nvoi 0.1.6 → 0.1.8

data/lib/nvoi/cli/config/command.rb

@@ -0,0 +1,219 @@
+# frozen_string_literal: true
+
+module Nvoi
+  class Cli
+    module Config
+      # Command helper for all config operations
+      # Uses CredentialStore for crypto, ConfigApi for transformations
+      class Command
+        def initialize(options)
+          @options = options
+          @working_dir = options[:dir] || "."
+        end
+
+        # Initialize new config
+        def init(name, environment)
+          result = ConfigApi.init(name:, environment:)
+
+          if result.failure?
+            error("Failed to initialize: #{result.error_message}")
+            return
+          end
+
+          # Write encrypted config
+          config_path = File.join(@working_dir, Utils::DEFAULT_ENCRYPTED_FILE)
+          key_path = File.join(@working_dir, Utils::DEFAULT_KEY_FILE)
+
+          File.binwrite(config_path, result.config)
+          File.write(key_path, "#{result.master_key}\n", perm: 0o600)
+
+          update_gitignore
+
+          success("Created #{Utils::DEFAULT_ENCRYPTED_FILE}")
+          success("Created #{Utils::DEFAULT_KEY_FILE} (keep safe, never commit)")
+          puts
+          puts "Next steps:"
+          puts "  nvoi config domain set cloudflare --api-token=TOKEN --account-id=ID"
+          puts "  nvoi config provider set hetzner --api-token=TOKEN --server-type=cx22 --location=fsn1"
+          puts "  nvoi config server set web --master"
+        end
+
+        # Domain provider
+        def domain_set(provider, api_token:, account_id:)
+          with_config do |data|
+            ConfigApi.set_domain_provider(data, provider:, api_token:, account_id:)
+          end
+        end
+
+        def domain_rm
+          with_config do |data|
+            ConfigApi.delete_domain_provider(data)
+          end
+        end
+
+        # Compute provider
+        def provider_set(provider, **opts)
+          with_config do |data|
+            ConfigApi.set_compute_provider(data, provider:, **opts)
+          end
+        end
+
+        def provider_rm
+          with_config do |data|
+            ConfigApi.delete_compute_provider(data)
+          end
+        end
+
+        # Server
+        def server_set(name, master: false, type: nil, location: nil, count: 1)
+          with_config do |data|
+            ConfigApi.set_server(data, name:, master:, type:, location:, count:)
+          end
+        end
+
+        def server_rm(name)
+          with_config do |data|
+            ConfigApi.delete_server(data, name:)
+          end
+        end
+
+        # Volume
+        def volume_set(server, name, size: 10)
+          with_config do |data|
+            ConfigApi.set_volume(data, server:, name:, size:)
+          end
+        end
+
+        def volume_rm(server, name)
+          with_config do |data|
+            ConfigApi.delete_volume(data, server:, name:)
+          end
+        end
+
+        # App
+        def app_set(name, servers:, **opts)
+          with_config do |data|
+            ConfigApi.set_app(data, name:, servers:, **opts)
+          end
+        end
+
+        def app_rm(name)
+          with_config do |data|
+            ConfigApi.delete_app(data, name:)
+          end
+        end
+
+        # Database
+        def database_set(servers:, adapter:, **opts)
+          with_config do |data|
+            ConfigApi.set_database(data, servers:, adapter:, **opts)
+          end
+        end
+
+        def database_rm
+          with_config do |data|
+            ConfigApi.delete_database(data)
+          end
+        end
+
+        # Service
+        def service_set(name, servers:, image:, **opts)
+          with_config do |data|
+            ConfigApi.set_service(data, name:, servers:, image:, **opts)
+          end
+        end
+
+        def service_rm(name)
+          with_config do |data|
+            ConfigApi.delete_service(data, name:)
+          end
+        end
+
+        # Secret
+        def secret_set(key_name, value)
+          with_config do |data|
+            ConfigApi.set_secret(data, key: key_name, value:)
+          end
+        end
+
+        def secret_rm(key_name)
+          with_config do |data|
+            ConfigApi.delete_secret(data, key: key_name)
+          end
+        end
+
+        # Env
+        def env_set(key_name, value)
+          with_config do |data|
+            ConfigApi.set_env(data, key: key_name, value:)
+          end
+        end
+
+        def env_rm(key_name)
+          with_config do |data|
+            ConfigApi.delete_env(data, key: key_name)
+          end
+        end
+
+        private
+
+          def with_config
+            store = Utils::CredentialStore.new(
+              @working_dir,
+              @options[:credentials],
+              @options[:master_key]
+            )
+
+            unless store.exists?
+              error("Config not found: #{store.encrypted_path}")
+              error("Run 'nvoi config init --name=myapp' first")
+              return
+            end
+
+            # Read and parse
+            yaml = store.read
+            data = YAML.safe_load(yaml, permitted_classes: [Symbol])
+
+            # Transform
+            result = yield(data)
+
+            if result.failure?
+              error("#{result.error_type}: #{result.error_message}")
+            else
+              # Serialize and write
+              store.write(YAML.dump(result.data))
+              success("Config updated")
+            end
+          rescue Errors::CredentialError => e
+            error(e.message)
+          rescue Errors::DecryptionError => e
+            error("Decryption failed: #{e.message}")
+          end
+
+          def update_gitignore
+            gitignore_path = File.join(@working_dir, ".gitignore")
+            entries = ["deploy.key", ".env", ".env.*", "!.env.example", "!.env.*.example"]
+
+            existing = File.exist?(gitignore_path) ? File.read(gitignore_path) : ""
+            additions = entries.reject { |e| existing.include?(e) }
+
+            return if additions.empty?
+
+            File.open(gitignore_path, "a") do |f|
+              f.puts "" unless existing.end_with?("\n") || existing.empty?
+              f.puts "# NVOI - sensitive files"
+              additions.each { |e| f.puts e }
+            end
+          end
+
+          def success(msg)
+            puts "\e[32m✓\e[0m #{msg}"
+          end
+
+          def error(msg)
+            warn "\e[31m✗\e[0m #{msg}"
+          end
+      end
+    end
+  end
+end

