nvoi 0.1.5 → 0.1.6

data/lib/nvoi/cli/exec/command.rb

@@ -0,0 +1,173 @@
+# frozen_string_literal: true
+
+module Nvoi
+  class Cli
+    module Exec
+      # Command handles remote command execution on servers
+      class Command
+        def initialize(options)
+          @options = options
+          @log = Nvoi.logger
+        end
+
+        def run(args)
+          @log.info "Exec CLI %s", VERSION
+
+          # Load configuration
+          config_path = resolve_config_path
+          @config = Utils::ConfigLoader.load(config_path)
+
+          # Apply branch override if specified
+          apply_branch_override if @options[:branch]
+
+          # Initialize cloud provider
+          @provider = External::Cloud.for(@config)
+
+          if @options[:interactive]
+            @log.warning "Ignoring command arguments in interactive mode" unless args.empty?
+            @log.warning "Ignoring --all flag in interactive mode" if @options[:all]
+            open_shell(@options[:server])
+          else
+            raise ArgumentError, "command required (use --interactive/-i for shell)" if args.empty?
+
+            command = args.join(" ")
+
+            if @options[:all]
+              run_all(command)
+            else
+              run_on_server(command, @options[:server])
+            end
+          end
+        end
+
+        private
+
+          def resolve_config_path
+            config_path = @options[:config] || "deploy.enc"
+            working_dir = @options[:dir]
+
+            if config_path == "deploy.enc" && working_dir && working_dir != "."
+              File.join(working_dir, "deploy.enc")
+            else
+              config_path
+            end
+          end
+
+          def apply_branch_override
+            branch = @options[:branch]
+            return if branch.nil? || branch.empty?
+
+            override = Objects::ConfigOverride.new(branch:)
+            override.apply(@config)
+          end
+
+          def run_on_server(command, server_name)
+            actual_server_name = resolve_server_name(server_name)
+            server = find_server(actual_server_name)
+
+            @log.info "Connecting to %s (%s)", actual_server_name, server.public_ipv4
+
+            ssh = External::Ssh.new(server.public_ipv4, @config.ssh_key_path)
+
+            @log.info "Executing: %s", command
+            output = ssh.execute(command, stream: true)
+
+            puts output if !output.empty? && !output.include?("\n")
+
+            @log.success "Command completed successfully"
+          end
+
+          def run_all(command)
+            server_names = get_all_server_names
+
+            raise Errors::ServiceError, "no servers found in configuration" if server_names.empty?
+
+            @log.info "Executing on %d server(s): %s", server_names.size, server_names.join(", ")
+            @log.separator
+
+            results = {}
+            mutex = Mutex.new
+            threads = server_names.map do |name|
+              Thread.new do
+                begin
+                  server = find_server(name)
+                  ssh = External::Ssh.new(server.public_ipv4, @config.ssh_key_path)
+
+                  @log.info "[%s] Executing...", name
+                  output = ssh.execute(command)
+
+                  output.strip.split("\n").each do |line|
+                    puts "[#{name}] #{line}"
+                  end
+
+                  mutex.synchronize { results[name] = nil }
+                rescue StandardError => e
+                  @log.error "[%s] Failed: %s", name, e.message
+                  mutex.synchronize { results[name] = e }
+                end
+              end
+            end
+
+            threads.each(&:join)
+
+            @log.separator
+
+            failures = results.select { |_, err| err }.keys
+            if failures.any?
+              @log.warning "Command failed on %d server(s): %s", failures.size, failures.join(", ")
+              raise Errors::ServiceError, "command failed on some servers"
+            end
+
+            @log.success "Command completed successfully on all servers"
+          end
+
+          def open_shell(server_name)
+            actual_server_name = resolve_server_name(server_name)
+            server = find_server(actual_server_name)
+
+            @log.info "Opening SSH shell to %s (%s)", actual_server_name, server.public_ipv4
+
+            ssh = External::Ssh.new(server.public_ipv4, @config.ssh_key_path)
+            ssh.open_shell
+          end
+
+          def resolve_server_name(name)
+            return @config.server_name if name.nil? || name.empty? || name == "main"
+
+            parts = name.split("-")
+            if parts.length >= 2
+              num_str = parts.last
+              if num_str.match?(/^\d+$/)
+                group_name = parts[0...-1].join("-")
+                return @config.namer.server_name(group_name, num_str.to_i)
+              end
+            end
+
+            @config.namer.server_name(name, 1)
+          end
+
+          def get_all_server_names
+            names = []
+
+            @config.deploy.application.servers.each do |group_name, group_config|
+              next unless group_config
+
+              count = group_config.count.positive? ? group_config.count : 1
+              (1..count).each do |i|
+                names << @config.namer.server_name(group_name, i)
+              end
+            end
+
+            names
+          end
+
+          def find_server(server_name)
+            server = @provider.find_server(server_name)
+            raise Errors::ServiceError, "server not found: #{server_name}" unless server
+
+            server
+          end
+      end
+    end
+  end
+end

