nvoi 0.1.5 → 0.1.6

data/lib/nvoi/deployer/cleaner.rb

@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-
-module Nvoi
-  module Deployer
-    # Cleaner handles cleanup of old deployments and resources
-    class Cleaner
-      def initialize(config, docker_manager, log)
-        @config = config
-        @docker_manager = docker_manager
-        @log = log
-      end
-
-      def cleanup_old_images(current_tag)
-        keep_count = @config.keep_count_value
-        prefix = @config.container_prefix
-
-        @log.info "Cleaning up old images (keeping %d)", keep_count
-
-        # List all images
-        all_tags = @docker_manager.list_images("reference=#{prefix}:*")
-
-        # Sort by tag (timestamp), keep newest
-        sorted_tags = all_tags.sort.reverse
-        keep_tags = sorted_tags.take(keep_count)
-
-        # Make sure current tag is kept
-        keep_tags << current_tag unless keep_tags.include?(current_tag)
-        keep_tags << "latest"
-
-        @docker_manager.cleanup_old_images(prefix, keep_tags.uniq)
-
-        @log.success "Old images cleaned up"
-      end
-    end
-  end
-end

data/lib/nvoi/deployer/image_builder.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module Nvoi
-  module Deployer
-    # ImageBuilder handles Docker image building and pushing
-    class ImageBuilder
-      def initialize(config, docker_manager, log)
-        @config = config
-        @docker_manager = docker_manager
-        @log = log
-      end
-
-      def build_and_push(working_dir, image_tag)
-        @log.info "Building Docker image: %s", image_tag
-
-        # Build image locally, transfer to remote, load with containerd
-        @docker_manager.build_image(working_dir, image_tag, @config.namer.latest_image_tag)
-
-        @log.success "Image built and pushed: %s", image_tag
-      end
-    end
-  end
-end

data/lib/nvoi/deployer/infrastructure.rb

@@ -1,126 +0,0 @@
-# frozen_string_literal: true
-
-module Nvoi
-  module Deployer
-    # Infrastructure handles cloud resource provisioning
-    class Infrastructure
-      def initialize(config, provider, log)
-        @config = config
-        @provider = provider
-        @log = log
-      end
-
-      def provision_network
-        @log.info "Provisioning network: %s", @config.network_name
-        network = @provider.find_or_create_network(@config.network_name)
-        @log.success "Network ready: %s", network.id
-        network
-      end
-
-      def provision_firewall
-        @log.info "Provisioning firewall: %s", @config.firewall_name
-        firewall = @provider.find_or_create_firewall(@config.firewall_name)
-        @log.success "Firewall ready: %s", firewall.id
-        firewall
-      end
-
-      def provision_server(name, network_id, firewall_id, server_config)
-        @log.info "Provisioning server: %s", name
-
-        # Check if server already exists
-        existing = @provider.find_server(name)
-        if existing
-          @log.info "Server already exists: %s (%s)", name, existing.public_ipv4
-          return existing
-        end
-
-        # Determine server type and location
-        server_type = server_config&.type
-        location = server_config&.location
-
-        case @config.provider_name
-        when "hetzner"
-          h = @config.hetzner
-          server_type ||= h.server_type
-          location ||= h.server_location
-          image = "ubuntu-22.04"
-        when "aws"
-          a = @config.aws
-          server_type ||= a.instance_type
-          location ||= a.region
-          image = "ubuntu-22.04"
-        end
-
-        # Create cloud-init user data
-        user_data = generate_user_data
-
-        opts = Providers::ServerCreateOptions.new(
-          name:,
-          type: server_type,
-          image:,
-          location:,
-          user_data:,
-          network_id:,
-          firewall_id:
-        )
-
-        server = @provider.create_server(opts)
-        @log.info "Server created: %s (waiting for ready...)", server.id
-
-        # Wait for server to be running
-        server = @provider.wait_for_server(server.id, Constants::SERVER_READY_MAX_ATTEMPTS)
-        @log.success "Server ready: %s (%s)", name, server.public_ipv4
-
-        # Wait for SSH to be available
-        wait_for_ssh(server.public_ipv4)
-
-        server
-      end
-
-      private
-
-        def generate_user_data
-          ssh_key = @config.ssh_public_key
-
-          <<~CLOUD_INIT
-          #cloud-config
-          users:
-            - name: deploy
-              groups: sudo, docker
-              shell: /bin/bash
-              sudo: ALL=(ALL) NOPASSWD:ALL
-              ssh_authorized_keys:
-                - #{ssh_key}
-          package_update: true
-          package_upgrade: true
-          packages:
-            - curl
-            - git
-            - jq
-            - rsync
-        CLOUD_INIT
-        end
-
-        def wait_for_ssh(ip)
-          @log.info "Waiting for SSH on %s...", ip
-          ssh = Remote::SSHExecutor.new(ip, @config.ssh_key_path)
-
-          Constants::SSH_READY_MAX_ATTEMPTS.times do |i|
-            begin
-              output = ssh.execute("echo 'ready'")
-              if output.strip == "ready"
-                @log.success "SSH ready"
-                return
-              end
-            rescue SSHCommandError
-              # SSH not ready yet
-            end
-
-            sleep(Constants::SSH_READY_INTERVAL)
-          end
-
-          raise SSHConnectionError, "SSH connection failed after #{Constants::SSH_READY_MAX_ATTEMPTS} attempts"
-        end
-    end
-  end
-end