data/lib/nvoi/cli/delete/steps/teardown_dns.rb

@@ -15,18 +15,15 @@ module Nvoi
           def run
             @config.deploy.application.app.each do |_service_name, service|
               next unless service&.domain && !service.domain.empty?
-              next if service.subdomain.nil?
 
-              delete_dns_record(service.domain, service.subdomain)
+              delete_dns_records(service.domain, service.subdomain)
             end
           end
 
           private
 
-            def delete_dns_record(domain, subdomain)
-              hostname = Utils::Namer.build_hostname(subdomain, domain)
-
-              @log.info "Deleting DNS record: %s", hostname
+            def delete_dns_records(domain, subdomain)
+              hostnames = Utils::Namer.build_hostnames(subdomain, domain)
 
               zone = @cf_client.find_zone(domain)
               unless zone
@@ -34,13 +31,17 @@ module Nvoi
                 return
               end
 
-              record = @cf_client.find_dns_record(zone.id, hostname, "CNAME")
-              if record
-                @cf_client.delete_dns_record(zone.id, record.id)
-                @log.success "DNS record deleted: %s", hostname
+              hostnames.each do |hostname|
+                @log.info "Deleting DNS record: %s", hostname
+
+                record = @cf_client.find_dns_record(zone.id, hostname, "CNAME")
+                if record
+                  @cf_client.delete_dns_record(zone.id, record.id)
+                  @log.success "DNS record deleted: %s", hostname
+                end
               end
             rescue StandardError => e
-              @log.warning "Failed to delete DNS record: %s", e.message
+              @log.warning "Failed to delete DNS records: %s", e.message
             end
         end
       end

data/lib/nvoi/cli/deploy/command.rb

@@ -123,24 +123,40 @@ module Nvoi
             require_relative "steps/cleanup_images"
 
             ssh = External::Ssh.new(server_ip, @config.ssh_key_path)
+            registry_port = Utils::Constants::REGISTRY_PORT
 
-            # Acquire deployment lock
-            acquire_lock(ssh)
+            # Start SSH tunnel to registry
+            registry_tunnel = External::SshTunnel.new(
+              ip: server_ip,
+              user: "deploy",
+              key_path: @config.ssh_key_path,
+              local_port: registry_port,
+              remote_port: registry_port
+            )
+
+            registry_tunnel.start
 
             begin
-              # Build and push image
-              timestamp = Time.now.strftime("%Y%m%d%H%M%S")
-              image_tag = @config.namer.image_tag(timestamp)
+              # Acquire deployment lock
+              acquire_lock(ssh)
+
+              begin
+                # Build and push image via tunnel
+                timestamp = Time.now.strftime("%Y%m%d%H%M%S")
+                image_tag = @config.namer.image_tag(timestamp)
 