data/lib/nvoi/cli.rb

@@ -3,85 +3,14 @@
 require "thor"
 
 module Nvoi
-  # CredentialsCLI handles encrypted credential management
-  class CredentialsCLI < Thor
-    class_option :credentials, desc: "Path to encrypted credentials file (default: deploy.enc)"
-    class_option :master_key, desc: "Path to master key file (default: deploy.key or $NVOI_MASTER_KEY)"
-    class_option :dir, aliases: "-d", default: ".", desc: "Working directory"
-
-    def self.exit_on_failure?
-      true
-    end
-
-    desc "edit", "Edit encrypted credentials"
-    long_desc <<~DESC
-      Decrypt credentials, open in $EDITOR, validate, and re-encrypt.
-
-      On first run, generates a new master key and creates deploy.key (git-ignored).
-      The master key can also be provided via $NVOI_MASTER_KEY environment variable.
-    DESC
-    def edit
-      log = Nvoi.logger
-      log.info "Credentials Editor"
-
-      working_dir = resolve_working_dir
-
-      enc_path = options[:credentials]
-      enc_path = File.join(working_dir, Credentials::DEFAULT_ENCRYPTED_FILE) if enc_path.nil? || enc_path.empty?
-
-      if File.exist?(enc_path)
-        # Existing file: load manager
-        manager = Credentials::Manager.new(working_dir, options[:credentials], options[:master_key])
-      else
-        # First time: initialize
-        log.info "Creating new encrypted credentials file"
-        manager = Credentials::Manager.for_init(working_dir)
-      end
-
-      editor = Credentials::Editor.new(manager)
-      editor.edit
-
-      # Update .gitignore on first run
-      if manager.key_path
-        begin
-          manager.update_gitignore
-          log.info "Added %s to .gitignore", Credentials::DEFAULT_KEY_FILE
-        rescue StandardError => e
-          log.warning "Failed to update .gitignore: %s", e.message
-        end
-
-        log.success "Master key saved to: %s", manager.key_path
-        log.warning "Keep this key safe! You cannot decrypt credentials without it."
-      end
-    end
-
-    desc "show", "Display decrypted credentials"
-    long_desc "Decrypt and print credentials to stdout. Useful for debugging or piping to other tools."
-    def show
-      working_dir = resolve_working_dir
-      manager = Credentials::Manager.new(working_dir, options[:credentials], options[:master_key])
-      editor = Credentials::Editor.new(manager)
-      editor.show
-    end
-
-    private
-
-      def resolve_working_dir
-        wd = options[:dir]
-        if wd.nil? || wd.empty? || wd == "."
-          Dir.pwd
-        else
-          File.expand_path(wd)
-        end
-      end
-  end
-
-  # Main CLI for nvoi commands
-  class CLI < Thor
-    class_option :config, aliases: "-c", default: Constants::DEFAULT_CONFIG_FILE,
+  # Main CLI for nvoi commands - Thor routing only
+  class Cli < Thor
+    class_option :config, aliases: "-c", default: "deploy.enc",
                           desc: "Path to deployment configuration file"
     class_option :dir, aliases: "-d", default: ".",
                        desc: "Working directory containing the application code"
+    class_option :branch, aliases: "-b",
+                          desc: "Branch name for isolated deployments (prefixes app name and subdomains)"
 