data/lib/nvoi/deployer/orchestrator.rb

@@ -1,146 +0,0 @@
-# frozen_string_literal: true
-
-module Nvoi
-  module Deployer
-    # Orchestrator coordinates the deployment pipeline
-    class Orchestrator
-      def initialize(config, provider, log)
-        @config = config
-        @provider = provider
-        @log = log
-      end
-
-      def run(server_ip, tunnels, working_dir)
-        @log.info "Starting deployment orchestration"
-
-        # Create SSH connection to main server
-        @ssh = Remote::SSHExecutor.new(server_ip, @config.ssh_key_path)
-
-        # Acquire deployment lock
-        acquire_lock
-
-        begin
-          run_deployment(tunnels, working_dir)
-        ensure
-          release_lock
-        end
-      end
-
-      private
-
-        def run_deployment(tunnels, working_dir)
-          ssh = @ssh
-          docker = Remote::DockerManager.new(ssh)
-
-          # Generate image tag
-          timestamp = Time.now.strftime("%Y%m%d%H%M%S")
-          image_tag = @config.namer.image_tag(timestamp)
-
-          # Build and push image
-          image_builder = ImageBuilder.new(@config, docker, @log)
-          image_builder.build_and_push(working_dir, image_tag)
-
-          # Tag as latest locally for K8s to use
-          # The image is already in containerd from build_image
-          registry_tag = "localhost:#{Constants::REGISTRY_PORT}/#{@config.container_prefix}:#{timestamp}"
-          push_to_registry(ssh, image_tag, registry_tag)
-
-          # Deploy services
-          service_deployer = ServiceDeployer.new(@config, ssh, @log)
-
-          # Gather all env vars using EnvResolver (single source of truth)
-          # Use first app service to get full env (includes database vars, deploy_env, etc.)
-          first_service = @config.deploy.application.app.keys.first
-          all_env = @config.env_for_service(first_service)
-
-          # Deploy app secret
-          service_deployer.deploy_app_secret(all_env)
-
-          # Deploy database if configured (skip SQLite - handled by app volumes)
-          db_config = @config.deploy.application.database
-          if db_config && db_config.adapter != "sqlite3"
-            db_spec = db_config.to_service_spec(@config.namer)
-            service_deployer.deploy_database(db_spec)
-          end
-
-          # Deploy additional services
-          @config.deploy.application.services.each do |service_name, service_config|
-            service_spec = service_config.to_service_spec(@config.deploy.application.name, service_name)
-            service_deployer.deploy_service(service_name, service_spec)
-          end
-
-          # Deploy app services
-          @config.deploy.application.app.each do |service_name, service_config|
-            service_env = @config.env_for_service(service_name)
-            service_deployer.deploy_app_service(service_name, service_config, registry_tag, service_env)
-
-            # Deploy cloudflared for services with tunnels
-            tunnel = tunnels.find { |t| t.service_name == service_name }
-            if tunnel
-              service_deployer.deploy_cloudflared(service_name, tunnel.tunnel_token)
-
-              # Verify traffic is routing correctly
-              service_deployer.verify_traffic_switchover(service_config)
-            end
-          end
-
-          # Cleanup old images
-          cleaner = Cleaner.new(@config, docker, @log)
-          cleaner.cleanup_old_images(timestamp)
-
-          @log.success "Deployment orchestration complete"
-        end
-
-        def acquire_lock
-          lock_file = @config.namer.deployment_lock_file_path
-
-          # Check if lock file exists
-          output = @ssh.execute("test -f #{lock_file} && cat #{lock_file} || echo ''")
-          output = output.strip
-
-          unless output.empty?
-            # Lock exists, check timestamp
-            timestamp = output.to_i
-            if timestamp > 0
-              lock_time = Time.at(timestamp)
-              age = Time.now - lock_time
-
-              if age < Constants::STALE_DEPLOYMENT_LOCK_AGE
-                raise DeploymentError.new(
-                  "lock",
-                  "deployment already in progress (started #{age.round}s ago). Wait or remove lock file: #{lock_file}"
-                )
-              end
-
-              # Lock is stale, will overwrite
-              @log.warning "Removing stale deployment lock (age: #{age.round}s)"
-            end
-          end
-
-          # Create lock file with current timestamp
-          @ssh.execute("echo #{Time.now.to_i} > #{lock_file}")
-          @log.info "Deployment lock acquired: %s", lock_file
-        end
-
-        def release_lock
-          lock_file = @config.namer.deployment_lock_file_path
-          @log.info "Releasing deployment lock"
-          @ssh.execute("rm -f #{lock_file}")
-        rescue StandardError
-          # Ignore errors during lock release
-        end
-
-        def push_to_registry(ssh, local_tag, registry_tag)
-          @log.info "Pushing to in-cluster registry: %s", registry_tag
-
-          # Tag for registry
-          ssh.execute("sudo ctr -n k8s.io images tag #{local_tag} #{registry_tag}")
-
-          # Push to local registry
-          ssh.execute("sudo ctr -n k8s.io images push --plain-http #{registry_tag}")
-
-          @log.success "Image pushed to registry"
-        end
-    end
-  end
-end

