
+
+  def env(host)
+    @envs ||= {}
+    @envs[host] ||= [ config.env, specialized_env, *env_tags(host).map(&:env) ].reduce(:merge)
+  end
+
+  def env_args(host)
+    [ *env(host).clear_args, *argumentize("--env-file", secrets_path) ]
+  end
+
+  def env_directory
+    File.join(config.env_directory, "roles")
+  end
+
+  def secrets_io(host)
+    env(host).secrets_io
+  end
+
+  def secrets_path
+    File.join(config.env_directory, "roles", "#{name}.env")
+  end
+
+  def asset_volume_args
+    asset_volume&.docker_args
+  end
+
+
+  def primary?
+    name == @config.primary_role_name
+  end
+
+
+  def container_name(version = nil)
+    [ container_prefix, version || config.version ].compact.join("-")
+  end
+
+  def container_prefix
+    [ config.service, name, config.destination ].compact.join("-")
+  end
+
+
+  def asset_path
+    specializations["asset_path"] || config.asset_path
+  end
+
+  def assets?
+    asset_path.present? && running_proxy?
+  end
+
+  def asset_volume(version = config.version)
+    if assets?
+      Kamal::Configuration::Volume.new \
+        host_path: asset_volume_directory(version), container_path: asset_path
+    end
+  end
+
+  def asset_extracted_directory(version = config.version)
+    File.join config.assets_directory, "extracted", [ name, version ].join("-")
+  end
+
+  def asset_volume_directory(version = config.version)
+    File.join config.assets_directory, "volumes", [ name, version ].join("-")
+  end
+
+  def ensure_one_host_for_ssl
+    if running_proxy? && proxy.ssl? && hosts.size > 1
+      raise Kamal::ConfigurationError, "SSL is only supported on a single server, found #{hosts.size} servers for role #{name}"
+    end
+  end
+
+  private
+    def initialize_specialized_proxy
+      proxy_specializations = specializations["proxy"]
+
+      if primary?
+        # only false means no proxy for non-primary roles
+        @running_proxy = proxy_specializations != false
+      else
+        # false and nil both mean no proxy for non-primary roles
+        @running_proxy = !!proxy_specializations
+      end
+
+      if running_proxy?
+        proxy_config = proxy_specializations == true || proxy_specializations.nil? ? {} : proxy_specializations
+
+        @specialized_proxy = Kamal::Configuration::Proxy.new \
+          config: config,
+          proxy_config: proxy_config,
+          context: "servers/#{name}/proxy"
+      end
+    end
+
+    def tagged_hosts
+      {}.tap do |tagged_hosts|
+        extract_hosts_from_config.map do |host_config|
+          if host_config.is_a?(Hash)
+            host, tags = host_config.first
+            tagged_hosts[host] = Array(tags)
+          elsif host_config.is_a?(String)
+            tagged_hosts[host_config] = []
+          end
+        end
+      end
+    end
+
+    def extract_hosts_from_config
+      if config.raw_config.servers.is_a?(Array)
+        config.raw_config.servers
+      else
+        servers = config.raw_config.servers[name]
+        servers.is_a?(Array) ? servers : Array(servers["hosts"])
+      end
+    end
+
+    def default_labels
+      { "service" => config.service, "role" => name, "destination" => config.destination }
+    end
+
+    def specializations
+      if config.raw_config.servers.is_a?(Array) || config.raw_config.servers[name].is_a?(Array)
+        {}
+      else
+        config.raw_config.servers[name]
+      end
+    end
+
+    def custom_labels
+      Hash.new.tap do |labels|
+        labels.merge!(config.labels) if config.labels.present?
+        labels.merge!(specializations["labels"]) if specializations["labels"].present?
+      end
+    end
+end

data/lib/kamal/configuration/servers.rb

@@ -0,0 +1,18 @@
+class Kamal::Configuration::Servers
+  include Kamal::Configuration::Validation
+
+  attr_reader :config, :servers_config, :roles
+
+  def initialize(config:)
+    @config = config
+    @servers_config = config.raw_config.servers
+    validate! servers_config, with: Kamal::Configuration::Validator::Servers
+
+    @roles = role_names.map { |role_name| Kamal::Configuration::Role.new role_name, config: config }
+  end
+
+  private
+    def role_names
+      servers_config.is_a?(Array) ? [ "web" ] : servers_config.keys.sort
+    end
+end