-              Steps::BuildImage.new(@config, ssh, @log).run(working_dir, image_tag)
+                registry_tag = Steps::BuildImage.new(@config, @log).run(working_dir, image_tag)
 
-              # Deploy all services
-              Steps::DeployService.new(@config, ssh, tunnels, @log).run(image_tag, timestamp)
+                # Deploy all services (image already in registry)
+                Steps::DeployService.new(@config, ssh, tunnels, @log).run(registry_tag, timestamp)
 
-              # Cleanup old images
-              Steps::CleanupImages.new(@config, ssh, @log).run(timestamp)
+                # Cleanup old images
+                Steps::CleanupImages.new(@config, ssh, @log).run(timestamp)
+              ensure
+                release_lock(ssh)
+              end
             ensure
-              release_lock(ssh)
+              registry_tunnel.stop
             end
           end
 

data/lib/nvoi/cli/deploy/steps/build_image.rb

@@ -4,22 +4,64 @@ module Nvoi
   class Cli
     module Deploy
       module Steps
-        # BuildImage handles Docker image building and pushing to cluster
+        # BuildImage handles Docker image building and pushing to registry
         class BuildImage
-          def initialize(config, ssh, log)
+          def initialize(config, log)
             @config = config
-            @ssh = ssh
             @log = log
           end
 
+          # Build locally and push to registry via SSH tunnel
+          # Returns the registry tag for use in k8s deployments
           def run(working_dir, image_tag)
             @log.info "Building Docker image: %s", image_tag
 
-            containerd = External::Containerd.new(@ssh)
-            containerd.build_and_deploy_image(working_dir, image_tag, cache_from: @config.namer.latest_image_tag)
+            build_image(working_dir, image_tag)
+            registry_tag = push_to_registry(image_tag)
 
-            @log.success "Image built: %s", image_tag
+            @log.success "Image built and pushed: %s", registry_tag
+            registry_tag
           end
+
+          private
+
+            def build_image(working_dir, tag)
+              cache_from = @config.namer.latest_image_tag
+              cache_args = "--cache-from #{cache_from}"
+
+              build_cmd = [
+                "cd #{working_dir} &&",
+                "DOCKER_BUILDKIT=1 docker build",
+                "--platform linux/amd64",
+                cache_args,
+                "--build-arg BUILDKIT_INLINE_CACHE=1",
+                "-t #{tag} ."
+              ].join(" ")
+
+              unless system("bash", "-c", build_cmd)
+                raise Errors::SshError, "docker build failed"
+              end
+
+              # Tag as :latest for next build's cache
+              system("docker", "tag", tag, cache_from)
+            end
+
+            def push_to_registry(tag)
+              registry_port = Utils::Constants::REGISTRY_PORT
+              registry_tag = "localhost:#{registry_port}/#{@config.container_prefix}:#{tag.split(':').last}"
+
+              @log.info "Tagging for registry: %s", registry_tag
+              unless system("docker", "tag", tag, registry_tag)
+                raise Errors::SshError, "docker tag failed"
+              end
+
+              @log.info "Pushing to registry via SSH tunnel..."
+              unless system("docker", "push", registry_tag)
+                raise Errors::SshError, "docker push failed - is the SSH tunnel active?"
+              end
+
+              registry_tag
+            end
         end
       end
     end

data/lib/nvoi/cli/deploy/steps/configure_tunnel.rb

@@ -22,7 +22,6 @@ module Nvoi
             @config.deploy.application.app.each do |service_name, service_config|
               next unless service_config.domain && !service_config.domain.empty?
               next unless service_config.port && service_config.port.positive?
-              next if service_config.subdomain.nil?
 