data/lib/nvoi/deployer/service_deployer.rb

@@ -1,311 +0,0 @@
-# frozen_string_literal: true
-
-module Nvoi
-  module Deployer
-    # ServiceDeployer handles K8s deployment of application services
-    class ServiceDeployer
-      DEFAULT_RESOURCES = {
-        request_memory: "128Mi",
-        request_cpu: "100m",
-        limit_memory: "512Mi",
-        limit_cpu: "500m"
-      }.freeze
-
-      def initialize(config, ssh, log)
-        @config = config
-        @ssh = ssh
-        @log = log
-        @namer = config.namer
-      end
-
-      # Deploy app secret with environment variables
-      def deploy_app_secret(env_vars)
-        secret_name = @namer.app_secret_name
-
-        @log.info "Deploying app secret: %s", secret_name
-
-        K8s::Renderer.apply_manifest(@ssh, "app-secret.yaml", {
-          name: secret_name,
-          env_vars:
-        })
-
-        @log.success "App secret deployed"
-      end
-
-      # Deploy an app service (web, worker, etc.)
-      def deploy_app_service(service_name, service_config, image_tag, env)
-        deployment_name = @namer.app_deployment_name(service_name)
-        @log.info "Deploying app service: %s", deployment_name
-
-        # Determine template based on port
-        has_port = service_config.port && service_config.port.positive?
-        template = has_port ? "app-deployment.yaml" : "worker-deployment.yaml"
-
-        # Build readiness probe if healthcheck configured
-        readiness_probe = nil
-        liveness_probe = nil
-
-        if service_config.healthcheck && has_port
-          hc = service_config.healthcheck
-          readiness_probe = {
-            path: hc.path || "/health",
-            port: hc.port || service_config.port,
-            initial_delay: 10,
-            period: 10,
-            timeout: 5,
-            failure_threshold: 3
-          }
-          liveness_probe = readiness_probe.merge(initial_delay: 30)
-        end
-
-        data = {
-          name: deployment_name,
-          image: image_tag,
-          replicas: has_port ? 2 : 1,
-          port: service_config.port,
-          command: service_config.command&.split || [],
-          secret_name: @namer.app_secret_name,
-          env_keys: env.keys.sort,
-          affinity_server_names: service_config.servers,
-          resources: DEFAULT_RESOURCES,
-          readiness_probe:,
-          liveness_probe:,
-          volume_mounts: [],
-          host_path_volumes: [],
-          volumes: []
-        }
-
-        # Add volumes if configured
-        service_config.volumes&.each do |vol_key, mount_path|
-          host_path = "/opt/nvoi/volumes/#{@namer.app_volume_name(service_name, vol_key)}"
-          data[:volume_mounts] << { name: vol_key, mount_path: }
-          data[:host_path_volumes] << { name: vol_key, host_path: }
-        end
-
-        K8s::Renderer.apply_manifest(@ssh, template, data)
-
-        # Deploy service if it has a port
-        if has_port
-          K8s::Renderer.apply_manifest(@ssh, "app-service.yaml", {
-            name: deployment_name,
-            port: service_config.port
-          })
-        end
-
-        # Deploy ingress if domain is specified
-        if service_config.domain && !service_config.domain.empty?
-          hostname = if service_config.subdomain && !service_config.subdomain.empty? && service_config.subdomain != "@"
-            "#{service_config.subdomain}.#{service_config.domain}"
-          else
-            service_config.domain
-          end
-
-          K8s::Renderer.apply_manifest(@ssh, "app-ingress.yaml", {
-            name: deployment_name,
-            domain: hostname,
-            port: service_config.port
-          })
-        end
-