data/lib/kamal/configuration/ssh.rb

@@ -0,0 +1,57 @@
+class Kamal::Configuration::Ssh
+  LOGGER = ::Logger.new(STDERR)
+
+  include Kamal::Configuration::Validation
+
+  attr_reader :ssh_config
+
+  def initialize(config:)
+    @ssh_config = config.raw_config.ssh || {}
+    validate! ssh_config
+  end
+
+  def user
+    ssh_config.fetch("user", "root")
+  end
+
+  def port
+    ssh_config.fetch("port", 22)
+  end
+
+  def proxy
+    if (proxy = ssh_config["proxy"])
+      Net::SSH::Proxy::Jump.new(proxy.include?("@") ? proxy : "root@#{proxy}")
+    elsif (proxy_command = ssh_config["proxy_command"])
+      Net::SSH::Proxy::Command.new(proxy_command)
+    end
+  end
+
+  def keys_only
+    ssh_config["keys_only"]
+  end
+
+  def keys
+    ssh_config["keys"]
+  end
+
+  def key_data
+    ssh_config["key_data"]
+  end
+
+  def options
+    { user: user, port: port, proxy: proxy, logger: logger, keepalive: true, keepalive_interval: 30, keys_only: keys_only, keys: keys, key_data: key_data }.compact
+  end
+
+  def to_h
+    options.except(:logger).merge(log_level: log_level)
+  end
+
+  private
+    def logger
+      LOGGER.tap { |logger| logger.level = log_level }
+    end
+
+    def log_level
+      ssh_config.fetch("log_level", :fatal)
+    end
+end

data/lib/kamal/configuration/sshkit.rb

@@ -0,0 +1,22 @@
+class Kamal::Configuration::Sshkit
+  include Kamal::Configuration::Validation
+
+  attr_reader :sshkit_config
+
+  def initialize(config:)
+    @sshkit_config = config.raw_config.sshkit || {}
+    validate! sshkit_config
+  end
+
+  def max_concurrent_starts
+    sshkit_config.fetch("max_concurrent_starts", 30)
+  end
+
+  def pool_idle_timeout
+    sshkit_config.fetch("pool_idle_timeout", 900)
+  end
+
+  def to_h
+    sshkit_config
+  end
+end

data/lib/kamal/configuration/validation.rb

@@ -0,0 +1,27 @@
+require "yaml"
+require "active_support/inflector"
+
+module Kamal::Configuration::Validation
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def validation_doc
+      @validation_doc ||= File.read(File.join(File.dirname(__FILE__), "docs", "#{validation_config_key}.yml"))
+    end
+
+    def validation_config_key
+      @validation_config_key ||= name.demodulize.underscore
+    end
+  end
+
+  def validate!(config, example: nil, context: nil, with: Kamal::Configuration::Validator)
+    context ||= self.class.validation_config_key
+    example ||= validation_yml[self.class.validation_config_key]
+
+    with.new(config, example: example, context: context).validate!
+  end
+
+  def validation_yml
+    @validation_yml ||= YAML.load(self.class.validation_doc)
+  end
+end

data/lib/kamal/configuration/validator/accessory.rb

@@ -0,0 +1,9 @@
+class Kamal::Configuration::Validator::Accessory < Kamal::Configuration::Validator
+  def validate!
+    super
+
+    if (config.keys & [ "host", "hosts", "roles" ]).size != 1
+      error "specify one of `host`, `hosts` or `roles`"
+    end
+  end
+end

data/lib/kamal/configuration/validator/alias.rb

@@ -0,0 +1,15 @@
+class Kamal::Configuration::Validator::Alias < Kamal::Configuration::Validator
+  def validate!
+    super
+
+    name = context.delete_prefix("aliases/")
+
+    if name !~ /\A[a-z0-9_-]+\z/
+      error "Invalid alias name: '#{name}'. Must only contain lowercase letters, alphanumeric, hyphens and underscores."
+    end
+
+    if Kamal::Cli::Main.commands.include?(name)
+      error "Alias '#{name}' conflicts with a built-in command."
+    end
+  end
+end

data/lib/kamal/configuration/validator/builder.rb

@@ -0,0 +1,13 @@
+class Kamal::Configuration::Validator::Builder < Kamal::Configuration::Validator
+  def validate!
+    super
+
+    if config["cache"] && config["cache"]["type"]
+      error "Invalid cache type: #{config["cache"]["type"]}" unless [ "gha", "registry" ].include?(config["cache"]["type"])
+    end
+
+    error "Builder arch not set" unless config["arch"].present?
+
+    error "Cannot disable local builds, no remote is set" if config["local"] == false && config["remote"].blank?
+  end
+end

data/lib/kamal/configuration/validator/configuration.rb

@@ -0,0 +1,6 @@
+class Kamal::Configuration::Validator::Configuration < Kamal::Configuration::Validator
+  private
+    def allow_extensions?
+      true
+    end
+end