               tunnel_info = configure_service_tunnel(service_name, service_config)
               tunnels << tunnel_info
@@ -36,23 +35,24 @@ module Nvoi
 
             def configure_service_tunnel(service_name, service_config)
               tunnel_name = @config.namer.tunnel_name(service_name)
-              hostname = Utils::Namer.build_hostname(service_config.subdomain, service_config.domain)
+              hostnames = Utils::Namer.build_hostnames(service_config.subdomain, service_config.domain)
+              primary_hostname = hostnames.first
 
               # Service URL points to the NGINX Ingress Controller
               service_url = "http://ingress-nginx-controller.ingress-nginx.svc.cluster.local:80"
 
-              tunnel = setup_tunnel(tunnel_name, hostname, service_url, service_config.domain)
+              tunnel = setup_tunnel(tunnel_name, hostnames, service_url, service_config.domain)
 
               Objects::Tunnel::Info.new(
                 service_name:,
-                hostname:,
+                hostname: primary_hostname,
                 tunnel_id: tunnel.tunnel_id,
                 tunnel_token: tunnel.tunnel_token
               )
             end
 
-            def setup_tunnel(tunnel_name, hostname, service_url, domain)
-              @log.info "Setting up tunnel: %s -> %s", tunnel_name, hostname
+            def setup_tunnel(tunnel_name, hostnames, service_url, domain)
+              @log.info "Setting up tunnel: %s -> %s", tunnel_name, hostnames.join(", ")
 
               # Find or create tunnel
               tunnel = @cf_client.find_tunnel(tunnel_name)
@@ -70,21 +70,23 @@ module Nvoi
                 token = @cf_client.get_tunnel_token(tunnel.id)
               end
 
-              # Configure tunnel ingress
-              @log.info "Configuring tunnel ingress: %s -> %s", hostname, service_url
-              @cf_client.update_tunnel_configuration(tunnel.id, hostname, service_url)
+              # Configure tunnel ingress for all hostnames
+              @log.info "Configuring tunnel ingress: %s -> %s", hostnames.join(", "), service_url
+              @cf_client.update_tunnel_configuration(tunnel.id, hostnames, service_url)
 
               # Verify configuration propagated
               @log.info "Verifying tunnel configuration..."
-              @cf_client.verify_tunnel_configuration(tunnel.id, hostname, service_url, Utils::Constants::TUNNEL_CONFIG_VERIFY_ATTEMPTS)
+              @cf_client.verify_tunnel_configuration(tunnel.id, hostnames, service_url, Utils::Constants::TUNNEL_CONFIG_VERIFY_ATTEMPTS)
 
-              # Create DNS record
-              @log.info "Creating DNS CNAME record: %s", hostname
+              # Create DNS records for all hostnames
               zone = @cf_client.find_zone(domain)
               raise Errors::CloudflareError, "zone not found: #{domain}" unless zone
 
               tunnel_cname = "#{tunnel.id}.cfargotunnel.com"
-              @cf_client.create_or_update_dns_record(zone.id, hostname, "CNAME", tunnel_cname, proxied: true)
+              hostnames.each do |hostname|
+                @log.info "Creating DNS CNAME record: %s", hostname
+                @cf_client.create_or_update_dns_record(zone.id, hostname, "CNAME", tunnel_cname, proxied: true)
+              end
 
               @log.success "Tunnel configured: %s", tunnel_name
 

data/lib/nvoi/cli/deploy/steps/deploy_service.rb

@@ -22,10 +22,9 @@ module Nvoi
             @kubectl = External::Kubectl.new(ssh)
           end
 
-          def run(image_tag, timestamp)
-            # Push to in-cluster registry
-            registry_tag = "localhost:#{Utils::Constants::REGISTRY_PORT}/#{@config.container_prefix}:#{timestamp}"
-            push_to_registry(image_tag, registry_tag)
+          def run(registry_tag, timestamp)
+            # Image is already in registry (pushed via SSH tunnel in BuildImage step)
+            @log.info "Using image from registry: %s", registry_tag
 
             # Gather env vars
             first_service = @config.deploy.application.app.keys.first
@@ -65,15 +64,6 @@ module Nvoi
 
           private
 
-            def push_to_registry(local_tag, registry_tag)
-              @log.info "Pushing to in-cluster registry: %s", registry_tag
-
-              @ssh.execute("sudo ctr -n k8s.io images tag #{local_tag} #{registry_tag}")
-              @ssh.execute("sudo ctr -n k8s.io images push --plain-http #{registry_tag}")
-
-              @log.success "Image pushed to registry"
-            end
-
             def deploy_app_secret(env_vars)
               secret_name = @namer.app_secret_name
 