-        # Wait for deployment to be ready
-        @log.info "Waiting for deployment to be ready..."
-        K8s::Renderer.wait_for_deployment(@ssh, deployment_name)
-
-        # Run pre-run command if specified (e.g., rails db:migrate)
-        if service_config.pre_run_command && !service_config.pre_run_command.empty?
-          run_pre_run_command(service_name, service_config.pre_run_command)
-        end
-
-        @log.success "App service deployed: %s", deployment_name
-      end
-
-      # Deploy database as StatefulSet
-      def deploy_database(db_spec)
-        @log.info "Deploying database: %s", db_spec.name
-
-        data = {
-          service_name: db_spec.name,
-          adapter: @config.deploy.application.database.adapter,
-          image: db_spec.image,
-          port: db_spec.port,
-          secret_name: @namer.database_secret_name,
-          secret_keys: db_spec.secrets.keys.sort,
-          data_path: "/var/lib/postgresql/data",
-          storage_size: "10Gi",
-          affinity_server_names: db_spec.servers,
-          host_path: nil
-        }
-
-        # Use hostPath for database volume if configured
-        if @config.deploy.application.database.volume
-          data[:host_path] = "/opt/nvoi/volumes/#{@namer.database_volume_name}"
-        end
-
-        # Create database secret first
-        K8s::Renderer.apply_manifest(@ssh, "app-secret.yaml", {
-          name: @namer.database_secret_name,
-          env_vars: db_spec.secrets
-        })
-
-        # Deploy StatefulSet
-        K8s::Renderer.apply_manifest(@ssh, "db-statefulset.yaml", data)
-
-        # Wait for database to be ready
-        @log.info "Waiting for database to be ready..."
-        wait_for_statefulset(db_spec.name)
-
-        @log.success "Database deployed: %s", db_spec.name
-      end
-
-      # Deploy additional service (redis, etc.)
-      def deploy_service(service_name, service_spec)
-        @log.info "Deploying service: %s", service_spec.name
-
-        host_path = nil
-        if service_spec.volumes["data"]
-          host_path = "/opt/nvoi/volumes/#{@namer.service_volume_name(service_name, 'data')}"
-        end
-
-        data = {
-          name: service_spec.name,
-          image: service_spec.image,
-          port: service_spec.port,
-          command: service_spec.command,
-          env_vars: service_spec.env,
-          env_keys: service_spec.env.keys.sort,
-          volume_path: service_spec.volumes["data"],
-          host_path:,
-          affinity_server_names: service_spec.servers
-        }
-
-        K8s::Renderer.apply_manifest(@ssh, "service-deployment.yaml", data)
-
-        @log.success "Service deployed: %s", service_spec.name
-      end
-
-      # Deploy cloudflared sidecar
-      def deploy_cloudflared(service_name, tunnel_token)
-        deployment_name = @namer.cloudflared_deployment_name(service_name)
-        @log.info "Deploying cloudflared: %s", deployment_name
-
-        # Simple cloudflared deployment
-        manifest = <<~YAML
-          apiVersion: apps/v1
-          kind: Deployment
-          metadata:
-            name: #{deployment_name}
-            namespace: default
-          spec:
-            replicas: 1
-            selector:
-              matchLabels:
-                app: #{deployment_name}
-            template:
-              metadata:
-                labels:
-                  app: #{deployment_name}
-              spec:
-                containers:
-                - name: cloudflared
-                  image: cloudflare/cloudflared:latest
-                  args:
-                  - tunnel
-                  - run
-                  - --token
-                  - #{tunnel_token}
-        YAML
-