     def self.exit_on_failure?
       true
@@ -96,95 +25,107 @@ module Nvoi
     option :dockerfile_path, desc: "Path to Dockerfile (optional, defaults to ./Dockerfile)"
     option :config_dir, desc: "Directory containing SSH keys (optional, defaults to ~/.ssh)"
     def deploy
-      log = Nvoi.logger
-      log.info "Deploy CLI %s", VERSION
-
-      config_path = resolve_config_path
-      working_dir = options[:dir]
-      dockerfile_path = options[:dockerfile_path] || File.join(working_dir, "Dockerfile")
-
-      begin
-        svc = Service::DeployService.new(config_path, working_dir, log)
-        svc.config_dir = options[:config_dir] if options[:config_dir]
-        svc.dockerfile_path = dockerfile_path
-        svc.run
-      rescue StandardError => e
-        log.error "Deployment failed: %s", e.message
-        raise
-      end
+      require_relative "cli/deploy/command"
+      Cli::Deploy::Command.new(options).run
     end
 
     desc "delete", "Delete server, firewall, and network"
     option :config_dir, desc: "Directory containing SSH keys (optional, defaults to ~/.ssh)"
     def delete
-      log = Nvoi.logger
-      log.info "Delete CLI %s", VERSION
-
-      config_path = resolve_config_path
-
-      begin
-        svc = Service::DeleteService.new(config_path, log)
-        svc.config_dir = options[:config_dir] if options[:config_dir]
-        svc.run
-      rescue StandardError => e
-        log.error "Delete failed: %s", e.message
-        raise
-      end
+      require_relative "cli/delete/command"
+      Cli::Delete::Command.new(options).run
     end
 
     desc "exec [COMMAND...]", "Execute command on remote server or open interactive shell"
-    long_desc <<~DESC
-      Execute arbitrary bash commands on remote servers using existing configuration,
-      or open an interactive SSH shell with --interactive flag.
-    DESC
     option :server, default: "main", desc: "Server to execute on (main, worker-1, worker-2, etc.)"
     option :all, type: :boolean, default: false, desc: "Execute on all servers"
     option :interactive, aliases: "-i", type: :boolean, default: false,
                          desc: "Open interactive SSH shell instead of executing command"
     def exec(*args)
-      log = Nvoi.logger
-      log.info "Exec CLI %s", VERSION
+      require_relative "cli/exec/command"
+      Cli::Exec::Command.new(options).run(args)
+    end
 
-      config_path = resolve_config_path
+    desc "credentials SUBCOMMAND", "Manage encrypted deployment credentials"
+    subcommand "credentials", Class.new(Thor) {
+      def self.exit_on_failure?
+        true
+      end
 
-      begin
-        svc = Service::ExecService.new(config_path, log)
+      class_option :credentials, desc: "Path to encrypted credentials file (default: deploy.enc)"
+      class_option :master_key, desc: "Path to master key file (default: deploy.key or $NVOI_MASTER_KEY)"
+      class_option :dir, aliases: "-d", default: ".", desc: "Working directory"
 
-        if options[:interactive]
-          log.warning "Ignoring command arguments in interactive mode" unless args.empty?
-          log.warning "Ignoring --all flag in interactive mode" if options[:all]
-          svc.open_shell(options[:server])
-        else
-          raise ArgumentError, "command required (use --interactive/-i for shell)" if args.empty?
+      desc "edit", "Edit encrypted credentials"
+      def edit
+        require_relative "cli/credentials/edit/command"
+        Nvoi::Cli::Credentials::Edit::Command.new(options).run
+      end
 
-          command = args.join(" ")
+      desc "show", "Show decrypted credentials"
+      def show
+        require_relative "cli/credentials/show/command"
+        Nvoi::Cli::Credentials::Show::Command.new(options).run
+      end
 
-          if options[:all]
-            svc.run_all(command)
-          else
-            svc.run(command, options[:server])
-          end
-        end
-      rescue StandardError => e
-        log.error "Exec failed: %s", e.message
-        raise
+      desc "set PATH VALUE", "Set a value at a dot-notation path"
+      def set(path, value)
+        require_relative "cli/credentials/edit/command"
+        Nvoi::Cli::Credentials::Edit::Command.new(options).set(path, value)
       end
-    end
+    }
 
-    desc "credentials SUBCOMMAND", "Manage encrypted deployment credentials"
-    subcommand "credentials", CredentialsCLI
+    desc "db SUBCOMMAND", "Database operations"
+    subcommand "db", Class.new(Thor) {
+      def self.exit_on_failure?
+        true
+      end
 
-    private
+      class_option :config, aliases: "-c", default: "deploy.enc",
+                            desc: "Path to deployment configuration file"
+      class_option :dir, aliases: "-d", default: ".",
+                         desc: "Working directory"
+      class_option :branch, aliases: "-b",
+                            desc: "Branch name for isolated deployments"
+
+      desc "branch SUBCOMMAND", "Database branch operations"
+      subcommand "branch", Class.new(Thor) {
+        def self.exit_on_failure?
+          true
+        end
 