@@ -247,11 +237,11 @@ module Nvoi
 
               # Deploy ingress if domain is specified
               if service_config.domain && !service_config.domain.empty?
-                hostname = Utils::Namer.build_hostname(service_config.subdomain, service_config.domain)
+                hostnames = Utils::Namer.build_hostnames(service_config.subdomain, service_config.domain)
 
                 Utils::Templates.apply_manifest(@ssh, "app-ingress.yaml", {
                   name: deployment_name,
-                  domain: hostname,
+                  domains: hostnames,
                   port: service_config.port
                 })
               end
@@ -323,6 +313,9 @@ module Nvoi
                   result = check_public_url(public_url)
 
                   if result[:success]
+                    if consecutive_success == 0
+                      @log.info "[%d/%d] App responding, verifying stability...", attempt + 1, max_attempts
+                    end
                     consecutive_success += 1
                     @log.success "[%d/%d] Public URL responding: %s", consecutive_success, required_consecutive, result[:http_code]
 

data/lib/nvoi/cli/deploy/steps/setup_k3s.rb

@@ -467,7 +467,16 @@ module Nvoi
                 ssh.execute(patch_deployment)
 
                 @log.info "Waiting for ingress controller to restart..."
-                ssh.execute("kubectl rollout status deployment/ingress-nginx-controller -n ingress-nginx --timeout=120s")
+                ready = Utils::Retry.poll(max_attempts: 60, interval: 2) do
+                  begin
+                    ready_replicas = ssh.execute("kubectl get deployment ingress-nginx-controller -n ingress-nginx -o jsonpath='{.status.readyReplicas}'").strip
+                    desired_replicas = ssh.execute("kubectl get deployment ingress-nginx-controller -n ingress-nginx -o jsonpath='{.spec.replicas}'").strip
+                    !ready_replicas.empty? && !desired_replicas.empty? && ready_replicas == desired_replicas
+                  rescue Errors::SshCommandError
+                    false
+                  end
+                end
+                raise Errors::K8sError, "Ingress controller failed to restart" unless ready
               else
                 @log.info "Custom error backend already configured"
               end

data/lib/nvoi/cli/logs/command.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Nvoi
+  class Cli
+    module Logs
+      # Command streams logs from app pods
+      class Command
+        def initialize(options)
+          @options = options
+          @log = Nvoi.logger
+        end
+
+        def run(app_name)
+          config_path = resolve_config_path
+          @config = Utils::ConfigLoader.load(config_path)
+
+          # Apply branch override if specified
+          apply_branch_override if @options[:branch]
+
+          # Initialize cloud provider
+          @provider = External::Cloud.for(@config)
+
+          # Find main server
+          server = @provider.find_server(@config.server_name)
+          raise Errors::ServiceError, "server not found: #{@config.server_name}" unless server
+
+          # Build deployment name from app name
+          deployment_name = @config.namer.app_deployment_name(app_name)
+
+          # Build kubectl logs command
+          # --prefix shows pod name, --all-containers handles multi-container pods
+          follow_flag = @options[:follow] ? "-f" : ""
+          tail_flag = "--tail=#{@options[:tail]}"
+
+          kubectl_cmd = "kubectl logs -l app=#{deployment_name} --prefix --all-containers #{follow_flag} #{tail_flag}".strip.squeeze(" ")
+
+          @log.info "Streaming logs for %s", deployment_name
+
+          ssh = External::Ssh.new(server.public_ipv4, @config.ssh_key_path)
+          ssh.execute(kubectl_cmd, stream: true)
+        end
+
+        private
+
+          def resolve_config_path
+            config_path = @options[:config] || "deploy.enc"
+            working_dir = @options[:dir]
+
+            if config_path == "deploy.enc" && working_dir && working_dir != "."
+              File.join(working_dir, "deploy.enc")
+            else
+              config_path
+            end
+          end
+
+          def apply_branch_override
+            branch = @options[:branch]
+            return if branch.nil? || branch.empty?
+
+            override = Objects::ConfigOverride.new(branch:)
+            override.apply(@config)
+          end
+      end
+    end
+  end
+end