-        @ssh.execute("cat <<'EOF' | kubectl apply -f -\n#{manifest}\nEOF")
-
-        @log.success "Cloudflared deployed: %s", deployment_name
-      end
-
-      # Verify traffic is routing to the new deployment via public URL
-      def verify_traffic_switchover(service_config)
-        return unless service_config.domain && !service_config.domain.empty?
-
-        hostname = if service_config.subdomain && !service_config.subdomain.empty? && service_config.subdomain != "@"
-          "#{service_config.subdomain}.#{service_config.domain}"
-        else
-          service_config.domain
-        end
-
-        health_path = service_config.healthcheck&.path || "/"
-        public_url = "https://#{hostname}#{health_path}"
-
-        @log.info "Verifying public traffic routing"
-        @log.info "Testing: %s", public_url
-
-        consecutive_success = 0
-        required_consecutive = Constants::TRAFFIC_VERIFY_CONSECUTIVE
-        max_attempts = Constants::TRAFFIC_VERIFY_ATTEMPTS
-
-        max_attempts.times do |attempt|
-          curl_cmd = "curl -s -o /dev/null -w '%{http_code}' -m 10 '#{public_url}' 2>/dev/null"
-
-          begin
-            http_code = @ssh.execute(curl_cmd).strip
-
-            if http_code == "200"
-              consecutive_success += 1
-              @log.success "[%d/%d] Public URL responding: %s", consecutive_success, required_consecutive, http_code
-
-              if consecutive_success >= required_consecutive
-                @log.success "Traffic switchover verified: public URL accessible"
-                return
-              end
-            else
-              if consecutive_success > 0
-                @log.warning "Success streak broken at %d, restarting count", consecutive_success
-              end
-              consecutive_success = 0
-              @log.info "[%d/%d] Public URL check: %s (expected: 200)", attempt + 1, max_attempts, http_code
-            end
-          rescue SSHCommandError
-            consecutive_success = 0
-            @log.info "[%d/%d] Public URL check failed", attempt + 1, max_attempts
-          end
-
-          sleep(Constants::TRAFFIC_VERIFY_INTERVAL)
-        end
-
-        raise DeploymentError.new(
-          "traffic_verification",
-          "public URL verification failed after #{max_attempts} attempts. Cloudflare tunnel may not be routing correctly."
-        )
-      end
-
-      private
-
-        def run_pre_run_command(service_name, command)
-          @log.info "Running pre-run command: %s", command
-
-          # Get pod name
-          pod_label = @namer.app_pod_label(service_name)
-          pod_name = @ssh.execute("kubectl get pod -l #{pod_label} -o jsonpath='{.items[0].metadata.name}'")
-          pod_name = pod_name.strip.delete("'")
-
-          # Execute command in pod
-          escaped_command = command.gsub("'", "'\"'\"'")
-          exec_cmd = "kubectl exec #{pod_name} -- sh -c '#{escaped_command}'"
-
-          begin
-            output = @ssh.execute(exec_cmd)
-            @log.info "Pre-run command output:\n%s", output unless output.empty?
-          rescue SSHCommandError => e
-            @log.error "Pre-run command failed: %s", e.message
-
-            # Get pod logs for debugging
-            logs = @ssh.execute("kubectl logs #{pod_name} --tail=50")
-            @log.error "Pod logs:\n%s", logs
-
-            raise DeploymentError.new("pre_run_command", "deployment aborted: pre-run command failed: #{e.message}")
-          end
-        end
-
-        def wait_for_statefulset(name, namespace: "default", timeout: 300)
-          @ssh.execute("kubectl rollout status statefulset/#{name} -n #{namespace} --timeout=#{timeout}s")
-        end
-    end
-  end
-end