-      def resolve_config_path
-        config_path = options[:config]
-        working_dir = options[:dir]
+        class_option :config, aliases: "-c", default: "deploy.enc",
+                              desc: "Path to deployment configuration file"
+        class_option :dir, aliases: "-d", default: ".",
+                           desc: "Working directory"
+        class_option :branch, aliases: "-b",
+                              desc: "Branch name for isolated deployments"
+
+        desc "create [NAME]", "Create a new database branch (snapshot)"
+        def create(name = nil)
+          require_relative "cli/db/command"
+          Nvoi::Cli::Db::Command.new(options).branch_create(name)
+        end
 
-        if config_path == Constants::DEFAULT_CONFIG_FILE && working_dir && working_dir != "."
-          File.join(working_dir, Constants::DEFAULT_CONFIG_FILE)
-        else
-          config_path
+        desc "list", "List all database branches"
+        def list
+          require_relative "cli/db/command"
+          Nvoi::Cli::Db::Command.new(options).branch_list
         end
-      end
+
+        desc "restore ID [NEW_DB_NAME]", "Restore a database branch to a new database"
+        def restore(branch_id, new_db_name = nil)
+          require_relative "cli/db/command"
+          Nvoi::Cli::Db::Command.new(options).branch_restore(branch_id, new_db_name)
+        end
+
+        desc "download ID", "Download a database branch dump"
+        option :path, aliases: "-p", desc: "Output file path (default: {branch_id}.sql)"
+        def download(branch_id)
+          require_relative "cli/db/command"
+          Nvoi::Cli::Db::Command.new(options).branch_download(branch_id)
+        end
+      }
+    }
   end
 end

data/lib/nvoi/config_api/actions/app.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module ConfigApi
+    module Actions
+      class SetApp < Base
+        protected
+
+        def mutate(data, name:, servers:, domain: nil, subdomain: nil, port: nil, command: nil, pre_run_command: nil, env: nil, mounts: nil)
+          raise ArgumentError, "name is required" if name.nil? || name.to_s.empty?
+          raise ArgumentError, "servers is required" if servers.nil? || servers.empty?
+          raise ArgumentError, "servers must be an array" unless servers.is_a?(Array)
+
+          validate_server_refs(data, servers)
+
+          app(data)["app"] ||= {}
+          app(data)["app"][name.to_s] = {
+            "servers" => servers.map(&:to_s),
+            "domain" => domain,
+            "subdomain" => subdomain,
+            "port" => port,
+            "command" => command,
+            "pre_run_command" => pre_run_command,
+            "env" => env,
+            "mounts" => mounts
+          }.compact
+        end
+
+        private
+
+        def validate_server_refs(data, servers)
+          defined = (app(data)["servers"] || {}).keys
+          servers.each do |ref|
+            raise Errors::ConfigValidationError, "server '#{ref}' not found" unless defined.include?(ref.to_s)
+          end
+        end
+      end
+
+      class DeleteApp < Base
+        protected
+
+        def mutate(data, name:)
+          raise ArgumentError, "name is required" if name.nil? || name.to_s.empty?
+
+          apps = app(data)["app"] || {}
+          raise Errors::ConfigValidationError, "app '#{name}' not found" unless apps.key?(name.to_s)
+
+          apps.delete(name.to_s)
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/config_api/actions/compute_provider.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module ConfigApi
+    module Actions
+      class SetComputeProvider < Base
+        PROVIDERS = %w[hetzner aws scaleway].freeze
+
+        protected
+
+        def mutate(data, provider:, **opts)
+          raise ArgumentError, "provider is required" if provider.nil? || provider.to_s.empty?
+          raise ArgumentError, "provider must be one of: #{PROVIDERS.join(', ')}" unless PROVIDERS.include?(provider.to_s)
+
+          app(data)["compute_provider"] = { provider.to_s => build_config(provider.to_s, opts) }
+        end
+
+        private
+
+        def build_config(provider, opts)
+          case provider
+          when "hetzner"
+            {
+              "api_token" => opts[:api_token],
+              "server_type" => opts[:server_type],
+              "server_location" => opts[:server_location]
+            }.compact
+          when "aws"
+            {
+              "access_key_id" => opts[:access_key_id],
+              "secret_access_key" => opts[:secret_access_key],
+              "region" => opts[:region],
+              "instance_type" => opts[:instance_type]
+            }.compact
+          when "scaleway"
+            {
+              "secret_key" => opts[:secret_key],
+              "project_id" => opts[:project_id],
+              "zone" => opts[:zone],
+              "server_type" => opts[:server_type]
+            }.compact
+          end
+        end
+      end
+
+      class DeleteComputeProvider < Base
+        protected
+
+        def mutate(data, **)
+          app(data)["compute_provider"] = {}
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/config_api/actions/database.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module ConfigApi
+    module Actions
+      class SetDatabase < Base
+        ADAPTERS = %w[postgres postgresql mysql sqlite sqlite3].freeze
+
+        protected
+
+        def mutate(data, servers:, adapter:, image: nil, url: nil, user: nil, password: nil, database: nil, mount: nil, path: nil)
+          raise ArgumentError, "servers is required" if servers.nil? || servers.empty?
+          raise ArgumentError, "servers must be an array" unless servers.is_a?(Array)
+          raise ArgumentError, "adapter is required" if adapter.nil? || adapter.to_s.empty?
+          raise ArgumentError, "adapter must be one of: #{ADAPTERS.join(', ')}" unless ADAPTERS.include?(adapter.to_s.downcase)
+
+          validate_server_refs(data, servers)
+
+          secrets = build_secrets(adapter, user, password, database)
+
+          app(data)["database"] = {
+            "servers" => servers.map(&:to_s),
+            "adapter" => adapter.to_s,
+            "image" => image,
+            "url" => url,
+            "secrets" => secrets.empty? ? nil : secrets,
+            "mount" => mount,
+            "path" => path
+          }.compact
+        end
+
+        private
+
+        def validate_server_refs(data, servers)
+          defined = (app(data)["servers"] || {}).keys
+          servers.each do |ref|
+            raise Errors::ConfigValidationError, "server '#{ref}' not found" unless defined.include?(ref.to_s)
+          end
+        end
+
+        def build_secrets(adapter, user, password, database)
+          case adapter.to_s.downcase
+          when "postgres", "postgresql"
+            {
+              "POSTGRES_USER" => user,
+              "POSTGRES_PASSWORD" => password,
+              "POSTGRES_DB" => database
+            }.compact
+          when "mysql"
+            {
+              "MYSQL_USER" => user,
+              "MYSQL_PASSWORD" => password,
+              "MYSQL_DATABASE" => database
+            }.compact
+          else
+            {}
+          end
+        end
+      end
+
+      class DeleteDatabase < Base
+        protected
+
+        def mutate(data, **)
+          app(data).delete("database")
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/config_api/actions/env.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module ConfigApi
+    module Actions
+      class SetEnv < Base
+        protected
+
+        def mutate(data, key:, value:)
+          raise ArgumentError, "key is required" if key.nil? || key.to_s.empty?
+          raise ArgumentError, "value is required" if value.nil?
+
+          app(data)["env"] ||= {}
+          app(data)["env"][key.to_s] = value.to_s
+        end
+      end
+
+      class DeleteEnv < Base
+        protected
+
+        def mutate(data, key:)
+          raise ArgumentError, "key is required" if key.nil? || key.to_s.empty?
+
+          env = app(data)["env"] || {}
+          raise Errors::ConfigValidationError, "env '#{key}' not found" unless env.key?(key.to_s)
+
+          env.delete(key.to_s)
+        end
+      end
+    end
+  end
+end

data/lib/nvoi/config_api/actions/secret.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Nvoi
+  module ConfigApi
+    module Actions
+      class SetSecret < Base
+        protected
+
+        def mutate(data, key:, value:)
+          raise ArgumentError, "key is required" if key.nil? || key.to_s.empty?
+          raise ArgumentError, "value is required" if value.nil?
+
+          app(data)["secrets"] ||= {}
+          app(data)["secrets"][key.to_s] = value.to_s
+        end
+      end
+
+      class DeleteSecret < Base
+        protected
+
+        def mutate(data, key:)
+          raise ArgumentError, "key is required" if key.nil? || key.to_s.empty?
+
+          secrets = app(data)["secrets"] || {}
+          raise Errors::ConfigValidationError, "secret '#{key}' not found" unless secrets.key?(key.to_s)
+
+          secrets.delete(key.to_s)
+        end
+      end
+    end
+  end
+end