data/lib/nvoi/deployer/tunnel_manager.rb

@@ -1,57 +0,0 @@
-# frozen_string_literal: true
-
-module Nvoi
-  module Deployer
-    # TunnelManager handles Cloudflare tunnel operations
-    class TunnelManager
-      def initialize(cf_client, log)
-        @cf_client = cf_client
-        @log = log
-      end
-
-      # Create or get existing tunnel, configure it, and create DNS record
-      def setup_tunnel(tunnel_name, hostname, service_url, domain)
-        @log.info "Setting up tunnel: %s -> %s", tunnel_name, hostname
-
-        # Find or create tunnel
-        tunnel = @cf_client.find_tunnel(tunnel_name)
-
-        if tunnel
-          @log.info "Using existing tunnel: %s", tunnel_name
-        else
-          @log.info "Creating new tunnel: %s", tunnel_name
-          tunnel = @cf_client.create_tunnel(tunnel_name)
-        end
-
-        # Get tunnel token
-        token = tunnel.token
-        if token.nil? || token.empty?
-          token = @cf_client.get_tunnel_token(tunnel.id)
-        end
-
-        # Configure tunnel ingress
-        @log.info "Configuring tunnel ingress: %s -> %s", hostname, service_url
-        @cf_client.update_tunnel_configuration(tunnel.id, hostname, service_url)
-
-        # Verify configuration propagated
-        @log.info "Verifying tunnel configuration..."
-        @cf_client.verify_tunnel_configuration(tunnel.id, hostname, service_url, Constants::TUNNEL_CONFIG_VERIFY_ATTEMPTS)
-
-        # Create DNS record
-        @log.info "Creating DNS CNAME record: %s", hostname
-        zone = @cf_client.find_zone(domain)
-        raise CloudflareError, "zone not found: #{domain}" unless zone
-
-        tunnel_cname = "#{tunnel.id}.cfargotunnel.com"
-        @cf_client.create_or_update_dns_record(zone.id, hostname, "CNAME", tunnel_cname, proxied: true)
-
-        @log.success "Tunnel configured: %s", tunnel_name
-
-        TunnelInfo.new(
-          tunnel_id: tunnel.id,
-          tunnel_token: token
-        )
-      end
-    end
-  end
-end